• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 18

    AT-Destroyer detecta siempre virus

    Hola AT-Destroyer me detecta siempre cosas maliciosas Que puedo hacer? Algo que siempre se me instala, por mas que lo borre, en Chome , es la toolbar de Utorrent, ya la borrè de C: y ...

    1. #1
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Molesto AT-Destroyer detecta siempre virus

      Hola AT-Destroyer me detecta siempre cosas maliciosas
      Que puedo hacer?
      Algo que siempre se me instala, por mas que lo borre, en Chome , es la toolbar de Utorrent, ya la borrè de C: y sigue apareciendo al iniciar chrome, no se si serà eso lo que me esta detectando el AT.
      Dejo aqui el registro del AT a ver si alguien ,me puede ayudar
      Muchas Gracias






      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis 24/11/2012
      Hora iniciada en el analisis 11:14:48,92
      Usuario Actual : [C:\Users\Administrador]
      Sistema Operativo: Windows 7 Home Premium
      Arquitectura: Sistema operativo de 64 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Administrador-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 16.0.2

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item1
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item2
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item3
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Users\Administrador\Appdata\Local\GDIPFONTCACHEV1.DAT


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Local Page == C:\Windows\SYSTEM32\blank.htm


      "HKEY_USERS\S-1-5-21-4001659080-3017872797-1021557816-500\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm




      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======

    2. #2
      Ex-Colaborador Avatar de Marr0n
      Registrado
      mar 2010
      Ubicación
      Catalunya
      Mensajes
      5.871

      Re: AT-Destroyer detecta siempre virus

      Bienvenid@

      Descarga, instala, ejecuta y actualiza > Malwarebytes Anti-Malware | InfoSpyware


      • En la pestaña Actualizar pulsa sobre "Buscar Actualizaciones"
      • En la pestaña Escáner tildas la casilla "Realizar un Análisis Completo."
      • Una vez finalizado, si te detecta algo eliges "quitar lo seleccionado " y lo mandas todo a la cuarentena y reinicias el sistema.
      • En la pestaña "Registros", encontrarás el reporte que lo copiaras y pegaras en tu próxima respuesta para ser analizado.


      Finalmente descarga > OTL By OldTimer | InfoSpyware

      Para ejecutar OTL haz lo siguiente:

      • Cierra todos programas que tengas abiertos y haz doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr y espera a que aparezca el menú de OTL.
      • Cuando salga el menú de OTL, debes cambiar debajo de: "Tipo de Análisis" marcando Resultado Mínimo.
      • Marca la casilla Analizar Todos.
      • Marca las opciones: Buscar LOP y Buscar Purity.
      • Marca las opciones: Omitir Archivos De Microsofty Usar Listado de Compañías Reconocidas.
      • Copia y pegar las líneas del siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

        NOTA: No copiar la palabra Código.

      Código:
       
      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.*
      CREATERESTOREPOINT

      • Por favor no cambies/modifiques el resto de la configuración a no ser que te lo solicite algún integrante del staff
      • Presiona el botón .
      • Una vez finalizado el exámen, aparecerán 2 archivos, OTL.Txt y Extras.Txt. Dichos archivos estarán ubicados en el lugar dodne OTL.exe ha sido descargado.
      • Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.


      Recuerda que en tu próxima respuesta:



      • Pon los infromes de: y OTL.txt
      • Explica como sigue el ordenador con relación al problema inicial planteado.



      Salu2.
      Última edición por Marr0n fecha: 24/11/12 a las 11:02:02
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Re: AT-Destroyer detecta siempre virus

      Malwarebytes Anti-Malware
      2012/11/24 01:25:55 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting protection
      2012/11/24 01:25:55 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Protection started successfully
      2012/11/24 01:25:55 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting IP protection
      2012/11/24 01:25:59 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE IP Protection started successfully
      2012/11/24 01:28:16 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting database refresh
      2012/11/24 01:28:16 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Stopping IP protection
      2012/11/24 01:28:16 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE IP Protection stopped successfully
      2012/11/24 01:28:18 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Database refreshed successfully
      2012/11/24 01:28:18 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting IP protection
      2012/11/24 01:28:22 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE IP Protection started successfully
      2012/11/24 09:58:31 -0300 SIN-NOMBRE-PC sin-nombre DETECTION C:\Users\sin-nombre\AppData\Local\Temp\WZUH.exe Riskware.InstallMonetizer QUARANTINE
      2012/11/24 10:13:00 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 50758, Process: avp.exe)
      2012/11/24 10:13:01 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 50760, Process: avp.exe)
      2012/11/24 10:13:01 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 50762, Process: avp.exe)
      2012/11/24 10:13:01 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 50764, Process: avp.exe)
      2012/11/24 10:13:09 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 50767, Process: avp.exe)
      2012/11/24 10:13:09 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 50769, Process: avp.exe)
      2012/11/24 10:15:51 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting protection
      2012/11/24 10:15:51 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Protection started successfully
      2012/11/24 10:15:51 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting IP protection
      2012/11/24 10:15:56 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE IP Protection started successfully
      2012/11/24 10:16:56 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 49280, Process: avp.exe)
      2012/11/24 10:16:56 -0300 SIN-NOMBRE-PC sin-nombre IP-BLOCK 85.159.233.9 (Type: outgoing, Port: 49282, Process: avp.exe)
      2012/11/24 10:17:02 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Stopping protection
      2012/11/24 10:17:02 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Protection stopped successfully
      2012/11/24 10:17:02 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Stopping IP protection
      2012/11/24 10:17:02 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE IP Protection stopped successfully
      2012/11/24 10:17:03 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Protection stopped
      2012/11/24 10:29:45 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting protection
      2012/11/24 10:29:45 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Protection started successfully
      2012/11/24 10:29:45 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE Starting IP protection
      2012/11/24 10:29:48 -0300 SIN-NOMBRE-PC sin-nombre MESSAGE IP Protection started successfully
      2012/11/24 11:11:41 -0300 SIN-NOMBRE-PC Administrador MESSAGE Starting protection
      2012/11/24 11:11:41 -0300 SIN-NOMBRE-PC Administrador MESSAGE Protection started successfully
      2012/11/24 11:11:41 -0300 SIN-NOMBRE-PC Administrador MESSAGE Starting IP protection
      2012/11/24 11:11:45 -0300 SIN-NOMBRE-PC Administrador MESSAGE IP Protection started successfully




      OTL



      OTL logfile created on: 24/11/2012 11:49:51 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrador\Downloads
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,39% Memory free
      8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,95% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 195,32 Gb Total Space | 144,69 Gb Free Space | 74,08% Space Free | Partition Type: NTFS
      Drive D: | 270,41 Gb Total Space | 211,50 Gb Free Space | 78,21% Space Free | Partition Type: FAT32
      Drive E: | 20,22 Gb Total Space | 14,85 Gb Free Space | 73,47% Space Free | Partition Type: NTFS

      Computer Name: SIN-NOMBRE-PC | User Name: Administrador | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Administrador\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
      PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
      PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()


      ========== Services (SafeList) ==========

      SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
      SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (ProtexisLicensing) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe ()


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
      DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
      DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
      DRV:64bit: - (vmm) -- C:\Windows\SysNative\Controladores\VMM.sys (Microsoft Corporation)
      DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
      DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
      DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
      DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-4001659080-3017872797-1021557816-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

      IE - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..keyword.URL: "http://google.com"
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:39 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:39 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:24 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:24 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:26 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/03 21:32:17 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/03 21:38:13 | 000,000,000 | ---D | M]

      [2012/10/06 12:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrador\AppData\Roaming\mozilla\Extensions
      [2012/10/27 14:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/10/27 14:14:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/09/07 19:34:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/09/07 19:34:08 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/09/07 19:34:08 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/01/27 12:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml
      [2012/10/12 15:46:20 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/09/07 19:34:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/09/07 19:34:08 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/06/20 14:30:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
      O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
      O7 - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
      O8:64bit: - Extra context menu item: Agregar a Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
      O8 - Extra context menu item: Agregar a Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
      O9:64bit: - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
      O9:64bit: - Extra Button: Comprobación de direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA453C-B12A-40FD-B2D7-C2D20EA7862F}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 0
      O32 - AutoRun File - [2012/10/21 16:34:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O32 - AutoRun File - [2012/05/13 15:42:55 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = ComFile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


      MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
      MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\sin-nombre\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
      MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - File not found
      MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      MsConfig:64bit - State: "services" - Reg Error: Key error.
      MsConfig:64bit - State: "startup" - Reg Error: Key error.

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/24 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrador\AppData\Local\Macromedia
      [2012/11/24 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrador\AppData\Roaming\Adobe
      [2012/11/24 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\Administrador\AppData\Roaming\Malwarebytes
      [2012/11/24 01:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/11/24 01:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/11/24 01:25:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/11/24 01:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [2012/11/24 00:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
      [2012/11/23 23:29:45 | 000,018,816 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\SysNative\roboot64.exe
      [2012/11/23 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
      [2012/11/23 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
      [2012/11/23 23:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
      [2012/11/23 23:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
      [2012/11/23 23:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
      [2012/11/22 16:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
      [2012/11/22 16:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1
      [2012/11/22 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2012/11/22 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2012/11/13 1207 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
      [2012/11/13 12:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
      [2012/11/13 12:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
      [2012/11/09 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
      [2012/11/09 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
      [2012/11/09 19:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
      [2012/11/09 19:05:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
      [2012/11/09 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
      [2012/11/03 15:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoUpdate
      [2012/11/01 17:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
      [2012/11/01 17:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
      [2012/11/01 17:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
      [2012/10/31 19:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
      [2012/10/31 19:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
      [2012/10/31 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
      [2012/10/31 17:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
      [2012/10/30 22:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
      [2012/10/29 21:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
      [2012/10/29 21:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec
      [2012/10/27 14:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/11/24 11:42:13 | 000,000,268 | ---- | M] () -- C:\Users\Administrador\AppData\Roaming\mbam.context.scan
      [2012/11/24 11:18:27 | 000,031,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/24 11:18:27 | 000,031,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/24 11:11:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/24 11:11:17 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/24 11:07:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001659080-3017872797-1021557816-1004UA.job
      [2012/11/24 01:25:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/23 23:29:42 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
      [2012/11/23 19:07:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001659080-3017872797-1021557816-1004Core.job
      [2012/11/17 08:04:20 | 004,928,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/11/17 00:42:40 | 001,580,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/11/17 00:42:40 | 000,705,278 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/11/17 00:42:40 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/11/17 00:42:40 | 000,138,316 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/11/17 00:42:40 | 000,106,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/11/15 2112 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
      [2012/11/15 2112 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
      [2012/11/13 12:08:46 | 000,156,280 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
      [2012/10/31 19:15:24 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
      [2012/10/31 19:15:24 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\B5E23F434D.sys
      [2012/10/31 17:34:20 | 000,000,999 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/11/24 11:42:13 | 000,000,268 | ---- | C] () -- C:\Users\Administrador\AppData\Roaming\mbam.context.scan
      [2012/11/24 10:38:49 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/11/24 10:38:49 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/11/24 01:25:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/23 23:29:42 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
      [2012/11/17 00:40:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      [2012/11/17 00:30:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
      [2012/11/13 1210 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
      [2012/11/13 12:08:46 | 000,156,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
      [2012/11/03 21:38:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
      [2012/10/31 19:14:03 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\B5E23F434D.sys
      [2012/10/31 19:14:02 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
      [2012/10/31 17:30:52 | 000,000,999 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
      [2012/08/23 17:51:54 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/07/12 12:07:14 | 000,000,656 | RHS- | C] () -- C:\Users\Administrador\ntuser.pol
      [2012/06/20 12:22:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
      [2012/06/20 12:22:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
      [2012/06/20 12:22:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
      [2012/06/20 12:22:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
      [2012/06/20 12:22:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
      [2012/06/01 12:49:12 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
      [2012/06/01 12:13:50 | 000,145,969 | ---- | C] () -- C:\Windows\hpoins18.dat
      [2012/06/01 12:13:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
      [2012/05/26 21:49:56 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
      [2012/05/26 21:49:56 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

      ========== ZeroAccess Check ==========

      [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2012/10/19 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\TuneUp Software
      [2012/10/17 20:15:05 | 000,000,000 | ---D | M] -- C:\Users\CAMILA Y MAMA\AppData\Roaming\TuneUp Software
      [2012/11/23 23:51:06 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\FileZilla
      [2012/06/01 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Image Zone Express
      [2012/05/14 10:11:32 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\MySQL-Front
      [2012/11/22 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\NetBeans
      [2012/05/13 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Notepad++
      [2012/06/30 19:52:32 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\npm
      [2012/05/21 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\OpenOffice.org
      [2012/11/13 1219 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Opera
      [2012/05/13 02:59:20 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Panda Security
      [2012/06/01 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Printer Info Cache
      [2012/09/10 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
      [2012/11/24 00:31:16 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\systweak
      [2012/08/10 13:27:09 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\TeamViewer
      [2012/11/23 23:32:30 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\TechSmith
      [2012/10/31 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Thinstall
      [2012/10/16 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\TuneUp Software

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/11/24 11:16:08 | 000,001,986 | ---- | M] () -- C:\AT-Destroyer.txt
      [2012/10/21 16:34:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
      [2012/05/08 12:17:31 | 000,003,111 | ---- | M] () -- C:\bdlog.txt
      [2012/05/08 06:17:39 | 000,000,223 | -H-- | M] () -- C:\Boot.BAK
      [2012/05/11 19:38:01 | 000,000,367 | RHS- | M] () -- C:\Boot.ini.saved
      [2001/08/24 08:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
      [2010/11/20 09:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2012/05/11 19:38:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2012/05/08 05:57:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
      [2012/10/02 19:55:27 | 000,204,868 | RHS- | M] () -- C:\grldr
      [2012/11/24 11:11:17 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
      [2012/05/08 05:57:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/05/08 05:57:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2008/04/13 18:01:52 | 000,251,168 | RHS- | M] () -- C:\ntldr
      [2012/11/24 11:11:21 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys
      [2012/11/24 11:14:49 | 000,000,142 | ---- | M] () -- C:\prueba.txt
      [2012/10/02 19:55:30 | 000,000,000 | RHS- | M] () -- C:\winx.ld

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:8E7C96FD

      < End of report >

    4. #4
      Ex-Colaborador Avatar de Marr0n
      Registrado
      mar 2010
      Ubicación
      Catalunya
      Mensajes
      5.871

      Re: AT-Destroyer detecta siempre virus

      Este no es el reporte que te he pedido del . Repite de nuevo el reporte del como te he indicado en las instrucciones de + arriba, si tienes + dudas mirare su manual

      Y repites el reporte de OTL como te he indicado.

      Salu2.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Re: AT-Destroyer detecta siempre virus

      Malwarebytes Anti-Malware
      Malwarebytes Anti-Malware (PRO) 1.65.1.1000
      www.malwarebytes.org

      Database version: v2012.11.24.05

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Administrador :: SIN-NOMBRE-PC [administrator]

      Protection: Enabled

      24/11/2012 12:20:15
      mbam-log-2012-11-24 (12-20-15).txt

      Scan type: Full scan (C:\|D:\|E:\|)
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 752664
      Time elapsed: 1 hour(s), 14 minute(s), 24 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 4
      D:\DESCARGAS D\CorelDRAW Graphics Suite X6 16.0.0.707 (32 bit) (keygen-CORE)\Keygen-CORE\keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
      D:\TODO aca\PROGRAMAS\VALIDADOR DE XP sp-3\OPCION 2\Parche de Validación.exe (HackTool.WGAHack) -> Quarantined and deleted successfully.
      D:\TODO aca\WIN 7\RemoveWAT Modificado por Pablo Fiore.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
      E:\Documents and Settings\Administrador\Escritorio\USB D.O.S\usb_format.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.

      (end)


      OTL
      OTL logfile created on: 24/11/2012 13:43:00 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrador\Downloads
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,10% Memory free
      8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,56% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 195,32 Gb Total Space | 144,25 Gb Free Space | 73,85% Space Free | Partition Type: NTFS
      Drive D: | 270,41 Gb Total Space | 211,51 Gb Free Space | 78,22% Space Free | Partition Type: FAT32
      Drive E: | 20,22 Gb Total Space | 14,85 Gb Free Space | 73,47% Space Free | Partition Type: NTFS

      Computer Name: SIN-NOMBRE-PC | User Name: Administrador | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Administrador\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
      PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()


      ========== Services (SafeList) ==========

      SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
      SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (ProtexisLicensing) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe ()


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
      DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
      DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
      DRV:64bit: - (vmm) -- C:\Windows\SysNative\Controladores\VMM.sys (Microsoft Corporation)
      DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
      DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
      DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
      DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKLM\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-4001659080-3017872797-1021557816-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

      IE - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..keyword.URL: "http://google.com"
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:39 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:39 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:24 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:24 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/15 22:20:26 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/03 21:32:17 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/03 21:38:13 | 000,000,000 | ---D | M]

      [2012/10/06 12:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrador\AppData\Roaming\mozilla\Extensions
      [2012/10/27 14:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/10/27 14:14:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/09/07 19:34:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/09/07 19:34:08 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/09/07 19:34:08 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/01/27 12:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml
      [2012/10/12 15:46:20 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/09/07 19:34:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/09/07 19:34:08 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/06/20 14:30:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
      O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
      O7 - HKU\S-1-5-21-4001659080-3017872797-1021557816-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
      O8:64bit: - Extra context menu item: Agregar a Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
      O8 - Extra context menu item: Agregar a Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
      O9:64bit: - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
      O9:64bit: - Extra Button: Comprobación de direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA453C-B12A-40FD-B2D7-C2D20EA7862F}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 0
      O32 - AutoRun File - [2012/10/21 16:34:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O32 - AutoRun File - [2012/05/13 15:42:55 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = ComFile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


      MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
      MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\sin-nombre\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
      MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - File not found
      MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      MsConfig:64bit - State: "services" - Reg Error: Key error.
      MsConfig:64bit - State: "startup" - Reg Error: Key error.

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/24 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrador\AppData\Local\Macromedia
      [2012/11/24 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrador\AppData\Roaming\Adobe
      [2012/11/24 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\Administrador\AppData\Roaming\Malwarebytes
      [2012/11/24 01:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/11/24 01:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/11/24 01:25:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/11/24 01:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [2012/11/24 00:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
      [2012/11/23 23:29:45 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
      [2012/11/23 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
      [2012/11/23 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
      [2012/11/23 23:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
      [2012/11/23 23:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
      [2012/11/23 23:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
      [2012/11/22 16:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
      [2012/11/22 16:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1
      [2012/11/22 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2012/11/22 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2012/11/13 1207 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
      [2012/11/13 12:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
      [2012/11/13 12:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
      [2012/11/09 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
      [2012/11/09 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
      [2012/11/09 19:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
      [2012/11/09 19:05:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
      [2012/11/09 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
      [2012/11/03 15:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoUpdate
      [2012/11/01 17:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
      [2012/11/01 17:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
      [2012/11/01 17:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
      [2012/10/31 19:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
      [2012/10/31 19:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
      [2012/10/31 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
      [2012/10/31 17:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
      [2012/10/30 22:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
      [2012/10/29 21:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
      [2012/10/29 21:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec
      [2012/10/27 14:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/11/24 13:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/24 13:39:38 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/24 13:07:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001659080-3017872797-1021557816-1004UA.job
      [2012/11/24 11:42:13 | 000,000,268 | ---- | M] () -- C:\Users\Administrador\AppData\Roaming\mbam.context.scan
      [2012/11/24 11:18:27 | 000,031,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/24 11:18:27 | 000,031,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/24 01:25:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/23 23:29:42 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
      [2012/11/23 19:07:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001659080-3017872797-1021557816-1004Core.job
      [2012/11/17 08:04:20 | 004,928,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/11/17 00:42:40 | 001,580,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/11/17 00:42:40 | 000,705,278 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/11/17 00:42:40 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/11/17 00:42:40 | 000,138,316 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/11/17 00:42:40 | 000,106,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/11/15 2112 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
      [2012/11/15 2112 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
      [2012/11/13 12:08:46 | 000,156,280 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
      [2012/10/31 19:15:24 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
      [2012/10/31 19:15:24 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\B5E23F434D.sys
      [2012/10/31 17:34:20 | 000,000,999 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/11/24 11:42:13 | 000,000,268 | ---- | C] () -- C:\Users\Administrador\AppData\Roaming\mbam.context.scan
      [2012/11/24 10:38:49 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/11/24 10:38:49 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/11/24 01:25:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/23 23:29:42 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
      [2012/11/17 00:40:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      [2012/11/17 00:30:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
      [2012/11/13 1210 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
      [2012/11/13 12:08:46 | 000,156,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
      [2012/11/03 21:38:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
      [2012/10/31 19:14:03 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\B5E23F434D.sys
      [2012/10/31 19:14:02 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
      [2012/10/31 17:30:52 | 000,000,999 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
      [2012/08/23 17:51:54 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/07/12 12:07:14 | 000,000,656 | RHS- | C] () -- C:\Users\Administrador\ntuser.pol
      [2012/06/20 12:22:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
      [2012/06/20 12:22:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
      [2012/06/20 12:22:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
      [2012/06/20 12:22:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
      [2012/06/20 12:22:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
      [2012/06/01 12:49:12 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
      [2012/06/01 12:13:50 | 000,145,969 | ---- | C] () -- C:\Windows\hpoins18.dat
      [2012/06/01 12:13:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
      [2012/05/26 21:49:56 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
      [2012/05/26 21:49:56 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

      ========== ZeroAccess Check ==========

      [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2012/10/19 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\TuneUp Software
      [2012/10/17 20:15:05 | 000,000,000 | ---D | M] -- C:\Users\CAMILA Y MAMA\AppData\Roaming\TuneUp Software
      [2012/11/23 23:51:06 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\FileZilla
      [2012/06/01 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Image Zone Express
      [2012/05/14 10:11:32 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\MySQL-Front
      [2012/11/22 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\NetBeans
      [2012/05/13 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Notepad++
      [2012/06/30 19:52:32 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\npm
      [2012/05/21 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\OpenOffice.org
      [2012/11/13 1219 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Opera
      [2012/05/13 02:59:20 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Panda Security
      [2012/06/01 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Printer Info Cache
      [2012/09/10 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
      [2012/11/24 00:31:16 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\systweak
      [2012/08/10 13:27:09 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\TeamViewer
      [2012/11/23 23:32:30 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\TechSmith
      [2012/10/31 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\Thinstall
      [2012/10/16 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\sin-nombre\AppData\Roaming\TuneUp Software

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/11/24 11:16:08 | 000,001,986 | ---- | M] () -- C:\AT-Destroyer.txt
      [2012/10/21 16:34:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
      [2012/05/08 12:17:31 | 000,003,111 | ---- | M] () -- C:\bdlog.txt
      [2012/05/08 06:17:39 | 000,000,223 | -H-- | M] () -- C:\Boot.BAK
      [2012/05/11 19:38:01 | 000,000,367 | RHS- | M] () -- C:\Boot.ini.saved
      [2001/08/24 08:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
      [2010/11/20 09:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2012/05/11 19:38:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2012/05/08 05:57:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
      [2012/10/02 19:55:27 | 000,204,868 | RHS- | M] () -- C:\grldr
      [2012/11/24 13:39:38 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
      [2012/05/08 05:57:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/05/08 05:57:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2008/04/13 18:01:52 | 000,251,168 | RHS- | M] () -- C:\ntldr
      [2012/11/24 13:39:42 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys
      [2012/11/24 11:14:49 | 000,000,142 | ---- | M] () -- C:\prueba.txt
      [2012/10/02 19:55:30 | 000,000,000 | RHS- | M] () -- C:\winx.ld

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:8E7C96FD

      < End of report >

    6. #6
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Re: AT-Destroyer detecta siempre virus

      Bueno parace que esl problema està solucionado porque el AT esta vez no detectò nada



      AT

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      InfoSpyware
      Fecha iniciada en el analisis 24/11/2012
      Hora iniciada en el analisis 14:06:16,06
      Usuario Actual : [C:\Users\Administrador]
      Sistema Operativo: Windows 7 Home Premium
      Arquitectura: Sistema operativo de 64 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Administrador-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 16.0.2

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======




      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======




      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Local Page == C:\Windows\SYSTEM32\blank.htm


      "HKEY_USERS\S-1-5-21-4001659080-3017872797-1021557816-500\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\system32\blank.htm




      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======

    7. #7
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Re: AT-Destroyer detecta siempre virus

      UPS...!
      No, no se solucionó, el AT sigue encontrando cosas
      Dios Dios mio que bronca me dá esto, la toolbar de mier.. se instala en Chrome al abrirlo (UtorrentBarES)


      AT
      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      InfoSpyware
      Fecha iniciada en el analisis 24/11/2012
      Hora iniciada en el analisis 14:13:38,11
      Usuario Actual : [C:\Users\sin-nombre]
      Sistema Operativo: Windows 7 Home Premium
      Arquitectura: Sistema operativo de 64 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [sin-nombre-Administrador]
      Versión Google Chrome: 18.0.1025.168
      Versión Mozilla Firefox: 16.0.2

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKEY_CURRENT_USER\Software\DataMngr\Files
      HKEY_CURRENT_USER\Software\DataMngr\Files\ChromeHomepage
      HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage
      HKEY_CURRENT_USER\Software\DataMngr\Files\SelectedSearch
      HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch
      HKEY_CURRENT_USER\Software\DataMngr\List
      HKEY_CURRENT_USER\Software\DataMngr\List\Item1
      HKEY_CURRENT_USER\Software\DataMngr\List\Item2
      HKEY_CURRENT_USER\Software\DataMngr\List\Item3
      HKEY_CURRENT_USER\Software\DataMngr\Toolbar
      HKEY_CURRENT_USER\Software\DataMngr


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======




      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Sign In
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Local Page == C:\Windows\SYSTEM32\blank.htm


      "HKEY_USERS\S-1-5-21-4001659080-3017872797-1021557816-1001\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Sign In
      Local Page == C:\Windows\system32\blank.htm


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("CT2851619.smartbar.homepage", true);
      user_pref("browser.startup.homepage", "http://google.com");
      user_pref("CT2851619.smartbar.homepage", true);
      user_pref("browser.startup.homepage", "http://google.com");


      -_-_-_-_-_-_-_-_ Configuraciones de Opera-_-_-_-_-_-_-_-_


      ======= EOF =======
      Última edición por truman_truman fecha: 24/11/12 a las 13:22:13

    8. #8
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Re: AT-Destroyer detecta siempre virus

      Perdon por postear tantas veces.
      Espero que a alguien le sirva el post para poder solucionar el problema, si es que alguien tiene el mismo.
      Lo que sucede es lo siguiente:

      1- Abro Chrome, y se instala la maldita toolbar de utorrent.
      2- Voy a extenciones en Chrome y la elimino
      3- Cierro Chrome
      4- Abro Chrome y tod perfecto.
      5- Abro y ejecuto el AT-Destroyer y detecta el problema, hace lo suyo, no se que, supongo que borra del registro algo.
      6- Abro Chrome y el problema vuelve, osea se instala otra vez la toolbar maliciosa

      No entiendo porque pasa esto pero me molesta no saben cuanto, odio que se instale algo a modo de virus, tengo mucha bronca, vuelvo a pedir disculpas por postear tantas veces seguidas

    9. #9
      Ex-Colaborador Avatar de Marr0n
      Registrado
      mar 2010
      Ubicación
      Catalunya
      Mensajes
      5.871

      Re: AT-Destroyer detecta siempre virus

      El ha eliminado todo lo que tenía que eliminar

      Te pido paciencia, es normal que aún te detecte todo eso ya que tengo que analizar el log de OTL y se tendrán que eliminar muchas cosas (aún no hemos acabado).

      Te pido paciencia por favor, ya que analizar el log de OTL lleva su tiempo ya que es bastante complejo y a la vez es muy extenso. Contestaré a la mayor brevedad posible.

      MUY IMPORTANTE:

      NO descargues/instales + programas mientras terminamos la desinfección.
      NO ejecutes otras herramientas Antivirus/Antimalwares. Aunque puedes activar nuevamente tu Antivirus.
      NO ejecutes nuevamente OTL hasta que vuelva con una respuesta.


      Saludos.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de truman_truman
      Registrado
      abr 2012
      Ubicación
      Argentina
      Mensajes
      14

      Re: AT-Destroyer detecta siempre virus

      Ah ok, no sabía que llebaba tanto tiempo, y no sabía que te tomabas el tiempo para hacerlo, estoy muy agradecirdo.
      Y no hay apuro, tendré toda la paciencia.
      MUCHAS GRACIAS Marr0n

    Página 1 de 2 12 ÚltimoÚltimo