• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    [Problema] Svchost.exe (virus)

    Buenas, intentaré ser breve con el problema. Os traigo un problema con un virus que me ha estado dando quebraderos de cabeza durante días. El virus en cuestión es el svchost.exe alojado en la siguiente ...

    1. #1
      Usuario Avatar de Jakea
      Registrado
      jul 2012
      Ubicación
      España
      Mensajes
      13

      [Problema] Svchost.exe (virus)

      Buenas, intentaré ser breve con el problema.

      Os traigo un problema con un virus que me ha estado dando quebraderos de cabeza durante días.
      El virus en cuestión es el svchost.exe alojado en la siguiente ruta:

      • C:\Users\ALBERTO\AppData\Local\Temp\svchost.exe

      Tengo de antivirus el AVG 2013, que me lo detecta y CREO que me lo elimina.
      He aquí un screenshot de mi PC recién encendido y con el virus detectado y eliminado por AVG.

      Luego le paso el MBAM, resultado:

      Código:
      Malwarebytes Anti-Malware 1.65.1.1000
      www.malwarebytes.org
      
      Versión de la Base de Datos: v2012.11.26.10
      
      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      ALBERTO :: ALBERTO-PC [administrador]
      
      27/11/2012 20:47:24
      mbam-log-2012-11-27 (20-47-24).txt
      
      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 375611
      Tiempo transcurrido: 34 minuto(s), 44 segundo(s)
      
      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)
      
      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)
      
      fin)
      El problema viene cuando apago y enciendo de nuevo mi PC; y es que el virus reaparece y me lo vuelve a detectar el AVG, y como no, de nuevo la misma historia siempre.
      He buscado información sobre el virus pero no he encontrado nada, por eso me gustaría saber algunas cosillas sobre este si es posible:

      • ¿El virus es peligroso? Pregunto esto porque lo tengo ya unos días...
      • ¿Tenéis información sobre este virus?
      • ¿Podríais ayudarme a deshacerme de él?

      Más información:
      • Sistema operativo: Windows 7 Home Premium.
      • Este virus lo tengo ya en dos ordenadores, por lo que voy a intentar averiguar la fuente de este.

      Espero que podáis ayudarme, gracias de antemano.

      Gr. Jakea.

    2. #2
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: [Problema] Svchost.exe (virus)

      Buenas.



      Descargá OTL By OldTimer a Tu escritorio

      Ejecutá OTL

      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo hasta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.




      Nos traes el reporte de OTL.


      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Jakea
      Registrado
      jul 2012
      Ubicación
      España
      Mensajes
      13

      Re: [Problema] Svchost.exe (virus)

      Aquí está el resultado:

      ]OTL logfile created on: 28/11/2012 13:33:14 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USUARIO\Desktop
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3,98 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,55% Memory free
      7,96 Gb Paging File | 6,65 Gb Available in Paging File | 83,48% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 465,66 Gb Total Space | 230,75 Gb Free Space | 49,55% Space Free | Partition Type: NTFS
      Drive F: | 15,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
      Drive G: | 1,90 Gb Total Space | 0,34 Gb Free Space | 18,04% Space Free | Partition Type: FAT32

      Computer Name: USUARIO-PC | User Name: USUARIO | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\USUARIO\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
      PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
      PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
      MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
      MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()


      ========== Services (SafeList) ==========

      SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
      SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
      SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
      SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (Intel(R) -- C:\Archivos de programa\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
      SRV - (AxAutoMntSrv) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
      SRV - (LBTServ) -- C:\Archivos de programa\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (ose64) -- C:\Archivos de programa\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
      SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
      DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
      DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
      DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
      DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
      DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
      DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
      DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
      DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
      DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
      DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
      DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
      DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
      DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
      DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
      DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
      IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=hp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 1D 26 A1 A1 5B CD 01 [binary data]
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
      IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{8DC13FE9-7660-4198-A8BC-728E41F1A4B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=W3I2&o=16701&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A97&apn_dtid=^YYYYYY^YY^ES&apn_uid=96A49A91-DBDF-49A4-9D4E-CE9FDDEEB537&apn_sauid=42671D30-6649-4B89-8FF3-9A6C7610D87B
      IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AD95F384-93E7-4781-A796-A6ABC1D9077F}&mid=42609356fc0847d090f2854de00babba-f3b145406806b30efdfcc0279c4aab41c96a1caa&lang=es&ds=AVG&pr=fr&d=2012-11-28 12:49:25&v=13.2.0.4&sap=dsp&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.selectedEngine: "Web Search"
      FF - prefs.js..browser.startup.homepage: "www.google.es"
      FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="


      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USUARIO\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USUARIO\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/28 12:49:35 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 02:04:55 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 02:04:55 | 000,000,000 | ---D | M]

      [2012/07/14 22:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USUARIO\AppData\Roaming\mozilla\Extensions
      [2012/10/17 12:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USUARIO\AppData\Roaming\mozilla\Firefox\Profiles\0fiz6j6m.default\extensions
      [2012/09/30 12:19:45 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\USUARIO\AppData\Roaming\mozilla\Firefox\Profiles\0fiz6j6m.default\extensions\[email protected]
      [2012/10/17 12:30:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\USUARIO\AppData\Roaming\mozilla\firefox\profiles\0fiz6j6m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/09/27 15:42:58 | 000,003,915 | ---- | M] () -- C:\Users\USUARIO\AppData\Roaming\mozilla\firefox\profiles\0fiz6j6m.default\searchplugins\sweetim.xml
      [2012/09/28 19:54:39 | 000,002,399 | ---- | M] () -- C:\Users\USUARIO\AppData\Roaming\mozilla\firefox\profiles\0fiz6j6m.default\searchplugins\Web Search.xml
      [2012/07/14 22:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/07/20 02:04:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/11/28 12:49:17 | 000,003,544 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
      [2012/06/15 00:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/07/20 02:04:55 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/06/15 00:41:16 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/06/15 00:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/06/15 00:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/06/15 00:41:15 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=hp
      CHR - default_search_provider: Web (Enabled)
      CHR - default_search_provider: search_url = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=hp
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\USUARIO\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\USUARIO\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\USUARIO\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
      CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
      CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
      CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\USUARIO\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - Extension: Bcool = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjomcpkdcbjgiaipcbjfambnoapdbmje\7.1_0\
      CHR - Extension: AdBlock = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
      CHR - Extension: AVG Secure Search = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
      CHR - Extension: AVG Secure Search = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
      CHR - Extension: Bcool = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjomcpkdcbjgiaipcbjfambnoapdbmje\7.1_0\
      CHR - Extension: AdBlock = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
      CHR - Extension: AVG Secure Search = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
      CHR - Extension: AVG Secure Search = C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak

      O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
      O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
      O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\20E2DF.vbe ()
      O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
      O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
      O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
      O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
      O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8:64bit: - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O8 - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.136.121.243 78.136.107.50
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8D60D2E-F626-48D8-A5D5-294EB46459A9}: DhcpNameServer = 78.136.121.243 78.136.107.50
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
      O18 - Protocol\Handler\ms-help - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
      O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Archivos de programa\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O27:64bit: - HKLM IFEO\fileencrypt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27:64bit: - HKLM IFEO\filesplitter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27:64bit: - HKLM IFEO\integrator.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27 - HKLM IFEO\fileencrypt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27 - HKLM IFEO\filesplitter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27 - HKLM IFEO\integrator.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
      O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - Unable to obtain root file information for disk F:\
      O32 - AutoRun File - [2012/11/07 21:52:22 | 000,000,000 | ---D | M] - G:\Autorun.inf -- [ FAT32 ]
      O33 - MountPoints2\{ee762241-0996-11e2-8648-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{ee762241-0996-11e2-8648-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2012/10/09 21:25:01 | 1027,604,480 | R--- | M] (Electronic Arts )
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/28 13:29:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USUARIO\Desktop\OTL.exe
      [2012/11/28 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Roaming\AVG2013
      [2012/11/28 12:49:49 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Local\AVG Secure Search
      [2012/11/28 12:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
      [2012/11/28 12:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
      [2012/11/28 12:49:23 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
      [2012/11/28 12:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
      [2012/11/28 12:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
      [2012/11/28 12:48:17 | 000,000,000 | -H-D | C] -- C:\$AVG
      [2012/11/28 12:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
      [2012/11/28 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Local\MFAData
      [2012/11/28 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Local\Avg2013
      [2012/11/27 14:50:06 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\Documents\Battlefield 3
      [2012/11/27 14:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlefield 3
      [2012/11/27 14:16:22 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\Desktop\BattleField 3
      [2012/11/08 23:40:34 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Local\Adobe
      [2012/11/08 23:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
      [2012/11/08 23:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
      [2012/11/08 23:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
      [2012/11/08 23:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
      [2012/11/08 14:40:55 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Roaming\NVIDIA
      [2012/11/08 14:40:54 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\Documents\Amnesia
      [2012/11/08 14:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
      [2012/11/08 14:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
      [2012/11/07 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\Desktop\Amnesia The Dark Descent [MULTI5][PCDVD][WwW.GamesTorrents.CoM]
      [2012/11/07 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
      [2012/11/05 19:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
      [2012/11/05 19:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
      [2012/11/03 22:49:19 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\Tracing
      [2012/11/03 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
      [2012/11/03 22:45:14 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Local\Windows Live
      [2012/11/03 22:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
      [2012/11/02 17:49:35 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\Documents\Rockstar Games
      [2012/11/02 17:47:29 | 000,000,000 | ---D | C] -- C:\Users\USUARIO\AppData\Local\Rockstar Games
      [2012/11/02 17:47:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
      [2012/11/02 17:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
      [2012/11/02 17:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
      [2012/11/02 17:15:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/11/28 13:31:55 | 001,671,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/11/28 13:31:55 | 000,745,448 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/11/28 13:31:55 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/11/28 13:31:55 | 000,157,948 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/11/28 13:31:55 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/11/28 13:30:31 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/28 13:30:31 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/28 13:28:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USUARIO\Desktop\OTL.exe
      [2012/11/28 13:22:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/28 13:22:33 | 3206,467,584 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/28 13:20:34 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2709415398-1181114982-2073429736-1000UA.job
      [2012/11/28 12:49:39 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
      [2012/11/28 12:49:07 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
      [2012/11/27 14:48:50 | 000,001,017 | ---- | M] () -- C:\Users\USUARIO\Desktop\Battlefield 3.lnk
      [2012/11/25 01:19:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2709415398-1181114982-2073429736-1000Core.job
      [2012/11/18 22:55:36 | 000,416,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/11/18 00:13:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/15 18:44:28 | 000,877,747 | ---- | M] () -- C:\Users\USUARIO\AppData\Local\Tempmusic.ogg
      [2012/11/08 23:39:43 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
      [2012/11/08 14:41:08 | 000,002,072 | ---- | M] () -- C:\Users\USUARIO\Desktop\Amnesia.exe.lnk
      [2012/11/05 19:28:16 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
      [2012/11/05 19:17:16 | 000,001,421 | ---- | M] () -- C:\Users\USUARIO\Desktop\Slenderman.lnk
      [2012/11/04 00:23:07 | 000,001,661 | ---- | M] () -- C:\Users\USUARIO\Desktop\Messenger.lnk
      [2012/11/03 14:07:51 | 001,648,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2012/11/02 17:38:47 | 000,001,773 | ---- | M] () -- C:\Users\USUARIO\Desktop\GTAIV - Acceso directo.lnk
      [2012/11/02 17:15:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/11/28 12:49:39 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
      [2012/11/27 14:48:50 | 000,001,017 | ---- | C] () -- C:\Users\USUARIO\Desktop\Battlefield 3.lnk
      [2012/11/27 14:16:03 | 012,964,890 | ---- | C] () -- C:\Users\USUARIO\Desktop\Terror En Estado Puro B2.rar
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track08.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track07.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track06.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track05.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track04.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track03.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track02.cda
      [2012/11/24 22:42:48 | 000,000,044 | ---- | C] () -- C:\Users\USUARIO\Desktop\Track01.cda
      [2012/11/18 22:54:22 | 000,416,928 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/11/16 16:26:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      [2012/11/16 16:22:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
      [2012/11/12 19:45:08 | 000,877,747 | ---- | C] () -- C:\Users\USUARIO\AppData\Local\Tempmusic.ogg
      [2012/11/08 23:39:43 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
      [2012/11/08 23:39:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
      [2012/11/08 14:41:08 | 000,002,072 | ---- | C] () -- C:\Users\USUARIO\Desktop\Amnesia.exe.lnk
      [2012/11/07 12:19:18 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
      [2012/11/05 19:28:16 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
      [2012/11/05 16:40:10 | 000,001,421 | ---- | C] () -- C:\Users\USUARIO\Desktop\Slenderman.lnk
      [2012/11/04 00:23:07 | 000,001,661 | ---- | C] () -- C:\Users\USUARIO\Desktop\Messenger.lnk
      [2012/11/03 22:48:06 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
      [2012/11/02 17:38:47 | 000,001,773 | ---- | C] () -- C:\Users\USUARIO\Desktop\GTAIV - Acceso directo.lnk
      [2012/11/02 16:51:36 | 001,648,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2012/10/17 12:56:48 | 199,141,662 | ---- | C] () -- C:\Users\USUARIO\Sony VegasPro 100e [64bits].rar
      [2012/10/17 12:56:48 | 002,652,128 | ---- | C] () -- C:\Users\USUARIO\Sony VegasPro 100e [64 bits] Keygen.rar
      [2012/09/18 22:30:25 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2012/08/10 13:41:16 | 000,007,597 | ---- | C] () -- C:\Users\USUARIO\AppData\Local\Resmon.ResmonCfg
      [2012/07/14 19:12:26 | 002,165,485 | ---- | C] () -- C:\Users\USUARIO\Double Driver.zip
      [2012/07/09 20:19:22 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2012/07/07 23:07:32 | 000,000,176 | ---- | C] () -- C:\Users\USUARIO\AppData\Roaming\default.rss
      [2012/07/06 19:13:14 | 000,017,408 | ---- | C] () -- C:\Users\USUARIO\AppData\Local\WebpageIcons.db
      [2012/07/06 19:05:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
      [2012/07/06 18:28:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
      [2012/07/06 18:28:07 | 000,028,259 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
      [2012/06/19 17:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
      [2012/05/14 11:38:32 | 000,043,976 | ---- | C] () -- C:\Users\USUARIO\AppData\Local\save_en.bmp
      [2012/05/14 11:38:08 | 000,043,976 | ---- | C] () -- C:\Users\USUARIO\AppData\Local\save_es.bmp

      ========== ZeroAccess Check ==========

      [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2012/11/28 12:50:15 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\AVG2013
      [2012/11/27 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\DAEMON Tools Lite
      [2012/10/17 12:06:01 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\GlarySoft
      [2012/09/18 22:29:48 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\Leadertech
      [2012/11/16 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\Mumble
      [2012/09/28 19:27:46 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\OpenCandy
      [2012/10/17 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\Sony
      [2012/10/17 12:22:40 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\TuneUp Software
      [2012/11/18 00:41:07 | 000,000,000 | ---D | M] -- C:\Users\USUARIO\AppData\Roaming\uTorrent

      ========== Purity Check ==========



      < End of report >[/CODE]

      PD: Si no queréis que use el [CODE] decídmelo.
      PD2: Este virus lo he eliminado "a fuerza bruta" en otro PC, pero aunque lo haya eliminado, no quiero usar el mismo método ya que para matarlo he tenido que cargarme una pequeña parte del S.O.

      Es posible que tarde un poco en responder por tema de estudios y tal.

      Gr. Jakea
      Última edición por @Tincho fecha: 28/11/12 a las 13:03:29

    4. #4
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: [Problema] Svchost.exe (virus)

      Buenas


      Es importante que leas con atención el siguiente procedimiento:


      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas y programas
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones. Si pide actualizar "Update" aceptas.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación, de no ser así lo reinicias manualmente.
        • Al finalizar el trabajo Comobofix generara un registro en C:\ComboFix.txt.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      En tu Próxima respuesta necesitamos la siguiente Información



      • El reporte de Combofix que se encuentra en C:\ComboFix.txt lo pegas en este mismo tema.
      • Comentar como esta funcionado tu sistema en relacion al problema inicial.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Jakea
      Registrado
      jul 2012
      Ubicación
      España
      Mensajes
      13

      Re: [Problema] Svchost.exe (virus)

      Aquí el reporte:

      ComboFix 12-11-29.01 - USUARIO 29/11/2012 12:19:03.1.4 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4077.2734 [GMT 1:00]
      Running from: c:\users\USUARIO\Desktop\ComboFix.exe
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\Bcool
      c:\programdata\Bcool\506466add811d.html
      c:\programdata\Bcool\506466add8155.js
      c:\programdata\Bcool\bjomcpkdcbjgiaipcbjfambnoapdbmje.crx
      c:\programdata\Bcool\settings.ini
      c:\users\USUARIO\AppData\Local\datos.txt
      c:\users\USUARIO\AppData\Local\save_en.bmp
      c:\users\USUARIO\AppData\Local\save_es.bmp
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-29 11:22 . 2012-11-29 11:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
      2012-11-28 11:48 . 2012-11-29 11:09 -------- d-----w- c:\programdata\AVG2013
      2012-11-28 11:39 . 2012-11-28 11:39 -------- d-----w- c:\users\USUARIO\AppData\Local\MFAData
      2012-11-27 13:30 . 2012-11-27 13:48 -------- d-----w- c:\program files (x86)\Battlefield 3
      2012-11-16 15:26 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\es-ES\wdf01000.sys.mui
      2012-11-16 15:26 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
      2012-11-16 15:26 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
      2012-11-16 15:26 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
      2012-11-16 15:22 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
      2012-11-16 15:22 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
      2012-11-16 15:22 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
      2012-11-16 15:22 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
      2012-11-16 15:22 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
      2012-11-16 15:22 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
      2012-11-16 15:22 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
      2012-11-08 22:40 . 2012-11-08 22:40 -------- d-----w- c:\users\USUARIO\AppData\Local\Adobe
      2012-11-08 22:40 . 2012-11-08 22:40 -------- d-----w- c:\programdata\McAfee
      2012-11-08 22:39 . 2012-11-08 22:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
      2012-11-08 13:40 . 2012-11-27 13:49 -------- d-----w- c:\users\USUARIO\AppData\Roaming\NVIDIA
      2012-11-08 13:37 . 2012-11-08 13:40 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
      2012-11-07 11:19 . 2012-11-07 11:19 -------- d-----w- c:\program files (x86)\TeamViewer
      2012-11-05 18:27 . 2012-11-05 18:28 -------- d-----w- c:\program files (x86)\Mumble
      2012-11-04 17:12 . 2012-11-04 17:12 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
      2012-11-03 21:49 . 2012-11-17 23:41 -------- d-----w- c:\users\USUARIO\Tracing
      2012-11-03 21:47 . 2012-11-03 21:48 -------- d-----w- c:\program files (x86)\Windows Live
      2012-11-03 21:45 . 2012-11-05 14:17 -------- d-----w- c:\users\USUARIO\AppData\Local\Windows Live
      2012-11-03 21:45 . 2012-11-03 21:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
      2012-11-02 16:47 . 2012-11-02 16:47 -------- d-----w- c:\users\USUARIO\AppData\Local\Rockstar Games
      2012-11-02 16:45 . 2012-11-02 16:45 -------- d-sh--w- c:\programdata\SecuROM
      2012-11-02 16:26 . 2009-03-16 13:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
      2012-11-02 16:26 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
      2012-11-02 16:26 . 2009-03-16 13:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
      2012-11-02 16:26 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
      2012-11-02 16:15 . 2012-11-02 16:15 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-25 12:10 . 2012-07-06 18:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-10-25 12:10 . 2012-07-06 18:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-10-16 08:38 . 2012-11-28 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
      2012-10-16 08:38 . 2012-11-28 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
      2012-10-16 07:39 . 2012-11-28 11:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
      2012-10-10 20:23 . 2012-10-10 20:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
      2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
      2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
      2012-10-10 20:23 . 2012-09-18 21:14 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
      2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
      2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
      2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
      2012-10-10 20:23 . 2012-10-10 20:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
      2012-10-10 20:23 . 2012-10-10 20:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
      2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
      2012-10-10 20:23 . 2012-10-10 20:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
      2012-10-10 20:23 . 2012-10-10 20:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
      2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
      2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
      2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
      2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
      2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
      2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
      2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
      2012-10-10 20:22 . 2012-09-18 21:14 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
      2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
      2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
      2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
      2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
      2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
      2012-10-02 19:51 . 2012-09-18 21:16 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
      2012-10-02 19:51 . 2010-08-08 21:12 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
      2012-10-02 19:51 . 2010-08-08 21:12 6200680 ----a-w- c:\windows\system32\nvcpl.dll
      2012-10-02 19:50 . 2010-08-08 21:12 891240 ----a-w- c:\windows\system32\nvvsvc.exe
      2012-10-02 19:50 . 2010-08-08 21:12 63336 ----a-w- c:\windows\system32\nvshext.dll
      2012-10-02 19:50 . 2010-08-08 21:12 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
      2012-10-02 19:50 . 2010-08-08 21:12 118120 ----a-w- c:\windows\system32\nvmctray.dll
      2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
      2012-09-29 18:54 . 2012-07-10 22:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-09-28 18:03 . 2012-09-28 18:03 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
      2012-09-18 21:29 . 2012-09-18 21:29 53248 ----a-r- c:\users\USUARIO\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
      2012-09-18 21:29 . 2012-09-18 21:29 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
      2012-09-17 09:56 . 2012-10-17 11:22 34656 ----a-w- c:\windows\system32\TURegOpt.exe
      2012-09-17 09:56 . 2012-10-17 11:22 25952 ----a-w- c:\windows\system32\authuitu.dll
      2012-09-17 09:56 . 2012-10-17 11:22 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
      2012-09-14 19:19 . 2012-10-10 12:34 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-09-14 18:28 . 2012-10-10 12:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
      2012-09-12 15:07 . 2012-09-12 15:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
      2012-08-31 18:19 . 2012-10-10 12:34 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Adobe"="c:\programdata\Adobe\20E2DF.vbe" [2012-10-02 7150]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "HideSCAHealth"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "mixer3"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      .
      R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
      R3 ALSysIO;ALSysIO;c:\users\USUARIO\AppData\Local\Temp\ALSysIO64.sys [x]
      R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-09 1255736]
      R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
      S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
      S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
      S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
      S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-17 2365792]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-25 365376]
      S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2012-05-02 134944]
      S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2012-05-02 403232]
      S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
      S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-29 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files (x86)\Glary Utilities\initialize.exe [2012-07-14 19:59]
      .
      2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709415398-1181114982-2073429736-1000Core.job
      - c:\users\USUARIO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 19:02]
      .
      2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709415398-1181114982-2073429736-1000UA.job
      - c:\users\USUARIO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 19:02]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-21 6839952]
      "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=hp
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=ES&userid=0f1a46b8-a1c2-4a76-89ea-871fc25892dd&searchtype=ds&q={searchTerms}
      IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      TCP: DhcpNameServer = 78.136.121.243 78.136.107.50
      FF - ProfilePath - c:\users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0fiz6j6m.default\
      FF - prefs.js: browser.search.selectedEngine - Web Search
      FF - prefs.js: browser.startup.homepage - www.google.es
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - ExtSQL: 2012-09-30 13:19; [email protected]; c:\users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0fiz6j6m.default\extensions\[email protected]
      FF - ExtSQL: 2012-10-17 13:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0fiz6j6m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      FF - user.js: network.http.max-persistent-connections-per-server - 4
      FF - user.js: nglayout.initialpaint.delay - 600
      FF - user.js: content.notify.interval - 600000
      FF - user.js: content.max.tokenizing.time - 1800000
      FF - user.js: content.switch.threshold - 600000
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
      Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
      WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-2709415398-1181114982-2073429736-1000\Software\SecuROM\License information*]
      "datasecu"=hex:13,d7,fb,95,9a,f1,c0,2c,68,82,05,5c,78,6c,7c,f9,99,9a,2d,6a,1b,
      b6,cb,7c,59,66,8a,a5,bb,bf,1c,7d,18,7a,76,f3,13,66,ec,f4,3d,bf,50,c6,8c,ec,\
      "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
      @="?????????????????? v1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
      @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
      @="?????????????????? v2"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
      @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-29 12:26:07 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-29 11:26
      .
      Pre-Run: 246.878.388.224 bytes libres
      Post-Run: 246.404.304.896 bytes libres
      .
      - - End Of File - - 2CE53796A477209AC31A0F1DCE9960BB


      En cuanto al funcionamiento, parece que anda igual. Funciona bien pero sigue detectando al virus.

      Gr. Jakea

    6. #6
      Usuario Avatar de JamesMulligan
      Registrado
      nov 2012
      Ubicación
      España
      Mensajes
      41

      Re: [Problema] Svchost.exe (virus)

      Hola, creo que tenemos el mismo problema. A mí también me salta una alerta de Avast tanto si estoy conectado a internet como si no. Me salen tres alertas seguidas como si una web estuviera intentando entrar en mi ordenador y en proceso me remite a svchost.exe. Al igual que tú hay otro ordenador en mi casa con el mismo problema, no sé si habrá entrado por medio de un pendrive.
      Por otro lado he observado que cuando meto un dispositivo también salta y la alerta es sobre el autorun y en en dispositivo en cuestión, un pendrive por ejemplo aparece un acceso directo a la carpeta Toshiba.

    7. #7
      Usuario Avatar de Jakea
      Registrado
      jul 2012
      Ubicación
      España
      Mensajes
      13

      Re: [Problema] Svchost.exe (virus)

      Cita Originalmente publicado por JamesMulligan Ver Mensaje
      Hola, creo que tenemos el mismo problema. A mí también me salta una alerta de Avast tanto si estoy conectado a internet como si no. Me salen tres alertas seguidas como si una web estuviera intentando entrar en mi ordenador y en proceso me remite a svchost.exe. Al igual que tú hay otro ordenador en mi casa con el mismo problema, no sé si habrá entrado por medio de un pendrive.
      Por otro lado he observado que cuando meto un dispositivo también salta y la alerta es sobre el autorun y en en dispositivo en cuestión, un pendrive por ejemplo aparece un acceso directo a la carpeta Toshiba.
      Hmm, tu caso parece más complejo que el mío. ¿Recuerdas si instalaste algún juego o algo justo antes de que te apareciera el virus?
      Creo que fue la razón por la que me salió a mí; por instalar un juego..

    8. #8
      Usuario Avatar de JamesMulligan
      Registrado
      nov 2012
      Ubicación
      España
      Mensajes
      41

      Re: [Problema] Svchost.exe (virus)

      Pues no sé la verdad, no me suena haber instalado nada. Una posibilidad es a través de Emule pues el otro ordenador de la casa que tiene el mismo problema también tiene Emule.

    9. #9
      Usuario Avatar de Jakea
      Registrado
      jul 2012
      Ubicación
      España
      Mensajes
      13

      Re: [Problema] Svchost.exe (virus)

      En mi opinión, el emule deja mucho que desear... He perdido más de lo que he ganado usándolo.
      Te aconsejo que te pases a torrent (vuze, utorrent, bittorrent, entre otros); los veo mejor.

      Por otro lado, a ver si reaparece Tyny que me ha dejado a medias...

    10. #10
      Usuario Avatar de JamesMulligan
      Registrado
      nov 2012
      Ubicación
      España
      Mensajes
      41

      Re: [Problema] Svchost.exe (virus)

      Ya, yo lo he pensado pero no sé como se usa torrent.

    Página 1 de 2 12 ÚltimoÚltimo