• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    Micro funcionando al 100% cuando tiene conexion a internet

    Hola hace poco me infecte con un troyano(en mi win7 32b), empezo a utilizar el procesador(la memoria no) y viendo con un sniff vi que descargaba algunas cosas, hice el scan con malwarebytes con los ...

    1. #1
      Usuario Avatar de nicolasm
      Registrado
      abr 2011
      Ubicación
      Argentina
      Mensajes
      7

      Micro funcionando al 100% cuando tiene conexion a internet

      Hola hace poco me infecte con un troyano(en mi win7 32b), empezo a utilizar el procesador(la memoria no) y viendo con un sniff vi que descargaba algunas cosas, hice el scan con malwarebytes con los sigientes resultados:
      Archivos Detectados: 37
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RKDLHP1.exe (PUP.NetboxServer) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RJJNSPQ\蜀山神话.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RUYV3JR\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RUYV3JR\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RUYV3JR\patch\bgp\WEB服务器.exe (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RVJAQO2\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RVJAQO2\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RNF5EJC\蜀山神话.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RTH4DTA\test.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RFL1SUU\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RFL1SUU\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RFL1SUU\patch\bgp\WEB服务器.exe (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RO9PGA7\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RO9PGA7\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$R860HOX\CYDPHP\www\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$R860HOX\CYDPHP\www\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$R860HOX\server\htdocs\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$R860HOX\server\htdocs\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$R860HOX\server\htdocs\patch\bgp\WEB服务器.exe (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RZB84ZZ\蜀山神话.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RZIVGNG\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\$RECYCLE.BIN\S-1-5-21-1098950386-1455428295-1303831879-1000\$RZIVGNG\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\Users\master\Downloads\S蜀山神话工具\蜀山神话.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\Users\master\Downloads\sssh\CYDPHP\www\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\Users\master\Downloads\sssh\CYDPHP\www\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\zu\sssh\CYDPHP\www\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\zu\sssh\CYDPHP\www\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\zu\sssh\server\htdocs\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\zu\sssh\server\htdocs\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\zu\sssh\server\htdocs\patch\bgp\WEB服务器.exe (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\sssh\server2\GPHSSSH\server\sql\APMServ5.2.6\www\htdocs\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\sssh\server2\GPHSSSH\server\sql\APMServ5.2.6\www\htdocs\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\sssh\web\htdocs\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\sssh\web\htdocs\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\sssh\_downgrade\htdocs\patch\bgp\krnln.fnr (Trojan.FlyStudio) -> En cuarentena y eliminado con éxito.
      C:\sssh\_downgrade\htdocs\patch\bgp\shell.fne (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\Windows\System32\SkinH_EL.dll (Backdoor.Agent) -> En cuarentena y eliminado con éxito.
      Reinicie pero empezo a pasar los mismo, vi en administrador de tareas que habia varios svchost.exe le pase malwarebytes 2 veces mas pero ningun resultado, tambien probe con su anti-rootkit pero nada, tambien descarge el update de mb manualmente por que no podia actualizarlo (y no lo actualizaba desde hace 55 dias), trate de utilizar hijackthis pero sin resultado que no se sigan ejecutando, aqui esta el log

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 11:01:06, on 08/02/2013
      Platform: Windows 7 (WinNT 6.00.3504)
      MSIE: Unable to get Internet Explorer version!
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\userinit.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\System32\mobsync.exe
      C:\Users\master\Desktop\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O4 - HKLM\..\Run: [Cm112Sound] RunDll32 cm112.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
      O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
      O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
      O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
      O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
      O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
      O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
      O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
      O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
      O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      --
      End of file - 17624 bytes
      Por ahora estoy en ubuntu, pero necesito ayuda con este, gracias
      Última edición por nicolasm fecha: 08/02/13 a las 08:29:27

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Hola





      Vas a trabajar con 2 herramientas. Intentá hacer todos los pasos que menciono mas abajo. Si alguno NO podes hacer, lo saltas y seguis con los otros.




      PASO 1



      Descargá Glary Utilities a Tu escritorio y lo instalas según Su manual.


      Ejecutá Glary Utilities

      • Presioná el Boton Mantenimiento un Clic
      • Presioná el Boton Ver Resultados y esperá a que termine.
      • Cuando termine, presionas el Boton Reparar Problemas.






      PASO 2



      Descarga la herramienta ComboFix.exe a Tu escritorio.
      • Desactivá temporalmente el Antivirus y/o Antispyware.
      • Cerrá todas las ventanas abiertas.
      • Hacé doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generará un reporte en C:\ComboFix.txt.


      • *Nota* Mientras CF este trabajando no debes mover el mouse ya que pararía su proceso.
      • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      • *Nota* No vuelvas a utilizar ComboFix ni ningun otro programa antivirus hasta que no te de una respuesta.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      NOTAS IMPORTANTES:

      ° Una vez Terminado el Trabajo de ComboFix, podes activar Tu antivirus.

      ° No Pongas los Reportes Dentro de Etiquetas Code ni HTML.

      ° No vuelvas a ejecutar ningún otro programa antivirus hasta que vuelva con una respuesta.

      ° Si No podes realizar un paso, lo saltas y seguis con el próximo.



      En Tu próxima respuesta, debes poner el reporte de ComboFix, que se encuentra en C:\ComboFix.txt



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de nicolasm
      Registrado
      abr 2011
      Ubicación
      Argentina
      Mensajes
      7

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Hola, gracias por responder, pude pasar Glary Utilities pero comboFix se queda y no sige su proceso, intenté en modo a prueba de fallos pero igual, se queda en "This typicaly doesn't take more than 10 minutes, However, scan times for badly infected machines may easily double"

    4. #4
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Hola


      Hacé correr ComboFix Iniciando el ordenador en Modo Seguro


      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    5. #5
      Usuario Avatar de nicolasm
      Registrado
      abr 2011
      Ubicación
      Argentina
      Mensajes
      7

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Hola Leosolari, te comenté anteriormente que trate de hacerlo en modo seguro / modo a prueba de fallos y igual se queda en "This typicaly doesn't take more than 10 minutes, However, scan times for badly infected machines may easily double", lo hice 3 veces, dejandolo horas trabajando, pero es el mismo resultado.

    6. #6
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Hola




      Descargá la Herramienta Malwarebytes Anti-Rootkit Beta.zip y descomprimí el contenido en Tu escritorio.

      • Abrí la carpeta Mbar. Doble clic en el archivo Mbar.exe
      • En la interfaz del programa hacé clic en Next.
      • Hacé clic en el botón Update. Terminando hacé clic en Next
      • Para iniciar el análisis hacé clic en el botón Scan
      • Terminando esto, si hay infección hacé clic en CleanUp, si no hay hacé clic en Exit.
      • Abrí la carpeta Mbar, abrí el archivo Mbar-log.txt y copiá y pegá todo su contenido en Tu próxima respuesta.




      NOTA: Volves con el reporte y Nos comentas como sigue el ordenador.

      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    7. #7
      Usuario Avatar de nicolasm
      Registrado
      abr 2011
      Ubicación
      Argentina
      Mensajes
      7

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Malwarebytes Anti-Rootkit BETA 1.01.0.1017
      www.malwarebytes.org

      Database version: v2013.01.18.09

      Windows 7 x86 NTFS
      Internet Explorer 9.0.8112.16421
      master :: MASTER-SYSADMIN [administrator]

      09/02/2013 16:21:07
      mbar-log-2013-02-09 (16-21-07).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 27447
      Time elapsed: 6 minute(s), 12 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      (end)

      Limpio, parece ser que malware bytes se hizo cargo los virus anteriormente, ahora lo que veo es que tengo varios procesos svchost.exe, si hago un scan con hijackthis sale un listado gigante, otra cosa es que no tengo conexion a internet(tengo wifi), no puedo acceder ni a la configuracion del router(192.168.0.1).

      EDIT: No pude actualizarlo por que no se conecta a internet(tengo una red wifi) sobre el micro funciona normalmente.
      Última edición por nicolasm fecha: 09/02/13 a las 13:16:50

    8. #8
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      Hola




      Descargá OTL By OldTimer





      >>> Ejecutá OTL
      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo asta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Pegá el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:

        NOTA: No copiar la palabra Cita.
        msconfig
        netsvcs
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.




      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    9. #9
      Usuario Avatar de nicolasm
      Registrado
      abr 2011
      Ubicación
      Argentina
      Mensajes
      7

      Re: Micro funcionando al 100% cuando tiene conexion a internet

      OTL logfile created on: 10/02/2013 15:43:00 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\master\Desktop
      Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 68,86% Memory free
      4,00 Gb Paging File | 3,34 Gb Available in Paging File | 83,43% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 465,76 Gb Total Space | 336,41 Gb Free Space | 72,23% Space Free | Partition Type: NTFS

      Computer Name: MASTER-SYSADMIN | User Name: master | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\master\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
      PRC - C:\Archivos de programa\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
      PRC - C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      PRC - C:\Archivos de programa\Microsoft Security Client\msseces.exe (Microsoft Corporation)
      PRC - c:\Archivos de programa\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========


      ========== Services (SafeList) ==========

      SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
      SRV - (Stereo Service) -- C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
      SRV - (NisSrv) -- c:\Archivos de programa\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
      SRV - (MsMpSvc) -- c:\Archivos de programa\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
      SRV - (rpcapd) -- C:\Archivos de programa\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
      SRV - (SwitchBoard) -- C:\Archivos de programa\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
      DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
      DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
      DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
      DRV - (USBADVAU) -- C:\Windows\System32\drivers\cm112.sys (C-Media Electronics Inc)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger y más en MSN Argentina, noticias, entretenimiento, deportes, videos.
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 38 16 6E D2 47 CD 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "https://www.google.com.ar/"
      FF - prefs.js..extensions.enabledAddons: crossfire%40almaden.ibm.com:0.3a10
      FF - prefs.js..extensions.enabledAddons: eventbug%40getfirebug.com:0.1b10
      FF - prefs.js..extensions.enabledAddons: firefocus%40incaseofstairs.com:1.2.2
      FF - prefs.js..extensions.enabledAddons: firequery%40binaryage.com:1.3
      FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.3
      FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
      FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
      FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
      FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
      FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
      FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll File not found
      FF - HKLM\Software\MozillaPlugins\@ncsoft.com/Plugin: C:\Program Files\plaync\NCPlugin\npncllm3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 0111 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2012/05/25 23:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\master\AppData\Roaming\mozilla\Extensions
      [2013/01/31 18:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\master\AppData\Roaming\mozilla\Firefox\Profiles\fkh2hfl9.default\extensions
      [2013/01/19 00:12:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\master\AppData\Roaming\mozilla\Firefox\Profiles\fkh2hfl9.default\extensions\[email protected]
      [2012/06/04 05:08:03 | 000,081,434 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2012/06/04 05:21:26 | 000,011,558 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2012/12/19 22:29:47 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2013/01/01 07:40:44 | 000,163,295 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2012/06/04 05:21:26 | 000,013,126 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2012/10/06 22:19:32 | 000,106,668 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2012/12/19 22:29:31 | 000,548,003 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\[email protected]
      [2013/01/30 01:13:45 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
      [2013/01/31 18:26:41 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\master\AppData\Roaming\mozilla\firefox\profiles\fkh2hfl9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2013/02/06 01:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2013/02/06 0110 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2012/08/31 02:47:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/12/06 08:08:11 | 000,004,095 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/12/06 08:08:11 | 000,001,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2012/10/12 23:58:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      [2012/12/06 08:08:11 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/12/06 08:08:11 | 000,001,315 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
      CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
      CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
      CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
      CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
      CHR - plugin: NCSOFT Login Launcher Module (Enabled) = C:\Program Files\plaync\NCPlugin\npncllm3.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - Extension: Google Docs = C:\Users\master\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
      CHR - Extension: Google Drive = C:\Users\master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
      CHR - Extension: YouTube = C:\Users\master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: Google Search = C:\Users\master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: Gmail = C:\Users\master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2013/02/09 16:33:59 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: 127.0.0.1 activate.adobe.com
      O4 - HKLM..\Run: [Cm112Sound] RunDll32 cm112.cpl,CMICtrlWnd File not found
      O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.45.191.35 200.45.48.233
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A80C1CE2-1D30-4479-A311-FBDA1B923945}: DhcpNameServer = 200.45.191.35 200.45.48.233
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O33 - MountPoints2\{e73b3e32-adfd-11e1-9fe2-002618be40d1}\Shell - "" = AutoRun
      O33 - MountPoints2\{e73b3e32-adfd-11e1-9fe2-002618be40d1}\Shell\AutoRun\command - "" = E:\autorun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      MsConfig - StartUpReg: Cm112Sound - hkey= - key= - File not found
      MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      MsConfig - StartUpReg: EADM - hkey= - key= - C:\Program Files\Origin\Origin.exe (Electronic Arts)
      MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
      MsConfig - State: "services" - 2
      MsConfig - State: "startup" - 1

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/02/10 12:33:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\master\Desktop\OTL.exe
      [2013/02/09 16:01:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2013/02/09 09:53:16 | 000,000,000 | -HSD | C] -- C:\found.000
      [2013/02/09 06:46:25 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\master\Desktop\rkill.exe
      [2013/02/08 16:54:02 | 000,000,000 | ---D | C] -- C:\Users\master\Desktop\combo
      [2013/02/08 16:47:08 | 000,000,000 | ---D | C] -- C:\Users\master\AppData\Roaming\GlarySoft
      [2013/02/08 16:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
      [2013/02/08 16:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
      [2013/02/08 13:42:25 | 006,632,472 | ---- | C] (Glarysoft Ltd ) -- C:\Users\master\Desktop\gusetup_slim.exe
      [2013/02/08 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\master\Desktop\backups
      [2013/02/08 11:01:53 | 000,000,000 | ---D | C] -- C:\Users\master\Desktop\mbam-chameleon-1.62.1.1000
      [2013/02/08 10:34:18 | 000,000,000 | ---D | C] -- C:\Users\master\Desktop\mbar-1.01.0.1017
      [2013/02/08 07:59:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\master\Desktop\HijackThis.exe
      [2013/02/08 07:32:53 | 007,481,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\master\Desktop\mbam-rules.exe
      [2013/02/06 01:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
      [2013/02/05 14:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
      [2013/02/03 08:29:47 | 000,000,000 | ---D | C] -- C:\Users\master\AppData\Roaming\IsolatedStorage
      [2013/02/03 08:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
      [2013/02/03 08:29:37 | 000,000,000 | ---D | C] -- C:\Users\master\AppData\Local\_
      [2013/01/31 03:55:19 | 000,000,000 | ---D | C] -- C:\Users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft SmartSniff
      [2013/01/31 03:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
      [2013/01/20 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\master\.idlerc
      [2013/01/20 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\master\Documents\Navicat
      [2013/01/17 10:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\plaync

      ========== Files - Modified Within 30 Days ==========

      [2013/02/10 15:41:57 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
      [2013/02/10 15:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/02/10 15:41:44 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
      [2013/02/10 15:39:27 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/02/10 15:39:27 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/02/10 15:39:02 | 000,781,618 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2013/02/10 15:39:02 | 000,681,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2013/02/10 15:39:02 | 000,168,956 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2013/02/10 15:39:02 | 000,128,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2013/02/10 12:32:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\master\Desktop\OTL.exe
      [2013/02/09 09:54:13 | 000,003,464 | ---- | M] () -- C:\bootsqm.dat
      [2013/02/09 06:42:11 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\master\Desktop\rkill.exe
      [2013/02/08 16:45:14 | 000,001,034 | ---- | M] () -- C:\Users\master\Desktop\Glary Utilities.lnk
      [2013/02/08 13:41:19 | 006,632,472 | ---- | M] (Glarysoft Ltd ) -- C:\Users\master\Desktop\gusetup_slim.exe
      [2013/02/08 07:55:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\master\Desktop\HijackThis.exe
      [2013/02/08 07:53:57 | 001,440,846 | ---- | M] () -- C:\Users\master\Desktop\mbam-chameleon-1.62.1.1000.zip
      [2013/02/08 07:32:43 | 007,481,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\master\Desktop\mbam-rules.exe
      [2013/02/08 07:27:05 | 013,562,257 | ---- | M] () -- C:\Users\master\Desktop\mbar-1.01.0.1017.zip
      [2013/02/06 10:30:11 | 000,320,311 | ---- | M] () -- C:\Users\master\Desktop\bookmarks.html
      [2013/02/06 03:20:57 | 000,001,238 | ---- | M] () -- C:\WNetWatcher.cfg
      [2013/02/06 03:03:35 | 000,166,912 | ---- | M] () -- C:\Windows\System32\libmcrypt.dll
      [2013/02/06 03:03:35 | 000,165,643 | ---- | M] () -- C:\Windows\System32\libmhash.dll
      [2013/02/05 00:06:42 | 000,001,759 | ---- | M] () -- C:\Users\master\Desktop\query.sql
      [2013/02/02 05:20:27 | 000,139,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
      [2013/02/02 05:20:16 | 000,281,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
      [2013/02/02 05:19:56 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
      [2013/01/31 04:00:12 | 000,001,475 | ---- | M] () -- C:\smsniff.exe.lnk
      [2013/01/28 23:59:56 | 000,001,144 | ---- | M] () -- C:\Windows\Cm112.ini.imi
      [2013/01/14 18:00:52 | 000,000,132 | ---- | M] () -- C:\Users\master\AppData\Roaming\Adobe PNG Format CS5 Prefs

      ========== Files Created - No Company Name ==========

      [2013/02/09 09:54:13 | 000,003,464 | ---- | C] () -- C:\bootsqm.dat
      [2013/02/08 16:45:14 | 000,001,034 | ---- | C] () -- C:\Users\master\Desktop\Glary Utilities.lnk
      [2013/02/08 16:45:14 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
      [2013/02/08 07:54:16 | 001,440,846 | ---- | C] () -- C:\Users\master\Desktop\mbam-chameleon-1.62.1.1000.zip
      [2013/02/08 07:30:08 | 013,562,257 | ---- | C] () -- C:\Users\master\Desktop\mbar-1.01.0.1017.zip
      [2013/02/06 10:30:11 | 000,320,311 | ---- | C] () -- C:\Users\master\Desktop\bookmarks.html
      [2013/02/06 02:58:51 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
      [2013/02/06 02:58:51 | 000,165,643 | ---- | C] () -- C:\Windows\System32\libmhash.dll
      [2013/01/31 04:00:12 | 000,001,475 | ---- | C] () -- C:\smsniff.exe.lnk
      [2013/01/29 23:41:58 | 000,001,759 | ---- | C] () -- C:\Users\master\Desktop\query.sql
      [2013/01/20 17:24:01 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
      [2013/01/19 10:08:43 | 000,001,238 | ---- | C] () -- C:\WNetWatcher.cfg
      [2013/01/07 16:59:31 | 000,091,100 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
      [2012/12/07 22:00:08 | 000,000,284 | ---- | C] () -- C:\Users\master\AppData\Roaming\GPU MeterV2_Settings.ini
      [2012/12/05 16:39:32 | 000,000,545 | ---- | C] () -- C:\Users\master\AppData\Roaming\All CPU MeterV3_Settings.ini
      [2012/09/24 00:35:22 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
      [2012/09/21 16:11:11 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
      [2012/08/10 13:31:10 | 000,000,218 | ---- | C] () -- C:\Users\master\.recently-used.xbel
      [2012/07/30 03:19:19 | 000,000,132 | ---- | C] () -- C:\Users\master\AppData\Roaming\Adobe PNG Format CS5 Prefs
      [2012/07/27 15:23:55 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
      [2012/07/07 16:42:40 | 000,007,599 | ---- | C] () -- C:\Users\master\AppData\Local\Resmon.ResmonCfg
      [2012/06/15 22:04:10 | 000,000,352 | ---- | C] () -- C:\Users\master\AppData\Roaming\Network Meter_Settings.ini
      [2012/06/15 21:17:24 | 000,042,432 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
      [2012/05/26 06:35:12 | 000,139,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
      [2012/05/26 06:35:12 | 000,138,056 | ---- | C] () -- C:\Users\master\AppData\Roaming\PnkBstrK.sys
      [2012/05/26 06:34:44 | 000,281,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
      [2012/05/26 06:34:43 | 002,580,992 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
      [2012/05/26 06:34:43 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
      [2012/05/26 02:03:13 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeau112.exe
      [2012/05/26 02:03:13 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix112.dll
      [2012/05/26 02:03:13 | 000,000,709 | ---- | C] () -- C:\Windows\Cm112.ini.cfl
      [2012/05/26 02:02:52 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
      [2012/05/26 02:02:52 | 000,002,049 | ---- | C] () -- C:\Windows\Cm112.ini.cfg
      [2012/05/26 02:02:52 | 000,001,144 | ---- | C] () -- C:\Windows\Cm112.ini.imi
      [2012/05/26 02:02:51 | 000,005,630 | ---- | C] () -- C:\Windows\cm112.ini
      [2012/05/15 02:21:50 | 000,423,936 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 11:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/09/28 19:37:38 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\360Login
      [2012/09/28 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\360safebox
      [2012/09/28 19:56:12 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\360se
      [2012/06/26 04:11:04 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
      [2013/02/06 10:02:38 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\DAEMON Tools Lite
      [2013/02/08 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\GlarySoft
      [2013/02/03 08:29:47 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\IsolatedStorage
      [2012/05/29 02:42:57 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Mumble
      [2013/02/09 16:30:37 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Notepad++
      [2012/08/03 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\OfficeRecovery
      [2012/08/03 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\OfficeRecovery.0e68b589
      [2012/12/04 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Origin
      [2012/12/04 04:13:12 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Process Hacker 2
      [2012/10/27 08:14:32 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\RetroCityRampage
      [2012/08/03 13:27:35 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Sublime Text 2
      [2012/12/03 11:18:51 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\TCPMonitor
      [2013/01/25 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\TeamViewer
      [2013/02/06 10:02:38 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\TS3Client
      [2013/01/10 16:05:08 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Wireshark

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
      [2012/05/25 21:32:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2013/02/09 09:54:13 | 000,003,464 | ---- | M] () -- C:\bootsqm.dat
      [2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2012/05/26 22:58:50 | 000,383,592 | RHS- | M] () -- C:\gdrop
      [2013/02/10 15:41:44 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
      [2012/08/07 14:48:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/08/07 14:48:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2013/02/10 15:41:46 | 2146,623,488 | -HS- | M] () -- C:\pagefile.sys
      [2012/08/03 08:03:19 | 000,002,022 | ---- | M] () -- C:\Process Hacker 2.lnk
      [2013/01/31 04:00:12 | 000,001,475 | ---- | M] () -- C:\smsniff.exe.lnk
      [2012/05/04 08:33:52 | 000,466,944 | ---- | M] () -- C:\TCPMonitor.exe
      [2011/07/25 12:40:56 | 000,300,832 | ---- | M] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Tcpview.exe
      [2012/12/28 06:09:11 | 000,000,635 | ---- | M] () -- C:\tzar.ini
      [2013/02/06 03:20:57 | 000,001,238 | ---- | M] () -- C:\WNetWatcher.cfg
      [2012/08/27 12:52:20 | 000,684,032 | ---- | M] (NirSoft) -- C:\WNetWatcher.exe
      [2012/05/26 22:58:50 | 000,171,136 | RHS- | M] () -- C:\xeldr

      < End of report >