• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    me sale publicidad

    Buenas, recurro otra vez a este foro que otras veces me ha solucionado problemas. Al navegar me sale publicidad, por ejemplo, en linkedin. En ocasiones, sale la publicidad de esa página, en otras se superpone. ...

    1. #1
      Usuario Avatar de zooraspa
      Registrado
      dic 2009
      Ubicación
      Madrid
      Mensajes
      56

      Malware me sale publicidad

      Buenas, recurro otra vez a este foro que otras veces me ha solucionado problemas.

      Al navegar me sale publicidad, por ejemplo, en linkedin. En ocasiones, sale la publicidad de esa página, en otras se superpone. Sobretodo mensajes del tipo "download" o un anuncio sobre un sistema para espiar vía móvil.

      He seguido los "11 pasos" y en principio, el malwarebytes me detectó 4 archivos sospechosos, alguno de adware. Luego pasé el panda on line y no detectó nada. Después, volví a pasar el malwarebytes y tampoco detectó nada.

      Y me sigue apareciendo publicidad.

      Gracias de antemano.

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.317

      re: me sale publicidad

      Hola zooraspa

      Realiza los siguientes pasos:

      1) Descarga >> AT-Destroyer (by InfoSpyware) | InfoSpyware

      • Cierra TODOS los programas que tengas abiertos, y >> Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En el menú pulsa sobre la opción "Buscar y Destruir".
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • Si detecta infecciones se te indicara y pulsas en Aceptar.
      • Al finalizar el proceso te pedirá Reiniciar, pulsa para Aceptar.
      • Al Iniciar de nuevo Windows se te abrirá un reporte/informe, que deberás copiar en tu próxima respuesta, comentando cómo funciona el sistema.(También puedes encontrarlo en C:\AT-Destroyer.txt)



      2) Descarga AdwCleaner.exe a tu escritorio.

      • Deshabilita temporalmente tu antivirus. y cierra todos los programas abiertos.
      • Ejecuta AdwCleaner.exe (En Windows Vista o 7, presiona clic derecho sobre el ícono y elige Ejecutar como Administrador)
      • Presiona Supresión.
      • AdwCleaner.exe generará un reporte en C:\AdwCleaner[R1].txt


      Pegas los reportes de At-Destroyer y AdwCleaner y el de Malwarebytes que tengas y comentas como va todo.

      Un saludo

    3. #3
      Usuario Avatar de zooraspa
      Registrado
      dic 2009
      Ubicación
      Madrid
      Mensajes
      56

      re: me sale publicidad

      Hola, en primer lugar, agradeceros la pronta respuesta.

      He pasado los dos programas y sigue igual, saliendo la dichosa publicidad. Os pego los reportes. Del Malwarebytes, cuando lo pasé ayer me envió a "cuarentena" 5 archivos "Adware.Mutipug"!

      AT-Destroyer:

      ######################## AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 17:12:28 \\\ 17/04/2013
      AT-Destroyer 2.1 By Infospyware ---> InfoSpyware
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.10.9200.16540
      Mozilla Firefox:20.0.1.4847
      Google Chrome:26.0.1410.64
      Privilegios: zooraspa - Administrador
      Modo Actual: Modo Normal.
      Nombre del pc: ZOORASPA-HP
      Información del sistema operativo:X64-WIN_7-Service Pack 1
      nombre del usuario:zooraspa
      Lenguaje del sistema: Español



      >>>>>>> Servicios <<<<<<<



      >>>>>> Carpetas <<<<<<

      C:\Program Files (x86)\Conduit\Community Alerts 92
      C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll 92
      C:\Program Files (x86)\Conduit 92
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} 97
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache 97
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat 97
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe 97
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico 97
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll 97
      C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll 97
      C:\ProgramData\Tarma Installer 97


      >>>>>> Archivos <<<<<<

      C:\Windows\System32\ezsidmv.dat


      >>>>>> Registro <<<<<<

      HKEY_CURRENT_USER\Software\DataMngr
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr
      HKEY_CURRENT_USER\Software\Conduit
      HKEY_LOCAL_MACHINE\SOFTWARE\Conduit
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}


      >>>>>> Heurística <<<<<<



      >>>>>> Internet Explorer <<<<<<

      Start Page==www.google.com
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://go.microsoft.com/fwlink/p/?LinkId=255141


      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==

      Spyware modo rápido

      Malwarebytes Anti-Malware (Versión de Prueba) 1.75.0.1300
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2013.04.16.09

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 10.0.9200.16540
      zooraspa :: ZOORASPA-HP [administrador]

      Protección: Habilitado

      17/04/2013 17:23:49
      mbam-log-2013-04-17 (17-23-49).txt

      Tipos de Análisis: Análisis Rápido
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 213494
      Tiempo transcurrido: 5 minuto(s), 26 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      Default_Page_URL==


      HKEY_USERS\S-1-5-21-768918742-2577682017-4061970147-1001\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==


      >>>>>> Firefox <<<<<<

      user_pref("aol_toolbar.default.homepage.check", false);
      user_pref("browser.startup.homepage", "http://www.sport.es/");
      user_pref("browser.startup.homepage_override.buildID", "20130409194949");
      user_pref("browser.startup.homepage_override.mstone", "20.0.1");
      user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");


      >>>>>> Extensiones Firefox <<<<<<


      C:\Program Files (x86)\{972ce4c6-7e08-4474-a285-3208198ce6fd}

      >>>>>> Plugins Firefox <<<<<<

      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9

      >>>>>> Google Chrome <<<<<<

      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      >>>>>> Extensiones Google Chrome <<<<<<

      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\8
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\abodbjinbdoophkanpginkpdagabkacd
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg
      C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ======== Listado ===========

      [21/01/2013 22:06] [21/01/2013 19:34] [DI] C:\Users\zooraspa\AppData\Roaming\Adobe
      [21/01/2013 19:35] [21/01/2013 19:35] [DI] C:\Users\zooraspa\AppData\Roaming\ATI
      [21/01/2013 19:40] [21/01/2013 19:40] [DI] C:\Users\zooraspa\AppData\Roaming\AVG2013
      [09/02/2013 19:47] [09/02/2013 19:47] [DI] C:\Users\zooraspa\AppData\Roaming\CyberLink
      [11/03/2013 22:42] [11/03/2013 22:42] [DI] C:\Users\zooraspa\AppData\Roaming\DealPly
      [23/01/2013 20:14] [23/01/2013 20:14] [DI] C:\Users\zooraspa\AppData\Roaming\FreeAudioPack
      [10/03/2013 20:12] [10/03/2013 20:11] [DI] C:\Users\zooraspa\AppData\Roaming\FreeCDRipper
      C:\Users\zooraspa\AppData\Roaming\GhostObjGAFix.xml [AI] 1,81 KB ( )
      [14/04/2013 20:23] [14/04/2013 20:23] [DI] C:\Users\zooraspa\AppData\Roaming\GlarySoft
      [21/01/2013 22:31] [21/01/2013 22:20] [DI] C:\Users\zooraspa\AppData\Roaming\Google
      [16/02/2013 16:58] [21/01/2013 19:30] [DI] C:\Users\zooraspa\AppData\Roaming\Hewlett-Packard
      [16/02/2013 17:11] [21/01/2013 19:34] [DI] C:\Users\zooraspa\AppData\Roaming\hpqLog
      [21/01/2013 19:34] [21/01/2013 19:34] [DI] C:\Users\zooraspa\AppData\Roaming\Identities
      [21/01/2013 19:34] [21/01/2013 19:34] [DI] C:\Users\zooraspa\AppData\Roaming\Intel Corporation
      [21/01/2013 19:35] [21/01/2013 19:35] [DI] C:\Users\zooraspa\AppData\Roaming\Macromedia
      [23/01/2013 20:13] [23/01/2013 20:13] [DI] C:\Users\zooraspa\AppData\Roaming\Malwarebytes
      [20/04/2011 11:24] [21/01/2013 18:28] [DI] C:\Users\zooraspa\AppData\Roaming\Media Center Programs
      [02/04/2013 19:43] [21/01/2013 18:28] [SDI] C:\Users\zooraspa\AppData\Roaming\Microsoft
      [20/03/2013 16:46] [21/01/2013 23:12] [DI] C:\Users\zooraspa\AppData\Roaming\Mozilla
      [16/04/2013 21:34] [16/04/2013 21:34] [DI] C:\Users\zooraspa\AppData\Roaming\Panda Security
      [21/01/2013 19:35] [21/01/2013 19:35] [DI] C:\Users\zooraspa\AppData\Roaming\PictureMover
      [17/04/2013 17:09] [01/02/2013 15:35] [DI] C:\Users\zooraspa\AppData\Roaming\Skype
      [23/01/2013 20:15] [21/01/2013 22:08] [DI] C:\Users\zooraspa\AppData\Roaming\SoftGrid Client
      [21/01/2013 19:34] [21/01/2013 19:34] [DI] C:\Users\zooraspa\AppData\Roaming\Synaptics
      [31/03/2013 23:49] [31/03/2013 23:48] [D] C:\Users\zooraspa\AppData\Roaming\Systweak
      [16/04/2013 21:27] [26/02/2013 18:10] [DI] C:\Users\zooraspa\AppData\Roaming\TorrentStream
      [21/01/2013 22:08] [21/01/2013 22:07] [DI] C:\Users\zooraspa\AppData\Roaming\TP
      [21/01/2013 19:39] [21/01/2013 19:39] [DI] C:\Users\zooraspa\AppData\Roaming\TuneUp Software
      [ 17/04/2013 0:20] [ 21/01/2013 23:11] [DI] C:\Users\zooraspa\AppData\Roaming\uTorrent
      [26/03/2013 17:46] [03/02/2013 19:02] [DI] C:\Users\zooraspa\AppData\Roaming\vlc
      [20/04/2011 2:34] [20/04/2011 2:33] [D] C:\Program Files (x86)\ATI Technologies
      [21/01/2013 19:38] [21/01/2013 19:38] [D] C:\Program Files (x86)\AVG
      [21/01/2013 22:25] [20/04/2011 2:47] [D] C:\Program Files (x86)\Bing Bar Installer
      [31/03/2013 23:47] [31/03/2013 23:47] [D] C:\Program Files (x86)\BrowseToSave
      [10/02/2013 10:25] [14/07/2009 5:20] [D] C:\Program Files (x86)\Common Files
      [20/04/2011 2:45] [10/01/2011 2:34] [D] C:\Program Files (x86)\CyberLink
      C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
      [10/01/2011 2:38] [10/01/2011 2:37] [D] C:\Program Files (x86)\EasyBits For Kids
      [03/02/2013 19:00] [03/02/2013 19:00] [D] C:\Program Files (x86)\FilesFrog Update Checker
      [23/01/2013 20:14] [23/01/2013 20:14] [D] C:\Program Files (x86)\Free Audio Pack
      [23/01/2013 19:35] [23/01/2013 19:35] [D] C:\Program Files (x86)\FreeTime
      [14/04/2013 19:51] [14/04/2013 19:51] [D] C:\Program Files (x86)\Glary Utilities
      [26/02/2013 18:11] [21/01/2013 22:19] [D] C:\Program Files (x86)\Google
      [21/01/2013 22:20] [21/01/2013 22:19] [D] C:\Program Files (x86)\GUM208B.tmp
      [16/02/2013 17:12] [10/01/2011 2:17] [D] C:\Program Files (x86)\Hewlett-Packard
      [10/01/2011 2:25] [10/01/2011 2:19] [D] C:\Program Files (x86)\HP Games
      [16/02/2013 17:16] [10/01/2011 2:35] [HD] C:\Program Files (x86)\InstallShield Installation Information
      [20/04/2011 2:36] [20/04/2011 2:35] [D] C:\Program Files (x86)\Intel
      [11/04/2013 15:29] [14/07/2009 5:20] [D] C:\Program Files (x86)\Internet Explorer
      [03/03/2013 20:07] [03/03/2013 20:07] [D] C:\Program Files (x86)\Java
      [16/04/2013 21:14] [23/01/2013 20:13] [D] C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [21/01/2013 22:25] [20/04/2011 2:48] [D] C:\Program Files (x86)\Microsoft
      [26/01/2013 0:30] [26/01/2013 0:30] [D] C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
      [25/01/2013 18:04] [25/01/2013 18:00] [D] C:\Program Files (x86)\Microsoft Office
      [14/03/2013 7:11] [14/03/2013 7:11] [D] C:\Program Files (x86)\Microsoft Silverlight
      [10/01/2011 2:30] [10/01/2011 2:30] [D] C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [25/01/2013 18:04] [25/01/2013 18:04] [D] C:\Program Files (x86)\Microsoft Visual Studio
      [25/01/2013 18:01] [25/01/2013 18:01] [D] C:\Program Files (x86)\Microsoft Visual Studio 8
      [26/01/2013 0:28] [25/01/2013 18:05] [D] C:\Program Files (x86)\Microsoft Works
      [25/01/2013 18:03] [23/01/2013 23:07] [D] C:\Program Files (x86)\Microsoft.NET
      [13/04/2013 16:57] [13/04/2013 16:57] [D] C:\Program Files (x86)\Mozilla Firefox
      [14/04/2013 11:14] [20/03/2013 16:46] [D] C:\Program Files (x86)\Mozilla Maintenance Service
      [25/01/2013 18:04] [14/07/2009 7:32] [D] C:\Program Files (x86)\MSBuild
      [21/01/2013 22:26] [21/01/2013 19:43] [D] C:\Program Files (x86)\MunSoft
      [21/01/2013 19:30] [10/01/2011 2:19] [RD] C:\Program Files (x86)\Online Services
      [16/04/2013 21:32] [16/04/2013 21:32] [D] C:\Program Files (x86)\Panda Security
      [20/04/2011 2:45] [20/04/2011 2:45] [D] C:\Program Files (x86)\PictureMover
      [20/04/2011 2:37] [20/04/2011 2:36] [D] C:\Program Files (x86)\Realtek
      [14/07/2009 7:32] [14/07/2009 7:32] [D] C:\Program Files (x86)\Reference Assemblies
      [10/02/2013 10:25] [10/02/2013 10:25] [RD] C:\Program Files (x86)\Skype
      [23/01/2013 19:48] [23/01/2013 19:48] [D] C:\Program Files (x86)\SopCast
      [01/04/2013 17:53] [01/04/2013 17:53] [D] C:\Program Files (x86)\Spybot - Search & Destroy 2
      [16/04/2013 21:28] [22/01/2013 21:57] [D] C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
      [14/07/2009 6:57] [14/07/2009 6:57] [HD] C:\Program Files (x86)\Uninstall Information
      [21/01/2013 23:11] [21/01/2013 23:11] [D] C:\Program Files (x86)\uTorrent
      [23/01/2013 19:42] [23/01/2013 19:42] [D] C:\Program Files (x86)\VideoLAN
      [10/01/2011 10:19] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Defender
      [10/01/2011 2:31] [10/01/2011 2:29] [D] C:\Program Files (x86)\Windows Live
      [20/03/2013 3:31] [14/07/2009 5:20] [D] C:\Program Files (x86)\Windows Mail
      [20/03/2013 3:31] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Media Player
      [14/07/2009 7:32] [14/07/2009 5:20] [D] C:\Program Files (x86)\Windows NT
      [20/03/2013 3:31] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Photo Viewer
      [20/03/2013 3:31] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Portable Devices
      [20/03/2013 3:31] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Sidebar
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Application Data
      [20/04/2011 2:56] [20/04/2011 2:56] [DI] C:\ProgramData\ATI
      [23/01/2013 15:17] [23/01/2013 15:15] [DI] C:\ProgramData\AVG January 2013 Campaign
      [21/01/2013 19:39] [21/01/2013 19:39] [DI] C:\ProgramData\AVG2013
      [31/03/2013 23:49] [31/03/2013 23:47] [DI] C:\ProgramData\Broowsee22save
      [21/01/2013 19:36] [21/01/2013 19:36] [HD] C:\ProgramData\Common Files
      [09/02/2013 19:51] [10/01/2011 2:34] [DI] C:\ProgramData\CyberLink
      [21/01/2013 18:27] [21/01/2013 18:27] [HSDLI] C:\ProgramData\Datos de programa
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Desktop
      [21/01/2013 18:27] [21/01/2013 18:27] [HSDLI] C:\ProgramData\Documentos
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Documents
      [21/01/2013 18:27] [21/01/2013 18:27] [HSDLI] C:\ProgramData\Escritorio
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Favorites
      [21/01/2013 18:27] [21/01/2013 18:27] [HSDLI] C:\ProgramData\Favoritos
      [21/01/2013 22:20] [21/01/2013 22:19] [DI] C:\ProgramData\Google
      [16/02/2013 16:58] [10/01/2011 2:34] [DI] C:\ProgramData\Hewlett-Packard
      [31/03/2013 23:48] [31/03/2013 23:47] [DI] C:\ProgramData\InstallMate
      [20/04/2011 2:55] [20/04/2011 2:55] [DI] C:\ProgramData\Intel
      [23/01/2013 20:13] [23/01/2013 20:13] [DI] C:\ProgramData\Malwarebytes
      [21/01/2013 18:27] [21/01/2013 18:27] [HSDLI] C:\ProgramData\Menú Inicio
      [17/04/2013 17:12] [21/01/2013 19:36] [DI] C:\ProgramData\MFAData
      [01/04/2013 17:53] [14/07/2009 5:20] [SDI] C:\ProgramData\Microsoft
      [10/04/2013 23:34] [25/01/2013 18:00] [DI] C:\ProgramData\Microsoft Help
      [20/03/2013 16:46] [20/03/2013 16:46] [DI] C:\ProgramData\Mozilla
      [23/01/2013 19:53] [20/04/2011 2:46] [DI] C:\ProgramData\Norton
      [20/04/2011 2:46] [20/04/2011 2:46] [DI] C:\ProgramData\NortonInstaller
      [16/04/2013 21:32] [16/04/2013 21:32] [DI] C:\ProgramData\Panda Security
      [20/04/2011 2:45] [20/04/2011 2:45] [DI] C:\ProgramData\PictureMover
      [21/01/2013 18:27] [21/01/2013 18:27] [HSDLI] C:\ProgramData\Plantillas
      [20/04/2011 2:38] [20/04/2011 2:38] [DI] C:\ProgramData\Ralink Driver
      [10/02/2013 10:25] [01/02/2013 15:35] [DI] C:\ProgramData\Skype
      [31/03/2013 23:48] [31/03/2013 23:48] [DI] C:\ProgramData\SoftSafe
      [01/04/2013 19:23] [01/04/2013 17:53] [DI] C:\ProgramData\Spybot - Search & Destroy
      [10/01/2011 2:25] [10/01/2011 2:25] [DI] C:\ProgramData\Stardock
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Start Menu
      [10/01/2011 2:40] [10/01/2011 2:40] [DI] C:\ProgramData\Sun
      [24/01/2013 23:55] [10/01/2011 2:34] [DAI] C:\ProgramData\Temp
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Templates
      [23/01/2013 4:44] [22/01/2013 6:49] [DI] C:\ProgramData\VirtualizedApplications
      [10/01/2011 2:24] [10/01/2011 2:19] [DI] C:\ProgramData\WildTangent
      [19/03/2013 20:26] [19/03/2013 20:24] [DI] C:\ProgramData\WinZip
      C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [AI] 32 bytes 0
      C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [AI] 109 bytes 0
      C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [AI] 32 bytes 0
      C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [AI] 105 bytes 0
      C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [AI] 32 bytes 0
      [16/02/2013 17:10] [16/02/2013 17:10] [DI] C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
      C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [AI] 107 bytes 0

      ==================== EOF ==================

      AdwCleaner

      # AdwCleaner v2.200 - Fichero creado el 17/04/2013 a 17:18:08
      # Actualizado el 02/04/2013 por Xplode
      # Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Usuario : zooraspa - ZOORASPA-HP
      # Modo de inicio : Normal
      # Ejecutado desde : C:\Users\zooraspa\Desktop\adwcleaner.exe
      # Opción [Supresión]


      ***** [Servicios] *****


      ***** [Ficheros / Carpetas] *****

      Carpeta Suprimido : C:\Program Files (x86)\BrowseToSave
      Carpeta Suprimido : C:\Program Files (x86)\FilesFrog Update Checker
      Carpeta Suprimido : C:\ProgramData\InstallMate
      Carpeta Suprimido : C:\ProgramData\SoftSafe
      Carpeta Suprimido : C:\Users\zooraspa\AppData\Local\Conduit
      Carpeta Suprimido : C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk
      Carpeta Suprimido : C:\Users\zooraspa\AppData\LocalLow\Conduit
      Carpeta Suprimido : C:\Users\zooraspa\AppData\LocalLow\PriceGong
      Carpeta Suprimido : C:\Users\zooraspa\AppData\Roaming\DealPly
      Carpeta Suprimido : C:\Users\zooraspa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
      Carpeta Suprimido : C:\Users\zooraspa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
      Fichero Suprimido : C:\Users\zooraspa\Desktop\Check for Updates.lnk

      ***** [Registro] *****

      Clave Supprimida : HKCU\Software\APN PIP
      Clave Supprimida : HKCU\Software\AppDataLow\Software\Conduit
      Clave Supprimida : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
      Clave Supprimida : HKCU\Software\AppDataLow\Software\PriceGong
      Clave Supprimida : HKCU\Software\AppDataLow\Software\SmartBar
      Clave Supprimida : HKCU\Software\AppDataLow\SProtector
      Clave Supprimida : HKCU\Software\DataMngr_Toolbar
      Clave Supprimida : HKCU\Software\DealPly
      Clave Supprimida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Clave Supprimida : HKCU\Software\Google\Chrome\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Clave Supprimida : HKCU\Software\Softonic
      Clave Supprimida : HKCU\Software\Somoto
      Clave Supprimida : HKCU\Software\a48bdcb539e541
      Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
      Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Clave Supprimida : HKLM\Software\AVG Secure Search
      Clave Supprimida : HKLM\Software\Babylon
      Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
      Clave Supprimida : HKLM\Software\PIP
      Clave Supprimida : HKLM\Software\SP Global
      Clave Supprimida : HKLM\Software\SProtector
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
      Clave Supprimida : HKLM\SOFTWARE\Tarma Installer
      Valor Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
      Valor Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Smart Driver Updater]

      ***** [Navegadores] *****

      -\\ Internet Explorer v10.0.9200.16537

      [OK] El registro no contiene ninguna entrada ilegítima.

      -\\ Mozilla Firefox v20.0.1 (es-ES)

      Fichero : C:\Users\zooraspa\AppData\Roaming\Mozilla\Firefox\Profiles\fxsegd8s.default\prefs.js

      Supprimida : user_pref("aol_toolbar.default.search.check", false);
      Supprimida : user_pref("extensions.5158aed753b0c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
      Supprimida : user_pref("extensions.BabylonToolbar.prtkDS", 0);
      Supprimida : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
      Supprimida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
      Supprimida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
      Supprimida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
      Supprimida : user_pref("sweetim.toolbar.searchguard.enable", "");

      -\\ Google Chrome v26.0.1410.64

      Fichero : C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] El fichero no contiene ninguna entrada ilegítima.

      *************************

      AdwCleaner[S1].txt - [5971 octets] - [17/04/2013 17:18:08]

      ########## EOF - C:\AdwCleaner[S1].txt - [6031 octets] ##########

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.317

      re: me sale publicidad

      Hola zooraspa

      Has pegado el reporte de Malwarebyte en medio del de At-Destroyer

      1) Vuelve a ejecutar Malwarebytes y realiza un análisis completo, lo has echo rápido.

      2) Veo que tienes tres antivirus AVG, Panda y Norton. Deja el que utilices y desinstala los otros con su herramienta.


      3) Descarga, instala y ejecuta Revo Uninstaller

      • Desinstala Broowsee22save y BrowseToSave. Elige el modo avanzado de desinstalación.
      • Clic en Herramientas en la barra superior, clic en Limpiar archivos basura, luego en la barra superior clic en Examinar, esperas que termine, de encontrar algo clic en Borrar teniendo todo marcado.

      Si no encuentra nada, no te preocupes, me comentas.

      4) Revisa las extensiones/complementos de los navegadores y si encuentras alguno que no conozcas lo eliminas.

      5) Realizas un escaneo en linea ESET Online Scanner
      • Desactiva el Antivirus
      • Después de realizar el escaneo, vuelves a activar el Antivirus
      • Descarga y ejecuta ESET Online (Ver Manual)
      • Marca las casillas de Eliminar las amenazas detectadas y analizar archivos.
      • Haz clic en Configuración adicional y tilda las casillas:
        - Analizar en busca de aplicaciones potencialmente indeseables,
        - Analizar en busca de aplicaciones potencialmente peligrosas
        - Activar la tecnología Anti-Stealth.
      • Pulsa en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      • Cuando acabe haz clic en Finalizar
      • Localiza el reporte en C:\Archivos de programa\ESET\ESET Online Scanner\log y nos lo adjuntas en tu próxima respuesta.


      Pega los reportes de Malwarebyte y ESET y comenta como sigue el problema.

      Un saludo

    5. #5
      Usuario Avatar de zooraspa
      Registrado
      dic 2009
      Ubicación
      Madrid
      Mensajes
      56

      Re: me sale publicidad

      Muchas gracias.

      El Malwarebyte lo pase después en modo normal y no detectó nada.

    6. #6
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.317

      Re: me sale publicidad

      Hola

      Aunque no haya detectado nada, pega el reporte.

      Falta el reporte de ESET, comentar si realizaste lo que te indiqué y como funciona el equipo.

      Un Saludo

    7. #7
      Usuario Avatar de zooraspa
      Registrado
      dic 2009
      Ubicación
      Madrid
      Mensajes
      56

      Re: me sale publicidad

      Buenos días, en primer lugar, muchas gracias por todo. No pego los reportes pq todavía no he terminado. Me explico:

      Los archivos que citas de BrowsetoSave no los encontró el Revo, pero estaba uno de ellos como complemento en el Firefox. Lo eliminé y parece que no sale publicidad.

      En el Internet Explorer aparece algo llamado "yontoo" que está deshabilitado pero no lo puedo borrar.

      El caso es que el antivirus no ha terminado de pasar. Lleva 9 horas, se queda al 99% y sigue analizando. Había unos 11 ficheros mal, entre ellos algo llamado "Win32 yontoo".

      ¿Es normal que lleve 9 horas y no haya terminado

    8. #8
      Usuario Avatar de zooraspa
      Registrado
      dic 2009
      Ubicación
      Madrid
      Mensajes
      56

      Re: me sale publicidad

      El antivirus terminó de pasar:

      Ahí van los reportes

      MWBytes

      Malwarebytes Anti-Malware (Versión de Prueba) 1.75.0.1300
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2013.04.18.05

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 10.0.9200.16540
      zooraspa :: ZOORASPA-HP [administrador]

      Protección: Personas de movilidad reducida

      18/04/2013 15:43:22
      mbam-log-2013-04-18 (15-43-22).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 376633
      Tiempo transcurrido: 1 hora(s), 14 minuto(s), 13 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      ESET

      [email protected] as downloader log:
      all ok
      # version=8
      # OnlineScannerApp.exe=1.0.0.1
      # OnlineScanner.ocx=1.0.0.6920
      # api_version=3.0.2
      # EOSSerial=09ea84d48b5a654cbd59e8a22b324eb1
      # engine=13647
      # end=stopped
      # remove_checked=false
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # utc_time=2013-04-18 07:45:29
      # local_time=2013-04-18 09:45:29 (+0100, Hora de verano romance)
      # country="Spain"
      # lang=3082
      # osver=6.1.7601 NT Service Pack 1
      # compatibility_mode=1043 16777213 100 94 21903 53448313 0 0
      # compatibility_mode=5893 16776574 66 85 2567672 117944179 0 0
      # scanned=163232
      # found=11
      # cleaned=0
      # scan_time=15243
      sh=66F2117FB0C1E6B94E8269533F7A06C0B2ECCECA ft=1 fh=1b7984345000c74a vn="Win32/InstalleRex.I aplicación" ac=I fn="C:\$Recycle.Bin\S-1-5-21-768918742-2577682017-4061970147-1001\$RQ0Q911.exe"
      sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="múltiples amenazas" ac=I fn="C:\Program Files\FFSetup3.0.1.zip"
      sh=BDE434BC951FE761E81D06727FC0265655064EE9 ft=1 fh=c71c0011b6395944 vn="una variante de Win32/SProtector.A aplicación" ac=I fn="C:\Program Files (x86)\BrowseToSave\sprotector.dll"
      sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="una variante de Win32/Adware.Yontoo.B aplicación" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
      sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="una variante de Win32/Adware.Yontoo.B aplicación" ac=I fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
      sh=5C67A8CBF438638E2096B090778A4546989EC22F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H aplicación" ac=I fn="C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\abodbjinbdoophkanpginkpdagabkacd\1\5158aed7539ac8.02616772.js"
      sh=041CE487ACFC5E4929EC4A748CF202DB8AB7FFE7 ft=1 fh=c1f139c1fc6b9371 vn="una variante de Win32/SProtector.A aplicación" ac=I fn="C:\Users\zooraspa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG7WCF36\search_d_soft_quick[1].exe"
      sh=B2C5A2A8AB11A17B753B75E08A390E919B705A2D ft=1 fh=14c656aa95e5a9ab vn="Win32/DealPly.B aplicación" ac=I fn="C:\Users\zooraspa\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
      sh=E341FA5E489AA14FB3441EC8C90D6B4370182198 ft=1 fh=68308359499d2c62 vn="Win32/InstalleRex.I aplicación" ac=I fn="C:\Users\zooraspa\Downloads\setup.exe"
      sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B aplicación" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
      sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B aplicación" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
      [email protected] as downloader log:
      all ok
      # version=8
      # OnlineScannerApp.exe=1.0.0.1
      # OnlineScanner.ocx=1.0.0.6920
      # api_version=3.0.2
      # EOSSerial=09ea84d48b5a654cbd59e8a22b324eb1
      # engine=13649
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # utc_time=2013-04-19 06:14:02
      # local_time=2013-04-19 08:14:02 (+0100, Hora de verano romance)
      # country="Spain"
      # lang=3082
      # osver=6.1.7601 NT Service Pack 1
      # compatibility_mode=1043 16777213 100 94 59616 53486026 0 0
      # compatibility_mode=5893 16776574 66 85 2605385 117981892 0 0
      # scanned=172719
      # found=12
      # cleaned=11
      # scan_time=32983
      sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B aplicación" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
      sh=66F2117FB0C1E6B94E8269533F7A06C0B2ECCECA ft=1 fh=1b7984345000c74a vn="Win32/InstalleRex.I aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-768918742-2577682017-4061970147-1001\$RQ0Q911.exe"
      sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="múltiples amenazas (eliminado - puesto en Cuarentena)" ac=C fn="C:\Program Files\FFSetup3.0.1.zip"
      sh=BDE434BC951FE761E81D06727FC0265655064EE9 ft=1 fh=c71c0011b6395944 vn="una variante de Win32/SProtector.A aplicación (no se ha podido desinfectar - archivo eliminado (después del próximo reinicio) - puesto en Cuarentena)" ac=C fn="C:\Program Files (x86)\BrowseToSave\sprotector.dll"
      sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="una variante de Win32/Adware.Yontoo.B aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
      sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="una variante de Win32/Adware.Yontoo.B aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
      sh=5C67A8CBF438638E2096B090778A4546989EC22F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\Users\zooraspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\abodbjinbdoophkanpginkpdagabkacd\1\5158aed7539ac8.02616772.js"
      sh=041CE487ACFC5E4929EC4A748CF202DB8AB7FFE7 ft=1 fh=c1f139c1fc6b9371 vn="una variante de Win32/SProtector.A aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\Users\zooraspa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG7WCF36\search_d_soft_quick[1].exe"
      sh=B2C5A2A8AB11A17B753B75E08A390E919B705A2D ft=1 fh=14c656aa95e5a9ab vn="Win32/DealPly.B aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\Users\zooraspa\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
      sh=E341FA5E489AA14FB3441EC8C90D6B4370182198 ft=1 fh=68308359499d2c62 vn="Win32/InstalleRex.I aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\Users\zooraspa\Downloads\setup.exe"
      sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/SProtector.A aplicación" ac=C fn="${Memory}"

    9. #9
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.317

      Re: me sale publicidad

      Hola zooraspa

      Realiza lo siguiente:

      Descarga UsbFix by El Desaparecido

      *Nota* Para ejecutar UsbFix.exe, siga estos pasos:

      • Conecte todos sus dispositivos extraibles, Pendrive\Micro SD, etc.
      • Inicie en Modo Seguro
      • Haga doble Click sobre USBFix
      • Seguido teclee la opción Supresión
      • Aparecerá una advertencia para que conecte sus Usb) (Dispositivos extraibles, Pendrive\Micro SD, etc.), pulse en Aceptar
      • Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
      • USBFix, genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt


      Nota: UsbFix creará una carpeta oculta llamada "$RECYCLE.BIN" "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones.
      Pega el reporte de USBFix y comenta como va todo.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de zooraspa
      Registrado
      dic 2009
      Ubicación
      Madrid
      Mensajes
      56

      Re: me sale publicidad

      Buenas, muchas gracias por todo.

      Ahí van los reportes. Falta un disco multimedia reproductor que me ha sido imposible ya que el ordenador no me lo reconocía al conectarlo, pero creo que en su día le pasé el panda usb.

      ############################## | UsbFix V 7.123 | [Supresión]

      Usuario: zooraspa (Administrador) # ZOORASPA-HP
      Actualizado el 19/04/2013 por El Desaparecido
      Comenzó a 10:32:06 | 20/04/2013

      Sitio web: http://sosvirus.org/
      Upload Malware: http://upload.sosvirus.org/
      Contacto: [email protected]

      PC: Hewlett-Packard (HP Pavilion g7 Notebook PC) (x64-based PC)
      CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz (2527)
      RAM -> [Total : 3894 | Free : 3060]
      BIOS: Default System BIOS
      BOOT: Fail-safe boot

      OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
      WB: Windows Internet Explorer 10.0.9200.16540

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      AV: AVG AntiVirus Free Edition 2013 [Enabled | Updated]
      FW: Windows FireWall Service [(!) Disabled]

      C:\ (%systemdrive%) -> Disco fijo # 581 Gb (482 Mb libre(s) - 83%) [] # NTFS
      D:\ -> Disco fijo # 14 Gb (2 Mb libre(s) - 12%) [RECOVERY] # NTFS
      E:\ -> CD-ROM
      F:\ -> Disco extraíble # 30 Gb (5 Mb libre(s) - 16%) [Lexar] # FAT32
      G:\ -> Disco fijo # 932 Gb (862 Mb libre(s) - 93%) [TOSHIBA EXT] # NTFS
      H:\ -> Disco extraíble # 4 Gb (1 Mb libre(s) - 27%) [FLASH DRIVE] # FAT32

      ################## | El Desaparecido Section |

      HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
      HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
      HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\SOFTWARE | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
      HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      HKLM\SOFTWARE | RunOnce : [] -
      HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
      HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Smart Driver Updater] - C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Video Performer63615.exe] - "C:\Users\zooraspa\AppData\Local\Temp\Video Performer63615.exe" /XML="C:\Users\zooraspa\AppData\Local\Temp\958B.tmp" /STP=1:2
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [TorrentStream] - C:\Users\zooraspa\AppData\Roaming\TorrentStream\engine\tsengine.exe
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
      HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

      ################## | Procesos Parados |

      Parado! C:\Windows\explorer.exe (1088)
      Parado! C:\Windows\system32\ctfmon.exe (1324)
      Parado! C:\Windows\system32\DllHost.exe (372)

      ################## | Archivos # Carpetas infectadas |

      No suprimido ! H:\AUTORUN.INF

      (!) Archivos temporales suprimido.

      ################## | Registro |


      ################## | Mountpoints2 |


      ################## | Listing |

      [21/01/2013 - 20:39:02 | D ] C:\$AVG
      [10/03/2013 - 21:20:32 | SHD ] C:\$Recycle.Bin
      [17/04/2013 - 17:18:24 | N | 6086] C:\AdwCleaner[S1].txt
      [21/01/2013 - 19:27:42 | D ] C:\Archivos de programa
      [21/01/2013 - 19:26:31 | N | 56] C:\AT-Cuarentena
      [17/04/2013 - 17:13:52 | N | 16643] C:\AT-Destroyer.txt
      [20/04/2013 - 10:22:38 | RASHD ] C:\Autorun.inf
      [10/01/2011 - 12:53:22 | SHD ] C:\boot
      [14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
      [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
      [19/04/2013 - 21:19:18 | D ] C:\FFOutput
      [20/04/2013 - 10:12:40 | ASH | 3062255616] C:\hiberfil.sys
      [20/04/2011 - 02:49:01 | D ] C:\HP
      [25/01/2013 - 19:01:23 | D ] C:\IDE
      [20/04/2011 - 02:35:01 | D ] C:\Intel
      [22/01/2013 - 22:57:09 | D ] C:\Log
      [25/01/2013 - 19:00:00 | RHD ] C:\MSOCache
      [20/04/2013 - 10:12:40 | ASH | 4083007488] C:\pagefile.sys
      [14/07/2009 - 05:20:08 | D ] C:\PerfLogs
      [19/04/2013 - 08:13:29 | D ] C:\Program Files
      [20/04/2013 - 10:27:23 | D ] C:\Program Files (x86)
      [18/04/2013 - 15:40:29 | HD ] C:\ProgramData
      [22/01/2013 - 23:03:04 | D ] C:\Recover.My.Files
      [21/01/2013 - 20:29:05 | SHD ] C:\Recovery
      [16/02/2013 - 1812 | D ] C:\SwSetup
      [18/04/2013 - 17:07:12 | SHD ] C:\System Volume Information
      [21/01/2013 - 20:29:11 | D ] C:\SYSTEM.SAV
      [27/02/2013 - 19:05:58 | D ] C:\TorrentStream
      [20/04/2013 - 10:32:42 | D ] C:\UsbFix
      [20/04/2013 - 10:22:39 | N | 12649] C:\UsbFix [Clean 1] ZOORASPA-HP.txt
      [20/04/2013 - 10:32:50 | A | 7970] C:\UsbFix [Clean 2] ZOORASPA-HP.txt
      [21/01/2013 - 19:27:58 | D ] C:\Users
      [20/04/2013 - 10:12:41 | D ] C:\Windows
      [18/04/2013 - 04:56:20 | D ] C:\_AT-Destroyer
      [20/06/2011 - 18:25:29 | SHD ] D:\$RECYCLE.BIN
      [20/04/2013 - 10:22:38 | RASHD ] D:\Autorun.inf
      [18/06/2011 - 16:59:23 | RASHD ] D:\boot
      [14/07/2009 - 19:39:00 | RASH | 383562] D:\bootmgr
      [18/06/2011 - 16:59:23 | D ] D:\FactoryUpdate
      [18/06/2011 - 16:59:22 | D ] D:\hp
      [12/12/2011 - 17:06:53 | N | 21] D:\HPSF_Rep.txt
      [07/10/2012 - 19:49:25 | N | 8] D:\HP_WSD.dat
      [18/06/2011 - 16:59:23 | RSHD ] D:\preload
      [21/01/2013 - 20:29:10 | RSD ] D:\recovery
      [18/06/2011 - 16:59:23 | D ] D:\RM_Reserve
      [23/01/2013 - 20:52:54 | SHD ] D:\System Volume Information
      [20/03/2013 - 18:04:56 | D ] F:\JAVIER
      [10/03/2013 - 12:38:34 | N | 284123662] F:\am4.avi
      [10/03/2013 - 12:38:58 | N | 258035950] F:\am5.avi
      [10/03/2013 - 12:37:20 | N | 316572158] F:\am6.avi
      [19/03/2013 - 18:37:56 | N | 224361340] F:\House of cards - 1x03 (EliteTorrent.net).mp4
      [20/02/2013 - 15:21:00 | N | 588495206] F:\hf17.avi
      [20/04/2013 - 10:22:40 | RASHD ] F:\Autorun.inf
      [12/03/2013 - 00:50:52 | D ] F:\CRISTI
      [26/01/2013 - 20:04:38 | N | 3300832] F:\BRUSELAS.pdf
      [02/04/2013 - 19:11:02 | D ] F:\1600 penn
      [01/01/1980 - 00:00:00 | N | 21] F:\.cm0012
      [19/04/2013 - 19:26:48 | N | 458963550] F:\game.of.thrones.s03e03.proper.hdtv.x264-2hd.avi
      [03/03/2013 - 17:31:46 | D ] F:\pelis Miriam
      [01/01/1980 - 00:00:00 | N | 71680] F:\.cmdb
      [20/03/2013 - 16:41:18 | N | 246830834] F:\Greys.Anatomy.S09E17.HDTV.x264-LOL.mp4
      [26/03/2013 - 18:33:28 | D ] F:\shameless
      [03/02/2013 - 18:55:18 | D ] F:\cris
      [20/03/2013 - 16:41:46 | N | 237258335] F:\Castle.2009.S05E17.HDTV.x264-LOL.[VTV].mp4
      [19/04/2013 - 19:21:56 | N | 44343] F:\The Following - 01x13 - Havenport.srt
      [19/04/2013 - 19:21:26 | N | 57174] F:\Game of Thrones - 03x03 - Walk of Punishment.srt
      [19/04/2013 - 19:23:54 | N | 325673638] F:\The.Following.S01E13.HDTV.x264-LOL.avi
      [02/04/2013 - 19:24:32 | D ] F:\call the midwife
      [20/08/2012 - 18:04:54 | D ] F:\sobrenatural
      [17/04/2013 - 22:36:07 | SHD ] G:\$RECYCLE.BIN
      [20/04/2013 - 10:22:38 | RASHD ] G:\Autorun.inf
      [17/04/2013 - 22:13:25 | D ] G:\COPIA
      [20/04/2013 - 10:22:29 | D ] G:\images
      [09/02/2012 - 09:00:55 | D ] G:\lang
      [23/09/2011 - 02:32:56 | N | 70737616] G:\NTI Backup Now EZ.exe
      [14/12/2012 - 13:21:12 | SHD ] G:\RECYCLER
      [20/12/2011 - 14:47:46 | N | 5976] G:\Software Offer.hta
      [13/12/2012 - 15:04:47 | SHD ] G:\System Volume Information
      [16/05/2011 - 07:40:50 | N | 9518] G:\TMP.ico
      [16/05/2011 - 07:40:50 | N | 1244] G:\Toshiba Places.html
      [14/09/2011 - 07:44:30 | N | 5374644] G:\TOSHIBA STOR.E CANVIO.pdf
      [01/03/2010 - 10:54:20 | N | 1466368] H:\FlashLock_v2.30.exe
      [01/03/2013 - 09:09:54 | N | 25369] H:\UNIVERSO LOPD.docx
      [16/04/2013 - 21:19:54 | N | 723424660] H:\sp10.avi
      [07/10/2010 - 23:41:12 | H | 16] H:\AUTORUN.INF
      [07/01/2013 - 20:14:28 | D ] H:\Guns N Roses - Discography
      [05/01/2013 - 14:26:50 | D ] H:\The Offspring - Discography 8CDs [16 Bonus Tracks]
      [01/03/2013 - 14:21:16 | N | 415744] H:\comentarios reglamento pdatos.doc
      [07/01/2013 - 20:00:28 | D ] H:\Morrisey
      [30/12/2006 - 18:34:12 | D ] H:\Discografía. Loquillo y Trogloditas[WwW.FanClubT.CoM]
      [25/02/2013 - 16:14:40 | N | 49664] H:\enlaces noticias de prensa.doc
      [15/05/2012 - 12:26:46 | N | 46080] H:\~WRL1374.tmp
      [03/03/2013 - 19:12:08 | N | 72721] H:\byod%20(1).jpg
      [15/05/2012 - 12:39:58 | N | 47616] H:\~WRL1565.tmp
      [15/09/2011 - 09:04:00 | RSHD ] H:\Recovery
      [15/05/2012 - 12:53:52 | N | 50176] H:\~WRL2712.tmp
      [15/05/2012 - 13:16:54 | N | 51712] H:\~WRL2809.tmp
      [15/05/2012 - 13:27:00 | N | 53760] H:\~WRL3639.tmp
      [03/03/2013 - 19:05:40 | N | 20376] H:\UNIVERSO LOPD número 2.docx
      [25/02/2013 - 10:17:28 | N | 3469773] H:\rp_data-breach-investigations-report-2012_en_xg.pdf
      [03/03/2013 - 19:24:22 | N | 10399] H:\preguntas.gif
      [03/03/2013 - 19:25:52 | N | 493056] H:\Euskal securiTIConference-BYOD - version javier.ppt
      [01/01/1980 - 00:00:00 | N | 21] H:\.cm0012
      [03/03/2013 - 1934 | N | 403968] H:\Euskal securiTIConference-BYOD_version gonzal.ppt
      [01/01/1980 - 00:00:00 | N | 50176] H:\.cmdb

      ################## | Vaccin |

      C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      F:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      G:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

      ################## | E.O.F | http://sosvirus.org |



      ############################## | UsbFix V 7.123 | [Supresión]

      Usuario: zooraspa (Administrador) # ZOORASPA-HP
      Actualizado el 19/04/2013 por El Desaparecido
      Comenzó a 10:38:56 | 20/04/2013

      Sitio web: http://sosvirus.org/
      Upload Malware: http://upload.sosvirus.org/
      Contacto: [email protected]

      PC: Hewlett-Packard (HP Pavilion g7 Notebook PC) (x64-based PC)
      CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz (2527)
      RAM -> [Total : 3894 | Free : 3114]
      BIOS: Default System BIOS
      BOOT: Fail-safe boot

      OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
      WB: Windows Internet Explorer 10.0.9200.16540

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      AV: AVG AntiVirus Free Edition 2013 [Enabled | Updated]
      FW: Windows FireWall Service [(!) Disabled]

      C:\ (%systemdrive%) -> Disco fijo # 581 Gb (482 Mb libre(s) - 83%) [] # NTFS
      D:\ -> Disco fijo # 14 Gb (2 Mb libre(s) - 12%) [RECOVERY] # NTFS
      E:\ -> CD-ROM
      F:\ -> Disco extraíble # 122 Mb (18 Mb libre(s) - 15%) [KINGSTON] # FAT
      G:\ -> Disco extraíble # 122 Mb (118 Mb libre(s) - 97%) [KINGSTON] # FAT
      H:\ -> Disco extraíble # 1012 Mb (891 Mb libre(s) - 88%) [] # FAT

      ################## | El Desaparecido Section |

      HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
      HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
      HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\SOFTWARE | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
      HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      HKLM\SOFTWARE | RunOnce : [] -
      HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
      HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Smart Driver Updater] - C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Video Performer63615.exe] - "C:\Users\zooraspa\AppData\Local\Temp\Video Performer63615.exe" /XML="C:\Users\zooraspa\AppData\Local\Temp\958B.tmp" /STP=1:2
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [TorrentStream] - C:\Users\zooraspa\AppData\Roaming\TorrentStream\engine\tsengine.exe
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
      HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

      ################## | Procesos Parados |

      Parado! C:\Windows\explorer.exe (996)
      Parado! C:\Windows\system32\ctfmon.exe (1044)
      Parado! C:\Windows\system32\DllHost.exe (1976)
      Parado! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (116)

      ################## | Archivos # Carpetas infectadas |

      No suprimido ! F:\AUTORUN.INF
      No suprimido ! G:\AUTORUN.INF
      No suprimido ! H:\AUTORUN.INF

      (!) Archivos temporales suprimido.

      ################## | Registro |


      ################## | Mountpoints2 |


      ################## | Listing |

      [21/01/2013 - 20:39:02 | D ] C:\$AVG
      [10/03/2013 - 21:20:32 | SHD ] C:\$Recycle.Bin
      [17/04/2013 - 17:18:24 | N | 6086] C:\AdwCleaner[S1].txt
      [21/01/2013 - 19:27:42 | D ] C:\Archivos de programa
      [21/01/2013 - 19:26:31 | N | 56] C:\AT-Cuarentena
      [17/04/2013 - 17:13:52 | N | 16643] C:\AT-Destroyer.txt
      [20/04/2013 - 10:32:50 | RASHD ] C:\Autorun.inf
      [10/01/2011 - 12:53:22 | SHD ] C:\boot
      [14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
      [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
      [19/04/2013 - 21:19:18 | D ] C:\FFOutput
      [20/04/2013 - 10:12:40 | ASH | 3062255616] C:\hiberfil.sys
      [20/04/2011 - 02:49:01 | D ] C:\HP
      [25/01/2013 - 19:01:23 | D ] C:\IDE
      [20/04/2011 - 02:35:01 | D ] C:\Intel
      [22/01/2013 - 22:57:09 | D ] C:\Log
      [25/01/2013 - 19:00:00 | RHD ] C:\MSOCache
      [20/04/2013 - 10:12:40 | ASH | 4083007488] C:\pagefile.sys
      [14/07/2009 - 05:20:08 | D ] C:\PerfLogs
      [19/04/2013 - 08:13:29 | D ] C:\Program Files
      [20/04/2013 - 10:27:23 | D ] C:\Program Files (x86)
      [18/04/2013 - 15:40:29 | HD ] C:\ProgramData
      [22/01/2013 - 23:03:04 | D ] C:\Recover.My.Files
      [21/01/2013 - 20:29:05 | SHD ] C:\Recovery
      [16/02/2013 - 1812 | D ] C:\SwSetup
      [18/04/2013 - 17:07:12 | SHD ] C:\System Volume Information
      [21/01/2013 - 20:29:11 | D ] C:\SYSTEM.SAV
      [27/02/2013 - 19:05:58 | D ] C:\TorrentStream
      [20/04/2013 - 10:39:25 | D ] C:\UsbFix
      [20/04/2013 - 10:22:39 | N | 12649] C:\UsbFix [Clean 1] ZOORASPA-HP.txt
      [20/04/2013 - 10:32:50 | N | 12612] C:\UsbFix [Clean 2] ZOORASPA-HP.txt
      [20/04/2013 - 10:39:33 | A | 8158] C:\UsbFix [Clean 3] ZOORASPA-HP.txt
      [21/01/2013 - 19:27:58 | D ] C:\Users
      [20/04/2013 - 10:12:41 | D ] C:\Windows
      [18/04/2013 - 04:56:20 | D ] C:\_AT-Destroyer
      [20/06/2011 - 18:25:29 | SHD ] D:\$RECYCLE.BIN
      [20/04/2013 - 10:32:50 | RASHD ] D:\Autorun.inf
      [18/06/2011 - 16:59:23 | RASHD ] D:\boot
      [14/07/2009 - 19:39:00 | RASH | 383562] D:\bootmgr
      [18/06/2011 - 16:59:23 | D ] D:\FactoryUpdate
      [18/06/2011 - 16:59:22 | D ] D:\hp
      [12/12/2011 - 17:06:53 | N | 21] D:\HPSF_Rep.txt
      [07/10/2012 - 19:49:25 | N | 8] D:\HP_WSD.dat
      [18/06/2011 - 16:59:23 | RSHD ] D:\preload
      [21/01/2013 - 20:29:10 | RSD ] D:\recovery
      [18/06/2011 - 16:59:23 | D ] D:\RM_Reserve
      [23/01/2013 - 20:52:54 | SHD ] D:\System Volume Information
      [14/06/2007 - 11:34:26 | D ] F:\auxiliares
      [01/01/2010 - 12:36:28 | H | 16] F:\AUTORUN.INF
      [25/03/2010 - 23:41:48 | D ] F:\FOTOS
      [11/04/2007 - 20:23:42 | N | 135168] G:\CONFERENCIA abreviada DISCIPLINARIO..ppt
      [16/02/2010 - 21:30:20 | H | 16] G:\AUTORUN.INF
      [16/02/2010 - 21:31:04 | N | 2688512] G:\Seguridad y Proteccion de Datos .ppt
      [17/09/2010 - 11:46:04 | N | 401408] G:\PRIVACIDAD POR DISEÑO.ppt
      [20/10/2012 - 12:59:28 | N | 596400] G:\tarjetas lanzarote.pdf
      [20/10/2012 - 13:18:44 | N | 15435] G:\bono salida.pdf
      [20/10/2012 - 13:18:20 | N | 15431] G:\bono_llegada.pdf
      [02/04/2013 - 09:02:54 | N | 86492] H:\DABOTEWBPD2W_2012_cris.pdf
      [12/03/2013 - 09:42:40 | N | 715227] H:\20130312094213.pdf
      [17/04/2013 - 07:51:18 | N | 28258] H:\hijackthis 17 04.txt
      [04/04/2013 - 13:34:46 | N | 655872] H:\comentarios reglamento pdatos.doc
      [17/04/2013 - 18:36:24 | N | 20668] H:\UNIVERSO LOPD número 7._ok - copia.docx
      [02/04/2013 - 08:53:12 | N | 84641] H:\DABOTEWBPD2W_2012_javier.pdf
      [04/04/2013 - 13:55:42 | D ] H:\peritos
      [04/04/2013 - 13:36:20 | N | 22016] H:\direccion fiva.doc
      [05/04/2013 - 09:06:16 | D ] H:\universo lopd
      [06/05/2012 - 19:05:54 | N | 355018] H:\el libro de Winchester 73.docx
      [06/05/2012 - 19:06:50 | N | 1249268] H:\el libro de Winchester 73.pdf
      [07/05/2012 - 08:56:40 | N | 1027932] H:\el libro de Winchester73.pdf
      [10/05/2012 - 10:53:56 | H | 16] H:\AUTORUN.INF
      [18/02/2013 - 1232 | N | 401577] H:\cookies_guidance_v3.pdf
      [01/03/2013 - 09:14:40 | N | 730947] H:\cookies santiago bermell.pdf
      [07/03/2013 - 12:14:28 | N | 28160] H:\article of cookies.doc
      [08/03/2013 - 14:22:40 | D ] H:\reglamento UE
      [25/03/2013 - 14:25:04 | N | 145181] H:\wp148_es.pdf

      ################## | Vaccin |

      C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

      ################## | E.O.F | http://sosvirus.org |



      ############################## | UsbFix V 7.123 | [Supresión]

      Usuario: zooraspa (Administrador) # ZOORASPA-HP
      Actualizado el 19/04/2013 por El Desaparecido
      Comenzó a 10:50:00 | 20/04/2013

      Sitio web: http://sosvirus.org/
      Upload Malware: http://upload.sosvirus.org/
      Contacto: [email protected]

      PC: Hewlett-Packard (HP Pavilion g7 Notebook PC) (x64-based PC)
      CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz (2527)
      RAM -> [Total : 3894 | Free : 3108]
      BIOS: Default System BIOS
      BOOT: Fail-safe boot

      OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
      WB: Windows Internet Explorer 10.0.9200.16540

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      AV: AVG AntiVirus Free Edition 2013 [Enabled | Updated]
      FW: Windows FireWall Service [(!) Disabled]

      C:\ (%systemdrive%) -> Disco fijo # 581 Gb (482 Mb libre(s) - 83%) [] # NTFS
      D:\ -> Disco fijo # 14 Gb (2 Mb libre(s) - 12%) [RECOVERY] # NTFS
      E:\ -> CD-ROM
      F:\ -> Disco extraíble # 15 Gb (12 Mb libre(s) - 81%) [My ZEN] # FAT32
      G:\ -> Disco extraíble # 2 Gb (1 Mb libre(s) - 73%) [SPEEDO MP3] # FAT32

      ################## | El Desaparecido Section |

      HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
      HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
      HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\SOFTWARE | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
      HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      HKLM\SOFTWARE | RunOnce : [] -
      HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
      HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Smart Driver Updater] - C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Video Performer63615.exe] - "C:\Users\zooraspa\AppData\Local\Temp\Video Performer63615.exe" /XML="C:\Users\zooraspa\AppData\Local\Temp\958B.tmp" /STP=1:2
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [TorrentStream] - C:\Users\zooraspa\AppData\Roaming\TorrentStream\engine\tsengine.exe
      HKU\S-1-5-21-768918742-2577682017-4061970147-1001\SOFTWARE | Run : [Spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
      HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

      ################## | Procesos Parados |

      Parado! C:\Windows\system32\ctfmon.exe (1660)
      Parado! C:\Windows\Explorer.exe (1536)
      Parado! C:\Windows\system32\DllHost.exe (1500)

      ################## | Archivos # Carpetas infectadas |

      Suprimido ! F:\RSSSynchronizer.exe
      No suprimido ! F:\AUTORUN.INF
      Suprimido ! G:\AUTORUN.INF

      (!) Archivos temporales suprimido.

      ################## | Registro |


      ################## | Mountpoints2 |


      ################## | Listing |

      [21/01/2013 - 20:39:02 | D ] C:\$AVG
      [10/03/2013 - 21:20:32 | SHD ] C:\$Recycle.Bin
      [17/04/2013 - 17:18:24 | N | 6086] C:\AdwCleaner[S1].txt
      [21/01/2013 - 19:27:42 | D ] C:\Archivos de programa
      [21/01/2013 - 19:26:31 | N | 56] C:\AT-Cuarentena
      [17/04/2013 - 17:13:52 | N | 16643] C:\AT-Destroyer.txt
      [20/04/2013 - 10:39:33 | RASHD ] C:\Autorun.inf
      [10/01/2011 - 12:53:22 | SHD ] C:\boot
      [14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
      [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
      [19/04/2013 - 21:19:18 | D ] C:\FFOutput
      [20/04/2013 - 10:12:40 | ASH | 3062255616] C:\hiberfil.sys
      [20/04/2011 - 02:49:01 | D ] C:\HP
      [25/01/2013 - 19:01:23 | D ] C:\IDE
      [20/04/2011 - 02:35:01 | D ] C:\Intel
      [22/01/2013 - 22:57:09 | D ] C:\Log
      [25/01/2013 - 19:00:00 | RHD ] C:\MSOCache
      [20/04/2013 - 10:12:40 | ASH | 4083007488] C:\pagefile.sys
      [14/07/2009 - 05:20:08 | D ] C:\PerfLogs
      [19/04/2013 - 08:13:29 | D ] C:\Program Files
      [20/04/2013 - 10:27:23 | D ] C:\Program Files (x86)
      [18/04/2013 - 15:40:29 | HD ] C:\ProgramData
      [22/01/2013 - 23:03:04 | D ] C:\Recover.My.Files
      [21/01/2013 - 20:29:05 | SHD ] C:\Recovery
      [16/02/2013 - 1812 | D ] C:\SwSetup
      [18/04/2013 - 17:07:12 | SHD ] C:\System Volume Information
      [21/01/2013 - 20:29:11 | D ] C:\SYSTEM.SAV
      [27/02/2013 - 19:05:58 | D ] C:\TorrentStream
      [20/04/2013 - 10:50:25 | D ] C:\UsbFix
      [20/04/2013 - 10:22:39 | N | 12649] C:\UsbFix [Clean 1] ZOORASPA-HP.txt
      [20/04/2013 - 10:32:50 | N | 12612] C:\UsbFix [Clean 2] ZOORASPA-HP.txt
      [20/04/2013 - 10:39:33 | N | 10886] C:\UsbFix [Clean 3] ZOORASPA-HP.txt
      [20/04/2013 - 10:50:33 | A | 8111] C:\UsbFix [Clean 4] ZOORASPA-HP.txt
      [21/01/2013 - 19:27:58 | D ] C:\Users
      [20/04/2013 - 10:12:41 | D ] C:\Windows
      [18/04/2013 - 04:56:20 | D ] C:\_AT-Destroyer
      [20/06/2011 - 18:25:29 | SHD ] D:\$RECYCLE.BIN
      [20/04/2013 - 10:39:33 | RASHD ] D:\Autorun.inf
      [18/06/2011 - 16:59:23 | RASHD ] D:\boot
      [14/07/2009 - 19:39:00 | RASH | 383562] D:\bootmgr
      [18/06/2011 - 16:59:23 | D ] D:\FactoryUpdate
      [18/06/2011 - 16:59:22 | D ] D:\hp
      [12/12/2011 - 17:06:53 | N | 21] D:\HPSF_Rep.txt
      [07/10/2012 - 19:49:25 | N | 8] D:\HP_WSD.dat
      [18/06/2011 - 16:59:23 | RSHD ] D:\preload
      [21/01/2013 - 20:29:10 | RSD ] D:\recovery
      [18/06/2011 - 16:59:23 | D ] D:\RM_Reserve
      [23/01/2013 - 20:52:54 | SHD ] D:\System Volume Information
      [01/01/2009 - 01:46:28 | D ] F:\Recorded
      [01/01/2009 - 01:46:28 | D ] F:\Playlist
      [01/01/2009 - 01:46:28 | D ] F:\My Organizer
      [01/01/2009 - 01:46:30 | D ] F:\RSS
      [01/01/2009 - 01:46:30 | N | 1953488] F:\MATADATA.DAT
      [01/01/2009 - 01:46:32 | N | 1088068] F:\CTSTORE.DAT
      [01/01/2009 - 01:46:34 | N | 432550] F:\CTSTORE.IDX
      [01/01/2009 - 01:46:36 | N | 0] F:\thumblnail.dat
      [14/03/2009 - 06:51:18 | N | 14] F:\CDARTTHN.DAT
      [01/01/2009 - 01:46:38 | N | 173296] F:\PREVIEW.DAT
      [01/01/2009 - 01:46:48 | N | 1301] F:\SETSTOR.DAT
      [01/01/2009 - 01:47:00 | N | 40] F:\APQ.TXT
      [20/05/2010 - 19:13:06 | D ] F:\Music
      [20/05/2010 - 19:13:26 | D ] F:\Pictures
      [20/05/2010 - 19:13:32 | D ] F:\Starter Pack
      [20/05/2010 - 19:13:42 | D ] F:\Video
      [08/03/2011 - 17:42:32 | H | 16] F:\AUTORUN.INF
      [03/01/1980 - 01:05:08 | N | 32] G:\speedolist.dat
      [01/01/1980 - 01:46:44 | N | 4194304] G:\STDBSTR.DAT
      [01/01/1980 - 01:46:44 | N | 8760] G:\STDBSTR.IDX
      [01/01/1980 - 01:46:44 | N | 3858432] G:\STDBDATA.DAT
      [01/01/1980 - 01:46:44 | N | 996] G:\STDBDATA.IDX
      [01/01/1980 - 01:46:48 | N | 330000] G:\RAMLIST.DAT
      [01/01/1980 - 01:46:50 | N | 200040] G:\playqueue.dat
      [03/01/1980 - 01:02:34 | N | 1037] G:\SETSTOR.DAT
      [11/06/2012 - 16:27:58 | N | 13051131] G:\034 One.mp3
      [08/11/2012 - 12:29:40 | N | 6860082] G:\035 Spanish Eyes (Live from U2360°).mp3
      [11/06/2012 - 16:28:08 | N | 20944298] G:\036 MLK,Walk On.mp3
      [19/12/2012 - 09:04:04 | N | 10062518] G:\037 Miss Sarajevo.mp3
      [29/11/2012 - 00:22:20 | N | 6827678] G:\038 Desire (Live from U2360°).mp3
      [21/12/2012 - 08:14:48 | N | 12858849] G:\039 Angel Of Harlem (Live from U2360°).mp3
      [12/12/2012 - 10:22:00 | N | 9106598] G:\040 Pride (Live from U2360°).mp3
      [11/06/2012 - 16:28:10 | N | 12876639] G:\041 Out Of Control.mp3
      [11/06/2012 - 16:28:14 | N | 14218298] G:\042 With Or Without You.mp3
      [11/06/2012 - 16:28:16 | N | 19623555] G:\043 Moment Of Surrender.mp3
      [19/12/2012 - 09:04:16 | N | 11783454] G:\044 forty.mp3
      [19/12/2012 - 09:02:54 | N | 13368567] G:\001 Breathe.mp3
      [08/11/2012 - 12:29:40 | N | 10599791] G:\002 No Line On The Horizon (Live from U2360°).mp3
      [19/12/2012 - 09:03:04 | N | 9916234] G:\003 Get On Your Boots.mp3
      [11/06/2012 - 16:56:18 | N | 10629088] G:\004 Even Better Than The Real Thing.mp3
      [11/06/2012 - 16:56:18 | N | 12296729] G:\005 The Fly.mp3
      [19/12/2012 - 09:03:00 | N | 9420948] G:\006 I Will Follow.mp3
      [19/12/2012 - 09:03:12 | N | 11562990] G:\007 New Year's Day.mp3
      [11/06/2012 - 16:56:18 | N | 11358419] G:\008 Mysterious Ways.mp3
      [11/06/2012 - 16:56:18 | N | 13294611] G:\009 Magnificent.mp3
      [11/06/2012 - 16:56:18 | N | 13933058] G:\010 Until The End Of The World.mp3
      [19/12/2012 - 09:03:16 | N | 11557768] G:\011Electrical Storm.mp3
      [19/12/2012 - 09:03:30 | N | 10368672] G:\012 Your Blue Room.mp3
      [11/06/2012 - 16:56:18 | N | 12979054] G:\013 One Tree Hill.mp3
      [19/12/2012 - 09:03:24 | N | 11557790] G:\014 Stuck In A Moment You Can't Get O.mp3
      [11/06/2012 - 16:56:18 | N | 11686527] G:\015 Stay (Faraway, So Close!).mp3
      [11/06/2012 - 16:56:18 | N | 12532911] G:\016 I Still Haven't Found What I'm Looking For.mp3
      [11/06/2012 - 16:56:18 | N | 15330074] G:\017 Beautiful Day.mp3
      [19/12/2012 - 09:03:36 | N | 9960110] G:\018 Vertigo.mp3
      [11/06/2012 - 16:56:18 | N | 9677172] G:\019 Elevation.mp3
      [11/06/2012 - 16:27:58 | N | 12568412] G:\020 Ultra Violet (Light My Way).mp3
      [16/05/2012 - 20:57:08 | N | 15304665] G:\021 Unknown Caller (Live from U2360°-U22.mp3
      [11/06/2012 - 16:28:08 | N | 23911829] G:\022 All I Want Is You,Love Rescue Me.mp3
      [19/12/2012 - 09:04:00 | N | 8620563] G:\023 In A Little While.mp3
      [11/06/2012 - 16:28:04 | N | 10891331] G:\025 Zooropa.mp3
      [13/06/2012 - 13:31:56 | N | 19560851] G:\026 Bad.mp3
      [19/12/2012 - 09:04:10 | N | 12748973] G:\027 Hold Me, Thrill Me, Kiss Me, Kill.mp3
      [11/06/2012 - 16:28:04 | N | 13229828] G:\028 City Of Blinding Lights.mp3
      [11/06/2012 - 16:28:14 | N | 11550676] G:\029 The Unforgettable Fire.mp3
      [19/12/2012 - 09:03:52 | N | 10079243] G:\030 Sunday Bloody Sunday.mp3
      [19/12/2012 - 09:03:46 | N | 15603638] G:\031 I'll Go Crazy If I Don't Go Crazy.mp3
      [11/06/2012 - 16:28:16 | N | 12975925] G:\032 Where The Streets Have No Name.mp3
      [19/12/2012 - 09:03:56 | N | 6010397] G:\033 Scarlet.mp3

      ################## | Vaccin |

      C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      G:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

      ################## | E.O.F | http://sosvirus.org |

    Página 1 de 2 12 ÚltimoÚltimo