• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 23

    Win32.Banker.prx INMORTALLLL. (Solucionado)

    Resumen del tema: Win32.Banker.prx INMORTALLLL. (Solucionado) - Hola andresomg : Sobre: el Revo Uninstaller no encuentra el Spybot ni Ad-Aware y todo lo relacionado a Lavasot incluidas sus Toolbars Revisa si puedes desinstalar desde Agregar/Quitar programas. Nos comentas. Salu2....

      
    1. #11
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.292

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola andresomg:


      Sobre:


      el Revo Uninstaller no encuentra el Spybot ni Ad-Aware y todo lo relacionado a Lavasot incluidas sus Toolbars

      Revisa si puedes desinstalar desde Agregar/Quitar programas.


      Nos comentas.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    2. #12
      Usuario Avatar de andresomg
      Registrado
      ago 2013
      Ubicación
      colombia
      Mensajes
      12

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola SanMar.

      El Ad-Aware ya lo desintale desde Agregar/Quitar programas.
      El spybot tampoco lo veo en Agregar/Quitar programas.

      sigo atento, que estes bien.

      salu2.

    3. #13
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.292

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola andresomg:


      Buscaremos sus restos entonces, por que funcionar te funcionaba...


      Descarga la herramienta OTL.exe By OldTimer a tu Escritorio.

      • Cierra todas las ventanas y programas abiertos. Hacer doble clic sobre OTL.exe para ejecutarla.
      • En Tipo de Análisis marcar la casilla "Resultado Mínimo".

        Por ultimo selecciona:
        • Usar listado de Compañías Reconocidas
        • Omitir Archivos de Microsoft
        • Buscar Lop

      • Copia el siguiente texto (excluyendo la palabra Código)::
      Código:
      netsvcs
      msconfig
      %systemdrive%\*.*
      %programfiles%\*.*
      %windir%\system32\*.sys /lockedfiles
      • Pega el script bajo la casilla Análisis Personalizados/Código de Reparación



      • Hacer clic en el botón Analizar y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos, OTL.Txt & Extras.Txt, estos estarán grabados en tu escritorio.


      • Para terminar abres el archivo OTL.Txt, copia y pega todo su contenido en tu próxima respuesta.




      Nos traes los reportes que te generaron las herramientas.


      Salu2

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #14
      Usuario Avatar de andresomg
      Registrado
      ago 2013
      Ubicación
      colombia
      Mensajes
      12

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola SanMar.

      Tengo mis esperanzas en ti, gracias por responder oportunamente.
      te pego el reporte.

      salu2.

      ----------------------------------------
      OTL.Txt

      OTL logfile created on: 23/08/2013 12:12:06 p.m. - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manuel\Desktop
      64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.10.9200.16660)
      Locale: 0000240A | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

      3,80 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 59,45% Memory free
      7,60 Gb Paging File | 5,97 Gb Available in Paging File | 78,57% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 446,19 Gb Total Space | 396,34 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
      Drive E: | 15,41 Gb Total Space | 1,68 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
      Drive F: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,22% Space Free | Partition Type: FAT32

      Computer Name: UNEQUIJOTE | User Name: manuel | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\manuel\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
      PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\868b835c2e1cc3d300fa4ae89763b00d\IAStorUtil.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0700c2f087ac72d9e8aa1874bef26960\IAStorCommon.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
      SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
      SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
      SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
      SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
      SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
      SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
      SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
      SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
      SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (ThreatTrack Security)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
      DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
      DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
      DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
      DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
      DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
      DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
      DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
      DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
      DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
      DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
      DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
      IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
      IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Internet Explorer 6 Search Companion is no longer supported.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
      IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
      IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Skype, Outlook y Canal RCN en MSN Colombia|Noticias, deportes, entretenimiento, video y más
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-CO
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 EC 2B 66 BB 93 CE 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {d43b3890-80c7-4010-a95d-1e77b5924dc3}
      IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
      IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/10 14:20:46 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Auto-Lyrics\125.xpi


      ========== Chrome ==========

      CHR - default_search_provider: SecureSearch (Enabled)
      CHR - default_search_provider: search_url = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
      CHR - default_search_provider: suggest_url =
      CHR - homepage: Lavasoft
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
      CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
      CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
      CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
      CHR - Extension: Google Docs = C:\Users\manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
      CHR - Extension: Google Drive = C:\Users\manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
      CHR - Extension: YouTube = C:\Users\manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
      CHR - Extension: Google Wallet Service = C:\Users\manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
      CHR - Extension: Gmail = C:\Users\manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\manuel\AppData\Local\Temp\RarSFX1\SDHelper.dll File not found
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
      O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
      O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
      O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
      O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
      O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
      O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
      O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3619294D-F6A0-4F78-BFA2-68C1B15EBEA4}: DhcpNameServer = 192.168.1.254 0.0.0.0
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2013/08/16 13:23:34 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
      O32 - AutoRun File - [2013/08/16 13:23:37 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
      O32 - AutoRun File - [2013/08/16 13:23:38 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT32 ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


      MsConfig:64bit - StartUpReg: ares - hkey= - key= - File not found
      MsConfig:64bit - StartUpReg: CancelAutoPlay.exe - hkey= - key= - File not found
      MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found
      MsConfig:64bit - StartUpReg: IMSS - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
      MsConfig:64bit - StartUpReg: Mobile Partner - hkey= - key= - File not found
      MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
      MsConfig:64bit - StartUpReg: zLoader.exe - hkey= - key= - File not found
      MsConfig:64bit - State: "startup" - Reg Error: Key error.
      MsConfig:64bit - State: "services" - Reg Error: Key error.

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/08/23 12:08:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manuel\Desktop\OTL.exe
      [2013/08/21 11:57:41 | 001,576,164 | ---- | C] (Farbar) -- C:\Users\manuel\Desktop\FRST64.exe
      [2013/08/21 11:51:32 | 000,000,000 | ---D | C] -- C:\UsbFix
      [2013/08/21 11:42:54 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\VSRevoGroup
      [2013/08/21 11:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
      [2013/08/21 11:09:57 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
      [2013/08/20 12:25:52 | 000,000,000 | ---D | C] -- C:\FRST
      [2013/08/18 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\TuneUp Software
      [2013/08/18 18:14:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
      [2013/08/18 18:14:03 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\MFAData
      [2013/08/18 18:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
      [2013/08/17 18:24:44 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
      [2013/08/17 13:35:59 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{33413F14-CDEE-446E-8B5F-8F5486EF63FA}
      [2013/08/16 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{BD73616E-27AE-4152-BD49-8D6C59B47EB6}
      [2013/08/16 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{CAABA5D3-4982-4866-881E-43858EFB833F}
      [2013/08/16 13:23:34 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
      [2013/08/16 11:23:19 | 000,039,504 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
      [2013/08/16 11:17:54 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{28F62252-5339-4178-93A1-76A8DD506C4F}
      [2013/08/15 18:05:31 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\Malwarebytes
      [2013/08/15 18:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2013/08/15 18:04:59 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\Programs
      [2013/08/15 13:18:27 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\LavasoftStatistics
      [2013/08/15 13:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
      [2013/08/15 13:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
      [2013/08/15 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
      [2013/08/15 13:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
      [2013/08/15 13:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
      [2013/08/15 13:13:49 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
      [2013/08/15 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus
      [2013/08/15 11:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
      [2013/08/15 11:20:02 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{1E39EC51-3B68-48A4-A7B9-D298C946E75D}
      [2013/08/14 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{3DFA6697-069D-4F34-B140-EED9B4B5DCC1}
      [2013/08/14 16:12:59 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{5ABFAFCC-21D2-4F45-BC69-3121F47AA5D7}
      [2013/08/14 12:13:38 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{22417DA7-BA5E-4CF2-AC0D-F843E88D1247}
      [2013/08/14 11:38:12 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{89FCA659-873F-4964-AF32-C595FF9749F3}
      [2013/08/14 10:46:01 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{71FE23FA-4758-448D-8577-727E19297F0A}
      [2013/08/13 14:18:16 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{D78E151A-41EC-40B5-BA71-DA1E27431881}
      [2013/08/13 12:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
      [2013/08/13 11:15:44 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{64C15791-67BF-4E65-ABC0-12DBDC706005}
      [2013/08/12 1111 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{8AB037E5-AF2D-459D-BCD7-2B5F71446F8F}
      [2013/08/11 10:00:59 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{3F511A4C-4A03-40AA-B122-536A6B8EE254}
      [2013/08/10 19:05:17 | 000,000,000 | ---D | C] -- C:\Users\manuel\Documents\Directorio de intercambio Bluetooth
      [2013/08/10 14:14:11 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{F97691B7-5E38-4116-AF81-4751867D29C1}
      [2013/08/10 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{81A2BA73-9665-43EE-BE50-6E599AAADB98}
      [2013/08/09 11:09:50 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{C75D48B7-9772-41D5-A519-3E8966F9D7F7}
      [2013/08/08 17:04:26 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{17473600-EE89-402B-BEBA-B29AA12E60D7}
      [2013/08/08 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      [2013/08/08 16:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
      [2013/08/08 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{8C56A7DB-87B4-4B65-A2B0-EEE0906369B4}
      [2013/08/08 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{7EB812A3-9807-471A-A00C-C0AA26152B92}
      [2013/08/07 11:50:12 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{2D2DD69C-BFAE-498E-A0EC-0BFE891424B2}
      [2013/08/07 10:54:57 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{2BBE7721-7759-46AA-A3D3-8AD2842D28EE}
      [2013/08/06 12:07:46 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
      [2013/08/06 12:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
      [2013/08/06 12:07:45 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
      [2013/08/06 12:07:42 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
      [2013/08/06 12:07:39 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2013/08/06 12:07:39 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
      [2013/08/06 12:07:37 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2013/08/06 12:07:37 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2013/08/06 12:07:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
      [2013/08/06 12:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
      [2013/08/06 12:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
      [2013/08/06 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{AD2A269F-99BC-4133-ADF8-90CEA37E879F}
      [2013/08/01 11:00:09 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{BC451C43-E18B-4448-922C-3EC76CB81A11}
      [2013/07/29 10:55:10 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{7D9CA1AE-316E-4760-92EE-D641977475A7}
      [2013/07/28 09:53:19 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{4631F2D4-6391-46D4-BB85-FC75C21A365D}
      [2013/07/27 11:12:55 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{87BB324F-3155-4AD9-99F9-899B2B87C6C7}
      [2013/07/25 10:56:07 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Local\{5FCB0196-9251-4116-9118-4F83A74E959A}

      ========== Files - Modified Within 30 Days ==========

      [2013/08/23 12:08:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manuel\Desktop\OTL.exe
      [2013/08/23 12:02:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013/08/23 12:02:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013/08/23 11:45:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013/08/23 11:30:59 | 000,022,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/08/23 11:30:59 | 000,022,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/08/23 11:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/08/23 11:21:30 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
      [2013/08/21 11:57:57 | 001,576,164 | ---- | M] (Farbar) -- C:\Users\manuel\Desktop\FRST64.exe
      [2013/08/21 11:09:57 | 000,001,224 | ---- | M] () -- C:\Users\manuel\Desktop\Revo Uninstaller.lnk
      [2013/08/19 18:35:50 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormanuel.job
      [2013/08/17 15:53:16 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
      [2013/08/16 13:19:37 | 000,009,710 | ---- | M] () -- C:\Upload_UsbFix.zip
      [2013/08/15 15:33:23 | 001,580,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2013/08/15 15:33:23 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2013/08/15 15:33:23 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2013/08/15 15:33:23 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2013/08/15 15:33:23 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2013/08/15 13:13:49 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
      [2013/08/06 12:07:50 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2013/08/06 12:07:50 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
      [2013/08/06 12:07:50 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2013/08/06 12:07:50 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
      [2013/08/06 12:07:50 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
      [2013/08/06 12:07:50 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
      [2013/08/06 12:07:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
      [2013/08/04 03:07:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUNEQUIJOTE$.job

      ========== Files Created - No Company Name ==========

      [2013/08/21 11:09:57 | 000,001,224 | ---- | C] () -- C:\Users\manuel\Desktop\Revo Uninstaller.lnk
      [2013/08/19 16:20:00 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFormanuel.job
      [2013/08/17 13:00:23 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
      [2013/08/16 13:19:36 | 000,009,710 | ---- | C] () -- C:\Upload_UsbFix.zip
      [2013/08/15 11:57:28 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013/08/15 11:57:27 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013/08/06 12:07:50 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
      [2013/08/06 12:07:50 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
      [2013/08/06 12:07:50 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
      [2013/08/06 12:07:38 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2013/08/06 12:07:37 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2013/08/06 12:07:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
      [2012/08/12 12:15:18 | 001,559,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

      ========== ZeroAccess Check ==========

      [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2013/08/15 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus
      [2013/06/08 1534 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Awem
      [2012/08/23 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Canneverbe Limited
      [2012/08/27 16:09:10 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Digilabs
      [2013/06/10 12:09:10 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Flood Light Games
      [2012/08/23 21:05:10 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\OpenCandy
      [2013/08/12 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\SoftGrid Client
      [2013/06/08 18:05:33 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\SpinTop Games
      [2012/08/12 12:12:27 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Synaptics
      [2013/08/10 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Telefónica
      [2013/06/09 13:52:21 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\TGCMLog
      [2012/08/12 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\TP
      [2013/08/18 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\TuneUp Software
      [2013/08/21 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\VSRevoGroup
      [2013/06/25 18:47:50 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\WebApp
      [2013/08/10 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\WildTangent
      [2013/05/27 12:22:43 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Windows Live Writer

      ========== Custom Scans ==========

      < %systemdrive%\*.* >
      [2013/08/06 11:40:57 | 000,000,002 | ---- | M] () -- C:\AvastSetup.log
      [2010/11/20 22:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2013/08/23 11:21:30 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
      [2013/08/23 11:21:32 | 4083,007,488 | -HS- | M] () -- C:\pagefile.sys
      [2013/08/16 13:19:37 | 000,009,710 | ---- | M] () -- C:\Upload_UsbFix.zip

      < %programfiles%\*.* >
      [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

      < %windir%\system32\*.sys /lockedfiles >

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956

      < End of report >

    5. #15
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.292

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola :


      Realiza lo siguiente:




      1.-Ejecutar OTL.exe
      • Pegue el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:
        • NOTA: No copiar la palabra código.

        Código:
        :OTL
        IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
        IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\manuel\AppData\Local\Temp\RarSFX1\SDHelper.dll File not found
        O1364bit: - gopher Prefix: missing
        O13 - gopher Prefix: missing
        O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
        O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
        MsConfig:64bit - StartUpReg: ares - hkey= - key= - File not found
        MsConfig:64bit - StartUpReg: CancelAutoPlay.exe - hkey= - key= - File not found
        MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found
        MsConfig:64bit - StartUpReg: Mobile Partner - hkey= - key= - File not found
        MsConfig:64bit - StartUpReg: zLoader.exe - hkey= - key= - File not found
        MsConfig:64bit - State: "startup" - Reg Error: Key error.
        MsConfig:64bit - State: "services" - Reg Error: Key error.
        [2013/08/21 11:51:32 | 000,000,000 | ---D | C] -- C:\UsbFix
        [2013/08/15 13:18:27 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\LavasoftStatistics
        [2013/08/15 13:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
        [2013/08/15 13:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
        [2013/08/15 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
        [2013/08/15 13:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
        [2013/08/15 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus
        [2013/08/13 12:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
        [2013/08/16 13:19:37 | 000,009,710 | ---- | M] () -- C:\Upload_UsbFix.zip
        [2013/08/15 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus
        [2012/08/23 21:05:10 | 000,000,000 | ---D | M] -- C:\Users\manuel\AppData\Roaming\OpenCandy
        
        
        :files
        ipconfig /flushdns /c
        ipconfig /renew /c
        
        :commands
        [resethosts]
        [emptyflash]
        [emptytemp]
        [emptyjava]
        [Reboot]
      • Luego haga clic en el botón Reparar en la parte superior.
      • Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
      • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.



      Nos comentas los resultados.

      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #16
      Usuario Avatar de andresomg
      Registrado
      ago 2013
      Ubicación
      colombia
      Mensajes
      12

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola de nuevo.

      la reparacion tardo poco, te dejo el reporte.

      salu2.

      ------------------------------

      All processes killed
      ========== OTL ==========
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
      64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ares\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CancelAutoPlay.exe\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Facebook Update\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mobile Partner\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\zLoader.exe\ not found.
      C:\UsbFix folder moved successfully.
      C:\Users\manuel\AppData\Roaming\LavasoftStatistics folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130818T203931.264871PID1296 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130817T224640.129266PID1316 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130817T222943.753884PID2696 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130817T204832.645282PID2096 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130817T183430.864899PID2240 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130817T182234.570077PID992 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T221035.036881PID1608 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T191552.806058PID924 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T183132.559674PID1552 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T182422.847316PID1204 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T181225.526856PID896 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T161655.246075PID2156 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130816T002102.533315PID2036 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130815T204531.962078PID1848 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs\20130815T181827.274040PID5640 folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus\Logs folder moved successfully.
      C:\ProgramData\Ad-Aware Antivirus folder moved successfully.
      C:\ProgramData\Lavasoft\AntiMalware\Quarantine folder moved successfully.
      C:\ProgramData\Lavasoft\AntiMalware\Logs folder moved successfully.
      C:\ProgramData\Lavasoft\AntiMalware\History folder moved successfully.
      C:\ProgramData\Lavasoft\AntiMalware\Events folder moved successfully.
      C:\ProgramData\Lavasoft\AntiMalware\Downloads folder moved successfully.
      C:\ProgramData\Lavasoft\AntiMalware folder moved successfully.
      C:\ProgramData\Lavasoft folder moved successfully.
      C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.
      C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.
      C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.
      C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully.
      C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully.
      C:\Program Files (x86)\Lavasoft folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130818T230830.444825PID5380 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130818T204009.484938PID4092 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130818T203950.967706PID3400 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T224712.110521PID3716 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T224703.934908PID3920 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T223103.069219PID4432 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T223050.261597PID4360 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T204955.073025PID4604 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T204931.220583PID4616 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T183503.563755PID3256 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130817T183458.832148PID3748 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T221137.595011PID4340 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T221134.303406PID5072 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T183257.825022PID5328 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T183257.013821PID5224 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T161841.167859PID5784 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T161826.223033PID5596 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T002209.169231PID4748 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130816T002204.286422PID4724 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T211735.381188PID5204 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T210524.618391PID6644 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T210212.022375PID4540 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T210109.369791PID5340 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T204956.211289PID6064 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T204725.623877PID4792 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T204719.461867PID4560 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T181827.857074PID3148 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T181826.586811PID5416 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs\20130815T181348.690917PID5700 folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
      C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
      C:\ProgramData\Spybot - Search & Destroy\Snapshots folder moved successfully.
      C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
      C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
      C:\ProgramData\Spybot - Search & Destroy\Excludes folder moved successfully.
      C:\ProgramData\Spybot - Search & Destroy\Backups folder moved successfully.
      C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
      C:\Upload_UsbFix.zip moved successfully.
      Folder C:\Users\manuel\AppData\Roaming\Ad-Aware Antivirus\ not found.
      C:\Users\manuel\AppData\Roaming\OpenCandy\FACA9386EBE54BA6ACB3F6434AE5A0AA folder moved successfully.
      C:\Users\manuel\AppData\Roaming\OpenCandy folder moved successfully.
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      C:\Users\manuel\Desktop\cmd.bat deleted successfully.
      C:\Users\manuel\Desktop\cmd.txt deleted successfully.
      < ipconfig /renew /c >
      Configuraci¢n IP de Windows
      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local mientras los medios
      est‚n desconectados.
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica 2:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de Ethernet Conexi¢n de *rea local 2:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : fdf8:113:ae7f:9e00:315a:df4d:d6a6:f0f8
      Direcci¢n IPv6 temporal. . . . . . : fdf8:113:ae7f:9e00:39af:d4da:c02c:2c0e
      V¡nculo: direcci¢n IPv6 local. . . : fe80::315a:df4d:d6a6:f0f8%12
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.5
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.254
      Adaptador de Ethernet Conexi¢n de *rea local:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : 2001:0:9d38:6ab8:2025:2fbe:3f57:fefa
      V¡nculo: direcci¢n IPv6 local. . . : fe80::2025:2fbe:3f57:fefa%19
      Puerta de enlace predeterminada . . . . . :
      Adaptador de t£nel isatap.{3619294D-F6A0-4F78-BFA2-68C1B15EBEA4}:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel isatap.lan:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      C:\Users\manuel\Desktop\cmd.bat deleted successfully.
      C:\Users\manuel\Desktop\cmd.txt deleted successfully.
      ========== COMMANDS ==========
      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      [EMPTYFLASH]

      User: All Users

      User: Default

      User: Default User

      User: manuel
      ->Flash cache emptied: 506 bytes

      User: Public

      Total Flash Files Cleaned = 0,00 mb


      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: manuel
      ->Temp folder emptied: 39938425 bytes
      ->Temporary Internet Files folder emptied: 24019 bytes
      ->Java cache emptied: 55272 bytes
      ->Google Chrome cache emptied: 79264886 bytes
      ->Flash cache emptied: 0 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 17643439 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287652 bytes
      RecycleBin emptied: 23274424 bytes

      Total Files Cleaned = 193,00 mb


      [EMPTYJAVA]

      User: All Users

      User: Default

      User: Default User

      User: manuel
      ->Java cache emptied: 0 bytes

      User: Public

      Total Java Files Cleaned = 0,00 mb


      OTL by OldTimer - Version 3.2.69.0 log created on 08242013_112931

      Files\Folders moved on Reboot...
      C:\Users\manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
      C:\Users\manuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
      File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...

    7. #17
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.292

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola andresomg:


      Pues ya todo se ve en orden, faltaría que nos comentes tu como sientes tu Sistema.



      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de andresomg
      Registrado
      ago 2013
      Ubicación
      colombia
      Mensajes
      12

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola SanMar.

      te cuento que mi pc ah mejorado notablemente con tu ayuda, ya no es una tortuga, gracias!, pero continuo con los 2 percances que mas me molestan.

      1. el encendido de mi portátil no es automático.

      Al darle al botón de encendido, un pitido agudo, largo y continuo aparece, ocurre durante aproximadamente 1 min y medio, hasta que carga Quick web de hewlett-packard (puedo evitar que el pitido aparezca dándole al ESC al encenderlo y me carga Quick web de hewlett-packard de todas formas).

      Estando en Quick web de hewlett-packard, debo seleccionar ir a windows y darle al F1 (system information) , porque sino aparece el pitido y me toca comenzar de nuevo.

      Una vez en F1 (system information), debo presionar ESC (press esc to continue) y así si arranca el windows.

      Después de que inicia, debo presionar Enter para que me deje mover el cursor.

      2. mi teclado algunas letras no funcionan.

      las teclas T , Y , Z , X , V , M , LA COMA , EL PUNTO , EL GUION , BARRA ESPACIO , del teclado físico no sirven, e logrado identificarlas y ver que si las presiono seguidas, se traba el teclado completo, incluyendo el teclado en pantalla que es con el que te escribo.

      Muestra que los 2 CTRL quedan presionados, y me toca reiniciar y pues imaginate el proceso de nuevo.

      Agradesco tu ayudaa.

      salu2

    9. #19
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.292

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola andresomg:


      Los problemas de virus están resueltos.


      Con los otros problemas intento ayudarte, pero si no logramos solucionarlos seria recomendable que abras un tema en el Foro de Windows 7 o de Hardware.


      Unas preguntas:


      Desde cuando tienes el problema con Quick Web. Anteriormente como era tu inicio habitualmente.?


      Has probado desactivarlo ? Desde dentro de Windows >>> Cómo desactivar QuickWeb en computadoras HP | eHow en Español

      Que antiguedad tiene ese equipo? Por que el problema de teclas no parece ser de malwares sino mas bien de Hard.


      Nos comentas.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #20
      Usuario Avatar de andresomg
      Registrado
      ago 2013
      Ubicación
      colombia
      Mensajes
      12

      Re: Ayuda!!! win32.Banker.prx INMORTALLLL

      Hola SanMar.

      Agradecería que me ayudaras si puedes, me anima mucho que la infección este solucionada.

      Respondo a las dudas.

      Antes el arranque era normal y automático, hasta que se infecto el portátil y comenzaron a abrirse pag de Internet explorer solas, le pase un antivirus y logro solucionarse lo de las pag, pero no el arranque.

      Seguí los pasos de Cómo desactivar QuickWeb en computadoras HP | eHow en Español, pero el único lugar donde donde veo QuickWeb es en panel de control - programas y características y solo para desinstalar.

      Realmente no se que viejo sea, en programas y características muestra que hp setup, office, active x, microsoft visual, evernote entre otras, se instalaron el 4 de julio de 2011 (04.07.2011)

      Ayudamee porfavorr, Gracias.

      salu2