• Registrarse
  • Iniciar sesión


  • Página 3 de 4 PrimeroPrimero 1234 ÚltimoÚltimo
    Resultados 21 al 30 de 31

    Virus Win32:BitCoinMiner (Solucionado)

    Resumen del tema: Virus Win32:BitCoinMiner (Solucionado) - Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:16:06, on 23-08-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe ...

      
    1. #21
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 0:16:06, on 23-08-2013
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v10.0 (10.00.9200.16660)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
      C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\USB Camera2\VM332_STI.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe
      C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
      C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
      C:\Program Files\Lenovo\LPHotkey\LPHotkey.exe
      C:\QuickStartUtil\VAWinAgent.exe
      C:\Program Files\Lenovo\VeriFace\PManage.exe
      C:\Program Files\Lenovo\Energy Management\Energy Management.exe
      C:\Program Files\Lenovo\Energy Management\utility.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
      C:\Program Files\Google\Chrome\Application\chrome.exe
      C:\Program Files\Google\Chrome\Application\chrome.exe
      C:\Program Files\Google\Chrome\Application\chrome.exe
      C:\Users\jordan\Desktop\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
      O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
      O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
      O4 - HKLM\..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE
      O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"
      O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
      O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
      O4 - HKLM\..\Run: [SynLenovoGestureMgr] %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
      O4 - HKLM\..\Run: [LPHotkey] C:\Program Files\Lenovo\LPHotkey\LPHotkey.exe
      O4 - HKLM\..\Run: [VAWinAgent] C:\QuickStartUtil\VAWinAgent.exe
      O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
      O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
      O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
      O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\Utility.exe
      O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\RunOnce: [RegistryDefrag Success Message] "C:\Program Files\TuneUp Utilities 2013\TUMessages.exe" /RegDefrag_Success
      O4 - Global Startup: Bluetooth.lnk = ?
      O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
      O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
      O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
      O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
      O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
      O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
      O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
      O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
      O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
      O23 - Service: VideAceWindowsService - Unknown owner - C:\QuickStartUtil\VAWinService.exe
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
      O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
      O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
      O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

      --
      End of file - 21837 bytes

    2. #22
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      hola buenos dias d3vil
      ahora te envio el reporte de OTL te aviso que el OTL me creo solo un archivo de texto el OTL.xt el otro de extras no lo creo.....


      OTL logfile created on: 23-08-2013 0:25:15 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jordan\Desktop
      Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.10.9200.16660)
      Locale: 0000340A | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

      1,60 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 54,53% Memory free
      3,20 Gb Paging File | 2,02 Gb Available in Paging File | 63,14% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 252,89 Gb Total Space | 212,04 Gb Free Space | 83,85% Space Free | Partition Type: NTFS
      Drive D: | 30,35 Gb Total Space | 11,86 Gb Free Space | 39,08% Space Free | Partition Type: NTFS

      Computer Name: JORDAN-PC | User Name: jordan | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\jordan\Desktop\OTL (1).exe (OldTimer Tools)
      PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
      PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
      PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
      PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
      PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
      PRC - C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
      PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
      PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
      PRC - C:\QuickStartUtil\VAWinAgent.exe ()
      PRC - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
      PRC - C:\Program Files\Lenovo\LPHotkey\LPHotkey.exe (LPHotkey)
      PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      PRC - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
      PRC - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
      PRC - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
      PRC - C:\Windows\System32\atieclxx.exe (AMD)
      PRC - C:\Windows\System32\atiesrxx.exe (AMD)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
      PRC - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
      PRC - C:\QuickStartUtil\VAWinService.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll ()
      MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
      MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\libglesv2.dll ()
      MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\libegl.dll ()
      MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03dc83fbe48384390aed7a455e949789\WindowsFormsIntegration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_es_31bf3856ad364e35\PresentationFramework.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_es_31bf3856ad364e35\PresentationCore.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\System.resources.dll ()
      MOD - C:\Windows\System32\IcnOvrly.dll ()
      MOD - C:\Program Files\Lenovo\VeriFace\ChooseLang.dll ()
      MOD - C:\Program Files\Lenovo\Energy Management\EMWpfUI.dll ()
      MOD - C:\Program Files\Lenovo\Energy Management\es-ES\EMWpfUI.resources.dll ()
      MOD - C:\QuickStartUtil\VAWinAgent.exe ()
      MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
      MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()


      ========== Services (SafeList) ==========

      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
      SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
      SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
      SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
      SRV - (VideAceWindowsService) -- C:\QuickStartUtil\VAWinService.exe ()


      ========== Driver Services (SafeList) ==========

      DRV - (ProcObsrv) -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys File not found
      DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
      DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
      DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
      DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
      DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
      DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
      DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
      DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
      DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
      DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
      DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
      DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
      DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
      DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic)
      DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic)
      DRV - (bcbtums) -- C:\Windows\System32\drivers\bcbtums.sys (Broadcom Corporation.)
      DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
      DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
      DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
      DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
      DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
      DRV - (vm332avs) -- C:\Windows\System32\drivers\vm332avs.sys (Vimicro Corporation)
      DRV - (vm2uvcflt) -- C:\Windows\System32\drivers\vm2uvcflt.sys (Vimicro Corporation)
      DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
      DRV - (LHDmgr) -- C:\Windows\System32\drivers\LhdX86.sys (Lenovo.)
      DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
      DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
      DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
      DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
      DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Internet Explorer 6 Search Companion is no longer supported.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      IE - HKLM\..\SearchScopes,DefaultScope =
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


      IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

      IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Laptops, Notebooks & Netbooks - Laptops For Those Who Do | Lenovo | US [binary data]
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{5BB4A0C2-F243-4B9A-BDE8-F8305437C3B5}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=2f41833ffc564de6820910612a0049cb&tu=10G9z009T2B0CO0&sku=&tstsId=&ver=&&r=213
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{61F1FD2E-563B-4795-B428-ADC1FC1EF2BB}: "URL" = http://search.softonic.com/MOY00018/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d8d09dcf000000000000c01885de024f&r=456
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor

      [2013-08-06 07:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
      CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
      CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
      CHR - Extension: Google Wallet Service = C:\Users\jordan\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

      O1 HOSTS File: ([2009-06-10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
      O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
      O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
      O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
      O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
      O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
      O4 - HKLM..\Run: [LPHotkey] C:\Program Files\Lenovo\LPHotkey\LPHotkey.exe (LPHotkey)
      O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
      O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [VAWinAgent] C:\QuickStartUtil\VAWinAgent.exe ()
      O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-21-614780404-1527797187-4275389518-1000..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUp Utilities 2013\TUMessages.exe (TuneUp Software)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O7 - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O7 - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2356A515-A964-41D2-87C1-5C3979E293B9}: DhcpNameServer = 192.168.1.1
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009-06-10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O32 - AutoRun File - [2013-08-22 00:56:03 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
      O32 - AutoRun File - [2013-08-22 00:56:07 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *autocheck turegopt)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - State: "bootini" - 0
      MsConfig - State: "services" - 0
      MsConfig - State: "startup" - 0

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2013-08-22 14:01:32 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\{E4EDBD96-56C8-4DE7-A097-5C2053FA4CE3}
      [2013-08-22 13:16:40 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
      [2013-08-22 13:16:39 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
      [2013-08-22 13:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
      [2013-08-22 13:16:04 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\TuneUp Software
      [2013-08-22 13:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
      [2013-08-22 13:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
      [2013-08-22 13:09:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
      [2013-08-22 13:09:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
      [2013-08-22 13:08:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jordan\Desktop\OTL (1).exe
      [2013-08-22 13:01:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\jordan\Desktop\HijackThis.exe
      [2013-08-22 12:57:13 | 028,602,720 | ---- | C] (TuneUp Software) -- C:\Users\jordan\Desktop\TuneUpUtilities2013_es-ES.exe
      [2013-08-22 00:56:03 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
      [2013-08-19 09:36:14 | 000,000,000 | ---D | C] -- C:\Users\jordan\Desktop\reporte virus
      [2013-08-18 02:40:57 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Macromedia
      [2013-08-17 18:58:59 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\GlarySoft
      [2013-08-16 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\{0CD67C52-B2EB-4B1E-9578-6BFBD2D3B76F}
      [2013-08-16 13:20:24 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\{A1DD03D0-0EB2-480B-A8D9-731D1E65ABA9}
      [2013-08-16 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\{255A5FB0-A1E7-4B70-9725-4B872FEC994D}
      [2013-08-14 09:42:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
      [2013-08-14 00:59:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
      [2013-08-11 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\jordan\Desktop\MinecraftSP [Cholo5247]
      [2013-08-11 18:32:17 | 000,000,000 | ---D | C] -- C:\Users\jordan\Desktop\Nueva carpeta
      [2013-08-11 18:24:33 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\LogMeIn Hamachi
      [2013-08-11 18:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
      [2013-08-11 18:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
      [2013-08-11 13:40:45 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\DoNotTrackPlus
      [2013-08-10 17:56:29 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Mozilla
      [2013-08-10 17:56:29 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Mozilla
      [2013-08-10 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
      [2013-08-10 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Check Point Software Technologies LTD
      [2013-08-10 17:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
      [2013-08-10 05:29:31 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Adobe
      [2013-08-09 20:53:44 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Diagnostics
      [2013-08-09 11:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Left 4 Dead 2
      [2013-08-09 10:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
      [2013-08-09 07:47:55 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\.minecraft
      [2013-08-09 07:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
      [2013-08-09 07:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
      [2013-08-09 07:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
      [2013-08-09 07:09:14 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Malwarebytes
      [2013-08-09 07:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2013-08-09 07:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2013-08-09 07:07:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
      [2013-08-09 07:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2013-08-09 05:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
      [2013-08-09 05:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
      [2013-08-09 05:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
      [2013-08-09 05:47:02 | 000,000,000 | ---D | C] -- C:\Users\jordan\Documents\My ISO Files
      [2013-08-08 06:29:48 | 000,000,000 | ---D | C] -- C:\MaxAVLiveUpdate
      [2013-08-08 06:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure
      [2013-08-08 06:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DoctoAntivirus
      [2013-08-08 05:42:46 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\DoctoAntivirus
      [2013-08-08 05:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
      [2013-08-08 05:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SeeaRCh-NewTab
      [2013-08-08 05:36:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\X86
      [2013-08-08 05:36:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\AMD64
      [2013-08-08 05:36:02 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Programs
      [2013-08-08 05:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\savennshaaRe
      [2013-08-08 05:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
      [2013-08-07 07:53:55 | 000,000,000 | R--D | C] -- C:\Users\jordan\Desktop\Documents
      [2013-08-07 07:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Premier
      [2013-08-07 07:32:15 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
      [2013-08-07 07:32:14 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
      [2013-08-07 07:32:11 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\WinRAR
      [2013-08-07 07:32:11 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      [2013-08-07 07:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      [2013-08-07 07:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
      [2013-08-07 07:30:22 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
      [2013-08-07 07:30:22 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
      [2013-08-07 07:30:22 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
      [2013-08-07 07:30:21 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
      [2013-08-07 07:30:21 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
      [2013-08-07 07:30:20 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
      [2013-08-07 07:30:18 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
      [2013-08-07 07:30:03 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
      [2013-08-07 07:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
      [2013-08-07 07:18:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
      [2013-08-07 07:18:12 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
      [2013-08-07 07:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
      [2013-08-07 07:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
      [2013-08-07 06:44:15 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Google
      [2013-08-07 06:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      [2013-08-07 06:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
      [2013-08-06 18:51:24 | 000,000,000 | ---D | C] -- C:\Users\jordan\Desktop\archivos recuperados
      [2013-08-06 07:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
      [2013-08-06 06:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
      [2013-08-06 06:56:56 | 007,072,560 | ---- | C] (ParetoLogic ) -- C:\Users\jordan\Desktop\Pareto_DR_Setup_RW.exe
      [2013-08-06 06:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
      [2013-08-06 06:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
      [2013-08-06 06:39:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
      [2013-08-06 06:00:15 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Macromedia
      [2013-08-06 06:00:15 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Adobe
      [2013-08-06 05:57:31 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Google
      [2013-08-06 05:55:13 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\ATI
      [2013-08-06 05:55:13 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\ATI
      [2013-08-06 05:54:00 | 000,000,000 | R--D | C] -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      [2013-08-06 05:54:00 | 000,000,000 | R--D | C] -- C:\Users\jordan\Searches
      [2013-08-06 05:54:00 | 000,000,000 | R--D | C] -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      [2013-08-06 05:53:43 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Identities
      [2013-08-06 05:53:36 | 000,000,000 | R--D | C] -- C:\Users\jordan\Contacts
      [2013-08-06 05:53:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2013-08-06 05:47:29 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\VirtualStore
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\SendTo
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Reciente
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Plantillas
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Documents\Mis vídeos
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Documents\Mis imágenes
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Mis documentos
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Documents\Mi música
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Menú Inicio
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Impresoras
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\AppData\Local\Historial
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Entorno de red
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Datos de programa
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\AppData\Local\Datos de programa
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Cookies
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\Configuración local
      [2013-08-06 05:47:27 | 000,000,000 | -HSD | C] -- C:\Users\jordan\AppData\Local\Archivos temporales de Internet
      [2013-08-06 05:47:26 | 000,000,000 | --SD | C] -- C:\Users\jordan\AppData\Roaming\Microsoft
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Videos
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Saved Games
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Pictures
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Music
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Links
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Favorites
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Downloads
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Documents
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\Desktop
      [2013-08-06 05:47:26 | 000,000,000 | R--D | C] -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      [2013-08-06 05:47:26 | 000,000,000 | -H-D | C] -- C:\Users\jordan\AppData
      [2013-08-06 05:47:26 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Temp
      [2013-08-06 05:47:26 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Local\Microsoft
      [2013-08-06 05:47:26 | 000,000,000 | ---D | C] -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\Recovery
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Plantillas
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mis vídeos
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mis imágenes
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mi música
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menú Inicio
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Escritorio
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Datos de programa
      [2013-08-06 05:47:07 | 000,000,000 | -HSD | C] -- C:\Program Files\Archivos comunes
      [2013-08-06 05:47:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa
      [2013-08-06 05:41:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information

      ========== Files - Modified Within 30 Days ==========

      [2013-08-23 00:38:41 | 002,883,584 | -HS- | M] () -- C:\Users\jordan\NTUSER.DAT
      [2013-08-23 00:25:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013-08-23 00:06:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013-08-22 23:56:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013-08-22 23:11:51 | 000,002,014 | ---- | M] () -- C:\Users\jordan\Desktop\Navegador SafeZone.lnk
      [2013-08-22 23:11:13 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013-08-22 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
      [2013-08-22 17:46:35 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013-08-22 17:46:35 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013-08-22 17:39:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
      [2013-08-22 17:38:09 | 1289,670,656 | -HS- | M] () -- C:\hiberfil.sys
      [2013-08-22 15:59:33 | 001,772,955 | -H-- | M] () -- C:\Users\jordan\AppData\Local\IconCache.db
      [2013-08-22 13:16:32 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
      [2013-08-22 13:16:32 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
      [2013-08-22 13:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jordan\Desktop\OTL (1).exe
      [2013-08-22 13:01:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\jordan\Desktop\HijackThis.exe
      [2013-08-22 12:59:43 | 028,602,720 | ---- | M] (TuneUp Software) -- C:\Users\jordan\Desktop\TuneUpUtilities2013_es-ES.exe
      [2013-08-22 09:07:46 | 001,555,646 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
      [2013-08-22 09:07:46 | 000,703,840 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2013-08-22 09:07:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2013-08-22 09:07:46 | 000,137,806 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2013-08-22 09:07:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2013-08-21 22:18:28 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2013-08-18 23:40:03 | 000,009,652 | ---- | M] () -- C:\Users\jordan\Desktop\images.jpg
      [2013-08-11 18:21:05 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
      [2013-08-11 09:13:56 | 000,283,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2013-08-10 16:38:46 | 000,061,216 | ---- | M] () -- C:\Users\jordan\AppData\Local\GDIPFONTCACHEV1.DAT
      [2013-08-10 15:26:26 | 000,641,398 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0029.JPG
      [2013-08-10 15:26:08 | 000,932,129 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0028.JPG
      [2013-08-10 15:25:52 | 000,901,287 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0027.JPG
      [2013-08-10 15:25:42 | 000,769,922 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0026.JPG
      [2013-08-10 15:25:26 | 000,756,001 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0025.JPG
      [2013-08-10 15:25:18 | 000,707,158 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0024.JPG
      [2013-08-10 15:24:24 | 000,818,058 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0022.JPG
      [2013-08-10 15:24:16 | 000,808,258 | ---- | M] () -- C:\Users\jordan\Desktop\IMG_0021.JPG
      [2013-08-10 13:19:41 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
      [2013-08-09 07:07:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013-08-09 07:03:17 | 000,001,205 | ---- | M] () -- C:\Users\jordan\Desktop\antivirus window.lnk
      [2013-08-09 05:47:15 | 000,001,831 | ---- | M] () -- C:\Users\jordan\Desktop\UltraISO.lnk
      [2013-08-09 04:39:20 | 000,675,988 | ---- | M] () -- C:\Users\jordan\Desktop\Minecraft.exe
      [2013-08-08 20:20:39 | 000,000,224 | ---- | M] () -- C:\Windows\System32\9B13A86D.plf
      [2013-08-07 07:32:43 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
      [2013-08-07 07:32:43 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
      [2013-08-07 07:32:43 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
      [2013-08-07 07:32:43 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
      [2013-08-07 07:32:43 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
      [2013-08-07 07:32:43 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
      [2013-08-07 07:32:17 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Premier.lnk
      [2013-08-07 07:32:11 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
      [2013-08-07 07:30:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
      [2013-08-07 06:47:41 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
      [2013-08-07 06:32:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2013-08-06 21:15:59 | 000,065,536 | -HS- | M] () -- C:\Users\jordan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
      [2013-08-06 21:15:58 | 000,524,288 | -HS- | M] () -- C:\Users\jordan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
      [2013-08-06 21:15:58 | 000,524,288 | -HS- | M] () -- C:\Users\jordan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
      [2013-08-06 06:57:30 | 007,072,560 | ---- | M] (ParetoLogic ) -- C:\Users\jordan\Desktop\Pareto_DR_Setup_RW.exe
      [2013-08-06 06:46:23 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
      [2013-08-06 05:55:18 | 000,002,250 | ---- | M] () -- C:\Users\jordan\Desktop\OneKey Recovery.lnk
      [2013-08-06 05:54:02 | 000,000,849 | ---- | M] () -- C:\Users\jordan\Desktop\Downloads.lnk
      [2013-08-06 05:53:10 | 000,000,042 | ---- | M] () -- C:\Windows\System32\drivers\17AA_Lenovo_IdeaPad_S206_20154.MRK
      [2013-08-06 05:53:03 | 000,000,000 | ---- | M] () -- C:\Windows\firstboot.dat
      [2013-08-06 05:47:27 | 000,000,020 | -HS- | M] () -- C:\Users\jordan\ntuser.ini
      [2013-08-06 05:45:48 | 000,178,211 | ---- | M] () -- C:\Windows\System32\license.rtf

      ========== Files Created - No Company Name ==========

      [2013-08-22 13:16:32 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
      [2013-08-22 13:16:32 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
      [2013-08-22 13:16:31 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
      [2013-08-22 01:14:44 | 001,772,955 | -H-- | C] () -- C:\Users\jordan\AppData\Local\IconCache.db
      [2013-08-21 12:40:08 | 000,002,014 | ---- | C] () -- C:\Users\jordan\Desktop\Navegador SafeZone.lnk
      [2013-08-18 23:39:57 | 000,009,652 | ---- | C] () -- C:\Users\jordan\Desktop\images.jpg
      [2013-08-11 18:21:05 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
      [2013-08-11 15:13:03 | 000,932,129 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0028.JPG
      [2013-08-11 15:13:03 | 000,641,398 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0029.JPG
      [2013-08-11 15:12:40 | 000,818,058 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0022.JPG
      [2013-08-11 15:12:40 | 000,808,258 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0021.JPG
      [2013-08-11 15:12:40 | 000,769,922 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0026.JPG
      [2013-08-11 15:12:40 | 000,756,001 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0025.JPG
      [2013-08-11 15:12:40 | 000,707,158 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0024.JPG
      [2013-08-11 15:00:14 | 000,901,287 | ---- | C] () -- C:\Users\jordan\Desktop\IMG_0027.JPG
      [2013-08-10 14:08:36 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      [2013-08-10 14:04:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
      [2013-08-10 13:19:41 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
      [2013-08-09 07:07:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013-08-09 07:02:02 | 000,001,205 | ---- | C] () -- C:\Users\jordan\Desktop\antivirus window.lnk
      [2013-08-09 05:47:15 | 000,001,831 | ---- | C] () -- C:\Users\jordan\Desktop\UltraISO.lnk
      [2013-08-09 04:39:13 | 000,675,988 | ---- | C] () -- C:\Users\jordan\Desktop\Minecraft.exe
      [2013-08-08 06:50:07 | 000,000,000 | ---- | C] () -- C:\SysDoctoAntivirus.db
      [2013-08-07 07:32:49 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visor de Microsoft PowerPoint .lnk
      [2013-08-07 07:32:43 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
      [2013-08-07 07:32:43 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
      [2013-08-07 07:32:43 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
      [2013-08-07 07:32:17 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Premier.lnk
      [2013-08-07 07:32:11 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
      [2013-08-07 07:30:19 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
      [2013-08-07 07:30:19 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
      [2013-08-07 07:21:04 | 000,420,064 | ---- | C] () -- C:\Windows\System32\locale.nls
      [2013-08-07 06:32:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2013-08-06 07:05:41 | 000,000,224 | ---- | C] () -- C:\Windows\System32\9B13A86D.plf
      [2013-08-06 07:01:13 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
      [2013-08-06 06:46:23 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
      [2013-08-06 06:41:04 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
      [2013-08-06 06:39:13 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013-08-06 05:55:21 | 000,061,216 | ---- | C] () -- C:\Users\jordan\AppData\Local\GDIPFONTCACHEV1.DAT
      [2013-08-06 05:54:06 | 000,001,397 | ---- | C] () -- C:\Users\jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      [2013-08-06 05:54:02 | 000,000,849 | ---- | C] () -- C:\Users\jordan\Desktop\Downloads.lnk
      [2013-08-06 05:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
      [2013-08-06 05:47:27 | 000,524,288 | -HS- | C] () -- C:\Users\jordan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
      [2013-08-06 05:47:27 | 000,524,288 | -HS- | C] () -- C:\Users\jordan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
      [2013-08-06 05:47:27 | 000,065,536 | -HS- | C] () -- C:\Users\jordan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
      [2013-08-06 05:47:27 | 000,000,020 | -HS- | C] () -- C:\Users\jordan\ntuser.ini
      [2013-08-06 05:47:26 | 002,883,584 | -HS- | C] () -- C:\Users\jordan\NTUSER.DAT
      [2013-08-06 05:47:26 | 000,002,250 | ---- | C] () -- C:\Users\jordan\Desktop\OneKey Recovery.lnk
      [2013-08-06 05:47:26 | 000,000,189 | ---- | C] () -- C:\Users\jordan\Desktop\Lenovo Telephony Start Now.url
      [2013-08-06 05:41:45 | 1289,670,656 | -HS- | C] () -- C:\hiberfil.sys
      [2012-05-01 03:45:16 | 000,703,840 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
      [2012-05-01 03:45:16 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
      [2012-05-01 03:45:16 | 000,137,806 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
      [2012-05-01 03:45:16 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
      [2012-04-30 18:42:12 | 001,410,400 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
      [2012-04-30 18:42:12 | 000,660,832 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
      [2012-04-30 18:42:12 | 000,513,376 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
      [2012-04-30 18:42:11 | 000,472,416 | ---- | C] () -- C:\Windows\System32\Lenovo.VerifaceStub.dll
      [2012-04-30 18:42:10 | 002,086,240 | ---- | C] () -- C:\Windows\System32\LenovoVeriface.Interface.dll
      [2012-04-30 18:42:10 | 001,500,512 | ---- | C] () -- C:\Windows\System32\Apblend.dll
      [2012-04-30 18:42:10 | 001,171,456 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
      [2012-04-30 18:41:44 | 001,044,480 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
      [2012-04-30 18:29:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2012-04-30 18:19:12 | 000,002,004 | ---- | C] () -- C:\Windows\vm332Rmv.ini
      [2012-04-30 18:19:12 | 000,002,004 | ---- | C] () -- C:\Windows\System32\vm332Rmv.ini
      [2012-01-12 04:22:39 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
      [2012-01-12 04:22:38 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
      [2012-01-06 04:41:03 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
      [2011-12-21 05:13:59 | 000,030,893 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
      [2011-10-12 05:36:46 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll

      ========== ZeroAccess Check ==========

      [2009-07-14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2013-08-19 1925 | 000,000,000 | ---D | M] -- C:\Users\jordan\AppData\Roaming\.minecraft
      [2013-08-10 17:20:43 | 000,000,000 | ---D | M] -- C:\Users\jordan\AppData\Roaming\Check Point Software Technologies LTD
      [2013-08-22 13:03:46 | 000,000,000 | ---D | M] -- C:\Users\jordan\AppData\Roaming\GlarySoft
      [2013-08-22 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\jordan\AppData\Roaming\TuneUp Software

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2013-08-18 19:54:41 | 000,009,202 | ---- | M] () -- C:\AdwCleaner[S1].txt
      [2009-06-10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2010-11-20 17:29:06 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2011-02-15 03:38:35 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK
      [2009-06-10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2013-08-22 12:58:15 | 000,000,075 | ---- | M] () -- C:\DiskDefrag.log
      [2013-08-22 23:58:07 | 000,139,294 | ---- | M] () -- C:\FaceProv.log
      [2013-08-07 07:52:40 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
      [2013-08-22 17:38:09 | 1289,670,656 | -HS- | M] () -- C:\hiberfil.sys
      [2013-08-22 17:38:09 | 1719,562,240 | -HS- | M] () -- C:\pagefile.sys
      [2013-05-02 10:50:08 | 000,000,000 | ---- | M] () -- C:\SysDoctoAntivirus.db

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 270 bytes -> C:\ProgramData\Temp:0CE7F3C9

      < End of report >

    3. #23
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      hola d3vil
      desde ayer no a aparecido la alarma del virus asi que me extraño y escanee con MBM y la sorpresa es que no a detectado ningun virus te dejo el reporte de MBM...
      no se si puede volver a reaparecer este virus gracias d3vil enviame una respuesta y si seguimos tratando este tema
      muchas gracias...

      Malwarebytes Anti-Malware (PRO) 1.75.0.1300
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2013.08.22.04

      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 10.0.9200.16660
      jordan :: JORDAN-PC [administrador]

      Protección: Habilitado

      23-08-2013 11:53:54
      mbam-log-2013-08-23 (11-53-54).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 338612
      Tiempo transcurrido: 1 hora(s), 30 minuto(s), 36 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

    4. #24
      Moderador
      Avatar de <¡D3vIL!>
      Registrado
      may 2006
      Ubicación
      Chile
      Mensajes
      10.884

      Re: Virus Win32:BitCoinMiner

      Hola...

      Realiza una copia con ERUNT (Manual)

      • Ejecutar OTL.exe
      • Pegue el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:
      • NOTA: No copiar la palabra codigo


      Código:
      :OTL
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Internet Explorer 6 Search Companion is no longer supported.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
      IE - HKLM\..\SearchScopes,DefaultScope =
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{5BB4A0C2-F243-4B9A-BDE8-F8305437C3B5}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=2f41833ffc564de6820910612a0049cb&tu=10G9z009T2B0CO0&sku=&tstsId=&ver=&&r=213
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{61F1FD2E-563B-4795-B428-ADC1FC1EF2BB}: "URL" = http://search.softonic.com/MOY00018/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d8d09dcf000000000000c01885de024f&r=456
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKU\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O13 - gopher Prefix: missing
      [2013-08-08 05:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SeeaRCh-NewTab
      [2013-08-06 05:54:00 | 000,000,000 | R--D | C] -- C:\Users\jordan\Searches
      [2013-08-08 06:50:07 | 000,000,000 | ---- | C] () -- C:\SysDoctoAntivirus.db
      @Alternate Data Stream - 270 bytes -> C:\ProgramData\Temp:0CE7F3C9
      :Files
      ipconfig /flushdns /c
      ipconfig /renew /c
      :Commands
      [PURITY]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [RESETHOSTS]
      • Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.
      • OTL va a Reiniciar el ordenador para completar la eliminación y reparación.
      • Después de ejecutar OTL, realiza lo siguiente:
      • Descarga y re-instala, la ultima version de Java desde su página oficial
      • Guardas el nuevo reporte generado de OLT, y lo copias y pegas en tu próxima respuesta, coméntanos también como sigue el ordenador.


      Entra a este enlace y comentanos que version de java tienes
      Saludos

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #25
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      hola amigo d3vil te envio el reporte te me pediste bde OTL:



      All processes killed
      ========== OTL ==========
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search bar| /E : value set successfully!
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
      HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
      HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
      Registry key HKEY_USERS\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchCLSID}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchCLSID}\ not found.
      Registry key HKEY_USERS\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
      Registry key HKEY_USERS\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5BB4A0C2-F243-4B9A-BDE8-F8305437C3B5}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BB4A0C2-F243-4B9A-BDE8-F8305437C3B5}\ not found.
      Registry key HKEY_USERS\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Internet Explorer\SearchScopes\{61F1FD2E-563B-4795-B428-ADC1FC1EF2BB}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61F1FD2E-563B-4795-B428-ADC1FC1EF2BB}\ not found.
      Registry key HKEY_USERS\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
      HKU\S-1-5-21-614780404-1527797187-4275389518-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
      C:\Program Files\Java\jre7\bin\ssv.dll moved successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
      C:\Program Files\Java\jre7\bin\jp2ssv.dll moved successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
      C:\ProgramData\SeeaRCh-NewTab folder moved successfully.
      C:\Users\jordan\Searches folder moved successfully.
      C:\SysDoctoAntivirus.db moved successfully.
      ADS C:\ProgramData\Temp:0CE7F3C9 deleted successfully.
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      C:\Users\jordan\Desktop\cmd.bat deleted successfully.
      C:\Users\jordan\Desktop\cmd.txt deleted successfully.
      < ipconfig /renew /c >
      Configuraci¢n IP de Windows
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::5df2:a0c0:e537:66a3%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.2
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1
      Adaptador de Ethernet Conexi¢n de *rea local:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : 2620:9b::19d7:c08c
      V¡nculo: direcci¢n IPv6 local. . . : fe80::7008:83c:b98e:b59e%20
      Direcci¢n IPv4. . . . . . . . . . . . . . : 25.215.192.140
      M*scara de subred . . . . . . . . . . . . : 255.0.0.0
      Puerta de enlace predeterminada . . . . . : 2620:9b::1900:1
      25.0.0.1
      Adaptador de t£nel Conexi¢n de *rea local* 18:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : 2001:0:9d38:6abd:1418:2166:3f57:fefd
      V¡nculo: direcci¢n IPv6 local. . . : fe80::1418:2166:3f57:fefd%22
      Puerta de enlace predeterminada . . . . . :
      Adaptador de t£nel isatap.{FBB4D90A-A4F1-45DB-906E-D88EA25FC537}:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel isatap.{2356A515-A964-41D2-87C1-5C3979E293B9}:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      C:\Users\jordan\Desktop\cmd.bat deleted successfully.
      C:\Users\jordan\Desktop\cmd.txt deleted successfully.
      ========== COMMANDS ==========

      [EMPTYFLASH]

      User: All Users

      User: Default

      User: Default User

      User: jordan
      ->Flash cache emptied: 506 bytes

      User: Public

      Total Flash Files Cleaned = 0,00 mb


      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: jordan
      ->Temp folder emptied: 1953670 bytes
      ->Temporary Internet Files folder emptied: 20648 bytes
      ->Java cache emptied: 15424 bytes
      ->Google Chrome cache emptied: 341102605 bytes
      ->Flash cache emptied: 0 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 550694 bytes
      RecycleBin emptied: 4023608 bytes

      Total Files Cleaned = 332,00 mb

      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      OTL by OldTimer - Version 3.2.69.0 log created on 08262013_114444

      Files\Folders moved on Reboot...
      C:\Users\jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
      File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...


      Y en cuanto a mi pc esta mejor ,ya no hay alarma de virus me gustaría saber si después ,hay que desistalar todos los otros programas que instalamos

    6. #26
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      La version de java es version (7 update 25)

    7. #27
      Moderador
      Avatar de <¡D3vIL!>
      Registrado
      may 2006
      Ubicación
      Chile
      Mensajes
      10.884

      Re: Virus Win32:BitCoinMiner

      Hola..

      Desintala HijackThis
      Ejecuta OTL y presiona Limpiar espera a que termine y cuando lo haga permite que reinicie el sistema para completar la desisntalacion.

      En tú siguiente respuesta indicanos si podemos dar el tema pos solucionado.

      saludos

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #28
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      hola denuevo ya desitale hijackthis ¿ puedo desistalar los otros programas?

    9. #29
      Moderador
      Avatar de <¡D3vIL!>
      Registrado
      may 2006
      Ubicación
      Chile
      Mensajes
      10.884

      Re: Virus Win32:BitCoinMiner

      Hola...

      Desintala todo los programas qué utilizamos en este caso:

      1. OTL
      2. AdwCleaner
      3. USBFix
      4. TuneUP Utilities


      saludos

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #30
      Usuario Avatar de neo2013
      Registrado
      ago 2013
      Ubicación
      chile
      Mensajes
      21

      Re: Virus Win32:BitCoinMiner

      ok muchas gracias d3vil tu ayuda me salvo mi pc estoy muy agradecido y cualquier cosa cuenta conmigo.
      bueno ya podemos dar por solucionado este post nuevamente muchas gracias ....