• Registrarse
  • Iniciar sesión


  • Página 3 de 8 PrimeroPrimero 1234567 ... ÚltimoÚltimo
    Resultados 21 al 30 de 77

    Posible virus

    ...

    1. #21
      Usuario Avatar de LuCii
      Registrado
      oct 2014
      Ubicación
      España
      Mensajes
      41

      Re: Posible virus

      Pensé que lo había actualizado pero se ve que no. Ahora si que está instalado.

    2. #22
      Ex-Colaborador Avatar de Gemsa_03
      Registrado
      feb 2012
      Ubicación
      Málaga-España
      Mensajes
      6.615

      Re: Posible virus

      Hola

      Por favor, ejecuta de nuevo todos los pasos de este POST ya que la situación con la actualización, puede haber cambiado.

      En el OTL sigue las indicaciones para ejecutarlo y utiliza estos comandos:

      La palabra Código no se copia.
      Código:
      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.* 
      %programdata%\*.*
      %Windows%\*.exe
      CREATERESTOREPOINT
      Adjunta reportes de: IFS y OTL.txt (si te genera otro reporte de Extras.txt lo adjuntas también).

      Saludos.
      Última edición por Gemsa_03 fecha: 12/10/14 a las 11:12:04
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #23
      Usuario Avatar de LuCii
      Registrado
      oct 2014
      Ubicación
      España
      Mensajes
      41

      Re: Posible virus

      He vuelto a seguir los pasos desde que me dijste que instalara SP1. He vuelto a pasar el Combo Fix con el archivo txt que me dijiste. Te paso el informe y te comento un mensaje que me ha salido en la pantalla: "C:\\Windows\system32\icacls.exe Intento de operación ilegal en una clave del Registro que estaba marcada para su eliminación"


      ¿Sigo adelante con los siguientes pasos e inicio el IFS y el OTL?

      Informe Combo Fix

      ComboFix 14-10-13.01 - PC 12/10/2014 23:08:04.3.2 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3946.2635 [GMT 2:00]
      Running from: c:\users\PC\Desktop\ComboFix.exe
      Command switches used :: c:\users\PC\Desktop\CFScript.txt
      AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
      SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      FILE ::
      "c:\programdata\FullRemove.exe"
      .
      .
      ((((((((((((((((((((((((( Files Created from 2014-09-12 to 2014-10-12 )))))))))))))))))))))))))))))))
      .
      .
      2014-10-12 21:15 . 2014-10-12 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
      2014-10-12 20:54 . 2014-10-12 20:54 -------- d-s---w- c:\windows\SysWow64\Microsoft
      2014-10-12 20:49 . 2014-10-12 20:49 -------- d-----w- c:\windows\SysWow64\Wat
      2014-10-12 20:49 . 2014-10-12 20:49 -------- d-----w- c:\windows\system32\Wat
      2014-10-12 19:26 . 2014-10-12 19:26 -------- d-----w- c:\windows\Migration
      2014-10-12 19:17 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
      2014-10-12 16:57 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
      2014-10-12 16:57 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
      2014-10-12 16:57 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
      2014-10-12 16:57 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
      2014-10-12 16:57 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
      2014-10-12 16:57 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
      2014-10-12 16:56 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
      2014-10-12 16:56 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
      2014-10-12 16:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
      2014-10-12 16:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
      2014-10-12 16:09 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
      2014-10-12 16:09 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
      2014-10-12 16:09 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
      2014-10-12 16:09 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
      2014-10-12 16:09 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
      2014-10-12 16:09 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
      2014-10-12 16:09 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
      2014-10-12 16:09 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
      2014-10-12 13:52 . 2014-10-12 13:52 -------- d-----w- c:\windows\system32\SPReview
      2014-10-12 13:51 . 2014-10-12 13:52 -------- d-----w- c:\windows\system32\EventProviders
      2014-10-12 13:33 . 2010-11-20 13:33 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
      2014-10-12 13:32 . 2010-11-20 13:27 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
      2014-10-12 13:30 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
      2014-10-12 09:44 . 2014-10-12 09:49 -------- d-----w- C:\FSTool
      2014-10-11 19:21 . 2011-08-30 05:25 14173184 ----a-w- c:\windows\system32\shell32.dll
      2014-10-11 19:12 . 2014-10-11 19:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
      2014-10-11 19:04 . 2014-09-15 00:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EE06B88-F25E-4EEA-BCF6-9E6630176588}\mpengine.dll
      2014-10-11 19:04 . 2014-10-11 19:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
      2014-10-11 19:03 . 2014-10-11 19:03 -------- d-----w- c:\windows\es
      2014-10-11 19:02 . 2010-09-22 22:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
      2014-10-11 19:01 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
      2014-10-11 19:01 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
      2014-10-11 19:01 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
      2014-10-11 19:01 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
      2014-10-11 19:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
      2014-10-11 19:00 . 2014-10-11 19:00 -------- d-s---w- c:\windows\system32\CompatTel
      2014-10-11 18:55 . 2014-10-11 19:00 -------- d-----w- c:\windows\system32\MRT
      2014-10-11 18:54 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
      2014-10-11 18:54 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
      2014-10-11 18:54 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
      2014-10-11 18:54 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2014-10-11 18:54 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2014-10-11 16:57 . 2014-10-11 16:57 -------- d-----w- c:\program files\Microsoft Silverlight
      2014-10-11 16:57 . 2014-10-11 16:57 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
      2014-10-10 13:28 . 2014-10-10 13:28 -------- d-----w- c:\programdata\VirtualizedApplications
      2014-10-09 19:38 . 2014-10-09 19:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
      2014-10-09 19:13 . 2014-10-09 19:13 -------- d-----w- c:\program files\MPC-HC
      2014-10-09 19:01 . 2014-10-09 19:01 -------- d-----r- C:\MSOCache
      2014-10-09 18:40 . 2014-10-09 18:40 -------- d-----w- c:\program files\Microsoft Office
      2014-10-09 18:40 . 2014-10-11 19:05 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
      2014-10-09 18:14 . 2014-10-09 18:14 -------- d-----w- c:\program files (x86)\ESET
      2014-10-09 17:40 . 2014-10-09 17:40 -------- d-----w- c:\program files\CCleaner
      2014-10-09 17:09 . 2014-10-12 16:03 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
      2014-10-09 17:08 . 2014-10-09 19:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
      2014-10-09 17:08 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
      2014-10-09 17:08 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
      2014-10-09 17:08 . 2014-10-09 17:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
      2014-10-09 17:08 . 2014-10-09 17:08 -------- d-----w- c:\programdata\Malwarebytes
      2014-10-09 15:53 . 2014-09-15 07:06 278152 ------w- c:\windows\system32\MpSigStub.exe
      2014-10-09 15:02 . 2014-10-11 23:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-10-09 15:02 . 2014-10-11 23:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2014-10-09 15:02 . 2014-10-09 15:02 -------- d-----w- c:\windows\system32\Macromed
      2014-10-09 14:51 . 2014-10-11 19:48 -------- d-----w- C:\AdwCleaner
      2014-10-09 13:40 . 2014-10-09 13:40 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
      2014-10-09 13:40 . 2014-10-09 13:40 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
      2014-10-09 13:40 . 2014-10-09 13:40 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2014-10-09 13:40 . 2014-10-09 13:40 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
      2014-10-09 13:40 . 2014-10-09 13:40 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
      2014-10-09 13:40 . 2014-10-09 13:40 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2014-10-09 13:40 . 2014-10-09 13:40 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
      2014-10-09 13:40 . 2014-10-09 13:40 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
      2014-10-09 13:40 . 2014-10-09 13:40 307344 ----a-w- c:\windows\system32\aswBoot.exe
      2014-10-09 13:40 . 2014-10-09 13:40 43152 ----a-w- c:\windows\avastSS.scr
      2014-10-09 13:37 . 2014-10-09 13:37 -------- d-----w- c:\program files\AVAST Software
      2014-10-09 13:36 . 2014-10-09 13:37 -------- d-----w- c:\programdata\AVAST Software
      2014-10-09 13:21 . 2014-10-09 13:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
      2014-10-09 13:13 . 2014-10-11 19:02 -------- dc----w- c:\windows\system32\DRVSTORE
      2014-10-09 13:13 . 2014-10-11 19:02 -------- d-----w- c:\program files\Windows Live
      2014-10-09 13:12 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
      2014-10-09 13:12 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
      2014-10-09 13:12 . 2014-10-09 13:12 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
      2014-10-09 13:11 . 2014-10-11 19:03 -------- d-----w- c:\program files (x86)\Windows Live
      2014-10-09 13:11 . 2014-10-09 13:11 -------- d-----w- c:\windows\PCHEALTH
      2014-10-09 13:10 . 2014-10-09 13:10 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
      2014-10-09 13:09 . 2014-10-09 13:09 -------- d-----w- c:\programdata\OberonGameConsole
      2014-10-09 13:04 . 2010-01-16 05:15 131368 ----a-w- c:\programdata\FullRemove.exe
      2014-10-09 13:04 . 2014-10-09 13:04 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
      2014-10-09 13:04 . 2014-10-09 13:09 -------- d-----w- c:\program files (x86)\Game Pack
      2014-10-09 13:03 . 2014-10-09 13:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe
      2014-10-09 13:02 . 2014-10-09 13:02 -------- d-----w- c:\program files (x86)\CyberLink
      2014-10-09 13:01 . 2014-10-09 15:18 -------- d-----w- c:\users\PC
      2014-10-09 13:00 . 2014-10-09 13:00 -------- d-----w- C:\Recovery
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2014-10-12 13:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
      2014-10-12 13:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
      2014-10-11 19:02 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
      "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
      "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
      "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-09 4085896]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
      R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
      R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
      R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
      R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
      R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
      R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
      S0 aswRvrt;avast! Revert; [x]
      S0 aswVmm;avast! VM Monitor; [x]
      S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
      S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
      S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
      S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
      S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
      S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
      S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
      S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
      S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2014-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-09 23:41]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
      @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
      @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
      @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
      @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2014-10-09 13:40 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
      "ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://samsung.msn.com
      mStart Page = hxxp://samsung.msn.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      TCP: DhcpNameServer = 62.81.16.148 62.81.16.213
      FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zi0f7dn4.default\
      FF - prefs.js: browser.search.selectedEngine - Wikipedia (es)
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-1797806156-4127936074-2174673735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="WindowsLiveMail.Email.1"
      .
      [HKEY_USERS\S-1-5-21-1797806156-4127936074-2174673735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="WindowsLiveMail.VCard.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.15"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\AVAST Software\Avast\AvastSvc.exe
      c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
      c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
      c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
      .
      **************************************************************************
      .
      Completion time: 2014-10-12 23:28:02 - machine was rebooted
      ComboFix-quarantined-files.txt 2014-10-12 21:28
      ComboFix2.txt 2014-10-11 20:16
      ComboFix3.txt 2014-10-10 11:33
      .
      Pre-Run: 249.410.990.080 bytes libres
      Post-Run: 249.636.376.576 bytes libres
      .
      - - End Of File - - D3828807AA4D7B814F4D3AE4BFFF7846

    4. #24
      Ex-Colaborador Avatar de Gemsa_03
      Registrado
      feb 2012
      Ubicación
      Málaga-España
      Mensajes
      6.615

      Re: Posible virus

      Hola

      Si has actualizado correctamente a SP1 realiza los 2 IFS y OTL con los últimos comandos que te puse.
      la palabra código no se copia
      Código:
      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.* 
      %programdata%\*.*
      %Windows%\*.exe
      CREATERESTOREPOINT
      De todas formas tienes Políticas de restricciones en el Registro y tengo que buscar la causa exacta, aunque creo que sé cuál es el Problema
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #25
      Usuario Avatar de LuCii
      Registrado
      oct 2014
      Ubicación
      España
      Mensajes
      41

      Re: Posible virus

      Esta vez no se me ha abierto el reporte Extras.txt

      IFS


      Código:
      ~~~~~~~~~~~| Inicio: 
      
      *IFS (InfoSpyware First Steps) v 1.3
      *www.InfoSpyware.com | www.ForoSpyware.com
      *Iniciado: 13/10/2014 a las 00h.06m.44s
      
      ~~~~~~~~~~~|  Información del Sistema:
      
      OS: Microsoft Windows 7 Home Premium  x64 Service Pack 1
      Idioma: Spanish (Spain, International Sort) (España|es-ES)
      Permisos de Administrador / ON
      Windows se Inició en   Modo Normal
      Drive: C:\Windows (Install: \Device\HarddiskVolume3)
      
      ~~~~~~~~~~~| Arquitectura Fisica:
      
      CPU: SAMSUNG ELECTRONICS CO., LTD.
      CPU Modelo: R540/R580/R780/SA41/E452/E852
      Procesador: Intel(R) Pentium(R) CPU        P6100  @ 2.00GHz (x64-BasedPC)
      Memoria RAM: 4 Gb. En Uso: 34 %
      Video: ATI Mobility Radeon HD 545v
      Chip: ATI display adapter (0x9553) Capacidad video:512 MB (Internal DAC(400MHz))
      
      ~~~~~~~~~~~| Unidades
      
      C: [FIXED|NTFS|] - [277.10 Gb][233.6 Gb][44.4 Gb]
      Q: [FIXED||] - [0 Gb][0 Gb][0 Gb]
      D: [CDROM]
      C:\ Fragmentación total 15.19% - Desfragmentar unidad 
      
      ~~~~~~~~~~~| Seguridad del SO
      
      SafeBoot: Inicio en Modo seguro Correcto
      Security Center: Correcto (Servicio Activo)
      Windows Update: Correcto (Servicio Activo) [LST: 2014-10-12 16:15:12][LD: 2014-10-12 21:05:39][LI: 2014-10-12 20:49:29][NDT: 2014-10-13 11:22:28][LRP: 2014-10-12 20:49:29]
      AV: avast! Antivirus *Protección Residente [OFF] / Actualizado*
      SP: Windows Defender *Protección Residente [ON] / Actualizado*
      SP: avast! Antivirus *Protección Residente [OFF] / Actualizado*
      FW: Windows Firewall *Habilitado*
      
      ~~~~~~~~~~~|  Update Check
      
      Internet Explorer Versión Instalada 8 (Requiere Actualización)
      Mozilla FireFox Versión Instalada 32.0.3
      Adobe Flash Player Versión Instalada 15.0
      Adobe Reader Versión instalada 9.1.0
      Microsoft SilverLigth Versión instalada 5.1.30514.0
      
      ~~~~~~~~~~~| Process List 
      
      avastUI.exe (Productos Alwil Software Avast4)
      
      ~~~~~~~~~~~| Install Check 
      
      Malwarebytes Anti-Malware versión 2.0.2.1012 [2.0.2.1012]
      avast! Free Antivirus [9.0.2021]
      ESET Online Scanner v3 []
      CCleaner [4.18]
      
      ~~~~~~~~~~~| Registry Check
      
      HKLM\Run(x64): [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      HKLM\Run(x64): [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
      HKLM\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      HKLM\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      HKLM\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
      Winlogon(x64): Shell = explorer.exe
      Winlogon: Shell = explorer.exe
      Userinit(x64): Userinit = C:\Windows\system32\userinit.exe,
      Userinit: Userinit = C:\Windows\system32\userinit.exe,
      
      [HKCR\.\.open\command] -> Navegador Preferido es Internet Explorer
      StarPage:hxxp://samsung.msn.com
      StarPage:hxxp://go.microsoft.com/fwlink/?LinkId=54896
      
      ~~~~~~~~~~~| PUPs Check
      
      HKLM64\SOFTWARE\Ask
      
      
      ~~~~~~~~~~~| Listado 7 Días (Predeterminado)
      
      [12/10/2014 15:34] - C:\Windows\SysWOW64\locale.nls
      [12/10/2014 22:54] - C:\Windows\SysWOW64\Microsoft
      [09/10/2014 20:41] - C:\Windows\SysWOW64\PerfStringBackup.INI
      [12/10/2014 15:32] - C:\Windows\SysWOW64\RacRules.xml
      [12/10/2014 15:32] - C:\Windows\SysWOW64\tcpbidi.xml
      [12/10/2014 22:49] - C:\Windows\SysWOW64\Wat
      [12/10/2014 15:34] - C:\Windows\System32\locale.nls
      [12/10/2014 22:54] - C:\Windows\System32\Microsoft
      [09/10/2014 20:41] - C:\Windows\System32\PerfStringBackup.INI
      [12/10/2014 15:32] - C:\Windows\System32\RacRules.xml
      [12/10/2014 15:32] - C:\Windows\System32\tcpbidi.xml
      [12/10/2014 22:49] - C:\Windows\System32\Wat
      [09/10/2014 15:09] - C:\Windows\0
      [10/10/2014 13:24] - C:\Windows\erdnt
      [11/10/2014 21:03] - C:\Windows\es
      [10/10/2014 13:25] - C:\Windows\grep.exe
      [12/10/2014 20:57] - C:\Windows\IE11_main.log
      [10/10/2014 13:25] - C:\Windows\MBR.exe
      [12/10/2014 21:26] - C:\Windows\Migration
      [09/10/2014 15:11] - C:\Windows\PCHEALTH
      [10/10/2014 13:25] - C:\Windows\PEV.exe
      [11/10/2014 22:12] - C:\Windows\PFRO.log
      [10/10/2014 13:25] - C:\Windows\sed.exe
      [11/10/2014 22:02] - C:\Windows\setupact.log
      [11/10/2014 22:02] - C:\Windows\setuperr.log
      [09/10/2014 15:12] - C:\Windows\Túê
      [09/10/2014 20:08] - C:\Windows\WindowsUpdate.log
      [10/10/2014 13:25] - C:\Windows\zip.exe
      [12/10/2014 23:23] - C:\$RECYCLE.BIN
      [09/10/2014 16:51] - C:\AdwCleaner
      [12/10/2014 23:22] - C:\bootsqm.dat
      [12/10/2014 23:28] - C:\ComboFix.txt
      [12/10/2014 11:44] - C:\FSTool
      [12/10/2014 11:45] - C:\IFS.log
      [09/10/2014 21:01] - C:\MSOCache
      [09/10/2014 07:40] - C:\pagefile.sys
      [10/10/2014 13:24] - C:\Qoobox
      [09/10/2014 15:00] - C:\Recovery
      
      ~~~~~~~~~~~| C:\Windows\Tasks:
      
      [09/10/2014 17:02] - C:\Windows\Tasks\Adobe Flash Player Updater.job
      
      ~~~~~~~~~~~| End Report
      *Finalizado 00:12:03
      *Se limpiaron los archivos temporales
      *[1599815] C:\Users\PC\Desktop\IFS.exe
      *Herramienta de Análisis e investigación

      OTL
      OTL logfile created on: 10/13/2014 12:22:12 AM - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7601.17514)
      Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3.85 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 72.83% Memory free
      7.71 Gb Paging File | 6.52 Gb Available in Paging File | 84.66% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 277.99 Gb Total Space | 233.61 Gb Free Space | 84.04% Space Free | Partition Type: NTFS

      Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\PC\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
      PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
      PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
      PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
      PRC - C:\Windows\SysWOW64\Rezip.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
      MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()
      MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
      SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
      SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
      SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe ()


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
      DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
      DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
      DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
      DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
      DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
      DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
      DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
      DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
      DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
      DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

      IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

      IE - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
      IE - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Wikipedia (es)"
      FF - prefs.js..browser.search.selectedEngine: "Wikipedia (es)"
      FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
      FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/05 05:29:08 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/09 15:40:16 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2014/10/09 15:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
      [2014/10/09 17:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\zi0f7dn4.default\extensions
      [2014/10/09 17:19:32 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\zi0f7dn4.default\extensions\[email protected]
      [2014/10/09 17:14:19 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\zi0f7dn4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2014/10/09 15:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
      [2014/10/09 15:21:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2014/10/09 15:40:16 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

      O1 HOSTS File: ([2014/10/12 23:23:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.81.16.148 62.81.16.213
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453BFD57-02A8-4EAB-8D30-A0386EC4D932}: DhcpNameServer = 62.81.16.148 62.81.16.213
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C042EE6-FE29-4D53-923C-5E88AADFF7C2}: DhcpNameServer = 192.168.0.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = ComFile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2014/10/12 23:23:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2014/10/12 22:54:31 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
      [2014/10/12 22:49:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
      [2014/10/12 22:49:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
      [2014/10/12 21:26:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration
      [2014/10/12 18:56:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
      [2014/10/12 18:54:49 | 005,582,915 | R--- | C] (Swearware) -- C:\Users\PC\Desktop\ComboFix.exe
      [2014/10/12 18:52:48 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\PC\Desktop\MCPR.exe
      [2014/10/12 15:52:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
      [2014/10/12 15:51:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
      [2014/10/12 15:33:26 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
      [2014/10/12 15:33:07 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
      [2014/10/12 11:44:57 | 000,000,000 | ---D | C] -- C:\FSTool
      [2014/10/11 21:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
      [2014/10/11 21:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2014/10/11 21:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2014/10/11 21:03:38 | 000,000,000 | ---D | C] -- C:\Windows\es
      [2014/10/11 21:00:38 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Windows Live
      [2014/10/11 21:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
      [2014/10/11 21:00:02 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
      [2014/10/11 20:55:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
      [2014/10/11 18:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
      [2014/10/11 18:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
      [2014/10/11 18:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
      [2014/10/10 15:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
      [2014/10/10 13:25:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
      [2014/10/10 13:25:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
      [2014/10/10 13:25:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
      [2014/10/10 13:24:59 | 000,000,000 | ---D | C] -- C:\Qoobox
      [2014/10/10 13:24:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
      [2014/10/09 21:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
      [2014/10/09 21:14:16 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\MPC-HC
      [2014/10/09 21:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
      [2014/10/09 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
      [2014/10/09 21:01:41 | 000,000,000 | R--D | C] -- C:\MSOCache
      [2014/10/09 20:41:52 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\SoftGrid Client
      [2014/10/09 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\SoftGrid Client
      [2014/10/09 20:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Español)
      [2014/10/09 20:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
      [2014/10/09 20:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
      [2014/10/09 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\TP
      [2014/10/09 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
      [2014/10/09 19:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      [2014/10/09 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
      [2014/10/09 19:09:14 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
      [2014/10/09 19:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
      [2014/10/09 19:08:13 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
      [2014/10/09 19:08:13 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
      [2014/10/09 19:08:13 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2014/10/09 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
      [2014/10/09 19:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2014/10/09 19:07:52 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Programs
      [2014/10/09 17:16:22 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia
      [2014/10/09 17:16:22 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Macromedia
      [2014/10/09 17:02:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
      [2014/10/09 17:02:15 | 000,000,000 | R--D | C] -- C:\Users\PC\Dropbox
      [2014/10/09 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
      [2014/10/09 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Dropbox
      [2014/10/09 16:51:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
      [2014/10/09 15:40:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\AVAST Software
      [2014/10/09 15:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
      [2014/10/09 15:40:18 | 001,041,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2014/10/09 15:40:18 | 000,427,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
      [2014/10/09 15:40:18 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
      [2014/10/09 15:40:18 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2014/10/09 15:40:17 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
      [2014/10/09 15:40:16 | 000,307,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2014/10/09 15:40:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
      [2014/10/09 15:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
      [2014/10/09 15:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
      [2014/10/09 15:21:53 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla
      [2014/10/09 15:21:53 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla
      [2014/10/09 15:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
      [2014/10/09 15:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
      [2014/10/09 15:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2014/10/09 15:20:20 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe
      [2014/10/09 15:15:33 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\ATI
      [2014/10/09 15:15:33 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\ATI
      [2014/10/09 15:15:00 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      [2014/10/09 15:15:00 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches
      [2014/10/09 15:15:00 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      [2014/10/09 15:14:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities
      [2014/10/09 15:14:44 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts
      [2014/10/09 15:14:41 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore
      [2014/10/09 15:13:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
      [2014/10/09 15:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
      [2014/10/09 15:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [2014/10/09 15:11:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
      [2014/10/09 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
      [2014/10/09 15:11:09 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
      [2014/10/09 15:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
      [2014/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole
      [2014/10/09 15:09:12 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\My Pictures
      [2014/10/09 15:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
      [2014/10/09 15:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
      [2014/10/09 15:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Pack
      [2014/10/09 15:03:45 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Adobe
      [2014/10/09 15:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
      [2014/10/09 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
      [2014/10/09 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
      [2014/10/09 15:02:56 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
      [2014/10/09 15:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
      [2014/10/09 15:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
      [2014/10/09 15:01:37 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Music
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Links
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop
      [2014/10/09 15:01:37 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Reciente
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Plantillas
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Mis vídeos
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Mis imágenes
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Mis documentos
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Mi música
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Menú Inicio
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Impresoras
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Historial
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Entorno de red
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Datos de programa
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Datos de programa
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Configuración local
      [2014/10/09 15:01:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Archivos temporales de Internet
      [2014/10/09 15:01:37 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData
      [2014/10/09 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Temp
      [2014/10/09 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft
      [2014/10/09 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs
      [2014/10/09 15:00:01 | 000,000,000 | ---D | C] -- C:\Recovery

      ========== Files - Modified Within 30 Days ==========

      [2014/10/13 00:03:31 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2014/10/13 00:03:31 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2014/10/12 23:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2014/10/12 23:54:35 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys
      [2014/10/12 23:53:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2014/10/12 23:23:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
      [2014/10/12 23:22:00 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
      [2014/10/12 23:03:13 | 005,582,915 | R--- | M] (Swearware) -- C:\Users\PC\Desktop\ComboFix.exe
      [2014/10/12 21:30:08 | 000,997,912 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2014/10/12 21:30:08 | 000,727,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2014/10/12 21:30:08 | 000,241,916 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2014/10/12 21:30:08 | 000,192,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2014/10/12 21:30:08 | 000,006,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2014/10/12 18:56:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
      [2014/10/12 18:56:15 | 001,599,815 | ---- | M] () -- C:\Users\PC\Desktop\IFS.exe
      [2014/10/12 18:52:49 | 003,480,040 | ---- | M] (McAfee, Inc.) -- C:\Users\PC\Desktop\MCPR.exe
      [2014/10/12 18:03:51 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
      [2014/10/12 16:04:52 | 000,267,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2014/10/09 21:37:30 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
      [2014/10/09 20:41:06 | 000,004,832 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2014/10/09 19:44:28 | 000,007,368 | ---- | M] () -- C:\Users\PC\Documents\cc_20141009_194421.reg
      [2014/10/09 19:43:28 | 000,035,346 | ---- | M] () -- C:\Users\PC\Documents\cc_20141009_194319.reg
      [2014/10/09 15:40:29 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
      [2014/10/09 15:40:15 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2014/10/09 15:40:15 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2014/10/09 15:40:15 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2014/10/09 15:40:15 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
      [2014/10/09 15:40:15 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
      [2014/10/09 15:40:15 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2014/10/09 15:40:15 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2014/10/09 15:40:15 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
      [2014/10/09 15:40:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
      [2014/10/09 15:12:34 | 000,000,020 | ---- | M] () -- C:\Windows\Túê
      [2014/10/09 15:09:35 | 000,000,033 | ---- | M] () -- C:\Windows\0
      [2014/10/09 15:09:34 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Game Pack.lnk
      [2014/10/09 15:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\144D_SAMSUNG_N_R540_03KP.mrk
      [2014/10/09 07:56:21 | 000,048,197 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
      [2014/10/09 07:56:21 | 000,048,197 | ---- | M] () -- C:\Windows\SysNative\license.rtf

      ========== Files Created - No Company Name ==========

      [2014/10/12 23:22:00 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
      [2014/10/12 18:56:14 | 001,599,815 | ---- | C] () -- C:\Users\PC\Desktop\IFS.exe
      [2014/10/12 15:34:15 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
      [2014/10/12 15:32:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
      [2014/10/12 15:32:36 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
      [2014/10/12 15:32:36 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
      [2014/10/12 15:32:15 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
      [2014/10/11 22:02:35 | 000,267,296 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2014/10/11 21:03:29 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
      [2014/10/11 21:03:20 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
      [2014/10/11 21:03:07 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
      [2014/10/11 21:02:44 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
      [2014/10/10 13:25:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
      [2014/10/10 13:25:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
      [2014/10/10 13:25:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
      [2014/10/10 13:25:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
      [2014/10/10 13:25:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
      [2014/10/09 20:41:06 | 000,004,832 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2014/10/09 19:44:24 | 000,007,368 | ---- | C] () -- C:\Users\PC\Documents\cc_20141009_194421.reg
      [2014/10/09 19:43:24 | 000,035,346 | ---- | C] () -- C:\Users\PC\Documents\cc_20141009_194319.reg
      [2014/10/09 17:02:29 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2014/10/09 15:40:18 | 000,224,896 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2014/10/09 15:40:18 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2014/10/09 15:40:17 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
      [2014/10/09 15:21:47 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      [2014/10/09 15:15:16 | 000,001,397 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      [2014/10/09 15:15:11 | 000,001,431 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      [2014/10/09 15:12:33 | 000,000,020 | ---- | C] () -- C:\Windows\Túê
      [2014/10/09 15:09:35 | 000,000,033 | ---- | C] () -- C:\Windows\0
      [2014/10/09 15:09:34 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk
      [2014/10/09 15:04:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
      [2014/10/09 15:03:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
      [2014/10/09 15:02:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\144D_SAMSUNG_N_R540_03KP.mrk

      ========== ZeroAccess Check ==========

      [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2011/08/30 07:25:09 | 014,173,184 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2011/08/30 06:21:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2014/10/09 15:40:42 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\AVAST Software
      [2014/10/12 19:13:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox
      [2014/10/09 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MPC-HC
      [2014/10/12 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\SoftGrid Client
      [2014/10/09 20:42:03 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TP

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2014/10/12 23:22:00 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
      [2014/10/12 23:28:03 | 000,024,649 | ---- | M] () -- C:\ComboFix.txt
      [2014/10/12 23:54:35 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys
      [2014/10/13 00:12:03 | 000,005,403 | ---- | M] () -- C:\IFS.log
      [2014/10/12 23:54:39 | 4137,861,120 | -HS- | M] () -- C:\pagefile.sys
      [2010/08/05 04:24:45 | 000,002,162 | ---- | M] () -- C:\RHDSetup.log
      [2010/08/05 04:32:36 | 000,000,191 | ---- | M] () -- C:\Setup.log

      < %programdata%\*.* >
      [2010/01/16 07:15:48 | 000,131,368 | ---- | M] () -- C:\ProgramData\FullRemove.exe
      Invalid Environment Variable: Windows

      < End of report >

    6. #26
      Ex-Colaborador Avatar de Gemsa_03
      Registrado
      feb 2012
      Ubicación
      Málaga-España
      Mensajes
      6.615

      Re: Posible virus

      Hola

      Sigue estos pasos :

      Muy Importante >>> Realiza una copia de Seguridad de tu Registro.

      Descarga DelFix en el escritorio de Windows.
      • Haz doble clic para ejecutarlo.
      • Ventana principal, marca solamente la casilla "Create registry backup".
      • Clic en Run.


      Y después ejecuta de nuevo OTL.exe

      Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación (LA PALABRA CÓDIGO NO SE COPIA).
      Código:
      :OTL
      FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
      FF - user.js - File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O13 - gopher Prefix: missing
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      [2014/10/12 18:52:48 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\PC\Desktop\MCPR.exe
      [2014/10/09 15:12:34 | 000,000,020 | ---- | M] () -- C:\Windows\Túê
      [2014/10/09 15:09:35 | 000,000,033 | ---- | M] () -- C:\Windows\0
      [2010/01/16 07:15:48 | 000,131,368 | ---- | M] () -- C:\ProgramData\FullRemove.exe
      
      :Files
      ipconfig /renew /c
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      [RESETHOSTS]
      [PURITY]
      • Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.
      • OTL va a Reiniciar el ordenador para completar la eliminación.
      • Guardas el nuevo reporte generado, y lo copias y pegas en tu próxima respuesta.


      Recuerda ponernos el log de OTL, y dinos también cómo sigue el ordenador, en relación al problema planteado.

      NOTA: el reporte también queda guardado en C:\_OTL\MovedFiles, es un fichero de texto con este formato "MMDDAAAA_HHMMSS.log"


      Saludos
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #27
      Usuario Avatar de LuCii
      Registrado
      oct 2014
      Ubicación
      España
      Mensajes
      41

      Re: Posible virus

      ¿Cómo realizo una copia de seguridad de mi registro?

    8. #28
      Ex-Colaborador Avatar de Gemsa_03
      Registrado
      feb 2012
      Ubicación
      Málaga-España
      Mensajes
      6.615

      Re: Posible virus

      Hola

      Con el Programa Delfix lee bien mi Post anterior
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #29
      Usuario Avatar de LuCii
      Registrado
      oct 2014
      Ubicación
      España
      Mensajes
      41

      Re: Posible virus

      Pues he reproducido un video de Youtube en Firefox pero solo se escuchaba el video. Cuando lo he parado, ha fallado el navegador y ha puesto error de plugin o algo así. No sabría decirte el mensaje exacto.

      Informe OTL

      All processes killed
      ========== OTL ==========
      Prefs.js: adblockpopups%40jessehakanen.net:0.9.2 removed from extensions.enabledAddons
      Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3 removed from extensions.enabledAddons
      64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
      Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
      Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
      Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-21-1797806156-4127936074-2174673735-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
      File Protocol\Handler\livecall - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
      File Protocol\Handler\msnim - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
      File Protocol\Handler\skype4com - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
      File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
      File Protocol\Handler\wlmailhtml - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
      File Protocol\Handler\wlpg - No CLSID value found not found.
      64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      File C:\Users\PC\Desktop\MCPR.exe not found.
      File C:\Windows\Túê not found.
      File C:\Windows\0 not found.
      File C:\ProgramData\FullRemove.exe not found.
      ========== FILES ==========
      < ipconfig /renew /c >
      Configuraci¢n IP de Windows
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local mientras los medios
      est‚n desconectados.
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:
      Sufijo DNS espec¡fico para la conexi¢n. . : home
      V¡nculo: direcci¢n IPv6 local. . . : fe80::a556:5529:395a:bd08%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.231
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1
      Adaptador de Ethernet Conexi¢n de *rea local:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel isatap.{6C042EE6-FE29-4D53-923C-5E88AADFF7C2}:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel isatap.home:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . : home
      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : 2001:0:5ef5:79fb:1038:1be2:3f57:fe18
      V¡nculo: direcci¢n IPv6 local. . . : fe80::1038:1be2:3f57:fe18%12
      Puerta de enlace predeterminada . . . . . : ::
      C:\Users\PC\Desktop\cmd.bat deleted successfully.
      C:\Users\PC\Desktop\cmd.txt deleted successfully.
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      C:\Users\PC\Desktop\cmd.bat deleted successfully.
      C:\Users\PC\Desktop\cmd.txt deleted successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: PC
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 128 bytes
      ->FireFox cache emptied: 4105238 bytes
      ->Flash cache emptied: 492 bytes

      User: Public
      ->Temp folder emptied: 0 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 3556 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
      RecycleBin emptied: 77096085 bytes

      Total Files Cleaned = 77.00 mb

      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      OTL by OldTimer - Version 3.2.69.0 log created on 10142014_133935

      Files\Folders moved on Reboot...
      File\Folder C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
      File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...

      Files\Folders moved on Reboot...
      C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
      File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...

    10. #30
      Ex-Colaborador Avatar de Gemsa_03
      Registrado
      feb 2012
      Ubicación
      Málaga-España
      Mensajes
      6.615

      Re: Posible virus

      Hola

      1. Realiza los pasos descritos en la Guía: Eliminar Adwares/PUPs (Programas Potencialmente NO Deseados).
        Es fundamental que la realices al pie de la letra, para ello imprime o apunta bien todos los pasos. En el paso ●3.- Tienes que ejecutar Malwarebytes con un análisis completo. Tienes el Malwarebytes, pero desactualizado, has de bajarte la >>> última versión Malwarebytes Anti-Malware 2.0.3 | InfoSpyware <<<. En lugar de Análisis Completo, ahora se llama Análisis de la Amenaza, pero es lo mismo.

      2. Dirígete a Configuración

      3. Complementos

        • Plugins y clickea en "Pulse aquí para ver si sus complementos están actualizados". De esta manera sabrás si tus plugins están actualizados o tienes que actualizar alguno.


      Adjuntas reportes y comentas resultados.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.