Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Theadclick.com + svchost.exe crash at startup


  • This topic is locked This topic is locked
21 replies to this topic

#1 erGato

erGato

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 02 November 2015 - 04:48 AM

Hi,

 

I receive a pair of popup warning from Avast:

 

URL: http://www.theadclick.com/pages/index.php?refid=54530d

Infection: URL:Mal

Process: C:\WINDOWS\system32\svchost.exe

 

In addition to the popup, the system restarts after a savedump execution with the RPC message.

 

My PC got infected before using Avast, previously I was using Avira Antivir. Tried Malwarebytes, some online anti-virus and Avast itself, reinstalled Windows and other things but nothing works.

 

Recently I got a new one when entering some urls but not sure if is the same problem or is an Avast issue, the web shield blocks the page because an invalid certificate: snif41577.cloudflaressl.com, but the page is safe.

 

I'll wait for your instructions.

 

Thanks.

 

(Sorry if my english is bad)


Edited by erGato, 02 November 2015 - 04:54 AM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 02 November 2015 - 09:33 PM

Hello erGato and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------

 

 Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 04 November 2015 - 02:46 PM

Hi, Yılmaz,

 

Here are the logs (FRST.txt pasted here and Addition.txt attached, hope I did it the correct way):

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-11-2015
Ran by Mike_HDF (administrator) on PCMIKE (04-11-2015 20:38:44)
Running from H:\
Loaded Profiles: Mike_HDF (Available Profiles: Mike_HDF & Administrador)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Español (alfabetización internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(AVAST Software) C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Malwarebytes Corporation) C:\Archivos de programa\Malwarebytes Anti-Exploit\mbae-svc.exe
(Creative Technology Ltd) C:\Archivos de programa\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Archivos de programa\Malwarebytes Anti-Exploit\mbae.exe
(http://www.emule-project.net) H:\Programas\Emule\emule.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(FreeDownloadManager.ORG) C:\Archivos de programa\Free Download Manager\Chrome\fdm_nativehost.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Archivos de programa\Free Download Manager\fdm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CTSysVol] => C:\Archivos de programa\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344 2005-10-31] (Creative Technology Ltd)
HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper
HKLM\...\Run: [FileZilla Server Interface] => C:\Archivos de programa\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20053608 2011-06-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-01] (AVAST Software)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Archivos de programa\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Archivos de programa\dyndns\WinDNSdynamic.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Archivos de programa\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2012-04-06] (ATI Technologies Inc.)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Archivos de programa\AVAST Software\Avast\ashShell.dll [2015-10-01] (AVAST Software)
ShellIconOverlayIdentifiers: [MountOverlayIcon] -> {0F49CF41-FD97-4942-9F2A-35E8B489E7FB} => C:\Archivos de programa\WinMount\WinMTExt.dll [2010-10-20] (WinMount International Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{561ABC6E-D9F2-4FE3-8BE7-EBA520113E19}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{784C62C3-2472-4617-8A02-C896FF1ACBB0}: [NameServer] 62.81.16.148,62.81.16.213
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> DefaultScope {44BF3A1E-CC6E-49DC-857D-393845B956AF} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> {44BF3A1E-CC6E-49DC-857D-393845B956AF} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Archivos de programa\Java\jre7\bin\ssv.dll [2014-08-02] (Oracle Corporation)
BHO: Windows Live Aplicación auxiliar de inicio de sesión -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Archivos de programa\Free Download Manager\iefdm2.dll [2015-07-08] (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll [2014-08-02] (Oracle Corporation)
BHO: HttpWatch Basic -> {F1F69322-008F-4895-B2BF-AD194219825A} -> C:\Archivos de programa\HttpWatch\httpwatchsc.dll [2015-01-20] (Simtec Limited)
Toolbar: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: AutorunsDisabled\livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File []
Handler: AutorunsDisabled\msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File []
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll [2012-05-04] ()
FF Plugin: @httpwatch.com/hw_addon -> C:\Archivos de programa\HttpWatch\Firefox\components [2015-09-21] ()
FF Plugin: @ieinspector.com/ha_plugin -> C:\Archivos de programa\IEInspector\HTTPAnalyzerFullV6\firefox\Components [No File]
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Archivos de programa\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll [2014-08-02] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Archivos de programa\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli)
FF Plugin: @ogplanet.com/npOGPPlugin -> C:\WINDOWS\system32\npOGPPlugin.dll [2009-11-18] (OGPlanet)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Archivos de programa\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Archivos de programa\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-507921405-1801674531-1003: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Archivos de programa\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\nppdf32.dll [2009-12-21] (Adobe Systems Inc.)
FF Extension: FEBE - C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-09-21]
FF Extension: Flash Control - C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-09-21]
FF Extension: Greasemonkey - C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-09-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{1E2593B2-E106-4697-BCE7-A9D30DE05D73}] - C:\Archivos de programa\HttpWatch\Firefox
FF Extension: HttpWatch Basic Edition - C:\Archivos de programa\HttpWatch\Firefox [2015-09-21] [not signed]
FF HKU\S-1-5-21-515967899-507921405-1801674531-1003\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Documents and Settings\All Users\Datos de programa\Free Download Manager\Firefox\Extensions\2.0.17
FF Extension: Free Download Manager extension - C:\Documents and Settings\All Users\Datos de programa\Free Download Manager\Firefox\Extensions\2.0.17 [2015-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.es/
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Archivos de programa\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Archivos de programa\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Microsoft Office 2003) - C:\Archivos de programa\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Archivos de programa\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Archivos de programa\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Archivos de programa\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Archivos de programa\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Archivos de programa\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Archivos de programa\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U65) - C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (SumatraPDF Browser Plugin) - C:\Archivos de programa\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
CHR Plugin: (OGPlanet Game Plugin) - C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
CHR Profile: C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2015-04-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Búsqueda de Google) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-17]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-03-12]
CHR Extension: (EditThisCookie) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-02]
CHR Extension: (FlashBlock) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-02-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
S4 Desura Install Service; C:\Archivos de programa\Archivos comunes\Desura\desura_service.exe [1046624 2015-06-11] (Desura Net Pty Ltd)
S3 FileZilla Server; C:\Archivos de programa\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 GalaxyClientService; C:\Archivos de programa\GalaxyClient\GalaxyClientService.exe [1763384 2015-04-30] (GOG.com)
S3 GalaxyCommunication; C:\Documents and Settings\All Users\Datos de programa\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6338104 2015-04-30] (GOG.com)
S3 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
S3 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
S4 Hamachi2Svc; C:\Archivos de programa\LogMeIn Hamachi\hamachi-2.exe [1883496 2015-08-03] (LogMeIn Inc.)
S4 IDriverT; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 JavaQuickStarterService; C:\Archivos de programa\Java\jre7\bin\jqs.exe [182696 2014-08-02] (Oracle Corporation)
R2 MbaeSvc; C:\Archivos de programa\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Archivos de programa\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MozillaMaintenance; C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe [149160 2015-08-26] (Mozilla Foundation)
S4 NMSAccessU; C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
S2 nv4_mini; C:\Archivos de programa\NVIDIA GeForce GTX 550 Ti\nv4_mini.exe [32768 2011-09-03] (NVIDIA Corporation) [File not signed]
S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S3 Steam Client Service; C:\Archivos de programa\Archivos comunes\Steam\SteamService.exe [838224 2015-10-14] (Valve Corporation)
S4 TeamViewer; C:\Archivos de programa\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WMPNetworkSvc; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [826368 2006-05-17] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 ampa; C:\WINDOWS\system32\ampa.sys [12656 2013-11-29] ()
S4 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-01] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-01] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-01] (AVAST Software)
S3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [99856 2012-02-23] (Advanced Micro Devices)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2011-07-29] () [File not signed]
R1 ESProtectionDriver; C:\Archivos de programa\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S4 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2015-08-03] (LogMeIn, Inc.)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [51456 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [65136 2011-03-22] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119272 2011-03-03] (NVIDIA Corporation)
S3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.)
S3 RK281X; C:\WINDOWS\System32\DRIVERS\RK281X.sys [44400 2010-06-25] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 RSUSBCCID; C:\WINDOWS\System32\DRIVERS\RtsUCcid.sys [44032 2009-11-06] (Realtek Semiconductor Corp.)
S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4258528 2009-12-02] (Realtek Semiconductor Corp.)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [428088 2011-11-23] (Duplex Secure Ltd.)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2013-08-12] (Acronis)
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38656 2006-08-24] (Microsoft Corporation) [File not signed]
S4 catchme; \??\C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp\catchme.sys [X]
S4 eapihdrv; \??\C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
S4 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S4 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S4 RtsUIr; system32\DRIVERS\RtsUIr.sys [X]
S4 vmci; system32\DRIVERS\vmci.sys [X]
S4 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-04 19:27 - 2015-11-04 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Acronis
2015-11-03 22:18 - 2015-11-03 22:18 - 00000660 _____ C:\redbookreg.reg
2015-11-03 20:35 - 2015-11-03 20:35 - 00993392 ____N C:\WINDOWS\system32\restore_aw_assistant.exe
2015-11-02 09:37 - 2015-11-02 09:40 - 00063816 __RSH C:\Documents and Settings\All Users\ntuser.pol
2015-10-30 17:34 - 2015-10-30 17:34 - 00000692 _____ C:\Documents and Settings\All Users\Escritorio\Fraps.lnk
2015-10-30 17:34 - 2015-10-30 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Fraps
2015-10-25 10:51 - 2015-10-25 11:20 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Malwarebytes' Anti-Malware (portable)
2015-10-25 10:48 - 2015-10-25 10:48 - 00000000 ____D C:\Archivos de programa\Malwarebytes Anti-rootkit
2015-10-25 10:31 - 2015-11-02 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Malwarebytes Anti-Exploit
2015-10-25 10:31 - 2015-10-25 10:31 - 00000000 ____D C:\Archivos de programa\Malwarebytes Anti-Exploit
2015-10-25 10:13 - 2015-10-25 10:13 - 00005451 _____ C:\ComboFix.txt
2015-10-25 09:50 - 2015-10-25 09:50 - 00000000 _RSHD C:\cmdcons
2015-10-25 09:50 - 2015-10-17 10:07 - 00000211 _____ C:\Boot.bak
2015-10-25 09:50 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-10-25 09:48 - 2015-10-25 10:13 - 00000000 ____D C:\Qoobox
2015-10-25 09:48 - 2015-10-25 10:13 - 00000000 ____D C:\ComboFix
2015-10-25 09:48 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-10-25 09:48 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-10-25 09:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-10-25 09:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-10-25 09:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-10-25 09:48 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-10-25 09:48 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-10-25 09:48 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-10-25 09:48 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-10-25 09:47 - 2015-10-25 10:12 - 00000000 ____D C:\WINDOWS\erdnt
2015-10-24 10:08 - 2015-10-24 10:12 - 00000000 ____D C:\Archivos de programa\Fraps
2015-10-24 10:08 - 2015-10-24 10:08 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\Vídeo
2015-10-18 11:05 - 2015-10-18 11:05 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\GCFScape
2015-10-18 11:05 - 2015-10-18 11:05 - 00000000 ____D C:\Archivos de programa\GCFScape
2015-10-15 19:24 - 2015-10-15 19:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-15 18:38 - 2015-11-04 20:38 - 00000000 ____D C:\FRST
2015-10-12 16:57 - 2015-10-13 22:18 - 00000000 ____D C:\HammerAutosave
2015-10-07 20:04 - 2015-10-07 22:50 - 00000000 ____D C:\Archivos de programa\Mozilla Thunderbird
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-04 20:39 - 2014-11-29 17:59 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Datos de programa\Free Download Manager
2015-11-04 20:38 - 2009-04-03 19:10 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-04 20:38 - 2009-04-03 19:10 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-04 20:32 - 2009-04-03 18:20 - 00457829 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-04 19:31 - 2015-09-17 10:13 - 00568649 _____ C:\WINDOWS\setupapi.log
2015-11-04 19:31 - 2009-04-03 19:08 - 01264310 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-04 19:28 - 2015-10-01 10:40 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-04 19:27 - 2011-11-23 22:11 - 08405015 _____ C:\WINDOWS\TempFile
2015-11-04 19:27 - 2009-04-03 19:07 - 00000000 __RHD C:\Documents and Settings\All Users\Datos de programa
2015-11-04 19:27 - 2009-04-03 18:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-04 19:24 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-03 20:35 - 2009-04-03 19:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\storprop.dll
2015-11-03 20:35 - 2008-04-14 13:00 - 02147840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-03 20:35 - 2008-04-14 13:00 - 00189056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00134400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-11-03 20:35 - 2008-04-14 13:00 - 00096512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atapi.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00068992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00040576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-03 20:35 - 2008-04-14 13:00 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hccoin.dll
2015-11-03 20:35 - 2008-04-14 13:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hccoin.dll
2015-11-03 20:35 - 2008-04-14 13:00 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2015-11-03 20:35 - 2008-04-14 08:48 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbui.dll
2015-11-03 20:35 - 2008-04-14 08:27 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntkrnlpa.exe
2015-11-02 23:56 - 2009-04-03 18:25 - 00000192 ___SH C:\Documents and Settings\Mike_HDF\ntuser.ini
2015-11-02 23:56 - 2009-04-03 18:25 - 00000000 ____D C:\Documents and Settings\Mike_HDF
2015-11-02 23:56 - 2009-04-03 18:24 - 00032392 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-02 23:49 - 2012-01-12 23:05 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-02 21:12 - 2010-12-03 17:58 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Datos de programa\uTorrent
2015-11-02 01:35 - 2010-04-18 14:10 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Datos de programa\vlc
2015-10-31 16:20 - 2010-12-03 17:26 - 00009195 _____ C:\WINDOWS\Q-Dir.ini
2015-10-30 17:41 - 2010-04-18 13:25 - 00000095 _____ C:\WINDOWS\winamp.ini
2015-10-30 17:34 - 2009-04-03 19:07 - 00000000 ___RD C:\Documents and Settings\All Users\Menú Inicio\Programas
2015-10-30 17:34 - 2009-04-03 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Escritorio
2015-10-30 17:34 - 2009-04-03 18:25 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Escritorio
2015-10-28 13:58 - 2009-04-03 18:25 - 00000000 ___RD C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\Inicio
2015-10-25 10:51 - 2014-09-30 11:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-25 10:48 - 2014-09-30 11:11 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-25 10:48 - 2009-04-03 19:08 - 00000000 ___RD C:\Archivos de programa
2015-10-25 10:32 - 2009-04-03 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Sistema
2015-10-25 10:16 - 2009-04-03 18:24 - 00000000 __SHD C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet
2015-10-25 10:16 - 2009-04-03 18:24 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-10-25 10:10 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-25 10:03 - 2012-02-29 00:45 - 00000000 __SHD C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet
2015-10-25 10:03 - 2009-04-03 19:07 - 00000000 ___SD C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet
2015-10-25 09:59 - 2009-04-03 19:08 - 00000000 ____D C:\Archivos de programa\Archivos comunes
2015-10-25 09:53 - 2009-04-03 18:25 - 00000000 __RHD C:\Documents and Settings\Mike_HDF\Datos de programa
2015-10-25 09:50 - 2009-04-03 20:06 - 00000327 __RSH C:\boot.ini
2015-10-25 09:24 - 2014-09-30 11:11 - 00000000 ____D C:\Archivos de programa\Malwarebytes Anti-Malware
2015-10-24 18:46 - 2009-04-03 20:03 - 00000000 ____D C:\WINDOWS\security
2015-10-24 10:16 - 2015-07-18 13:03 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2015-10-24 10:08 - 2009-04-03 18:25 - 00000000 ___RD C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas
2015-10-24 09:54 - 2010-12-11 22:47 - 00001902 _____ C:\Documents and Settings\Mike_HDF\Mis documentos\PlayClaw.txt
2015-10-24 09:27 - 2012-02-06 21:30 - 00000831 _____ C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
2015-10-21 20:31 - 2009-04-03 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Vídeo
2015-10-18 22:46 - 2009-04-03 19:07 - 00266221 _____ C:\WINDOWS\setupact.log
2015-10-18 19:05 - 2015-06-27 10:18 - 00323584 _____ C:\Documents and Settings\Mike_HDF\Escritorio\Pelis.mdb
2015-10-18 13:06 - 2011-04-12 21:09 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Datos de programa\TeamViewer
2015-10-18 11:26 - 2010-04-18 14:07 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Adobe
2015-10-18 11:26 - 2010-04-18 13:08 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Datos de programa\Adobe
2015-10-17 10:34 - 2012-02-05 18:46 - 00000000 ____D C:\Archivos de programa\Archivos comunes\Steam
2015-10-17 10:07 - 2008-04-14 13:00 - 00001015 _____ C:\WINDOWS\win.ini
2015-10-15 21:03 - 2012-03-01 20:51 - 00000000 ____D C:\Archivos de programa\Form Extractor
2015-10-15 18:14 - 2009-04-03 18:24 - 00000192 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-10-14 21:01 - 2010-12-10 19:14 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Datos de programa\Mp3tag
2015-10-14 18:38 - 2011-12-02 00:35 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Samsung
2015-10-14 18:38 - 2011-12-02 00:33 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Samsung
2015-10-14 18:38 - 2009-04-03 18:41 - 00000000 ___HD C:\Archivos de programa\InstallShield Installation Information
2015-10-14 18:24 - 2013-09-23 19:15 - 00000000 ____D C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\Amazon
2015-10-14 18:24 - 2013-09-23 19:14 - 00000000 ____D C:\Archivos de programa\Amazon
2015-10-10 19:39 - 2015-08-04 18:59 - 00000000 ____D C:\Documents and Settings\LocalService\Configuración local\Datos de programa\LogMeIn Hamachi
2015-10-08 18:09 - 2014-05-06 19:51 - 00000000 ____D C:\Archivos de programa\Mozilla Maintenance Service
2015-10-07 22:18 - 2015-08-02 11:01 - 00000910 _____ C:\Descarga video clips.txt
2015-10-06 23:55 - 2014-07-07 17:28 - 00000000 ____D C:\Documents and Settings\Mike_HDF\.VirtualBox
2015-10-05 08:50 - 2011-03-05 11:06 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2010-04-18 13:58 - 2010-04-18 13:58 - 0000646 _____ () C:\Archivos de programa\MyMobiler.lnk
2010-04-18 13:58 - 2010-04-18 13:58 - 0002528 _____ () C:\Documents and Settings\Mike_HDF\Datos de programa\$_hpcst$.hpc
2012-12-29 12:39 - 2012-12-29 12:39 - 0002299 _____ () C:\Documents and Settings\Mike_HDF\Datos de programa\ASSDraw3.cfg
2014-07-10 22:47 - 2014-07-10 23:02 - 0003262 _____ () C:\Documents and Settings\Mike_HDF\Datos de programa\glide_wrapper.zbag.ini
2011-10-12 17:18 - 2011-10-12 18:07 - 0000754 _____ () C:\Documents and Settings\Mike_HDF\Datos de programa\PyGlossary
2014-01-11 21:21 - 2014-01-11 21:21 - 0043152 _____ (Gaming eXtreme) C:\Documents and Settings\Mike_HDF\Datos de programa\SetupCleaner.exe
2011-11-23 00:46 - 2015-09-21 22:20 - 0016896 _____ () C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-28 18:19 - 2015-06-28 18:19 - 0693760 _____ (Dirección General de la Policía) C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\DNIeService.exe
2014-06-30 19:37 - 2014-06-30 19:37 - 0000868 _____ () C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\recently-used.xbel
2011-08-31 15:35 - 2009-10-26 23:08 - 0001335 _____ () C:\Documents and Settings\All Users\desktop
 
Some files in TEMP:
====================
C:\Documents and Settings\Mike_HDF\Configuración local\Temp\catchme.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 04 November 2015 - 05:08 PM

Hi erGato,

COMODO Firewall (Disabled)
Windows Firewall is enabled.

You should use caution.
 
P2P Warning
--------------------
Going over your logs I noticed that you have µTorrent, eMule installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall µTorrent, eMule, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.
 

Step 1:
FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   23.13KB   7 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 05 November 2015 - 04:37 PM

Hi, Yılmaz,

 

Following all the steps resulted on my system not working at all, I think it was Combofix fault. The explorer lost the direction textbox and other things, couldn't shut down the machine nor restart... I had to power off the PC and then it never reachs to desktop, even on safe mode. Luckily, before following the instructions I did a full backup of the partition so it's recovered, but still infected.

 

I have the logs so I'll paste after this. FRST crashed but generated the log file (deleted some group policies that I put but well...), Malwarebytes didn't detected anything so no log needed. I hope there's something in the logs that can help (but I will not use Combofix again, no, no ).

 

Thanks.

 

Fixlog ----------------------------------------------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Scan Tool (x86) Version:04-11-2015
Ran by Mike_HDF (2015-11-05 19:57:52) Run:1
Running from H:\
Loaded Profiles: Mike_HDF (Available Profiles: Mike_HDF & Administrador)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21095971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21095971.sys => ""="Driver"
CustomCLSID: HKU\S-1-5-21-515967899-507921405-1801674531-1003_Classes\CLSID\{DB450007-9764-11D6-819E-005056C00008}\localserver32 -> C:\Archivos de programa\DU Meter\DUMeterSvc.exe => No File
StandardProfile\AuthorizedApplications: [H:\Programas\utorrent\utorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mike_HDF\Configuración local\Temp\Rar$EXa0.724\utorrent.exe] => C:\Documents and Settings\Mike_HDF\Configuración local\Temp\Rar$EXa0.724\utorrent.exe:*:Enabled:µTorrent
StandardProfile\AuthorizedApplications: [H:\Programas\Emule\emule.exe] => Enabled:eMule
H:\Programas\Emule\emule.exe
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Archivos de programa\dyndns\WinDNSdynamic.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Archivos de programa\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> DefaultScope {44BF3A1E-CC6E-49DC-857D-393845B956AF} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> {44BF3A1E-CC6E-49DC-857D-393845B956AF} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: AutorunsDisabled\livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File []
Handler: AutorunsDisabled\msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File []
FF ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
FF Homepage: about:blank
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Archivos de programa\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Archivos de programa\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S4 catchme; \??\C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp\catchme.sys [X]
S4 eapihdrv; \??\C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
C:\Documents and Settings\Mike_HDF\Configuración local\Temp\catchme.dll
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\21095971.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\21095971.sys" => key removed successfully.
"HKU\S-1-5-21-515967899-507921405-1801674531-1003_Classes\CLSID\{DB450007-9764-11D6-819E-005056C00008}" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Programas\utorrent\utorrent.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike_HDF\Configuración local\Temp\Rar$EXa0.724\utorrent.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Programas\Emule\emule.exe => value removed successfully.
H:\Programas\Emule\emule.exe => moved successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: ** <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\7z*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\rar*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\wz*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Archivos de programa\dyndns\WinDNSdynamic.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Archivos de programa\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\*.zip\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44BF3A1E-CC6E-49DC-857D-393845B956AF}" => key removed successfully.
HKCR\CLSID\{44BF3A1E-CC6E-49DC-857D-393845B956AF} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
"HKCR\PROTOCOLS\Handler\AutorunsDisabled\livecall" => key removed successfully.
 
AdwCleaner ----------------------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v5.018 - Registro generado 05/11/2015 en 20:04:47
# Actualizado 05/11/2015 por Xplode
# Base de datos : 2015-11-03.2 [Servidor]
# Sistema operativo : Microsoft Windows XP Service Pack 3 (x86)
# Nombre de usuario : Mike_HDF - PCMIKE
# Ejecutado desde : H:\adwcleaner v 5.018.exe
# Opción : Escanear
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
Carpeta Encontrar : C:\Archivos de programa\Babylon
Carpeta Encontrar : C:\Archivos de programa\NVIDIA GeForce GTX 550 Ti
Carpeta Encontrar : C:\Archivos de programa\Archivos comunes\NVIDIA GeForce GTX 550 Ti
Carpeta Encontrar : C:\Documents and Settings\All Users\Datos de programa\Babylon
Carpeta Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\apn
Carpeta Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Babylon
Carpeta Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Carpeta Encontrar : C:\Documents and Settings\Mike_HDF\Datos de programa\Babylon
 
***** [ Archivos ] *****
 
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fngmhnnpilhplaeedifhccceomclgfbg_0.localstorage
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fngmhnnpilhplaeedifhccceomclgfbg_0.localstorage-journal
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_cn.hao123.com_0.localstorage
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_cn.hao123.com_0.localstorage-journal
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_filemonkey.softonic.com_0.localstorage
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_filemonkey.softonic.com_0.localstorage-journal
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
Archivo Encontrar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
Llave Encontrado : HKLM\SOFTWARE\Classes\.bdc
Llave Encontrado : HKLM\SOFTWARE\Classes\.bgl
Llave Encontrado : HKLM\SOFTWARE\Classes\.bof
Llave Encontrado : HKLM\SOFTWARE\Classes\BabyDict
Llave Encontrado : HKLM\SOFTWARE\Classes\BabyGloss
Llave Encontrado : HKLM\SOFTWARE\Classes\BabyOptFile
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Llave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Llave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Llave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Llave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Llave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Llave Encontrado : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Llave Encontrado : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Llave Encontrado : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Llave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Llave Encontrado : HKCU\Software\Ask&Record
Llave Encontrado : HKCU\Software\Babylon
Llave Encontrado : HKCU\Software\Conduit
Llave Encontrado : HKCU\Software\Myfree Codec
Llave Encontrado : HKCU\Software\Softonic
Llave Encontrado : HKCU\Software\YahooPartnerToolbar
Llave Encontrado : HKLM\SOFTWARE\Babylon
Llave Encontrado : HKLM\SOFTWARE\Myfree Codec
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screensaver Producer 
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Llave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Screensaver Producer 
Llave Encontrado : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.babylon
 
***** [ Navegadores Web ] *****
 
[C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrar : dbf-viewer-2000.softonic.com
[C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrar : cdbf-dbf-viewer-and-editor.en.softonic.com
[C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrado : fngmhnnpilhplaeedifhccceomclgfbg
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6036 bytes] ##########
 

JRT ----------------------------------------------------------------------------------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by Mike_HDF on 05/11/2015 at 20:09:05,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Archivos de programa\babylon
Successfully deleted: [Folder] C:\Documents and Settings\Mike_HDF\Datos de programa\babylon
Successfully deleted: [Folder] C:\WINDOWS\freecorder
Successfully deleted: [Folder] C:\Documents and Settings\Mike_HDF\Datos de programa\14E1307E-A225-4095-9569-C3B2BC2D5BE4
 
 
 
~~~ Chrome
 
 
[C:\Documents and Settings\Mike_HDF\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Documents and Settings\Mike_HDF\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Documents and Settings\Mike_HDF\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Documents and Settings\Mike_HDF\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2015 at 20:12:10,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Combofix ------------------------------------------------------------------------------------------------------------------
 
 ComboFix 15-11-05.01 - Mike_HDF 05/11/2015  20:48:20.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.3583.2906 [GMT 1:00]
Running from: H:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-05 to 2015-11-05  )))))))))))))))))))))))))))))))
.
.
2015-11-04 21:02 . 2013-12-05 18:08 87256 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2015-11-04 21:02 . 2013-10-25 10:38 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2015-11-04 21:02 . 2011-11-22 15:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2015-11-04 20:12 . 2015-11-04 20:12 65856 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2015-10-25 09:51 . 2015-10-25 10:20 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes' Anti-Malware (portable)
2015-10-25 09:48 . 2015-10-25 09:48 -------- d-----w- c:\archivos de programa\Malwarebytes Anti-rootkit
2015-10-25 09:31 . 2015-11-02 20:20 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes Anti-Exploit
2015-10-25 09:31 . 2015-10-25 09:31 -------- d-----w- c:\archivos de programa\Malwarebytes Anti-Exploit
2015-10-24 09:08 . 2015-10-24 09:12 -------- d-----w- c:\archivos de programa\Fraps
2015-10-18 10:05 . 2015-10-18 10:05 -------- d-----w- c:\archivos de programa\GCFScape
2015-10-15 18:24 . 2015-10-15 18:24 -------- d-----w- C:\TDSSKiller_Quarantine
2015-10-15 17:38 . 2015-11-05 18:57 -------- d-----w- C:\FRST
2015-10-12 15:57 . 2015-10-13 21:18 -------- d-----w- C:\HammerAutosave
2015-10-07 19:04 . 2015-10-07 21:50 -------- d-----w- c:\archivos de programa\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-05 19:18 . 2014-09-30 10:11 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-03 19:35 . 2009-04-03 18:07 76288 ----a-w- c:\windows\system32\storprop.dll
2015-11-03 19:35 . 2008-04-14 12:00 40576 ----a-w- c:\windows\system32\drivers\intelppm.sys
2015-11-03 19:35 . 2008-04-14 12:00 189056 ----a-w- c:\windows\system32\drivers\acpi.sys
2015-11-03 19:35 . 2008-04-14 12:00 68992 ----a-w- c:\windows\system32\drivers\pci.sys
2015-11-03 19:35 . 2008-04-14 07:27 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-11-03 19:35 . 2008-04-14 12:00 7168 ----a-w- c:\windows\system32\hccoin.dll
2015-11-03 19:35 . 2008-04-14 12:00 2147840 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-03 19:35 . 2008-04-14 12:00 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-11-03 19:35 . 2008-04-14 12:00 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-11-03 19:35 . 2008-04-14 07:48 77824 ----a-w- c:\windows\system32\usbui.dll
2015-11-03 19:35 . 2008-04-14 12:00 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-11-03 19:35 . 2008-04-14 12:00 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-11-03 19:35 . 2008-04-14 12:00 37760 ----a-w- c:\windows\system32\drivers\isapnp.sys
2015-11-03 19:35 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2015-11-03 19:35 . 2008-04-14 12:00 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2015-11-03 19:35 . 2008-04-14 12:00 3456 ----a-w- c:\windows\system32\drivers\pciide.sys
2015-10-25 09:48 . 2014-09-30 10:11 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2011-03-05 10:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-01 09:40 . 2015-10-01 09:40 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-10-01 09:40 . 2015-10-01 09:40 157888 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-10-01 09:40 . 2015-10-01 09:40 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-01 09:40 . 2015-10-01 09:40 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-01 09:40 . 2015-10-01 09:40 434184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-01 09:40 . 2015-10-01 09:40 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-01 09:40 . 2015-10-01 09:40 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-10-01 09:40 . 2015-10-01 09:40 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-01 09:40 . 2015-10-01 09:40 789296 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-01 09:40 . 2015-10-01 09:40 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-01 09:40 . 2015-10-01 09:40 43112 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-01 09:40 696120 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-20 12:22 257024 ----a-w- c:\archivos de programa\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileZilla Server Interface"="c:\archivos de programa\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2014-07-11 256896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448]
"AvastUI.exe"="c:\archivos de programa\AVAST Software\Avast\AvastUI.exe" [2015-10-01 6134544]
"Malwarebytes Anti-Exploit"="c:\archivos de programa\Malwarebytes Anti-Exploit\mbae.exe" [2015-07-22 2620728]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57 948672 ----a-r- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HttpWatch_RegIEPlugin]
2015-01-20 12:00 2350208 ----a-w- c:\archivos de programa\HttpWatch\regieplugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2015-08-03 10:47 5579624 ----a-w- c:\archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-03-08 22:37 98304 ----a-w- c:\archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-10-14 20:56 2901584 ----a-w- d:\juegos\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TeamViewer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MBAMService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Hamachi2Svc"=3 (0x3)
"Desura Install Service"=3 (0x3)
"FileZilla Server"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Archivos de programa\\River Past\\Audio Converter Pro\\AudioConverter.exe"=
"c:\\Archivos de programa\\River Past\\MPEG-2 Converter and Booster Pack\\VideoCleaner.exe"=
"c:\\Archivos de programa\\River Past\\MPEG-4 Converter and Booster Pack\\VideoCleaner.exe"=
"d:\\Juegos\\Steam\\Steam.exe"=
"d:\\Juegos\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"d:\\Juegos\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"d:\\Juegos\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Archivos de programa\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Juegos\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Archivos de programa\\DolbyAxon\\Axon.exe"=
"c:\\Archivos de programa\\Video Download Capture\\Video Download Capture.exe"=
"c:\\Archivos de programa\\Video Download Capture\\ApowersoftSrv.dll"=
"c:\\Archivos de programa\\Video Download Capture\\ApowersoftDump.dll"=
"c:\\Archivos de programa\\Video Download Capture\\ApowersoftAC.dll"=
"c:\\Archivos de programa\\Video Download Capture\\ApowersoftPlayer.dll"=
"c:\\Archivos de programa\\Video Download Capture\\ApowersoftDownloaderHelp.dll"=
"c:\\Archivos de programa\\Video Download Capture\\ApowersoftHDSDump.dll"=
"c:\\Archivos de programa\\TeamViewer\\TeamViewer.exe"=
"c:\\Archivos de programa\\TeamViewer\\TeamViewer_Service.exe"=
"d:\\Juegos\\Steam\\steamapps\\common\\Supreme Commander 2\\bin\\SupremeCommander2.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"d:\\Juegos\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1170:TCP"= 1170:TCP:messenger
"58878:TCP"= 58878:TCP:www
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [01/10/2015 10:40 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [01/10/2015 10:40 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/10/2015 10:40 789296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/10/2015 10:40 434184]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\archivos de programa\Malwarebytes Anti-Exploit\mbae.sys [25/10/2015 10:31 47928]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [07/07/2014 17:26 204064]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [07/07/2014 17:26 104736]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [04/11/2015 21:12 65856]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [01/10/2015 10:40 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [01/10/2015 10:40 76000]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [13/04/2013 8:04 12808]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [01/10/2015 10:40 157888]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [11/04/2012 19:51 72832]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/07/2012 17:50 65136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/03/2011 11:06 23256]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16/05/2014 14:24 126752]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\archivos de programa\Malwarebytes Anti-Exploit\mbae-svc.exe [25/10/2015 10:31 713016]
S2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes Anti-Malware\mbamservice.exe [30/09/2014 11:11 1135416]
S2 nv4_mini;NVIDIA Compatible Windows 2000 Miniport Driver, Version 267.85 ;c:\archivos de programa\NVIDIA GeForce GTX 550 Ti\nv4_mini.exe "c:\archivos de programa\Archivos comunes\NVIDIA GeForce GTX 550 Ti\nv4_mini.dat" --> c:\archivos de programa\NVIDIA GeForce GTX 550 Ti\nv4_mini.exe c:\archivos de programa\Archivos comunes\NVIDIA GeForce GTX 550 Ti\nv4_mini.dat [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/07/2012 17:49 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [07/07/2014 19:36 12656]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [02/12/2011 0:35 30312]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/06/2012 20:24 99856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/01/2013 20:33 83168]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24/11/2011 22:48 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24/11/2011 22:48 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [11/04/2012 21:32 102784]
S3 GalaxyClientService;GalaxyClientService;c:\archivos de programa\GalaxyClient\GalaxyClientService.exe [01/05/2015 9:09 1763384]
S3 GalaxyCommunication;GalaxyCommunication;c:\documents and settings\All Users\Datos de programa\GOG.com\Galaxy\redists\GalaxyCommunication.exe [01/05/2015 9:09 6338104]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [11/04/2012 19:52 85760]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [11/04/2012 19:53 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [11/04/2012 19:53 26496]
S3 RK281X;Driver for RK281X Device;c:\windows\system32\drivers\RK281X.sys [30/08/2014 9:53 44400]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [27/06/2015 18:25 44032]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [02/12/2011 0:35 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [02/12/2011 0:35 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [02/12/2011 0:35 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [02/12/2011 0:35 114280]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/01/2013 20:33 181344]
S4 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [13/12/2014 10:38 26032]
S4 Desura Install Service;Desura Install Service;c:\archivos de programa\Archivos comunes\Desura\desura_service.exe [29/06/2014 9:04 1046624]
S4 eapihdrv;eapihdrv;\??\c:\docume~1\Mike_HDF\CONFIG~1\Temp\ehdrv.sys --> c:\docume~1\Mike_HDF\CONFIG~1\Temp\ehdrv.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\archivos de programa\LogMeIn Hamachi\hamachi-2.exe [03/08/2015 11:47 1883496]
S4 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\DRIVERS\RTL8192cu.sys --> c:\windows\system32\DRIVERS\RTL8192cu.sys [?]
S4 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys --> c:\windows\system32\DRIVERS\RtsUIr.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/11/2011 23:21 428088]
S4 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16/05/2014 14:24 116512]
S4 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-23 19:49 997704 ----a-w- c:\archivos de programa\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\archivos de programa\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-01 09:40]
.
2015-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-01-12 13:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &??????
IE: &??????????
IE: &?????? - c:\archivos de programa\115\UDown\getUrl.htm
IE: &?????????? - c:\archivos de programa\115\UDown\getAllUrl.htm
IE: Descargar con Free Download Manager - file://c:\archivos de programa\Free Download Manager\dllink.htm
IE: Descargar la selección con Free Download Manager - file://c:\archivos de programa\Free Download Manager\dlselected.htm
IE: Descargar todo con Free Download Manager - file://c:\archivos de programa\Free Download Manager\dlall.htm
IE: Descargar video con Free Download Manager - file://c:\archivos de programa\Free Download Manager\dlfvideo.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: HttpWatch Basic - c:\archivos de programa\HttpWatch\httpwatch.dll/1351
TCP: Interfaces\{784C62C3-2472-4617-8A02-C896FF1ACBB0}: NameServer = 62.81.16.148,62.81.16.213
FF - ProfilePath - c:\documents and settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
------- File Associations -------
.
.txt=CrimsonEditor.txt
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
MSConfigStartUp-adm_tray - c:\archivos de programa\Acronis\DriveMonitor\adm_tray.exe
MSConfigStartUp-Babylon Client - c:\archivos de programa\Babylon\Babylon.exe
MSConfigStartUp-KiesPDLR - c:\archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesPreload - c:\archivos de programa\Samsung\Kies\Kies.exe
MSConfigStartUp-UpdReg - c:\windows\UpdReg.EXE
AddRemove-Babylon - c:\archivos de programa\Babylon\Utils\uninstbb.exe
AddRemove-chgtype - c:\windows\rundll.exe
AddRemove-Form Extractor - c:\archivos de programa\Form Extractor\Formex.exe
AddRemove-Quake2UninstallKey - c:\juegos\quake2\Uninst.isu
AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe
AddRemove-{AFE218B4-AD18-44DD-AE1C-D98CABB02DAF}_is1 - d:\juegos\L4D1-NOSTEAM\unins001.exe
AddRemove-01_Simmental - c:\archivos de programa\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\archivos de programa\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\archivos de programa\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\archivos de programa\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\archivos de programa\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\archivos de programa\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\archivos de programa\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\archivos de programa\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\archivos de programa\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\archivos de programa\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\archivos de programa\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\archivos de programa\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\archivos de programa\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\archivos de programa\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\archivos de programa\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\archivos de programa\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\archivos de programa\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\archivos de programa\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\archivos de programa\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-05 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\&*O(uOˆN}]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Archivos de programa\\115\\UDown\\getUrl.htm"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\&*O(uOˆN}hQèþ”¥c]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Archivos de programa\\115\\UDown\\getAllUrl.htm"
"Contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C38DB01-36EA-F829-EAE9-8BE0D78D2479}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4C062B37-B517-5C6D-9388-6E237C46A8FE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagnhffilfffldkjmi"=hex:6b,61,62,68,6a,66,68,6e,63,65,6c,63,68,63,66,6f,66,6f,
   66,70,64,65,00,00
"hamajhblpeodbbhf"=hex:6b,61,63,67,70,66,68,64,6d,70,6b,63,68,6a,6c,61,61,6e,
   6b,67,69,6e,00,00
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72227C7C-33EA-09FA-15FC-8AB2B35E4DA7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E1622BB8-B7FC-3ECD-03BC-8D80C889D2F1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 10.65.2"
.
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
@DACL=(02 0000)
@="c:\\Archivos de programa\\Java\\jre7\\bin\\jp2iexp.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5280)
c:\archivos de programa\WinMount\WinMTExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-11-05  20:59:16
ComboFix-quarantined-files.txt  2015-11-05 19:58
.
Pre-Run: 8.984.371.200 bytes libres
Post-Run: 9.017.413.632 bytes libres
.
- - End Of File - - F28DB4FF426DF77D2AF560181FA13CAB
792F61657FECE3D17A9122B4EE282847

Edited by erGato, 05 November 2015 - 04:39 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 05 November 2015 - 06:25 PM

Hi erGato,
ComboFix is a good software. No need to  concern. How is the situation now?
------------------

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.

------------------------------------------------------------------------------------------------------------------------------------

 

Emsisoft Emergency Kit Scan

--------------------

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

===================================================

 

Things I would like to see in your next reply. :thumbup2:

  • Emsisoft report
  • Zoek.txt

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 06 November 2015 - 03:30 AM

Hi, Yılmaz,

 

The actual situation is that I had to recover the system, so the possible fixes applied by the programs aren't applied. I was hoping that the logs give some clue about where is the damned virus. You didn't find anything in the logs I posted?

 

I'll try ZOEK and Emsisoft.

 

Thanks.



#8 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 06 November 2015 - 11:01 AM

I do not understand you. What is the problem ? Your system has a virus  and we are cleaning it. Going all everything the way.
Please post me Logs. Also, again adwcleaner open and press Delete button


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 06 November 2015 - 11:51 AM

Yılmaz, the only problem is that Windows stopped to work after Combofix finished (it didn't let me restart or shutdown from start menu and, after a forced power off, it froze up at wellcome screen, even in safe mode), that's why I had to restore my previous infected backup. And I thought that the purpose of the logs is to see if the virus was hunted down.

 

I hope I have explained better, I appreciate your help.

 

I'll try again one by one. Going to try Emsisoft Emergency Kit Scan now. Zoek didn't help (ad tried to popup again) but here's the log:

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Mike_HDF on 06/11/2015 at 17:11:46,92.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode No Internet Access Detected
Launched: H:\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
06/11/2015 17:14:10 Zoek.exe System Restore Point Created Successfully.
 
==== Suspicious Entries Found ======================
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"1170:TCP"="1170:TCP:*:Enabled:messenger"
"58878:TCP"="58878:TCP:*:Enabled:www"
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
2015-10-25 08:48:32 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2015-10-25 08:48:32 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2015-10-25 08:48:32 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2015-10-25 08:48:32 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2015-10-25 08:48:32 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
====== C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp ====
2015-11-04 20:04:03 C419DF63E0121D72411285780C2FC6CC 90112 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\Audio\Updreg.exe
2015-11-04 20:04:02 FF06251FD7078BDCD68F417DCAE012F4 40960 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\Audio\CTHwAccl.exe
2015-11-04 20:04:02 AD557EB6EEB5E820F82015D7978B3FB0 49152 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\Audio\CTRWEU.EXE
2015-11-04 20:04:02 76893A9123CDA779A800A05980F4939D 57344 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\CTDeInst.dll
2015-11-04 20:04:02 661885481FD6E99FA29464A377C2E143 81920 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\CardScan.dll
2015-11-04 20:04:02 4246BB96A71A5A95109E6175D445643D 28672 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\VERINFO.DLL
2015-11-04 20:04:02 2D25782D04BAA13F24ADFEDAA1B891FD 114688 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SetSoftSize.dll
2015-11-04 20:04:02 0F77F4B1F960F1CC132900576D05B354 61440 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\CTUIXtra.dll
2015-11-04 20:04:02 040F00BEA29D6AE631FD94B72B5D6CB4 40960 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\Audio\CTRWE.DLL
2015-11-04 20:04:01 D5F0023887241348CE31590F792CFA05 98304 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\Common.dll
2015-11-04 20:04:01 5D631154A91F65B8A27ADD9D626F12F6 53248 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\RegEdit.dll
2015-11-04 20:04:01 32FA757C64FB62F07F3205016656A0A7 368640 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\_setup.dll
2015-11-04 20:04:00 5A19E45818366B49CC93B5BC483265E8 286720 ------w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\CTCabEx.DLL
2015-11-04 20:03:58 EA8A40913840238AED96EEB9DC19AF1E 401408 ----a-w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\isrt.dll
2015-11-04 20:03:58 B484A3EDAD6D13F53F02716228A3C424 380928 ----a-w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\_IsRes.dll
2015-11-04 20:03:57 81878098D99E38E39C9CB237436960E8 94208 ----a-w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\{F9002CE3-7643-49FE-8D41-1F63EA74D9E3}\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\_IsUser.dll
2015-10-25 09:12:00 2F8F1D62382AD78ACEB22C4E22C5EC59 53248 ----a-w- C:\Documents and Settings\Mike_HDF\Configuración local\Temp\catchme.dll
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2015-11-04 21:02:17 93FF57428D2E71230A855A5EEC358FB9 11368 ----a-w- C:\WINDOWS\System32\RtkCoLDRXP.dll
2015-11-04 21:02:17 537FBB97EB07E3E687BEB2C15EE443F1 87256 ----a-w- C:\WINDOWS\System32\RtkCoInstIIXP.dll
====== C:\WINDOWS\system32\drivers =====
2015-11-04 21:02:17 25571D8C71B8BEFB1CDB049A4F11FCAC 26084 ----a-w- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
2015-11-04 20:12:47 EAFCB25D7D44EC245DCDCBED41CF4213 65856 ----a-w- C:\WINDOWS\System32\drivers\WMDrive.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Archivos de programa =====
2015-10-24 09:08:32 -------- d-----w- C:\Archivos de programa\Fraps
2015-10-18 10:05:13 -------- d-----w- C:\Archivos de programa\GCFScape
2015-10-07 19:04:46 -------- d-----w- C:\Archivos de programa\Mozilla Thunderbird
======= C: =====
2015-11-03 21:18:08 1D1D633E309BA23376B7CCB2D98B05AD 660 ----a-w- C:\redbookreg.reg
2015-10-25 08:50:31 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
2015-10-25 08:50:28 94E5450C43E4CF78E1D3AD4816966909 260272 --sha-r- C:\cmldr
====== C:\Documents and Settings\Mike_HDF\Datos de programa ======
2015-10-24 09:08:32 -------- d-----w- C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\Vídeo\FRAPS
2015-10-24 09:08:32 -------- d-----w- C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\Vídeo
====== C:\Documents and Settings\Mike_HDF ======
2015-10-25 09:16:33 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
 
====== C: exe-files ==
2015-11-04 21:02:18 F17B4E7A49505C578B06C9F5F6299216 475752 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\vncutil64.exe
2015-11-04 21:02:18 D94DA294C79A1F6CB4D9BC5DABF6C2A4 359016 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\vncutil.exe
2015-11-04 21:02:18 992B653A9B3405BA903CEE7B3D4709B0 9721960 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RTLCPL.exe
2015-11-04 21:02:18 8FF95306601A2D3829F1517BA285F052 1523416 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RtlUpd.exe
2015-11-04 21:02:18 798C0C1FF4E0FCE646CA82AE0379CCB0 84584 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\SoundMan.exe
2015-11-04 21:02:18 2DC32941AE3F2C3F26F464713F7F849C 1719512 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RtlUpd64.exe
2015-11-04 21:02:17 D3227E66A9DAEC1CE909D37098F9D241 177768 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RtkAudioService64.exe
2015-11-04 21:02:17 529ABF7BC07F5688EF22B8F7FE2C76BF 20145368 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RTHDCPL.exe
2015-11-04 21:02:17 129BBDFFE4D3AE373DFA1779E6ED8989 129640 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RtkAudioService.exe
2015-11-04 21:02:16 3616DDC4353F49360DD2EFED8FE4A6C4 2180712 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\MicCal.exe
2015-11-04 21:02:15 FFE0524419FE67CAF3F699EEF6EDF91C 44136 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\CPLUtl64.exe
2015-11-04 21:02:15 EEB2E393B7EB8EBC1E9E56ED005806EC 64104 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\Alcmtr.exe
2015-11-04 21:02:15 39C913873B3AB8593116BD4A7B9BB82B 2815592 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\AlcWzrd.exe
=== C: other files ==
2015-11-04 21:02:17 DD37C4C7BA28332D3D3444D3E634D794 140888 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\OAO17Afx.sys
2015-11-04 21:02:17 CAA4BD0FBF4BBC0C259146E1FFD00C24 1861720 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\Monft64.sys
2015-11-04 21:02:17 B4DC153A839B1FDC7303CAFE61D56A0D 7458520 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RTKHDA64.sys
2015-11-04 21:02:17 1F7C55FC32919644BA9124217A612A64 5630168 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\RTKHDAUD.sys
2015-11-04 21:02:16 C7D9F9717916B34C1B00DD4834AF485C 1395800 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\Monfilt.sys
2015-11-04 21:02:15 267FC636801EDC5AB28E14036349E3BE 1691480 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\AMBFilt.sys
2015-11-04 21:02:15 1DFC5D5CD2E655D67C9CB0E4E8B2CB72 1801304 ------w- C:\Archivos de programa\Realtek\Audio\Drivers\WDM\AMBFt64.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
 
[HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileZilla Server Interface"="C:\Archivos de programa\FileZilla Server\FileZilla Server Interface.exe"
"SunJavaUpdateSched"="C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"AvastUI.exe"="C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe /nogui"
"Malwarebytes Anti-Exploit"="C:\Archivos de programa\Malwarebytes Anti-Exploit\mbae.exe"
"RTHDCPL"="RTHDCPL.EXE"
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPDLR"
"hkey"="HKCU"
"command"="C:\\Archivos de programa\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adm_tray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adm_tray"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Acronis\\DriveMonitor\\adm_tray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Babylon"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Babylon\\Babylon.exe -AutoStart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GalaxyClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HttpWatch_RegIEPlugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="regieplugin"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\HttpWatch\\regieplugin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPDLR"
"hkey"="HKCU"
"command"="C:\\Archivos de programa\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Kies"
"hkey"="HKCU"
"command"="C:\\Archivos de programa\\Samsung\\Kies\\Kies.exe /preload"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hamachi-2-ui"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"D:\\Juegos\\Steam\\Steam.exe\" -silent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Archivos de programa\Google\Update\GoogleUpdate.exe [31/08/2015 14:09]
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
user_pref("browser.startup.homepage", "about:blank");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E2593B2-E106-4697-BCE7-A9D30DE05D73}"="C:\Archivos de programa\HttpWatch\Firefox" [21/09/2015 12:08]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fdm_ffext@freedownloadmanager.org"="C:\Documents and Settings\All Users\Datos de programa\Free Download Manager\Firefox\Extensions\1.7.5.4" [19/07/2015 23:39]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"fdm_ffext@freedownloadmanager.org"="C:\Documents and Settings\All Users\Datos de programa\Free Download Manager\Firefox\Extensions\2.0.17" [16/10/2015 17:23]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Documents and Settings\ADMINI~1\Datos de programa\Mozilla\Firefox\Profiles\vulqbet3.default
- Undetermined - C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
- Java Quick Starter - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\kompozer.net\KompoZer\Profiles\cwla7coi.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
- FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
- Flash Control - %ProfilePath%\extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Thunderbird\Profiles\y2s8z3td.default
- MinimizeToTray revived MinTrayR - %ProfilePath%\extensions\mintrayr@tn123.ath.cx
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
7D127425BBE91DF37448A7F44C1DDA52 - C:\Archivos de programa\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
01EA709362CB92A8613E335C2368F685 - C:\Archivos de programa\HttpWatch\Firefox\components\nphttpwatchff.dll - HttpWatch Basic / HttpWatch Basic
486DCD78DFB28733BFDD4D4EFEA2FD50 - C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U65
EE23F610D9353B9217FFEC4B73A27EF5 - C:\Archivos de programa\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.650.20
FCAC2CA5C820FCF7B9E1A2D2F6D29B34 - C:\Archivos de programa\SumatraPDF\npPdfViewer.dll - SumatraPDF Browser Plugin
DE5A4D89C47B9A1CC97DFAB11A795ABB - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll - Shockwave Flash
A055971A27B8B767F5F0858B8F299282 - C:\Archivos de programa\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
517021D1BCA1962ABF09099014A7D87D - C:\WINDOWS\system32\npOGPPlugin.dll - OGPlanet Game Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
BC14A19522A973F39027EA9842939ED1 - C:\Archivos de programa\Windows Media Player\npdrmv2.dll - Microsoft® DRM
9DFB1CFDD72C0C431C16B25B7EE114D5 - C:\Archivos de programa\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
24C3A54C86D5FE4C055646BC370FACFD - C:\Archivos de programa\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
86DC11BC3A92D7B1315B0C17374C7F57 - C:\WINDOWS\system32\npptools.dll - Sistema operativo Microsoft® Windows®
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
 
Free Download Manager Chrome extension - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp
YouTube - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Tampermonkey - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
User-Agent Switcher for Chrome - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg
EditThisCookie - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
FlashBlock - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
Chrome Web Store Payments - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Empty IE Cache ======================
 
C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Mike_HDF\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\vulqbet3.default\Cache emptied successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\Documents and Settings\Administrador\Configuración local\temp emptied successfully
C:\Documents and Settings\Default User\Configuración local\temp emptied successfully
C:\Documents and Settings\LocalService\Configuración local\Temp emptied successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Temp will be emptied at reboot
C:\Documents and Settings\NetworkService\Configuración local\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Mike_HDF\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat" not found
 
==== EOF on 06/11/2015 at 17:24:40,12 ======================


#10 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 06 November 2015 - 01:05 PM

The log of EEK:

 

Emsisoft Emergency Kit - Versión 10.0
Última actualización: 06/11/2015 17:37:56
Cuenta de usuario: PCMIKE\Mike_HDF
 
Configuraciones del análisis:
 
Tipo de análisis: Análisis de programas maliciosos
Objetos: Rootkits, Memoria, Trazas, Archivos
 
Detectar PUP: Activado
Análisis de archivos: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Caché avanzada: Activado
Acceso directo al disco: Desactivado
 
Inicio del análisis: 06/11/2015 17:53:35
C:\Documents and Settings\Mike_HDF\Datos de programa\babylon detectado: Application.AppInstall (A)
C:\Documents and Settings\All Users\Datos de programa\babylon detectado: Application.AppInstall (A)
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\apn detectado: Application.AppInstall (A)
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\babylon detectado: Application.AppInstall (A)
C:\Archivos de programa\babylon detectado: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detectado: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\CONDUIT detectado: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\YAHOOPARTNERTOOLBAR detectado: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BABYDICT detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BABYGLOSS detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BABYOPTFILE detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D} detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF} detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993} detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{55D63393-DB17-4A2B-9052-15D85B4B1344} detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} detectado: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\BABYLON detectado: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\SOFTONIC detectado: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\BABYLON detectado: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BABYLON detectado: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BABYLON.EXE detectado: Application.InstallTool (A)
 
Analizados 72885
Encontrados 22
 
Fin del análisis: 06/11/2015 17:57:48
Duración del análisis: 0:04:13


#11 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 06 November 2015 - 02:02 PM

Hi, FRST updated but crashed again on fixing. The log seems the same:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-11-2015
Ran by Mike_HDF (2015-11-06 19:14:46) Run:1
Running from H:\
Loaded Profiles: Mike_HDF & Administrador (Available Profiles: Mike_HDF & Administrador)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21095971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21095971.sys => ""="Driver"
CustomCLSID: HKU\S-1-5-21-515967899-507921405-1801674531-1003_Classes\CLSID\{DB450007-9764-11D6-819E-005056C00008}\localserver32 -> C:\Archivos de programa\DU Meter\DUMeterSvc.exe => No File
StandardProfile\AuthorizedApplications: [H:\Programas\utorrent\utorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mike_HDF\Configuración local\Temp\Rar$EXa0.724\utorrent.exe] => C:\Documents and Settings\Mike_HDF\Configuración local\Temp\Rar$EXa0.724\utorrent.exe:*:Enabled:µTorrent
StandardProfile\AuthorizedApplications: [H:\Programas\Emule\emule.exe] => Enabled:eMule
H:\Programas\Emule\emule.exe
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Archivos de programa\dyndns\WinDNSdynamic.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Archivos de programa\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> DefaultScope {44BF3A1E-CC6E-49DC-857D-393845B956AF} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-515967899-507921405-1801674531-1003 -> {44BF3A1E-CC6E-49DC-857D-393845B956AF} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: AutorunsDisabled\livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File []
Handler: AutorunsDisabled\msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File []
FF ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
FF Homepage: about:blank
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Archivos de programa\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Archivos de programa\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S4 catchme; \??\C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp\catchme.sys [X]
S4 eapihdrv; \??\C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
C:\Documents and Settings\Mike_HDF\Configuración local\Temp\catchme.dll
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\21095971.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\21095971.sys" => key removed successfully.
"HKU\S-1-5-21-515967899-507921405-1801674531-1003_Classes\CLSID\{DB450007-9764-11D6-819E-005056C00008}" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Programas\utorrent\utorrent.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike_HDF\Configuración local\Temp\Rar$EXa0.724\utorrent.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Programas\Emule\emule.exe => value removed successfully.
"H:\Programas\Emule\emule.exe" => not found.
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: ** <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\7z*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Menú inicio\Programas\Inicio\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Datos de programa\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\rar*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Menú inicio\Programas\Inicio\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\Datos de programa\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\wz*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Configuración local\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\Configuración local\Datos de programa\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Archivos de programa\dyndns\WinDNSdynamic.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Archivos de programa\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %temp%\*.zip\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-515967899-507921405-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44BF3A1E-CC6E-49DC-857D-393845B956AF}" => key removed successfully.
HKCR\CLSID\{44BF3A1E-CC6E-49DC-857D-393845B956AF} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
"HKCR\PROTOCOLS\Handler\AutorunsDisabled\livecall" => key removed successfully.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 06 November 2015 - 02:58 PM

Hi erGato,
 

Launched: H:\zoek.exe [Scan all users]  [Checkboxes used]

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

Did you run the Zoek script?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 07 November 2015 - 04:17 AM

Hi, Yılmaz,

 

My bad about Zoek, the autoclean scares me, FRST deleted some software not infected and group policys I set up to avoid unwanted applications to run in temporary folders.

 

Anyway, since I executed it with the checks "Empty temp" and "Do a quick scan" and I executed "ipconfig /flushdns" in the command line to see if it works after runing Zoek, I restarted three or four times and the crash on startup didn't happen, maybe it's too soon to consider it's fixed, but I think it worked.

 

After executing AdwCleaner and 2 restarts, the popup from Avast about the infected URL didn't show up, so I thing it worked too. The popup lately always showed up a minute or less after opening Chrome, now it's gone :D

 

If the crash happen again, I'll run Zoek as you said and attach the log here. Sorry for me being so stubborn.

 

Thanks a lot for your help. Here's the log of AdwCleaner:

 

# AdwCleaner v5.018 - Registro generado 06/11/2015 en 23:11:03
# Actualizado 05/11/2015 por Xplode
# Base de datos : 2015-11-03.2 [Servidor]
# Sistema operativo : Microsoft Windows XP Service Pack 3 (x86)
# Nombre de usuario : Mike_HDF - PCMIKE
# Ejecutado desde : H:\adwcleaner_5.018.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
[x] Carpeta No Eliminar : C:\Archivos de programa\NVIDIA GeForce GTX 550 Ti
[x] Carpeta No Eliminar : C:\Archivos de programa\Archivos comunes\NVIDIA GeForce GTX 550 Ti
[-] Carpeta Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
 
***** [ Archivos ] *****
 
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fngmhnnpilhplaeedifhccceomclgfbg_0.localstorage
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fngmhnnpilhplaeedifhccceomclgfbg_0.localstorage-journal
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_cn.hao123.com_0.localstorage
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_cn.hao123.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_filemonkey.softonic.com_0.localstorage
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_filemonkey.softonic.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] Archivo Eliminar : C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\.bdc
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\.bgl
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\.bof
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Llave Eliminar : HKCU\Software\Ask&Record
[-] Llave Eliminar : HKCU\Software\Myfree Codec
[-] Llave Eliminar : HKLM\SOFTWARE\Myfree Codec
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screensaver Producer 
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Screensaver Producer 
[-] Llave Eliminar : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.babylon
 
***** [ Navegadores Web ] *****
 
[-] [C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : dbf-viewer-2000.softonic.com
[-] [C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : cdbf-dbf-viewer-and-editor.en.softonic.com
[-] [C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminar : fngmhnnpilhplaeedifhccceomclgfbg
 
*************************
 
:: Llaves "Tracing" removidas
:: Winsock Configuración borrada
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5075 bytes] ##########
 

Edited by erGato, 07 November 2015 - 04:17 AM.


#14 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 07 November 2015 - 08:11 AM

FRST deleted some software not infected

which software?
 

group policys I set up to avoid unwanted applications to run in temporary folders.

you  your edit it.?

 

I executed "ipconfig /flushdns" in the command line to see if it works after runing Zoek, I restarted three or four times and the crash on startup didn't happen, maybe it's too soon to consider it's fixed,

but I think it worked.

Good neews.

 

I'll run Zoek as you said and attach the log here.

ı am weiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 erGato

erGato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 08 November 2015 - 05:37 AM

Hi, Yılmaz,

 

The software deleted by FRST was emule and adwCleaner deleted Babylon translator, I know that there are some search toolbar for browsers using babylon, but the program deleted was the demo for the translator. Not a big problem.

 

I added some group policys to avoid execution on Application data, temporary folders and other paths, for example:

 

%userprofile%\Configuración local\*.exe -- (Configuración local = Local settings)

 

It's a prevent measure against ransomware and other malwares, I applied time ago. Not a big problem too.

 

Anyway, the key is it was too soon to say "it's fixed" :(

 

The crash at least not happened again, but theadclick popup was back. So I executed Zoek using the script. After a reboot the popup is gone again but I will wait a little more to say "Hurrah". As I promised, here's the log:

 

 
Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by Mike_HDF on 08/11/2015 at 10:47:55,32.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: H:\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
08/11/2015 10:48:41 Zoek.exe System Restore Point Created Successfully.
 
==== Suspicious Entries Found ======================
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"1170:TCP"="1170:TCP:*:Enabled:messenger"
"58878:TCP"="58878:TCP:*:Enabled:www"
 
==== Empty Folders Check ======================
 
C:\Archivos de programa\Amazon deleted successfully
C:\Archivos de programa\DsNET Corp deleted successfully
C:\Archivos de programa\DU Meter deleted successfully
C:\Archivos de programa\GUM2.tmp deleted successfully
C:\Archivos de programa\JDownloader deleted successfully
C:\Archivos de programa\OfficeRecovery deleted successfully
C:\Archivos de programa\Wondershare deleted successfully
C:\Archivos de programa\Xenocode deleted successfully
C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\Amazon deleted successfully
C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\GOG.com deleted successfully
C:\Documents and Settings\Mike_HDF\Menú Inicio\Programas\OfficeRecovery deleted successfully
C:\DOCUME~1\ALLUSE~1\DATOSD~1\IDM deleted successfully
C:\DOCUME~1\ALLUSE~1\DATOSD~1\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\DOCUME~1\ALLUSE~1\DATOSD~1\nView_Profiles deleted successfully
C:\DOCUME~1\ALLUSE~1\DATOSD~1\xml_param deleted successfully
C:\Documents and Settings\Administrador\Datos de programa\WinMount deleted successfully
C:\Documents and Settings\LocalService\Datos de programa\VMware deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\AdobeUM deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\AptDiff deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\DMCache deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\Malwarebytes deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\Publish Providers deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\TextPad deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\usr deleted successfully
C:\Documents and Settings\Mike_HDF\Datos de programa\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\calibre-cache deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Samsung deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\VMware deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-515967899-507921405-1801674531-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Documents and Settings\ADMINI~1\Datos de programa\Mozilla\Firefox\Profiles\vulqbet3.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_112015_1103_.backup
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\kompozer.net\KompoZer\Profiles\cwla7coi.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_112015_1103_.backup
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
 
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ---- 
 
prefs_112015_1103_.backup
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Thunderbird\Profiles\y2s8z3td.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_112015_1103_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
 
Configuración IP de Windows
 
 
 
Se vació con éxito la caché de resolución de DNS.
 
 
==== Deleting Files \ Folders ======================
 
C:\Archivos de programa\Amazon not found
C:\Archivos de programa\DsNET Corp not found
C:\Archivos de programa\DU Meter not found
C:\Archivos de programa\GUM2.tmp not found
C:\Archivos de programa\JDownloader not found
C:\Archivos de programa\OfficeRecovery not found
C:\Archivos de programa\Wondershare not found
C:\Archivos de programa\Xenocode not found
C:\DOCUME~1\ALLUSE~1\DATOSD~1\Malwarebytes' Anti-Malware (portable) not found
C:\Archivos de programa\ComPlus Applications deleted
C:\Archivos de programa\WindowsUpdate deleted
C:\Archivos de programa\NVIDIA GeForce GTX 550 Ti deleted
C:\Archivos de programa\USB Safely Remove deleted
C:\Documents and Settings\Mike_HDF\Datos de programa\Aegisub deleted
C:\Documents and Settings\Mike_HDF\Datos de programa\calibre deleted
C:\Archivos de programa\Prismatic Software deleted
C:\Archivos de programa\Universal Extractor deleted
C:\AOMEI Partition Assistant v 5.5 Standard edition.exe deleted
C:\ExplorerSuite.exe deleted
C:\PKWARE ZIPReader.exe deleted
C:\Documents and Settings\Mike_HDF\Datos de programa\glide_wrapper.zbag.ini deleted
C:\Documents and Settings\Mike_HDF\Datos de programa\Thinstall deleted
C:\DOCUME~1\ALLUSE~1\DATOSD~1\defraggler_list.txt deleted
C:\DOCUME~1\ALLUSE~1\DATOSD~1\Wondershare Video Converter Ultimate deleted
C:\DOCUME~1\ALLUSE~1\DATOSD~1\Package Cache deleted
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE} deleted
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Thinstall deleted
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Wondershare deleted
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\CrashRpt deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\SETB9.tmp deleted
C:\WINDOWS\SETBC.tmp deleted
C:\WINDOWS\SETC8.tmp deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
C:\Documents and Settings\Mike_HDF\Datos de programa\SetupCleaner.exe deleted
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\DNIeService.exe deleted
"C:\Documents and Settings\Mike_HDF\Datos de programa\PyGlossary" deleted
"C:\Documents and Settings\Mike_HDF\Datos de programa\FFSJ\FFSJ.cfg" deleted
"C:\Documents and Settings\Mike_HDF\Datos de programa\FFSJ" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
user_pref("browser.startup.homepage", "about:blank");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E2593B2-E106-4697-BCE7-A9D30DE05D73}"="C:\Archivos de programa\HttpWatch\Firefox" [21/09/2015 12:08]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fdm_ffext@freedownloadmanager.org"="C:\Documents and Settings\All Users\Datos de programa\Free Download Manager\Firefox\Extensions\1.7.5.4" [19/07/2015 23:39]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"fdm_ffext@freedownloadmanager.org"="C:\Documents and Settings\All Users\Datos de programa\Free Download Manager\Firefox\Extensions\2.0.17" [16/10/2015 17:23]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Documents and Settings\ADMINI~1\Datos de programa\Mozilla\Firefox\Profiles\vulqbet3.default
- Undetermined - C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
- Java Quick Starter - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\kompozer.net\KompoZer\Profiles\cwla7coi.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
- FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
- Flash Control - %ProfilePath%\extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
 
ProfilePath: C:\Documents and Settings\Mike_HDF\Datos de programa\Thunderbird\Profiles\y2s8z3td.default
- MinimizeToTray revived MinTrayR - %ProfilePath%\extensions\mintrayr@tn123.ath.cx
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Documents and Settings\Mike_HDF\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default
7D127425BBE91DF37448A7F44C1DDA52 - C:\Archivos de programa\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
01EA709362CB92A8613E335C2368F685 - C:\Archivos de programa\HttpWatch\Firefox\components\nphttpwatchff.dll - HttpWatch Basic / HttpWatch Basic
486DCD78DFB28733BFDD4D4EFEA2FD50 - C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U65
EE23F610D9353B9217FFEC4B73A27EF5 - C:\Archivos de programa\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.650.20
FCAC2CA5C820FCF7B9E1A2D2F6D29B34 - C:\Archivos de programa\SumatraPDF\npPdfViewer.dll - SumatraPDF Browser Plugin
DE5A4D89C47B9A1CC97DFAB11A795ABB - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll - Shockwave Flash
A055971A27B8B767F5F0858B8F299282 - C:\Archivos de programa\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
517021D1BCA1962ABF09099014A7D87D - C:\WINDOWS\system32\npOGPPlugin.dll - OGPlanet Game Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
BC14A19522A973F39027EA9842939ED1 - C:\Archivos de programa\Windows Media Player\npdrmv2.dll - Microsoft® DRM
9DFB1CFDD72C0C431C16B25B7EE114D5 - C:\Archivos de programa\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
24C3A54C86D5FE4C055646BC370FACFD - C:\Archivos de programa\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
86DC11BC3A92D7B1315B0C17374C7F57 - C:\WINDOWS\system32\npptools.dll - Sistema operativo Microsoft® Windows®
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
 
Tampermonkey - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
User-Agent Switcher for Chrome - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg
FlashBlock - Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
 
==== Chromium Fix ======================
 
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_casas.trovit.es_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_casas.trovit.es_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_linksave.in_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_linksave.in_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_www.savemp4.com_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_www.savemp4.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_static.atm.youku.com_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_static.atm.youku.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Jpeg Enhancer_is1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg deleted successfully
 
==== Empty IE Cache ======================
 
C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Mike_HDF\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\vulqbet3.default\Cache emptied successfully
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\wp7bne46.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Documents and Settings\Mike_HDF\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=381 folders=108 87732131 bytes)
 
==== Empty Temp Folders ======================
 
C:\Documents and Settings\Administrador\Configuración local\temp emptied successfully
C:\Documents and Settings\Default User\Configuración local\temp emptied successfully
C:\Documents and Settings\LocalService\Configuración local\Temp will be emptied at reboot
C:\Documents and Settings\Mike_HDF\Configuración local\Temp will be emptied at reboot
C:\Documents and Settings\NetworkService\Configuración local\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Mike_HDF\CONFIG~1\Temp successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Mike_HDF\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies" not found
"C:\Documents and Settings\LocalService\Configuración local\Temp\History" not found
"C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files" not found
 
==== EOF on 08/11/2015 at 11:11:03,43 ======================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users