Malware imposible de eliminar Tema Solucionado

Foro referente al sistema operativo Windows 7
ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Malware imposible de eliminar

Mensajepor ferrera » 27 Ene 2014, 16:24

Recientemente por idiota instalé un programa de esos que hay en toda la red "Dowload". Me intsló bastantes cosas que he podido eliminar con programas como Revo,Adw cleaner, combo fix y eset 7. Pero hay uno que se resiste: Awesomehp

Hijackthis txt:

Texto:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:15:01, on 27/01/2014
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v11.0 (11.00.9600.16428)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Users\Pipe\AppData\Local\Temp\{8516D8BF-AC75-47E5-BC4F-5E5EE96FCE1D}\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&t ... VP8NG4S&q={searchTerms}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&t ... VP8NG4S&q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.fnmt.es
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Cola de impresión (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

    --
    End of file - 8288 bytes

ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor ferrera » 27 Ene 2014, 16:26

ComboFix txt:

Texto:
    ComboFix 14-01-27.02 - Pipe 27/01/2014 14:11:28.3.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.12279.9769 [GMT 1:00]
    Running from: c:\users\Pipe\Downloads\ComboFix.exe
    AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    FW: Cortafuegos personal de ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
    SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_plnkhmnoajbfccclonaeepohggeolcih_0
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_plnkhmnoajbfccclonaeepohggeolcih_0\13
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\background.html
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\chromeCoreFilesIndex.txt
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\crossriderManifest.json
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\manifest.xml
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins.json
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\1_base.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\1000020_analytics.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\1000025_analyticsFront.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\1000030_mz.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\102_dealply_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\103_intext_5_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\104_jollywallet_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\123_intext_adv_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\155_ibario_pops_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\17_jQuery.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\175_coolmirage_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\177_crossriderDashboard.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\182_openUrl.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\183_tabsWrapper.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\19_CHAppAPIWrapper.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\207_dbWrapper.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\21_debug.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\22_resources.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\28_initializer.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\47_resources_background.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\64_appApiMessage.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\72_appApiValidation.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\80_CHPopupAppAPI.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\91_monetizationLoader.js.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\93_superfish_no_coupons_m.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\plugins\97_resourceApiWrapper.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\userCode\background.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\extensionData\userCode\extension.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\icons\actions\1.png
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\icons\icon128.png
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\icons\icon16.png
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\icons\icon48.png
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\api\chrome.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\api\cookie.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\api\message.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\api\monitor.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\api\pageAction.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\api\pageActionBG.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\background.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\app_api.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\bg_app_api.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\consts.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\cookie_store.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\crossriderAPI.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\delegate.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\events.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\extensionDataStore.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\installer.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\logFile.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\logging.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\onBGDocumentLoad.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\popupResource\newPopup.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\popupResource\popup.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\reports.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\storageWrapper.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\updateManager.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\util.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\lib\xhr.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\main.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\js\platformVersion.js
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\manifest.json
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih\1.26.72_0\popup.html
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\000005.ldb
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\000012.log
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\CURRENT
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\LOCK
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\LOG
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\LOG.old
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih\MANIFEST-000010
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plnkhmnoajbfccclonaeepohggeolcih_0.localstorage-journal
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plnkhmnoajbfccclonaeepohggeolcih_0.localstorage
    c:\users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome.manifest
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\asyncDB.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\background.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\browserAction.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\contextMenu.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\dbManager.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\dom_bg.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\fileManager.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\firefox.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\firefoxNotifications.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\firefoxOmnibox.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\message.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\pageAction.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\request.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\tabs.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\webRequest.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\windowsMessagingHandler.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\background.html
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\baseObject.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\browser.xul
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\addressBarChangeObserver.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\console.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\consts.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\delegate.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\extensionDataStore.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\folderIOWrapper.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\httpObserver.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\IDBWrapper.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\installer.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\logFile.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\prefs.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\progressListenerObserver.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\registry.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\reloadObserver.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\reports.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\requestObject.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\searchSettings.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\uninstallObserver.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\updateManager.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\utils.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\xhr.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\dialog.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\ffCoreFilesIndex.txt
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\main.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\options.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\options.xul
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\platformVersion.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\search_dialog.xul
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\defaults\preferences\prefs.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\manifest.xml
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins.json
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1_base.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1000020_analytics.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1000025_analyticsFront.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1000030_mz.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\102_dealply_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\103_intext_5_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\104_jollywallet_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\123_intext_adv_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\155_ibario_pops_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\16_FFAppAPIWrapper.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\17_jQuery.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\175_coolmirage_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\177_crossriderDashboard.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\182_openUrl.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\183_tabsWrapper.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\207_dbWrapper.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\21_debug.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\22_resources.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\28_initializer.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\47_resources_background.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\64_appApiMessage.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\72_appApiValidation.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\91_monetizationLoader.js.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\93_superfish_no_coupons_m.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\98_omniCommands.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\userCode\background.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\userCode\extension.js
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\install.rdf
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\locale\en-US\translations.dtd
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button1.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button2.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button3.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button4.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button5.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\crossrider_statusbar.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon128.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon16.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon24.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon48.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\panelarrow-up.png
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\popup.html
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\skin.css
    c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\update.css
    c:\windows\SysWow64\frapsvid.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-27 to 2014-01-27 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-27 13:18 . 2014-01-27 13:18 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-01-27 13:18 . 2014-01-27 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-27 13:18 . 2014-01-27 13:18 -------- d-----w- c:\users\Administrador\AppData\Local\temp
    2014-01-27 13:18 . 2014-01-27 13:18 -------- d-----w- c:\users\Administrador.Pipe-PC\AppData\Local\temp
    2014-01-27 12:28 . 2014-01-27 12:42 -------- d-----w- C:\AdwCleaner
    2014-01-27 12:25 . 2014-01-27 12:26 -------- d-----w- c:\program files (x86)\HDvid Codec V6.0
    2014-01-23 14:06 . 2014-01-23 14:16 -------- d-----w- c:\program files (x86)\Yuna Software
    2014-01-22 12:02 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-01-22 12:02 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2014-01-20 19:26 . 2014-01-23 16:27 -------- d-----w- c:\users\Pipe\AppData\Roaming\NVIDIA
    2014-01-20 19:24 . 2013-12-10 02:13 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-01-20 19:22 . 2014-01-27 13:19 -------- d-----w- c:\programdata\NVIDIA
    2014-01-20 19:22 . 2013-11-11 15:02 6674208 ----a-w- c:\windows\system32\nvcpl.dll
    2014-01-20 19:22 . 2013-11-11 15:02 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-01-20 19:22 . 2013-11-11 15:01 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-01-20 19:22 . 2013-11-11 15:01 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-01-20 19:22 . 2013-11-11 15:01 219424 ----a-w- c:\windows\system32\nvmctray.dll
    2014-01-20 19:21 . 2013-11-14 11:56 61216 ----a-w- c:\windows\system32\OpenCL.dll
    2014-01-20 19:21 . 2013-11-14 11:56 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-01-20 19:18 . 2014-01-20 19:18 -------- d-----w- C:\NVIDIA
    2014-01-18 19:10 . 2014-01-22 12:03 -------- d-----w- c:\users\Pipe\AppData\Local\NVIDIA
    2014-01-18 19:10 . 2013-12-10 02:13 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-01-18 19:09 . 2013-11-11 15:01 63776 ----a-w- c:\windows\system32\nvshext.dll
    2014-01-18 19:08 . 2014-01-21 19:24 -------- d-----w- c:\programdata\NVIDIA Corporation
    2014-01-18 19:08 . 2014-01-22 12:02 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2014-01-18 19:06 . 2013-11-22 08:36 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2014-01-18 19:00 . 2014-01-18 19:00 -------- d-----w- c:\users\Pipe\AppData\Local\WindowsApplication1
    2014-01-16 17:49 . 2013-11-14 11:57 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
    2014-01-16 17:37 . 2014-01-16 17:37 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2014-01-16 17:35 . 2013-11-11 15:01 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-01-16 13:09 . 2014-01-16 20:59 -------- d-----w- c:\users\Pipe\AppData\Roaming\Origin
    2014-01-16 13:09 . 2014-01-16 13:15 -------- d-----w- c:\users\Pipe\AppData\Local\Origin
    2014-01-15 17:43 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2014-01-15 17:43 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2014-01-15 17:43 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2014-01-15 17:43 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2014-01-15 17:43 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2014-01-15 17:43 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2014-01-15 17:43 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2014-01-15 17:43 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-01-15 17:43 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
    2014-01-14 21:29 . 2014-01-14 21:29 -------- d-----w- c:\programdata\Malwarebytes
    2014-01-14 21:29 . 2014-01-14 22:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-01-14 21:29 . 2014-01-14 22:43 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-14 21:19 . 2014-01-14 21:20 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-14 16:21 . 2014-01-14 16:21 -------- d-----w- c:\users\Invitado
    2014-01-14 16:18 . 2014-01-14 16:18 -------- d-----w- c:\users\Administrador.Pipe-PC\AppData\Local\NVIDIA Corporation
    2014-01-14 16:17 . 2014-01-14 16:17 -------- d-----w- c:\users\Administrador.Pipe-PC\AppData\Roaming\NVIDIA
    2014-01-14 16:17 . 2014-01-14 16:17 -------- d-----w- c:\users\Administrador.Pipe-PC\AppData\Local\NVIDIA
    2014-01-14 16:17 . 2014-01-14 16:17 -------- d-----w- c:\users\Administrador.Pipe-PC\AppData\Local\Google
    2014-01-05 15:18 . 2014-01-05 15:18 -------- d-----w- C:\tmp
    2014-01-01 20:14 . 2014-01-01 20:14 -------- d-----w- c:\users\Pipe\AppData\Roaming\Blender Foundation
    2013-12-29 18:38 . 2013-12-29 18:38 -------- d-----w- c:\users\Pipe\.thumbnails
    2013-12-29 18:37 . 2013-12-29 18:37 -------- d-----w- c:\program files\Blender Foundation
    2013-12-29 11:18 . 2013-12-29 11:18 -------- d-----w- c:\programdata\Macrovision
    2013-12-29 11:17 . 2013-12-29 11:17 -------- d-----w- c:\program files (x86)\Common Files\Macromedia Shared
    2013-12-29 11:17 . 2013-12-29 11:17 -------- d-----w- c:\program files (x86)\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-27 12:27 . 2011-06-10 23:58 773680 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2014-01-27 12:27 . 2011-06-10 23:58 420912 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2014-01-26 18:20 . 2012-06-03 12:57 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2014-01-25 16:08 . 2012-06-03 12:57 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2014-01-18 12:51 . 2012-06-03 13:57 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2014-01-15 19:49 . 2012-06-02 18:38 86054176 ----a-w- c:\windows\system32\MRT.exe
    2013-12-17 14:57 . 2012-06-03 12:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2013-12-09 15:45 . 2013-12-09 15:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2013-11-26 11:54 . 2013-12-12 11:25 23183360 ----a-w- c:\windows\system32\mshtml.dll
    2013-11-26 10:19 . 2013-12-12 11:25 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-26 10:18 . 2013-12-12 11:25 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2013-11-26 09:48 . 2013-12-12 11:25 66048 ----a-w- c:\windows\system32\iesetup.dll
    2013-11-26 09:46 . 2013-12-12 11:25 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2013-11-26 09:41 . 2013-12-12 11:25 2764288 ----a-w- c:\windows\system32\iertutil.dll
    2013-11-26 09:29 . 2013-12-12 11:25 53760 ----a-w- c:\windows\system32\jsproxy.dll
    2013-11-26 09:27 . 2013-12-12 11:25 33792 ----a-w- c:\windows\system32\iernonce.dll
    2013-11-26 09:23 . 2013-12-12 11:25 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-11-26 09:21 . 2013-12-12 11:25 574976 ----a-w- c:\windows\system32\ieui.dll
    2013-11-26 09:18 . 2013-12-12 11:25 139264 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-26 09:18 . 2013-12-12 11:25 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
    2013-11-26 09:16 . 2013-12-12 11:25 708608 ----a-w- c:\windows\system32\jscript9diag.dll
    2013-11-26 08:57 . 2013-12-12 11:25 218624 ----a-w- c:\windows\system32\ie4uinit.exe
    2013-11-26 08:35 . 2013-12-12 11:25 5769216 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-26 08:28 . 2013-12-12 11:25 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16 . 2013-12-12 11:25 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-11-26 08:02 . 2013-12-12 11:25 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-11-26 07:48 . 2013-12-12 11:25 12996608 ----a-w- c:\windows\system32\ieframe.dll
    2013-11-26 07:32 . 2013-12-12 11:25 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07 . 2013-12-12 11:25 2334208 ----a-w- c:\windows\system32\wininet.dll
    2013-11-26 06:40 . 2013-12-12 11:25 1395200 ----a-w- c:\windows\system32\urlmon.dll
    2013-11-26 06:34 . 2013-12-12 11:25 817664 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-11-26 06:33 . 2013-12-12 11:25 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-11-23 18:26 . 2013-12-12 09:47 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47 . 2013-12-12 09:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-13 15:27 . 2013-11-13 15:27 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-11-13 15:27 . 2013-11-13 15:27 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-11-13 15:27 . 2013-11-13 15:27 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-11-13 15:27 . 2013-11-13 15:27 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2013-11-13 15:27 . 2013-11-13 15:27 235008 ----a-w- c:\windows\system32\elshyph.dll
    2013-11-13 15:27 . 2013-11-13 15:27 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-11-13 15:27 . 2013-11-13 15:27 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-11-13 15:27 . 2013-11-13 15:27 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-11-13 15:27 . 2013-11-13 15:27 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2013-11-13 15:27 . 2013-11-13 15:27 337408 ----a-w- c:\windows\SysWow64\html.iec
    2013-11-13 15:27 . 2013-11-13 15:27 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-11-13 15:27 . 2013-11-13 15:27 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-11-13 15:27 . 2013-11-13 15:27 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-11-13 15:27 . 2013-11-13 15:27 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-11-13 15:27 . 2013-11-13 15:27 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-11-13 15:27 . 2013-11-13 15:27 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2013-11-13 15:27 . 2013-11-13 15:27 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2013-11-13 15:27 . 2013-11-13 15:27 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-11-13 15:27 . 2013-11-13 15:27 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-11-13 15:27 . 2013-11-13 15:27 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-11-13 15:27 . 2013-11-13 15:27 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-11-13 15:27 . 2013-11-13 15:27 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2013-11-13 15:27 . 2013-11-13 15:27 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-11-13 15:27 . 2013-11-13 15:27 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-11-13 15:27 . 2013-11-13 15:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-11-13 15:27 . 2013-11-13 15:27 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-11-13 15:27 . 2013-11-13 15:27 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-11-13 15:27 . 2013-11-13 15:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-11-13 15:27 . 2013-11-13 15:27 247808 ----a-w- c:\windows\system32\msls31.dll
    2013-11-13 15:27 . 2013-11-13 15:27 195584 ----a-w- c:\windows\system32\msrating.dll
    2013-11-13 15:27 . 2013-11-13 15:27 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-11-13 15:27 . 2013-11-13 15:27 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-11-13 15:27 . 2013-11-13 15:27 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-11-13 15:27 . 2013-11-13 15:27 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-11-13 15:27 . 2013-11-13 15:27 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-11-13 15:27 . 2013-11-13 15:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-11-13 15:27 . 2013-11-13 15:27 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-11-13 15:27 . 2013-11-13 15:27 413696 ----a-w- c:\windows\system32\html.iec
    2013-11-13 15:27 . 2013-11-13 15:27 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2013-11-13 15:27 . 2013-11-13 15:27 296960 ----a-w- c:\windows\system32\dxtrans.dll
    2013-11-13 15:27 . 2013-11-13 15:27 263376 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-11-13 15:27 . 2013-11-13 15:27 235520 ----a-w- c:\windows\system32\url.dll
    2013-11-13 15:27 . 2013-11-13 15:27 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-11-13 15:27 . 2013-11-13 15:27 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2013-11-13 15:27 . 2013-11-13 15:27 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2013-11-13 15:27 . 2013-11-13 15:27 626176 ----a-w- c:\windows\system32\msfeeds.dll
    2013-11-13 15:27 . 2013-11-13 15:27 548352 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-13 15:27 . 2013-11-13 15:27 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2013-11-13 15:27 . 2013-11-13 15:27 243200 ----a-w- c:\windows\system32\webcheck.dll
    2013-11-13 15:27 . 2013-11-13 15:27 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-11-13 15:27 . 2013-11-13 15:27 143872 ----a-w- c:\windows\system32\wextract.exe
    2013-11-13 15:27 . 2013-11-13 15:27 101376 ----a-w- c:\windows\system32\inseng.dll
    2013-11-13 15:27 . 2013-11-13 15:27 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2013-11-13 15:27 . 2013-11-13 15:27 774144 ----a-w- c:\windows\system32\jscript.dll
    2013-11-13 15:27 . 2013-11-13 15:27 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2013-11-13 15:27 . 2013-11-13 15:27 147968 ----a-w- c:\windows\system32\occache.dll
    2013-11-13 15:27 . 2013-11-13 15:27 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-11-13 15:27 . 2013-11-13 15:27 48128 ----a-w- c:\windows\system32\imgutil.dll
    2013-11-13 15:27 . 2013-11-13 15:27 135680 ----a-w- c:\windows\system32\iepeers.dll
    2013-11-12 02:23 . 2013-12-12 09:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-11-12 02:07 . 2013-12-12 09:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-10-30 02:32 . 2013-12-12 09:47 335360 ----a-w- c:\windows\system32\msieftp.dll
    2013-10-30 02:19 . 2013-12-12 09:47 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Pipe\AppData\Local\Temp\EverestDriver.sys;c:\users\Pipe\AppData\Local\Temp\EverestDriver.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
    R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
    R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
    R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
    R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
    R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-01-24 20:10 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-30 09:23]
    .
    2014-01-27 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2013-12-26 16:41]
    .
    2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ceea9fd1ea2322.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 11:56]
    .
    2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ceea9fd30ef85b.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 11:56]
    .
    2014-01-27 c:\windows\Tasks\HDvid Codec V6.0-chromeinstaller.job
    - c:\program files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-chromeinstaller.exe [2014-01-27 12:25]
    .
    2014-01-27 c:\windows\Tasks\HDvid Codec V6.0-codedownloader.job
    - c:\program files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-codedownloader.exe [2014-01-27 12:26]
    .
    2014-01-27 c:\windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job
    - c:\program files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-firefoxinstaller.exe [2014-01-27 12:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S
    mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&t ... VP8NG4S&q={searchTerms}
    mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S
    mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&t ... VP8NG4S&q={searchTerms}
    uInternet Settings,ProxyOverride = <local>
    IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    Trusted Zone: fnmt.es
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pipe\AppData\Roaming\Mozilla\Firefox\Profiles\pyilpjvc.default\
    FF - prefs.js: browser.search.selectedEngine - awesomehp
    FF - prefs.js: browser.startup.homepage - hxxp://www.mozilla.com/es-ES/firefox/help/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-MBAMSwissArmy
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    .


Es un malware de esos de página de inicio y buscador.

Saludos

ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor ferrera » 27 Ene 2014, 16:27

Fin del log Combofix

Texto:
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2014-01-27 14:23:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-01-27 13:23
    ComboFix2.txt 2013-01-09 22:22
    .
    Pre-Run: 319.224.229.888 bytes libres
    Post-Run: 318.925.881.344 bytes libres
    .
    - - End Of File - - B31E5CF03D659D6E81E1124FEEAF0B37
    A36C5E4F47E84449FF07ED3517B43A31

Avatar de Usuario
pako
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 3605
Registrado: 22 Ene 2008, 13:30
Ubicación: España
Agradecido : 50 veces
Agradecimiento recibido: 277 veces
Contactar:

Re: Malware imposible de eliminar  Tema Solucionado

Mensajepor pako » 27 Ene 2014, 17:12

Hola,

Ferrera que tu ya tienes mucha experiencia a las espaldas como para caer con la trampa del "download" :jaja:

Realiza lo siguiente a ver si hay suerte:

 
Eliminar entradas con Hijackthis
Ejecuta de nuevo HijackThis (con todos los programas cerrados), pulsa sobre "Do a system scan only", marca las siguientes entradas y pulsa "Fix Checked":

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&t ... VP8NG4S&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&t ... VP8NG4S&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=13 ... XX9VP8NG4S


Reinicia el equipo y coméntanos si se ha solucionado tu problema.

Saludos
Si has encontrado aquí la ayuda que esperabas (o incluso si no ha sido así ;) ), ayúdanos a mantener el foro con un pequeño donativo.
¡Muchas gracias!

ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor ferrera » 27 Ene 2014, 18:42

Mmm si te digo la verdad, creo que lo hice por que me aburría. Al final me está ridiculizando.

Las entradas borradas, aún así seguía (no me preguntes como), así que desinstalé mozilla y chrome, ambos se solucionaron (no me preguntes como), quedaba ie, que no sé como desinstalarlo, fui a la carpeta original, remplacé el accseso directo que venía por defecto en inicio/todos los programas (que al final no sé como meter el aceso directo ahí, el de la carpeta de origen, lo active desde el escritorio), y funcionó (no me preguntes como).

Seguramente hice algo mal. :triste:

Saludos Pako, tiempo sin hablar contigo.

ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor ferrera » 27 Ene 2014, 22:35

Pako, tenemos trabajo


Texto:
    C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-bho64.dll - una variante de Win64/Toolbar.Crossrider.B aplicación potencialmente indeseable - la acción seleccionada se ha retrasado hasta la finalización del análisis
    C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-buttonutil64.dll - probablemente una variante de Win64/Toolbar.Crossrider.B aplicación potencialmente indeseable - la acción seleccionada se ha retrasado hasta la finalización del análisis
    C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-buttonutil64.exe - una variante de Win64/Toolbar.Crossrider.B aplicación potencialmente indeseable - la acción seleccionada se ha retrasado hasta la finalización del análisis
    C:\Users\Pipe\Downloads\Setup-PlusForSkype-3.0_CH.exe = RAR = MsgPlusForSkypeSetup.exe - una variante de Win32/MessengerPlus.A aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = BrowserHelper.exe - una variante de MSIL/Toolbar.Linkury.A aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = GOOGLECHROMEREMOTEPLUGIN.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = LinkuryExeName - una variante de Win32/Toolbar.Linkury.A aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = LINKURYSMARTBAR.DLL - una variante de MSIL/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = Smartbar.Resources.SetBrowsersSettings.dll - una variante de MSIL/Toolbar.Linkury.C aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_16.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_17.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_18.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_19.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_20.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_21.DLL - Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Smartbar.cab = CAB = SmartbarFireFoxRemotePlugin_22.DLL - una variante de Win32/Toolbar.Linkury.D aplicación potencialmente indeseable
    C:\Windows\Installer\5d6f5c.msi = MSI = Binary.CustomActionsDll = CAB = Smartbar.Resources.SetBrowsersSettings.dll - una variante de MSIL/Toolbar.Linkury.C aplicación potencialmente indeseable

Avatar de Usuario
pako
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 3605
Registrado: 22 Ene 2008, 13:30
Ubicación: España
Agradecido : 50 veces
Agradecimiento recibido: 277 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor pako » 28 Ene 2014, 14:27

Hola,

Con que programa generaste ese log ? supuestamente también tendrá la opción de eliminar lo que encontró...

Es un poco raro que el adwcleaner que pasaste no te eliminara las Toolbar o que el eset tampoco hiciera nada.

Saludos
Si has encontrado aquí la ayuda que esperabas (o incluso si no ha sido así ;) ), ayúdanos a mantener el foro con un pequeño donativo.
¡Muchas gracias!

ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor ferrera » 28 Ene 2014, 18:09

Sí opino lo mismo, el eset, no los limpia.
voy a pasar el eset de nuevo y te comento.

ferrera
Usuario wenecillo
Usuario wenecillo
Mensajes: 548
Registrado: 30 Oct 2009, 21:34
Agradecido : 126 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor ferrera » 28 Ene 2014, 19:44

Mmmm, los borré manualmente. no entiendo nada...
que le pasa a las herramientas? no hay ganas de trabajar...

Avatar de Usuario
medDelfin
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 2031
Registrado: 12 Feb 2008, 06:24
Ubicación: Alicante/España
Agradecido : 5 veces
Agradecimiento recibido: 96 veces
Contactar:

Re: Malware imposible de eliminar

Mensajepor medDelfin » 29 Ene 2014, 16:38

ferrera escribió:... quedaba ie, que no sé como desinstalarlo, fui a la carpeta original, remplacé el accseso directo que venía por defecto en inicio/todos los programas (que al final no sé como meter el aceso directo ahí, el de la carpeta de origen, lo active desde el escritorio), y funcionó (no me preguntes como).

Seguramente hice algo mal. :triste:
A estas alturas, ya deberíamos saber que Internet Explorer no se desinstala del sistema. :triste:
A lo sumo, podemos desactivarlo (en cierta forma) si tenemos otro navegador que nos permita conectarnos a las webs con internet.

En lo que respecta al 'acceso directo' (cómo reponerlo en 'Todos los programas')...
- Si el sistema de de 64bits tenemos la opción de ejecutar Internet Explorer en 32bits o 64bits a voluntad.
- Encontraremos una carpeta de 'Internet Explorer' en Archivos de programa (que corresponde a 64bits) y otra en Archivos de programa (x86) (32bits).
- Dentro de la carpeta elegida, ubicar el ejecutable de la aplicación 'Internet Explorer' > clic derecho > Enviar a > Escritorio (crear acceso directo).
- Pinchamos sobre el acceso directo creado en el Escritorio y sin soltar el botón izquierdo del ratón arrastramos ese acceso directo hacia el botón Inicio (se abre) > Todos los programas (se abre) > soltarlo entre cualquiera de los programas que allí encontramos.
- Al volver a abrir Inicio > Todos los programas, lo encontraremos en la lista organizado alfabéticamente.
- Y si hacemos un clic derecho sobre ese acceso directo... podemos volver a Anclar en la barra de tareas ese acceso directo (o desde la aplicación en su carpeta).

En cuanto a la infección que has tenido (aunque no me consta que estés libre de ella) yo no lo pensaría mas y haría un análisis completo con 'Malwarebytes Anti-Malware-Free' que ya conoces y tienes instalado en tu sistema. (¿No lo habrás quitado, verdad?)

Es cuanto tengo que aportar. Un saludo.
Imagen
"En los momentos de crisis, es mas importante la imaginación... que el conocimiento.."
- Albert Eistein -


Volver a “Windows 7”

¿Quién está conectado?

Usuarios navegando por este Foro: No hay usuarios registrados visitando el Foro y 3 invitados