Virus abnow y otros. (Solucionado)

**gema85** · 07/03/12, 16:12:16

Buenas tardes,

Desde hace varios dias estoy leyendoos sin parar intentando encontrar alguna solucion a mi problema. El caso es que el ordenador funcionaba bien hasta que vi que todos los enlaces que seguia desde el buscador se redireccionaba hacia una pagina llamada abnow, como a otros tantos que hay por aqui... al ver que le pasaba a tanta gente hice lo que ponia en otro tema, asi que instale el panda cloud y desinstale el mcafee (que era el que tenia), ejecute el ccleaner, malwarebytes y tdsskiller. el antivirus me detecto varios troyanos, algunos no neutralizados, y malware desconocido, pero no supe que hacer con ellos... asi que ahi lo deje. tras pasar los programas parecia que todo estaba bien y ya no redireccionaba. al dia siguiente volvio a aparecer el abnow, asi q volvi a hacer la misma operacion, con el mismo resultado, y como no me fiaba volvi a pasar el panda cloud por ver si seguian ahi los virus o si ya estaba limpio el ordenador, y volvio a encontrar los mismos. Hablando con un amigo me recomendo que pusiera mejor el avast!, asi que desinstale el panda y lo puse, nada mas ponerlo detecto otro troyano y al terminar me pidio que reiniciara para hacer un escaner mas intensivo mientras reiniciaba, le dije que si, encontro los mismos archivos infectados que el panda, que a mi parecer creia que eran archivos temporales (no es que entienda mucho, por no decir nada..) pero aparecia tmp y temporary internet files, estaban en una carpeta llamada assembly dentro de windows y el resto en system32. intente repararlos con las opciones que te daba, pero no pudo, asi que le di a eliminar... (que creo que no tenia que haberlo hecho...) y continuo escaneando. cuando termino de reiniciar el ordenador salio la pantalla negra diciendo que se habia apagado mal y que podia entrar o normalmente o con un modo en el que windows intentaria repararse si encontraba algun error (no recuerdo como se llamaba exactamente, tengo windows 7) asi que como no me fiaba entre con este ultimo, aparecio una pantalla en busca de errores y tras un rato decia que no podia iniciarse, que lo que podia era restaurar el sistema hasta un punto en el que el ordenador funcionara correctamente, asi que le dije que si. volvio a reiniciar, y al encenderse iba superlento, mucho mas que antes, le costo mucho abrir firefox y tras un rato le di a un enlace y ahi volvia a estar abnow... total, que al final, despues de todo lo que hice no arregle nada y estoy peor que antes.... me ha borrado todos los programas que habia utilizado para limpiar, incluidos antivirus, asi que para que no me pasara de nuevo lo del borrado de archivos he instalado de nuevo el panda cloud. ahora mismo lo estaba pasando, pero al 19% con 4 neutralizados y 1 no neutralizados me ha dado un "error inesperado en el codigo 1" que no me habia pasado las veces anteriores (y que no se que significa) intentare volverlo a pasar a ver si me deja..

Creo que eso es todo, perdon si la extension es muy larga... la verdad que soy un poco nueva en esto y estoy un poco perdida...

Muchisimas gracias por todo

**Fer21021** · 07/03/12, 18:42:35

Buenas, gema85 Bienvenida al Foro.

Antes que nada, no debiste actuar sola.

Ahora dime, la PC ya se inicia correctamente?

(Por ahora no pases más el Antivirus)

----------------------------------

Realiza el siguiente procedimiento
_____________________________

Paso.- 1

Instala y/o Actualiza pero no ejecutes aun:
- Ccleaner --> Manual.
- Malwarebytes’ Anti-Malware--> Manual
- TDSSKiller .

Paso .-2

Ejecuta en orden:

Ccleaner como lo indica su manual.
Malwarebytes’ Anti-Malware En su opción de examen completo , al finalizar presionas Mostrar Resultados y luego
Quitar lo Seleccionado . si pide reiniciar lo haces.
TDSSKILLER como indica su manual.

Paso .-3

Descargá ESETSirefefRemover.exe a Tu escritorio.

Cerrá todos los programas que tengas abiertos y Ejecutá ESETSirefefRemover.exe

Doble clic sobre Su ejecutable y esperá a que termine.

__________________________

En tu próxima respuesta, nos comentas si la herramienta de Eset detectó el rootkit y si pudo eliminarlo.

Y Nos traes los reporte de:

° Malwarebytes.
° TDSSKILLER
° Nos comentas como funciona tu sistema.

Saludos

**gema85** · 08/03/12, 17:07:55

Hola de nuevo!!

Antes que nada, muchisimas gracias por contestarme!!!! te estoy muy agradecida por todo!!

Se que no tuve que actuar sola... (ahora) almenos ya he aprendido la leccion...

El ordenador si, se inicia bien, no me da problemas ni me ha saltado ningun error desde que le di al "restaurar desde el ultimo momento en el que el ordenador tenia constancia de funcionar bien", aunque lo noto lento..

Antes de que contestaras volvi a pasar el antivirus, que volvio a darme error, asi que le di a analisis optimizado y se completo, tras eso intente hacerlo sobre todo el pc y logro completarse. Desde que te he leido no he vuelto a hacer nada con el.

Hice todo lo que me dijiste, solo comentarte algunas cosas que no se.. cuando pase el malwarebyte en el informe, antes de darle a quitar seleccionados, habia archivos que no estaban seleccionados, los pinche todos y le di a eliminar (y no se si he hecho bien..) Cuando reinicio me salio un aviso de que habia malwares intentando acceder al sistema, eran 3 de los rootkit que estaban en la carpeta assembly. ¿Hago algo con ello? ¿Hace falta que pase de nuevo el programa?

El tdsskiller no me encontro nada, y la herramienta de Eset si que detecto "una variante de win64/siseref, le dije que eliminara y reinicio el equipo, ¿tengo que volver a ejecutarlo para que me diga si esta bien eliminado?

El ordenador funciona bien, ya no me redirige a las paginas de abnow, y parece que va un poco mejor en cuanto a rapidez se refiere, aunque no demasiado..

Ahora te pongo los informes:

- Malwarebytes:

Malwarebytes Anti-Malware (Versión de Prueba) 1.60.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.03.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gema :: GEMA-PC [administrador]

Protección: Personas de movilidad reducida

08/03/2012 20:57:08
mbam-log-2012-03-08 (20-57-08).txt

Tipos de Análisis: Análisis Completo
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 325594
Tiempo transcurrido: 42 minuto(s), 33 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 10
HKCR\CLSID\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKCR\bho_project.bho_object.1 (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKCR\bho_project.bho_object (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
HKCR\bho_project.bho_object (Trojan.BHO) -> En cuarentena y eliminado con éxito.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 1
C:\$Recycle$ (Trojan.Spyeyes) -> En cuarentena y eliminado con éxito.

Archivos Detectados: 8
C:\Program Files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\800000cb.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\800000cf.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Users\Gema\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Se eliminarán al reiniciar.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Se eliminarán al reiniciar.
C:\$Recycle$\BF27C2CE9819B90 (Trojan.Spyeyes) -> En cuarentena y eliminado con éxito.

fin)

- TDSSKiller:

22:16:10.0513 4680 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
22:16:10.0825 4680 ============================================================
22:16:10.0825 4680 Current date / time: 2012/03/08 22:16:10.0825
22:16:10.0825 4680 SystemInfo:
22:16:10.0825 4680
22:16:10.0825 4680 OS Version: 6.1.7601 ServicePack: 1.0
22:16:10.0825 4680 Product type: Workstation
22:16:10.0825 4680 ComputerName: GEMA-PC
22:16:10.0825 4680 UserName: Gema
22:16:10.0825 4680 Windows directory: C:\Windows
22:16:10.0825 4680 System windows directory: C:\Windows
22:16:10.0825 4680 Running under WOW64
22:16:10.0825 4680 Processor architecture: Intel x64
22:16:10.0825 4680 Number of processors: 4
22:16:10.0825 4680 Page size: 0x1000
22:16:10.0825 4680 Boot type: Normal boot
22:16:10.0825 4680 ============================================================
22:16:11.0855 4680 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:16:11.0855 4680 \Device\Harddisk0\DR0:
22:16:11.0855 4680 MBR used
22:16:11.0855 4680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
22:16:11.0855 4680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
22:16:11.0886 4680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
22:16:12.0011 4680 Initialize success
22:16:12.0011 4680 ============================================================
22:19:00.0553 3632 ============================================================
22:19:00.0553 3632 Scan started
22:19:00.0553 3632 Mode: Manual;
22:19:00.0553 3632 ============================================================
22:19:02.0082 3632 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:19:02.0082 3632 1394ohci - ok
22:19:02.0238 3632 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:19:02.0238 3632 ACPI - ok
22:19:02.0363 3632 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:19:02.0363 3632 AcpiPmi - ok
22:19:02.0426 3632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:19:02.0426 3632 adp94xx - ok
22:19:02.0550 3632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:19:02.0566 3632 adpahci - ok
22:19:02.0597 3632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:19:02.0613 3632 adpu320 - ok
22:19:02.0675 3632 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:19:02.0691 3632 AFD - ok
22:19:02.0738 3632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:19:02.0738 3632 agp440 - ok
22:19:02.0800 3632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:19:02.0800 3632 aliide - ok
22:19:02.0847 3632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:19:02.0847 3632 amdide - ok
22:19:02.0894 3632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:19:02.0894 3632 AmdK8 - ok
22:19:03.0065 3632 amdkmdag (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys
22:19:03.0221 3632 amdkmdag - ok
22:19:03.0330 3632 amdkmdap (99ab7e4b24c80155dc4296f657faf3c7) C:\Windows\system32\DRIVERS\atikmpag.sys
22:19:03.0330 3632 amdkmdap - ok
22:19:03.0377 3632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:19:03.0377 3632 AmdPPM - ok
22:19:03.0424 3632 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:19:03.0424 3632 amdsata - ok
22:19:03.0455 3632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:19:03.0455 3632 amdsbs - ok
22:19:03.0486 3632 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:19:03.0486 3632 amdxata - ok
22:19:03.0533 3632 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:19:03.0549 3632 AppID - ok
22:19:03.0580 3632 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:19:03.0580 3632 arc - ok
22:19:03.0596 3632 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:19:03.0596 3632 arcsas - ok
22:19:03.0658 3632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:03.0658 3632 AsyncMac - ok
22:19:03.0705 3632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:19:03.0705 3632 atapi - ok
22:19:03.0767 3632 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
22:19:03.0783 3632 AtiHdmiService - ok
22:19:03.0876 3632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:19:03.0892 3632 b06bdrv - ok
22:19:03.0954 3632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:19:03.0954 3632 b57nd60a - ok
22:19:04.0095 3632 BCM43XX (96cc359d243b3c947db036e941ea213d) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:19:04.0173 3632 BCM43XX - ok
22:19:04.0298 3632 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:19:04.0298 3632 Beep - ok
22:19:04.0344 3632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:19:04.0344 3632 blbdrive - ok
22:19:04.0376 3632 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:19:04.0376 3632 bowser - ok
22:19:04.0422 3632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:19:04.0422 3632 BrFiltLo - ok
22:19:04.0454 3632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:19:04.0454 3632 BrFiltUp - ok
22:19:04.0500 3632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:19:04.0500 3632 Brserid - ok
22:19:04.0532 3632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:19:04.0532 3632 BrSerWdm - ok
22:19:04.0563 3632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:19:04.0563 3632 BrUsbMdm - ok
22:19:04.0594 3632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:19:04.0594 3632 BrUsbSer - ok
22:19:04.0641 3632 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:19:04.0641 3632 BthEnum - ok
22:19:04.0703 3632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:19:04.0703 3632 BTHMODEM - ok
22:19:04.0734 3632 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:19:04.0734 3632 BthPan - ok
22:19:04.0766 3632 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:19:04.0781 3632 BTHPORT - ok
22:19:04.0844 3632 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:19:04.0844 3632 BTHUSB - ok
22:19:04.0890 3632 btwampfl (ee215ac3c16f00667d0fc391d018c8fd) C:\Windows\system32\drivers\btwampfl.sys
22:19:04.0906 3632 btwampfl - ok
22:19:04.0937 3632 btwaudio (ebc9e33c13cdd6c51c1134eae46466a1) C:\Windows\system32\drivers\btwaudio.sys
22:19:04.0937 3632 btwaudio - ok
22:19:04.0984 3632 btwavdt (43fb7fa896d87aa5a9f3e743d7e2303f) C:\Windows\system32\DRIVERS\btwavdt.sys
22:19:04.0984 3632 btwavdt - ok
22:19:05.0031 3632 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:19:05.0031 3632 btwl2cap - ok
22:19:05.0062 3632 btwrchid (1aed551a8cb2f2343eda09109eef4807) C:\Windows\system32\DRIVERS\btwrchid.sys
22:19:05.0062 3632 btwrchid - ok
22:19:05.0109 3632 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:19:05.0109 3632 cdfs - ok
22:19:05.0156 3632 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:19:05.0156 3632 cdrom - ok
22:19:05.0187 3632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:19:05.0187 3632 circlass - ok
22:19:05.0234 3632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:19:05.0234 3632 CLFS - ok
22:19:05.0312 3632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:19:05.0312 3632 CmBatt - ok
22:19:05.0343 3632 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:19:05.0343 3632 cmdide - ok
22:19:05.0390 3632 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:19:05.0405 3632 CNG - ok
22:19:05.0436 3632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:19:05.0452 3632 Compbatt - ok
22:19:05.0499 3632 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:19:05.0499 3632 CompositeBus - ok
22:19:05.0546 3632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:19:05.0546 3632 crcdisk - ok
22:19:05.0608 3632 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
22:19:05.0624 3632 dc3d - ok
22:19:05.0686 3632 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:19:05.0686 3632 DfsC - ok
22:19:05.0717 3632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:19:05.0717 3632 discache - ok
22:19:05.0764 3632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:19:05.0780 3632 Disk - ok
22:19:05.0811 3632 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:19:05.0811 3632 drmkaud - ok
22:19:05.0873 3632 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:19:05.0873 3632 DXGKrnl - ok
22:19:05.0904 3632 eamonm - ok
22:19:06.0014 3632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:19:06.0045 3632 ebdrv - ok
22:19:06.0170 3632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:19:06.0185 3632 elxstor - ok
22:19:06.0216 3632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:19:06.0216 3632 ErrDev - ok
22:19:06.0263 3632 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\Windows\system32\DRIVERS\ETD.sys
22:19:06.0263 3632 ETD - ok
22:19:06.0294 3632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:19:06.0294 3632 exfat - ok
22:19:06.0326 3632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:19:06.0326 3632 fastfat - ok
22:19:06.0372 3632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:19:06.0372 3632 fdc - ok
22:19:06.0419 3632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:19:06.0419 3632 FileInfo - ok
22:19:06.0435 3632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:19:06.0435 3632 Filetrace - ok
22:19:06.0466 3632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:19:06.0466 3632 flpydisk - ok
22:19:06.0497 3632 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:19:06.0513 3632 FltMgr - ok
22:19:06.0528 3632 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:19:06.0528 3632 FsDepends - ok
22:19:06.0560 3632 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:19:06.0560 3632 Fs_Rec - ok
22:19:06.0606 3632 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:19:06.0606 3632 fvevol - ok
22:19:06.0669 3632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:19:06.0669 3632 gagp30kx - ok
22:19:06.0700 3632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:19:06.0700 3632 hcw85cir - ok
22:19:06.0747 3632 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:19:06.0762 3632 HdAudAddService - ok
22:19:06.0794 3632 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:19:06.0794 3632 HDAudBus - ok
22:19:06.0794 3632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:19:06.0809 3632 HidBatt - ok
22:19:06.0825 3632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:19:06.0825 3632 HidBth - ok
22:19:06.0856 3632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:19:06.0872 3632 HidIr - ok
22:19:06.0903 3632 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:19:06.0903 3632 HidUsb - ok
22:19:06.0950 3632 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:19:06.0950 3632 HpSAMD - ok
22:19:06.0996 3632 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:19:07.0012 3632 HTTP - ok
22:19:07.0043 3632 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:19:07.0043 3632 hwpolicy - ok
22:19:07.0074 3632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:19:07.0074 3632 i8042prt - ok
22:19:07.0121 3632 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\Windows\system32\DRIVERS\iaStor.sys
22:19:07.0121 3632 iaStor - ok
22:19:07.0168 3632 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:19:07.0184 3632 iaStorV - ok
22:19:07.0355 3632 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:19:07.0496 3632 igfx - ok
22:19:07.0605 3632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:19:07.0605 3632 iirsp - ok
22:19:07.0683 3632 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:19:07.0683 3632 Impcd - ok
22:19:07.0808 3632 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
22:19:07.0839 3632 IntcAzAudAddService - ok
22:19:07.0932 3632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:19:07.0932 3632 intelide - ok
22:19:07.0964 3632 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:19:07.0979 3632 intelppm - ok
22:19:08.0026 3632 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:19:08.0026 3632 IpFilterDriver - ok
22:19:08.0057 3632 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:19:08.0057 3632 IPMIDRV - ok
22:19:08.0073 3632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:19:08.0073 3632 IPNAT - ok
22:19:08.0120 3632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:19:08.0120 3632 IRENUM - ok
22:19:08.0151 3632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:19:08.0151 3632 isapnp - ok
22:19:08.0182 3632 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:19:08.0182 3632 iScsiPrt - ok
22:19:08.0213 3632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:19:08.0213 3632 kbdclass - ok
22:19:08.0260 3632 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:19:08.0260 3632 kbdhid - ok
22:19:08.0291 3632 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:19:08.0291 3632 KSecDD - ok
22:19:08.0307 3632 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:19:08.0307 3632 KSecPkg - ok
22:19:08.0338 3632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:19:08.0338 3632 ksthunk - ok
22:19:08.0400 3632 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:19:08.0400 3632 lltdio - ok
22:19:08.0447 3632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:19:08.0463 3632 LSI_FC - ok
22:19:08.0463 3632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:19:08.0463 3632 LSI_SAS - ok
22:19:08.0478 3632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:19:08.0478 3632 LSI_SAS2 - ok
22:19:08.0494 3632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:19:08.0494 3632 LSI_SCSI - ok
22:19:08.0525 3632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:19:08.0525 3632 luafv - ok
22:19:08.0588 3632 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:19:08.0588 3632 MBAMProtector - ok
22:19:08.0634 3632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:19:08.0634 3632 megasas - ok
22:19:08.0666 3632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:19:08.0666 3632 MegaSR - ok
22:19:08.0712 3632 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:19:08.0712 3632 Modem - ok
22:19:08.0744 3632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:19:08.0759 3632 monitor - ok
22:19:08.0806 3632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:19:08.0806 3632 mouclass - ok
22:19:08.0837 3632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:19:08.0837 3632 mouhid - ok
22:19:08.0868 3632 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:19:08.0868 3632 mountmgr - ok
22:19:08.0915 3632 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:19:08.0915 3632 mpio - ok
22:19:08.0946 3632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:19:08.0946 3632 mpsdrv - ok
22:19:08.0993 3632 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:19:08.0993 3632 MRxDAV - ok
22:19:09.0024 3632 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:19:09.0024 3632 mrxsmb - ok
22:19:09.0056 3632 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:19:09.0071 3632 mrxsmb10 - ok
22:19:09.0087 3632 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:19:09.0087 3632 mrxsmb20 - ok
22:19:09.0118 3632 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:19:09.0118 3632 msahci - ok
22:19:09.0149 3632 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:19:09.0165 3632 msdsm - ok
22:19:09.0196 3632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:19:09.0196 3632 Msfs - ok
22:19:09.0227 3632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:19:09.0227 3632 mshidkmdf - ok
22:19:09.0243 3632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:19:09.0243 3632 msisadrv - ok
22:19:09.0274 3632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:19:09.0274 3632 MSKSSRV - ok
22:19:09.0305 3632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:19:09.0305 3632 MSPCLOCK - ok
22:19:09.0305 3632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:19:09.0321 3632 MSPQM - ok
22:19:09.0368 3632 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:19:09.0368 3632 MsRPC - ok
22:19:09.0399 3632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:19:09.0399 3632 mssmbios - ok
22:19:09.0414 3632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:19:09.0414 3632 MSTEE - ok
22:19:09.0430 3632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:19:09.0430 3632 MTConfig - ok
22:19:09.0446 3632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:19:09.0446 3632 Mup - ok
22:19:09.0524 3632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:19:09.0524 3632 NativeWifiP - ok
22:19:09.0586 3632 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:19:09.0602 3632 NDIS - ok
22:19:09.0617 3632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:19:09.0617 3632 NdisCap - ok
22:19:09.0648 3632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:19:09.0664 3632 NdisTapi - ok
22:19:09.0680 3632 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:19:09.0695 3632 Ndisuio - ok
22:19:09.0726 3632 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:19:09.0726 3632 NdisWan - ok
22:19:09.0773 3632 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:19:09.0773 3632 NDProxy - ok
22:19:09.0820 3632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:19:09.0820 3632 NetBIOS - ok
22:19:09.0851 3632 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:19:09.0851 3632 NetBT - ok
22:19:09.0898 3632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:19:09.0898 3632 nfrd960 - ok
22:19:09.0945 3632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:19:09.0945 3632 Npfs - ok
22:19:09.0976 3632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:19:09.0976 3632 nsiproxy - ok
22:19:10.0054 3632 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:19:10.0070 3632 Ntfs - ok
22:19:10.0085 3632 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:19:10.0085 3632 Null - ok
22:19:10.0148 3632 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:19:10.0148 3632 nvraid - ok
22:19:10.0179 3632 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:19:10.0179 3632 nvstor - ok
22:19:10.0194 3632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:19:10.0210 3632 nv_agp - ok
22:19:10.0226 3632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:19:10.0226 3632 ohci1394 - ok
22:19:10.0304 3632 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:19:10.0304 3632 Parport - ok
22:19:10.0335 3632 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:19:10.0335 3632 partmgr - ok
22:19:10.0366 3632 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:19:10.0366 3632 pci - ok
22:19:10.0397 3632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:19:10.0397 3632 pciide - ok
22:19:10.0413 3632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:19:10.0413 3632 pcmcia - ok
22:19:10.0444 3632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:19:10.0444 3632 pcw - ok
22:19:10.0475 3632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:19:10.0491 3632 PEAUTH - ok
22:19:10.0569 3632 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:19:10.0569 3632 PptpMiniport - ok
22:19:10.0584 3632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:19:10.0584 3632 Processor - ok
22:19:10.0631 3632 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:19:10.0631 3632 Psched - ok
22:19:10.0694 3632 PSINAflt (bf6b640239be2c28a6bb43adc658fb7f) C:\Windows\system32\DRIVERS\PSINAflt.sys
22:19:10.0709 3632 PSINAflt - ok
22:19:10.0725 3632 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
22:19:10.0725 3632 PSINFile - ok
22:19:10.0772 3632 PSINKNC (a90f546b4f49122115768bc94bc81c04) C:\Windows\system32\DRIVERS\psinknc.sys
22:19:10.0772 3632 PSINKNC - ok
22:19:10.0803 3632 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
22:19:10.0803 3632 PSINProc - ok
22:19:10.0834 3632 PSINProt (076254556b4b03ade385619ff33e2f6b) C:\Windows\system32\DRIVERS\PSINProt.sys
22:19:10.0834 3632 PSINProt - ok
22:19:10.0928 3632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:19:10.0943 3632 ql2300 - ok
22:19:10.0959 3632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:19:10.0974 3632 ql40xx - ok
22:19:10.0990 3632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:19:11.0006 3632 QWAVEdrv - ok
22:19:11.0021 3632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:19:11.0021 3632 RasAcd - ok
22:19:11.0068 3632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:19:11.0068 3632 RasAgileVpn - ok
22:19:11.0099 3632 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:19:11.0099 3632 Rasl2tp - ok
22:19:11.0130 3632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:19:11.0130 3632 RasPppoe - ok
22:19:11.0162 3632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:19:11.0162 3632 RasSstp - ok
22:19:11.0193 3632 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:19:11.0208 3632 rdbss - ok
22:19:11.0224 3632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:19:11.0224 3632 rdpbus - ok
22:19:11.0255 3632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:19:11.0255 3632 RDPCDD - ok
22:19:11.0286 3632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:19:11.0286 3632 RDPENCDD - ok
22:19:11.0302 3632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:19:11.0302 3632 RDPREFMP - ok
22:19:11.0333 3632 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:19:11.0333 3632 RDPWD - ok
22:19:11.0380 3632 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:19:11.0380 3632 rdyboost - ok
22:19:11.0458 3632 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:19:11.0474 3632 RFCOMM - ok
22:19:11.0505 3632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:19:11.0505 3632 rspndr - ok
22:19:11.0536 3632 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:19:11.0536 3632 RTL8167 - ok
22:19:11.0630 3632 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\Windows\SysWOW64\drivers\rtport.sys
22:19:11.0630 3632 rtport - ok
22:19:11.0661 3632 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
22:19:11.0661 3632 SABI - ok
22:19:11.0708 3632 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:19:11.0708 3632 sbp2port - ok
22:19:11.0739 3632 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:19:11.0739 3632 scfilter - ok
22:19:11.0817 3632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:19:11.0817 3632 secdrv - ok
22:19:11.0864 3632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:19:11.0864 3632 Serenum - ok
22:19:11.0895 3632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:19:11.0895 3632 Serial - ok
22:19:11.0942 3632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:19:11.0942 3632 sermouse - ok
22:19:11.0988 3632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:19:11.0988 3632 sffdisk - ok
22:19:12.0004 3632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:19:12.0020 3632 sffp_mmc - ok
22:19:12.0035 3632 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:19:12.0035 3632 sffp_sd - ok
22:19:12.0082 3632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:19:12.0082 3632 sfloppy - ok
22:19:12.0160 3632 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:19:12.0176 3632 Sftfs - ok
22:19:12.0222 3632 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:19:12.0222 3632 Sftplay - ok
22:19:12.0254 3632 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:19:12.0254 3632 Sftredir - ok
22:19:12.0269 3632 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:19:12.0269 3632 Sftvol - ok
22:19:12.0332 3632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:19:12.0332 3632 SiSRaid2 - ok
22:19:12.0347 3632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:19:12.0347 3632 SiSRaid4 - ok
22:19:12.0378 3632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:19:12.0394 3632 Smb - ok
22:19:12.0456 3632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:19:12.0472 3632 spldr - ok
22:19:12.0519 3632 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:19:12.0519 3632 srv - ok
22:19:12.0550 3632 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:19:12.0566 3632 srv2 - ok
22:19:12.0597 3632 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:19:12.0597 3632 srvnet - ok
22:19:12.0644 3632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:19:12.0644 3632 stexstor - ok
22:19:12.0675 3632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:19:12.0675 3632 swenum - ok
22:19:12.0753 3632 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:19:12.0784 3632 Tcpip - ok
22:19:12.0831 3632 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:19:12.0831 3632 TCPIP6 - ok
22:19:12.0862 3632 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:19:12.0862 3632 tcpipreg - ok
22:19:12.0924 3632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:19:12.0924 3632 TDPIPE - ok
22:19:12.0940 3632 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:19:12.0940 3632 TDTCP - ok
22:19:12.0987 3632 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:19:12.0987 3632 tdx - ok
22:19:13.0018 3632 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:19:13.0018 3632 TermDD - ok
22:19:13.0080 3632 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:19:13.0096 3632 tssecsrv - ok
22:19:13.0127 3632 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:19:13.0127 3632 TsUsbFlt - ok
22:19:13.0174 3632 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:19:13.0190 3632 tunnel - ok
22:19:13.0252 3632 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
22:19:13.0252 3632 TurboB - ok
22:19:13.0299 3632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:19:13.0299 3632 uagp35 - ok
22:19:13.0330 3632 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:19:13.0346 3632 udfs - ok
22:19:13.0377 3632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:19:13.0377 3632 uliagpkx - ok
22:19:13.0439 3632 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:19:13.0439 3632 umbus - ok
22:19:13.0470 3632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:19:13.0470 3632 UmPass - ok
22:19:13.0502 3632 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:19:13.0502 3632 usbccgp - ok
22:19:13.0564 3632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:19:13.0564 3632 usbcir - ok
22:19:13.0580 3632 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:19:13.0580 3632 usbehci - ok
22:19:13.0611 3632 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:19:13.0611 3632 usbhub - ok
22:19:13.0642 3632 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:19:13.0642 3632 usbohci - ok
22:19:13.0673 3632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:19:13.0673 3632 usbprint - ok
22:19:13.0689 3632 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
22:19:13.0689 3632 USBSTOR - ok
22:19:13.0704 3632 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:19:13.0720 3632 usbuhci - ok
22:19:13.0767 3632 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:19:13.0767 3632 usbvideo - ok
22:19:13.0814 3632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:19:13.0814 3632 vdrvroot - ok
22:19:13.0845 3632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:19:13.0845 3632 vga - ok
22:19:13.0860 3632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:19:13.0860 3632 VgaSave - ok
22:19:13.0892 3632 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:19:13.0892 3632 vhdmp - ok
22:19:13.0923 3632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:19:13.0923 3632 viaide - ok
22:19:13.0938 3632 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:19:13.0938 3632 volmgr - ok
22:19:13.0985 3632 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:19:13.0985 3632 volmgrx - ok
22:19:14.0016 3632 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:19:14.0032 3632 volsnap - ok
22:19:14.0063 3632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:19:14.0063 3632 vsmraid - ok
22:19:14.0094 3632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:19:14.0094 3632 vwifibus - ok
22:19:14.0110 3632 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:19:14.0126 3632 vwififlt - ok
22:19:14.0141 3632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:19:14.0141 3632 WacomPen - ok
22:19:14.0188 3632 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:19:14.0188 3632 WANARP - ok
22:19:14.0188 3632 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:19:14.0188 3632 Wanarpv6 - ok
22:19:14.0235 3632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:19:14.0235 3632 Wd - ok
22:19:14.0250 3632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:19:14.0266 3632 Wdf01000 - ok
22:19:14.0313 3632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:19:14.0328 3632 WfpLwf - ok
22:19:14.0344 3632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:19:14.0344 3632 WIMMount - ok
22:19:14.0422 3632 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:19:14.0422 3632 WinUsb - ok
22:19:14.0453 3632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:19:14.0453 3632 WmiAcpi - ok
22:19:14.0500 3632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:19:14.0500 3632 ws2ifsl - ok
22:19:14.0547 3632 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:19:14.0547 3632 WudfPf - ok
22:19:14.0594 3632 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:19:14.0594 3632 WUDFRd - ok
22:19:14.0656 3632 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
22:19:14.0656 3632 yukonw7 - ok
22:19:14.0703 3632 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:19:15.0030 3632 \Device\Harddisk0\DR0 - ok
22:19:15.0030 3632 Boot (0x1200) (686b6b09b4eb48d0782e8a7be67168db) \Device\Harddisk0\DR0\Partition0
22:19:15.0030 3632 \Device\Harddisk0\DR0\Partition0 - ok
22:19:15.0046 3632 Boot (0x1200) (71a23cbf0029fbad2b4d458aaf3fb1c4) \Device\Harddisk0\DR0\Partition1
22:19:15.0046 3632 \Device\Harddisk0\DR0\Partition1 - ok
22:19:15.0062 3632 Boot (0x1200) (7b859185e62ccfa77d902994a8ad0db9) \Device\Harddisk0\DR0\Partition2
22:19:15.0077 3632 \Device\Harddisk0\DR0\Partition2 - ok
22:19:15.0077 3632 ============================================================
22:19:15.0077 3632 Scan finished
22:19:15.0077 3632 ============================================================
22:19:15.0093 5172 Detected object count: 0
22:19:15.0093 5172 Actual detected object count: 0

Ya me cuentas que te parece y que tengo que hacer mas!!!

Muchisimas gracias por todo!!!

Un saludo!!

**gema85** · 08/03/12, 17:31:49

Hola otra vez!!

Se me ha olvidado comentarte otra cosa, dentro de (D:) tengo una carpeta llamada $RECYCLE.BIN, ¿que hago con ella?

Un saludo!!

**Fer21021** · 08/03/12, 17:52:49

Buenas,

Hiciste todo bien, pero esto aún no acaba, dos pasito más.
Por el momento si tu antivirus marca alguna advertencia, ignoralo.

----------------------------------------
Descarga:

UsbFix by El Desaparecido

1.-

Ejecuta:
UsbFix

Conecte todos sus dispositivos extraíbles, Pendrive\Micro SD, etc.
Haga doble Click sobre UsbFix
Pulse sobre la opción Supresión
Aparecerá una advertencia para que conecte sus USB, pulse en Aceptar y proceso de desinfección/vacunación se iniciará.
Durante el análisis el escritorio puede desaparecer, esto es normal, si UsbFix le pide reiniciar el sistema acepte y reinicie su equipo.
Al finalizar, USBFix genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt debe pegar su contenido en el próximo mensaje.

Nota UsbFix creará una carpeta oculta llamada "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones.

---------------------------------------------

2.-

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

------------------------------------------------
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Me traes ambos reportes.

Saludos.

**gema85** · 09/03/12, 15:18:16

Hola de nuevo, Fer21021!!

El antivirus dice que tiene 2 archivos en la papelera pero cuando le doy a ver detalles para eliminarlos no me sale nada, no se porque..

He intentado pasar el UsbFix, pero cuando va por el 14% dice que "no responde", pense que podria ser algo normal mientras se ejecutaba, pero tras media hora seguia sin hacer nada, lo intente una segunda vez y me ha pasado lo mismo, ¿que hago? ¿vuelvo a intentarlo y lo dejo mas tiempo?

Un saludo!!

**Fer21021** · 09/03/12, 17:45:50

Salteate ese paso y usa ComboFIx.

Saludos.

**gema85** · 09/03/12, 20:40:35

Buenas!!

Te pongo el reporte de combofix:

ComboFix 12-03-09.05 - Gema 10/03/2012 2:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3946.2680 [GMT 1:00]
Running from: c:\users\Gema\Desktop\ComboFix.exe
AV: McAfee Anti-Virus y Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus y Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Object
c:\program files (x86)\Object\chromeaddon\._included.js
c:\program files (x86)\Object\chromeaddon\included.js
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\facetheme\chrome.manifest
c:\program files (x86)\Object\facetheme\content\installid.js
c:\program files (x86)\Object\facetheme\content\overlay.js
c:\program files (x86)\Object\facetheme\content\sudoku.js
c:\program files (x86)\Object\facetheme\defaults\preferences\._sudoku.js
c:\program files (x86)\Object\facetheme\defaults\preferences\sudoku.js
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.properties
c:\program files (x86)\Object\facetheme_uninstall.exe
c:\programdata\FullRemove.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\surveyor.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_sgectl
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 01:16 . 2012-03-10 01:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 18:58 . 2012-03-09 19:53 -------- d-----w- C:\UsbFix
2012-03-08 21:28 . 2012-03-08 21:28 23856 ----a-w- c:\windows\system32\drivers\SirefefRemover.sys
2012-03-08 19:54 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 19:54 . 2012-03-08 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 14:32 . 2012-03-08 14:32 -------- d-----w- c:\programdata\Sony
2012-03-08 14:32 . 2012-03-08 14:32 -------- d-----w- c:\program files (x86)\Sony
2012-03-06 22:28 . 2012-03-06 22:28 -------- d-----w- c:\programdata\AVAST Software
2012-03-06 22:28 . 2012-03-06 22:28 -------- d-----w- c:\program files\AVAST Software
2012-03-04 11:54 . 2012-03-04 11:54 -------- d-----w- c:\users\Gema\AppData\Roaming\Panda Security
2012-03-04 11:53 . 2012-03-04 11:53 -------- d-----w- c:\programdata\Panda Security
2012-03-04 11:53 . 2012-03-04 11:53 -------- d-----w- c:\program files (x86)\Panda Security
2012-03-04 11:53 . 2012-03-04 11:53 -------- d-----w- C:\temp
2012-03-03 21:35 . 2012-03-03 21:35 -------- d-----w- c:\users\Gema\AppData\Roaming\Malwarebytes
2012-03-03 21:34 . 2012-03-03 21:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-03 21:31 . 2012-03-08 19:18 -------- d-----w- c:\program files\CCleaner
2012-03-03 21:10 . 2012-03-03 21:10 -------- d-----w- c:\program files\ESET
2012-02-29 21:27 . 2012-02-29 21:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-29 21:16 . 2012-02-29 21:19 -------- d-sh--w- c:\users\Gema\AppData\Local\dd5ce775
2012-02-24 14:19 . 2012-02-24 14:19 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-02-24 14:19 . 2012-02-24 14:19 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-14 18:27 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 18:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 18:27 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 18:27 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 18:27 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 18:27 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 18:27 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 18:27 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 21:23 . 2011-05-16 17:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-05 12:10 . 2012-01-05 12:10 161032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-01-27 441016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gema\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-29 1127712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dc3d;Controlador de detección de dispositivos de hardware de Microsoft;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SirefefRemover;SirefefRemover;c:\windows\system32\Drivers\SirefefRemover.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gema\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"combofix"="c:\combofix\CF6638.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sgectl
pxfhbus
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: fnmt.es
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Gema\AppData\Roaming\Mozilla\Firefox\Profiles\qjf73h2b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es/
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2012-03-10 02:24:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 01:24
.
Pre-Run: 132.970.782.720 bytes libres
Post-Run: 132.543.217.664 bytes libres
.
- - End Of File - - AC55A3042742444A23A752AA27081B6B

Saludos!!!!

**Fer21021** · 09/03/12, 22:49:52

Ya debería estar todo en orden.

Comenta si continuas con el problema.

Saludos.

**gema85** · 10/03/12, 17:09:54

Muy buenas!!!

Me alegra oirte decir eso!! la verdad que el ordenador funciona bien, y no redirige a nada, lo unico que la carpeta que te dije que estaba en (D:) $RECYCLE.BIN sigue ahi, y no se si deberia...

Por lo demas nada.. ¿tendria que pasar alguno de los programas de nuevo para que verificaran que todo esta bien? ¿o el panda cloud? (que también sigue diciendo que tiene 2 elementos en la papelera y cuando le das al detalle no te sale nada...

Y de los programas que me has dicho, ¿dejo alguno instalado o los borro todos? y el con UsbFix, ¿intento pasarlo ahora o no hace falta?

Muchisimas gracias de nuevo!!

Un saludo!

Virus abnow y otros. (Solucionado)

Herramientas

Virus abnow y otros. (Solucionado)

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.

Re: Virus abnow y otros.