• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    Bloqueo explorer Ramsomware (Solucionado)

    Resumen del tema: Bloqueo explorer Ramsomware (Solucionado) - Buenas primero de todo daros las gracias pues no es la primera vez que me alludais,luego ocomentaros que soy otro de los muchos que a caido con este malware,os comento que pude entrar al pc ...

      
    1. #1
      Usuario Avatar de spm145
      Registrado
      mar 2006
      Ubicación
      barcelona
      Mensajes
      28

      Bloqueo explorer Ramsomware (Solucionado)

      Buenas primero de todo daros las gracias pues no es la primera vez que me alludais,luego ocomentaros que soy otro de los muchos que a caido con este malware,os comento que pude entrar al pc con la ultima configuracion que funcionaba y ejecutar lo de control+alt +suprimir (ahora no recuerdo el nombre) y pude cerrar el prodecedimiento windows que era lo que me dejaba la pantalla en negro antes de que me dejara sin posibilidad de hacer nada,luego baje y ejecute el archivo polifix desde el mismo windows he bajado el programa OTL y aqui os dejo los resultados:

      PD: No puedo abrir el mocilla firefox,por el momento no apago el pc por si luego no reinicia bien espero podais responder pronto sea como sea gracias de antemano.

      ARCHIVO OLT:



      OTL logfile created on: 12/03/2012 3:04:55 - Run 1
      OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\triton\Escritorio
      Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,68% Memory free
      3,35 Gb Paging File | 2,57 Gb Available in Paging File | 76,78% Paging File free
      Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
      Drive C: | 298,08 Gb Total Space | 3,68 Gb Free Space | 1,24% Space Free | Partition Type: NTFS
      Drive D: | 149,05 Gb Total Space | 13,64 Gb Free Space | 9,15% Space Free | Partition Type: NTFS
      Drive G: | 29,32 Gb Total Space | 19,59 Gb Free Space | 66,80% Space Free | Partition Type: FAT32

      Computer Name: SERGIO | User Name: triton | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Quick Scan
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/03/12 03:01:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\triton\Escritorio\OTL.exe
      PRC - [2012/03/08 15:28:54 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
      PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\triton\Datos de programa\Dropbox\bin\Dropbox.exe
      PRC - [2011/11/21 05:24:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
      PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE
      PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Archivos de programa\TomTom HOME 2\TomTomHOMERunner.exe
      PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Archivos de programa\TomTom HOME 2\TomTomHOMEService.exe
      PRC - [2011/04/18 12:53:17 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
      PRC - [2011/04/18 12:53:17 | 000,789,392 | ---- | M] (Lavasoft) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
      PRC - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
      PRC - [2009/12/22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
      PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      PRC - [2009/06/16 10:13:24 | 004,334,888 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\triton\temp\TeamViewer\Version4\TeamViewer.exe
      PRC - [2009/06/16 09:48:36 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Archivos de programa\TeamViewer\Version4\TeamViewer_Service.exe
      PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
      PRC - [2008/04/14 03:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


      ========== Modules (No Company Name) ==========

      MOD - [2012/03/08 15:28:52 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll
      MOD - [2012/03/08 15:28:51 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\Application\17.0.963.78\pdf.dll
      MOD - [2012/03/08 15:27:26 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\Application\17.0.963.78\avutil-51.dll
      MOD - [2012/03/08 15:27:24 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\Application\17.0.963.78\avformat-53.dll
      MOD - [2012/03/08 15:27:23 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\Application\17.0.963.78\avcodec-53.dll
      MOD - [2012/03/03 23:43:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
      MOD - [2012/03/03 23:43:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
      MOD - [2012/03/03 23:43:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
      MOD - [2012/03/03 23:35:01 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
      MOD - [2012/03/03 23:34:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
      MOD - [2012/03/03 23:34:43 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
      MOD - [2012/03/03 23:33:32 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
      MOD - [2011/11/21 05:24:32 | 001,989,592 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll
      MOD - [2011/11/06 16:29:27 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
      MOD - [2011/11/06 16:14:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
      MOD - [2011/05/24 22:58:28 | 000,270,336 | ---- | M] () -- C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
      MOD - [2011/04/18 12:53:22 | 000,163,728 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\ShellExt.dll
      MOD - [2011/04/18 12:53:20 | 000,327,000 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\RPAPI.dll
      MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
      MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\zlib1.dll
      MOD - [2009/11/03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\ASL.dll
      MOD - [2009/02/27 18:35:50 | 000,311,296 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP
      MOD - [2008/06/20 17:03:30 | 000,248,320 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
      MOD - [2008/04/14 03:18:25 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
      MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll


      ========== Win32 Services (SafeList) ==========

      SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
      SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
      SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Archivos de programa\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
      SRV - [2011/04/18 12:53:17 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
      SRV - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
      SRV - [2009/12/22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
      SRV - [2009/09/17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Archivos de programa\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
      SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
      SRV - [2009/06/16 09:48:36 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Archivos de programa\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
      SRV - [2008/04/14 03:19:12 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\WINDOWS\system32\tmxpflt.dll -- (Fd16_700)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - [2011/05/25 05:21:44 | 006,554,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
      DRV - [2011/03/30 19:46:12 | 000,101,392 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
      DRV - [2009/12/22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
      DRV - [2009/12/22 03:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
      DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
      DRV - [2009/09/19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
      DRV - [2009/09/19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
      DRV - [2009/09/19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
      DRV - [2009/09/19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
      DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
      DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
      DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
      DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
      DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
      DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
      DRV - [2008/11/19 16:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
      DRV - [2008/11/19 16:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
      DRV - [2008/11/19 16:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
      DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
      DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
      DRV - [2007/11/27 13:06:42 | 004,630,016 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
      DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
      DRV - [2001/08/17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Archivos de programa\SearchWeb Toolbar\tbhelper.dll ()
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=es_ES&apn_ptnrs=GL&apn_dtid=&apn_uid=0A476476-A6D1-4D5A-9C6D-EC2BCF03D37E&apn_sauid=EC0E515E-E774-4A36-B9E2-6F91DDEC2ED9
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://es-searchweb.com/?q={searchTerms}
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-861567501-1326574676-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://www.google.es/"
      FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.17
      FF - prefs.js..extensions.enabledItems: {71bfcce7-421d-4042-95d4-a585a821cbca}:2.6.4
      FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
      FF - prefs.js..extensions.enabledItems: [email protected]:1.0
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Archivos de programa\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Archivos de programa\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/11/30 14:53:26 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/11/30 14:53:25 | 000,000,000 | ---D | M]

      [2011/06/24 13:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Extensions
      [2011/06/24 13:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Extensions\[email protected]
      [2012/02/17 11:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Firefox\Profiles\7w6mazap.default\extensions
      [2012/02/04 03:00:30 | 000,000,000 | ---D | M] (SearchWeb Toolbar) -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Firefox\Profiles\7w6mazap.default\extensions\{1CB94A15-4515-4A88-A296-36DDCA34AF50}
      [2011/03/26 14:47:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Firefox\Profiles\7w6mazap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      [2010/04/09 10:21:39 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Firefox\Profiles\7w6mazap.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
      [2012/02/13 09:38:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Firefox\Profiles\7w6mazap.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
      [2010/09/21 13:43:31 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\triton\Datos de programa\Mozilla\Firefox\Profiles\7w6mazap.default\searchplugins\askcom.xml
      [2011/11/30 14:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2011/10/24 15:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
      () (No name found) -- C:\DOCUMENTS AND SETTINGS\TRITON\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\7W6MAZAP.DEFAULT\EXTENSIONS\{71BFCCE7-421D-4042-95D4-A585A821CBCA}.XPI
      [2011/11/21 05:24:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
      [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
      [2009/02/21 07:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\mozilla firefox\plugins\npOGAPlugin.dll
      [2011/11/21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
      [2011/11/21 02:36:35 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
      [2011/11/21 02:36:35 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
      [2011/11/21 02:36:35 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
      [2011/11/21 02:36:35 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\triton\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.78\gcswf32.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin7.dll
      CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: Adobe Acrobat (Disabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = C:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll
      CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\np-mswmp.dll
      CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\NPOFF12.DLL
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\triton\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\triton\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.78\pdf.dll
      CHR - plugin: Office Genuine Advantage (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npOGAPlugin.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
      CHR - plugin: Picasa (Enabled) = C:\Archivos de programa\Google\Picasa3\npPicasa3.dll
      CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Archivos de programa\Panda Security\ActiveScan 2.0\npwrapper.dll
      CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Archivos de programa\VideoLAN\VLC\npvlc.dll
      CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\triton\Configuraci\u00F3n local\Datos de programa\Google\Update\1.3.21.69\npGoogleUpdate3.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
      CHR - Extension: Gmail = C:\Documents and Settings\triton\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2010/02/12 04:06:45 | 000,378,505 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: 127.0.0.1 www.007guard.com
      O1 - Hosts: 127.0.0.1 007guard.com
      O1 - Hosts: 127.0.0.1 008i.com
      O1 - Hosts: 127.0.0.1 www.008k.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 www.00hq.com
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 010402.com
      O1 - Hosts: 127.0.0.1 www.032439.com
      O1 - Hosts: 127.0.0.1 032439.com
      O1 - Hosts: 127.0.0.1 www.0scan.com
      O1 - Hosts: 127.0.0.1 0scan.com
      O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
      O1 - Hosts: 127.0.0.1 1000gratisproben.com
      O1 - Hosts: 127.0.0.1 www.1001namen.com
      O1 - Hosts: 127.0.0.1 1001namen.com
      O1 - Hosts: 127.0.0.1 www.100888290cs.com
      O1 - Hosts: 127.0.0.1 100888290cs.com
      O1 - Hosts: 127.0.0.1 www.100sexlinks.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 www.10sek.com
      O1 - Hosts: 127.0.0.1 1-2005-search.com
      O1 - Hosts: 127.0.0.1 www.1-2005-search.com
      O1 - Hosts: 13042 more lines...
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
      O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Archivos de programa\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
      O2 - BHO: (TBSB01666 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Archivos de programa\SearchWeb Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Archivos de programa\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O3 - HKLM\..\Toolbar: (SearchWeb Toolbar) - {8FFA7469-654F-423E-84FE-6A583CB1C284} - C:\Archivos de programa\SearchWeb Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
      O3 - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\Toolbar\WebBrowser: (SearchWeb Toolbar) - {8FFA7469-654F-423E-84FE-6A583CB1C284} - C:\Archivos de programa\SearchWeb Toolbar\tbcore3.dll ()
      O3 - HKU\S-1-5-21-861567501-1326574676-725345543-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
      O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
      O4 - HKLM..\Run: [StartCCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKU\S-1-5-21-861567501-1326574676-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
      O4 - HKU\S-1-5-21-861567501-1326574676-725345543-1003..\Run: [TomTomHOME.exe] C:\Archivos de programa\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
      O4 - HKU\S-1-5-21-861567501-1326574676-725345543-1003..\RunOnce: [AutoLaunch] C:\Archivos de programa\Lavasoft\Ad-Aware\AutoLaunch.exe ()
      O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Mozilla Firefox [2008/09/11 07:00:19 | 000,000,000 | ---D | M]
      O4 - Startup: C:\Documents and Settings\triton\Menú Inicio\Programas\Inicio\Dropbox.lnk = C:\Documents and Settings\triton\Datos de programa\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-861567501-1326574676-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
      O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD57F260-E09A-4BCE-8C97-8B396B8A153B}: DhcpNameServer = 87.216.1.65 87.216.1.66
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O20 - HKU\S-1-5-21-861567501-1326574676-725345543-1003 Winlogon: Shell - (C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\X) - C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\X ()
      O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
      O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
      O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
      O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/09/27 20:40:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O32 - AutoRun File - [2006/06/22 05:28:01 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
      O33 - MountPoints2\{227c698b-9e5b-11e0-aacc-0019667089f2}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
      O33 - MountPoints2\{8c9af410-c3bf-11e0-ab0d-0019667089f2}\Shell - "" = AutoRun
      O33 - MountPoints2\{8c9af410-c3bf-11e0-ab0d-0019667089f2}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
      O33 - MountPoints2\{d8356c1a-60ae-11e1-ac42-0019667089f2}\Shell - "" = AutoRun
      O33 - MountPoints2\{d8356c1a-60ae-11e1-ac42-0019667089f2}\Shell\AutoRun\command - "" = G:\Startme.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (lsdelete)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/03/12 03:01:21 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\triton\Escritorio\OTL (1).exe
      [2012/03/12 03:01:13 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\triton\Escritorio\OTL.exe
      [2012/03/12 02:46:53 | 000,036,864 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
      [2012/03/12 01:01:06 | 000,027,648 | ---- | C] (SuperTech) -- C:\WINDOWS\System32\UwxalxaDfihm.dll
      [2012/03/11 00:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\triton\Escritorio\wiffi contraseñas
      [2012/03/07 00:17:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\triton\Recent
      [2012/03/06 23:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\triton\Datos de programa\dvdcss
      [2012/03/01 00:46:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad
      [2012/02/26 23:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\triton\Escritorio\Android
      [2012/02/26 20:28:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Sony Ericsson
      [2012/02/23 23:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\triton\Escritorio\juegos sg2
      [2012/02/23 17:39:27 | 000,000,000 | ---D | C] -- C:\targeta experia
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/03/12 03:01:20 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\triton\Escritorio\OTL (1).exe
      [2012/03/12 03:01:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\triton\Escritorio\OTL.exe
      [2012/03/12 02:46:14 | 000,289,239 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\polifix.exe
      [2012/03/12 02:28:00 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1326574676-725345543-1003UA.job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
      [2012/03/12 02:25:33 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
      [2012/03/12 02:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2012/03/12 02:15:47 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
      [2012/03/12 01:01:06 | 000,027,648 | ---- | M] (SuperTech) -- C:\WINDOWS\System32\UwxalxaDfihm.dll
      [2012/03/11 23:28:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1326574676-725345543-1003Core.job
      [2012/03/11 07:56:54 | 608,679,066 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\Software_APK.rar
      [2012/03/11 03:57:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
      [2012/03/11 02:44:33 | 002,960,513 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\programa para cambiar ascpecto movilTSF.zip
      [2012/03/11 01:00:29 | 001,486,282 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\Camera android 4.apk
      [2012/03/09 14:29:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2012/03/09 14:29:47 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
      [2012/03/09 00:31:12 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\Google Chrome.lnk
      [2012/03/05 19:57:42 | 001,044,914 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\DSC_0011.JPG
      [2012/03/05 19:57:40 | 000,665,973 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\DSC_0006.JPG
      [2012/03/04 01:08:54 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
      [2012/03/03 23:33:05 | 000,495,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
      [2012/03/03 23:33:05 | 000,433,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2012/03/03 23:33:05 | 000,086,216 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
      [2012/03/03 23:33:05 | 000,068,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2012/03/03 00:32:02 | 006,148,081 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\Manual experia neo v.pdf
      [2012/02/29 22:30:47 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
      [2012/02/29 22:30:47 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
      [2012/02/28 01:53:51 | 001,136,725 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\oruxmapsmanual.pdf
      [2012/02/27 09:36:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [2012/02/26 20:21:30 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\triton\Menú Inicio\Programas\Inicio\Dropbox.lnk
      [2012/02/26 20:21:30 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\triton\Escritorio\Dropbox.lnk
      [2012/02/23 23:06:09 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/03/12 02:46:14 | 000,289,239 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\polifix.exe
      [2012/03/11 04:17:24 | 608,679,066 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\Software_APK.rar
      [2012/03/11 02:44:24 | 002,960,513 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\programa para cambiar ascpecto movilTSF.zip
      [2012/03/11 01:00:28 | 001,486,282 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\Camera android 4.apk
      [2012/03/09 23:53:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
      [2012/03/06 23:20:56 | 000,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
      [2012/03/05 19:57:52 | 001,044,914 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\DSC_0011.JPG
      [2012/03/05 19:57:52 | 000,665,973 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\DSC_0006.JPG
      [2012/03/03 00:31:53 | 006,148,081 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\Manual experia neo v.pdf
      [2012/03/01 13:12:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
      [2012/03/01 13:12:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
      [2012/03/01 00:48:44 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
      [2012/02/28 01:53:45 | 001,136,725 | ---- | C] () -- C:\Documents and Settings\triton\Escritorio\oruxmapsmanual.pdf
      [2011/12/29 03:30:09 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
      [2011/12/29 03:30:09 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
      [2011/12/28 12:16:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
      [2011/12/28 12:15:58 | 000,233,765 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
      [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
      [2011/11/04 19:53:18 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
      [2011/11/04 19:53:18 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
      [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
      [2011/02/15 19:08:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
      [2011/01/28 21:20:12 | 150,811,136 | ---- | C] () -- C:\Archivos de programa\OOo_3.2.1_Win_x86_install-wJRE_es.exe
      [2011/01/04 18:51:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
      [2011/01/04 18:51:33 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
      [2011/01/04 18:48:20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\triton\Datos de programa\$_hpcst$.hpc
      [2010/09/21 16:27:08 | 000,000,509 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
      [2010/08/07 02:17:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
      [2010/08/07 02:17:35 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
      [2010/08/07 02:17:35 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
      [2010/08/07 02:17:34 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
      [2010/08/07 01:35:08 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
      [2010/06/02 01:02:30 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\triton\Datos de programa\winscp.rnd

      ========== LOP Check ==========

      [2008/09/12 02:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Azureus
      [2009/02/08 15:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
      [2008/09/12 10:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Installations
      [2008/09/10 23:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\MAGIX
      [2008/10/12 18:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PC Suite
      [2009/05/17 23:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
      [2009/10/12 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\EPSON
      [2009/11/13 11:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Installations
      [2009/12/07 05:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\NokiaMusic
      [2009/11/13 11:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\PC Suite
      [2011/01/04 18:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Samsung
      [2012/03/12 02:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TEMP
      [2011/06/24 13:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TomTom
      [2009/10/12 20:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\UDL
      [2010/01/06 19:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
      [2009/12/30 13:29:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
      [2010/04/04 01:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Bull
      [2010/06/05 01:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\DiskAid
      [2012/03/12 02:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Dropbox
      [2011/02/15 19:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\EPSON
      [2010/10/23 17:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\FFSJ
      [2010/01/17 02:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\GlarySoft
      [2009/12/07 05:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Nokia
      [2011/01/29 00:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\OpenOffice.org
      [2009/11/13 11:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\PC Suite
      [2011/08/12 02:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\QuickScan
      [2011/01/04 18:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Samsung
      [2011/12/31 02:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Spotify
      [2010/01/22 16:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\TeamViewer
      [2011/06/24 13:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\TomTom
      [2012/02/04 03:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Toolbar4
      [2012/03/11 08:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\uTorrent
      [2009/10/01 11:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\triton\Datos de programa\Windows Live Writer
      [2009/09/17 11:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Azureus
      [2008/12/12 20:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Leadertech
      [2008/09/12 11:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Nokia
      [2008/09/12 10:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\PC Suite
      [2009/07/14 01:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\TeamViewer
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
      [2012/03/12 02:26:12 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
      [2012/03/12 02:25:33 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
      [2012/03/12 01:55:04 | 000,032,652 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========



      ========== Files - Unicode (All) ==========
      [2012/01/22 20:47:10 | 000,000,000 | ---D | M](C:\Documents and Settings\triton\Escritorio\EXCURSIÓN L´ALEIXAR?) -- C:\Documents and Settings\triton\Escritorio\EXCURSIÓN L´ALEIXAR‏
      [2012/01/21 23:49:32 | 000,000,000 | ---D | C](C:\Documents and Settings\triton\Escritorio\EXCURSIÓN L´ALEIXAR?) -- C:\Documents and Settings\triton\Escritorio\EXCURSIÓN L´ALEIXAR‏

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TEMP:5C321E34
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:5C321E34

      < End of report >
      Última edición por spm145 fecha: 11/03/12 a las 22:36:38

    2. #2
      Usuario Avatar de spm145
      Registrado
      mar 2006
      Ubicación
      barcelona
      Mensajes
      28

      Re: Bloqueo explorer Ramsomware

      ARCHIVO EXTRAS:




      OTL Extras logfile created on: 12/03/2012 3:04:55 - Run 1
      OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\triton\Escritorio
      Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,68% Memory free
      3,35 Gb Paging File | 2,57 Gb Available in Paging File | 76,78% Paging File free
      Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
      Drive C: | 298,08 Gb Total Space | 3,68 Gb Free Space | 1,24% Space Free | Partition Type: NTFS
      Drive D: | 149,05 Gb Total Space | 13,64 Gb Free Space | 9,15% Space Free | Partition Type: NTFS
      Drive G: | 29,32 Gb Total Space | 19,59 Gb Free Space | 66,80% Space Free | Partition Type: FAT32

      Computer Name: SERGIO | User Name: triton | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Quick Scan
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Extra Registry (SafeList) ==========


      ========== File Associations ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
      .html [@ = htmlfile] -- Reg Error: Key error. File not found
      .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

      [HKEY_USERS\S-1-5-21-861567501-1326574676-725345543-1003\SOFTWARE\Classes\<extension>]
      .html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

      ========== Shell Spawning ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
      exefile [open] -- "%1" %*
      htmlfile [edit] -- Reg Error: Key error.
      htmlfile [open] -- Reg Error: Key error.
      htmlfile [opennew] -- Reg Error: Key error.
      http [open] -- Reg Error: Key error.
      https [open] -- Reg Error: Key error.
      InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Directory [MediaMonkey.1Play] -- "C:\Archivos de programa\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
      Directory [MediaMonkey.2PlayNext] -- "C:\Archivos de programa\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
      Directory [MediaMonkey.3Enqueue] -- "C:\Archivos de programa\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
      Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
      Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

      ========== Security Center Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "AntiVirusDisableNotify" = 0
      "FirewallDisableNotify" = 0
      "UpdatesDisableNotify" = 0
      "AntiVirusOverride" = 0
      "FirewallOverride" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

      ========== System Restore Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
      "DisableSR" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
      "Start" = 4

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
      "Start" = 2

      ========== Firewall Settings ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
      "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
      "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
      "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
      "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

      ========== Authorized Applications List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Archivos de programa\Ares\Ares.exe" = C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
      "C:\Archivos de programa\uTorrent\uTorrent.exe" = C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
      "C:\Documents and Settings\triton\Escritorio\utorrent.exe" = C:\Documents and Settings\triton\Escritorio\utorrent.exe:*:Enabled:µTorrent
      "C:\Archivos de programa\Spotify\spotify.exe" = C:\Archivos de programa\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
      "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
      "C:\Documents and Settings\triton\Datos de programa\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\triton\Datos de programa\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


      ========== HKEY_LOCAL_MACHINE Uninstall List ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      "{02DF80DD-626E-9326-3A28-8BA783F6515E}" = CCC Help Norwegian
      "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
      "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
      "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
      "{1615E9DF-F374-810A-3784-B6DEA8CB51A7}" = CCC Help Dutch
      "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
      "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
      "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
      "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
      "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
      "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
      "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
      "{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
      "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
      "{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
      "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
      "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
      "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{4CAC1E67-0B12-8092-95D4-98FF551D3DA3}" = CCC Help Swedish
      "{4D8AAE09-FC6A-1686-619F-D263DD63C2E9}" = CCC Help French
      "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
      "{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
      "{54FCB76B-E1EA-C9B0-F1BD-1007976A7104}" = CCC Help Turkish
      "{5B0118B9-ED98-8A0D-EAAF-5A171A084431}" = CCC Help Italian
      "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
      "{66BA3D87-812D-C11B-D7EA-A62DD125099E}" = ATI AVIVO Codecs
      "{677D245E-D17A-E31E-F5E9-EE8F9ECCCBC5}" = CCC Help Korean
      "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
      "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
      "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
      "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
      "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      "{7C85D830-CF6C-02E3-77C0-D4A679FF5075}" = CCC Help Finnish
      "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
      "{8086D20B-9B01-E198-CD4B-5EC9B8395050}" = CCC Help Portuguese
      "{8361B1AC-66C4-A926-232B-E5636EC32657}" = CCC Help Hungarian
      "{84D5E6BF-D568-F114-004B-2A07AE21672E}" = Catalyst Control Center
      "{84E6A538-D3AE-4510-B32F-2415361D2770}" = Windows Live Protección Infantil
      "{85A49CD1-7719-CFFA-5CC2-93E26E11FEBC}" = CCC Help Spanish
      "{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
      "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
      "{8BEE434D-78F5-BEFD-2FFC-49ED46F56664}" = CCC Help German
      "{8C851F00-4FC0-40BD-8B69-EACDF4980D8B}" = OpenOffice.org 3.2
      "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
      "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
      "{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
      "{9410B731-BC75-E717-11F5-E818D9A70D93}" = Catalyst Control Center Localization All
      "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{991B8C6E-F16A-DAA5-8283-06BC1844B451}" = CCC Help Danish
      "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      "{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
      "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
      "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
      "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
      "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
      "{A785BC69-2286-1EAE-1766-CA97E4798F81}" = ccc-utility
      "{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
      "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
      "{AAF5F50D-52FD-1969-E383-9323B13B7C39}" = Catalyst Control Center Graphics Previews Common
      "{AC76BA86-7AD7-1034-7B44-A94000000001}" = Adobe Reader 9.4.7 - Español
      "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
      "{AD6AD594-248B-CD12-5D18-45BB8F2878DC}" = Catalyst Control Center InstallProxy
      "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
      "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
      "{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
      "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
      "{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
      "{BFA892D0-E61A-0706-2836-C4A59103FFC6}" = CCC Help Greek
      "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
      "{C2EC61E9-ED62-9613-BAA7-31A3CE6182F7}" = CCC Help Czech
      "{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
      "{C47988DF-05B1-019B-4B18-B4C5D888B2C4}" = CCC Help Thai
      "{CA33D9AB-F574-71D7-0525-1C3BE9B11DFD}" = ATI Catalyst Install Manager
      "{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
      "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
      "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
      "{D2A21E5E-42AA-D1A6-A4FE-7D5191D02320}" = CCC Help Chinese Standard
      "{D4562C37-D551-E593-7BE6-47DC4E87B368}" = CCC Help Russian
      "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
      "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
      "{DB522A0C-4B4A-CC34-FEDA-1233095AC429}" = CCC Help Japanese
      "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
      "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
      "{F0AC7462-712A-5B9B-FB74-A7E44FCB7EE4}" = CCC Help English
      "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
      "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
      "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
      "{F34A7663-6B72-549E-B464-498871F500D9}" = CCC Help Polish
      "{FBF1D27E-9C91-1D03-C6DA-7B03B3BD0C39}" = CCC Help Chinese Traditional
      "0C5EDC3653FED5B121F464339EAC12534D253B25" = Paquete de controladores de Windows - Nokia Modem (02/15/2007 3.1)
      "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Paquete de controladores de Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
      "504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
      "ActiveScan 2.0" = Panda ActiveScan 2.0
      "Ad-Aware" = Ad-Aware
      "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
      "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
      "Ares" = Ares 2.1.1
      "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Paquete de controladores de Windows - Nokia Modem (02/15/2007 3.1)
      "CCleaner" = CCleaner
      "EPSON Scanner" = EPSON Scan
      "EPSON Stylus SX200_SX400_TX200_TX400 Manual de usuario" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
      "EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
      "ESET Online Scanner" = ESET Online Scanner v3
      "Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
      "Glary Utilities_is1" = Glary Utilities 2.20.0.831
      "ie8" = Windows Internet Explorer 8
      "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
      "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
      "JDownloader" = JDownloader
      "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
      "MediaMonkey_is1" = MediaMonkey 3.2
      "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
      "Mozilla Firefox 8.0.1 (x86 es-ES)" = Mozilla Firefox 8.0.1 (x86 es-ES)
      "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
      "Nero8WinuE_is1" = Nero 8.3.2.1
      "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
      "Picasa 3" = Picasa 3
      "Replay Music3.70" = Replay Music
      "RSS Xpress" = RSS Xpress 2.9.22
      "SearchWeb Toolbar" = SearchWeb Toolbar
      "Spotify" = Spotify
      "SpywareBlaster_is1" = SpywareBlaster 4.4
      "ST6UNST #1" = CalculOGametro
      "TeamViewer 4" = TeamViewer 4
      "TomTom HOME" = TomTom HOME 2.8.2.2264
      "uTorrent" = µTorrent
      "VLC media player" = VLC media player 1.1.5
      "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
      "WIC" = Windows Imaging Component
      "Windows Media Format Runtime" = Windows Media Format 11 runtime
      "Windows Media Player" = Reproductor de Windows Media 11
      "Windows XP Service Pack" = Windows XP Service Pack 3
      "WinLiveSuite_Wave3" = Windows Live Essentials
      "WinRAR archiver" = Compresor WinRAR
      "winscp3_is1" = WinSCP 4.1.9
      "WMFDist11" = Windows Media Format 11 runtime
      "wmp11" = Windows Media Player 11
      "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

      ========== HKEY_USERS Uninstall List ==========

      [HKEY_USERS\S-1-5-21-861567501-1326574676-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Dropbox" = Dropbox
      "Google Chrome" = Google Chrome

      ========== Last 10 Event Log Errors ==========

      [ Application Events ]
      Error - 23/11/2011 21:19:26 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
      módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.

      Error - 24/11/2011 21:26:09 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
      módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.

      Error - 30/11/2011 9:53:06 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
      módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.

      Error - 04/12/2011 14:57:02 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104123.

      Error - 15/12/2011 17:40:03 | Computer Name = SERGIO | Source = .NET Runtime | ID = 1023
      Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
      The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
      (79150000) with exit code 8013150a.

      Error - 15/12/2011 17:40:05 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 8.0.1.4341,
      módulo con error: coreclr.dll, versión 4.0.60831.0, dirección de error 0x0013d2a6.

      Error - 13/01/2012 23:01:36 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: iexplore.exe, versión: 8.0.6001.18702, módulo
      con error: unknown, versión 0.0.0.0, dirección de error 0x03054414.

      Error - 01/02/2012 20:39:29 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104494.

      Error - 28/02/2012 18:55:23 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104494.

      Error - 11/03/2012 15:09:01 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104494.

      [ Application Events ]
      Error - 23/11/2011 21:19:26 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
      módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.

      Error - 24/11/2011 21:26:09 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
      módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.

      Error - 30/11/2011 9:53:06 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
      módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.

      Error - 04/12/2011 14:57:02 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104123.

      Error - 15/12/2011 17:40:03 | Computer Name = SERGIO | Source = .NET Runtime | ID = 1023
      Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
      The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
      (79150000) with exit code 8013150a.

      Error - 15/12/2011 17:40:05 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: plugin-container.exe, versión: 8.0.1.4341,
      módulo con error: coreclr.dll, versión 4.0.60831.0, dirección de error 0x0013d2a6.

      Error - 13/01/2012 23:01:36 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: iexplore.exe, versión: 8.0.6001.18702, módulo
      con error: unknown, versión 0.0.0.0, dirección de error 0x03054414.

      Error - 01/02/2012 20:39:29 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104494.

      Error - 28/02/2012 18:55:23 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104494.

      Error - 11/03/2012 15:09:01 | Computer Name = SERGIO | Source = Application Error | ID = 1000
      Description = Aplicación con errores: itunes.exe, versión: 9.0.2.25, módulo con
      error: quicktime.qts, versión 7.65.17.80, dirección de error 0x00104494.

      [ System Events ]
      Error - 11/03/2012 16:40:55 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 17:17:22 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 17:27:45 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 17:44:11 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 19:37:28 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 20:01:05 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 20:53:05 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 21:24:20 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 21:49:30 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127

      Error - 11/03/2012 21:58:55 | Computer Name = SERGIO | Source = Service Control Manager | ID = 7023
      Description = El servicio NLA (Network Location Awareness) terminó con el error:
      %%127


      < End of report >

    3. #3
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.607

      Re: Bloqueo explorer Ramsomware

      Buenas

      Realiza el siguiente procedimiento
      _____________________________

      Paso.- 1






      Paso .-2


      Ejecuta en orden:



      • Ccleaner como lo indica su manual.
      • Malwarebytes’ Anti-Malware En su opción de examen completo , al finalizar presionas Mostrar Resultados y luego
        Quitar lo Seleccionado . si pide reiniciar lo haces.
      • TDSSKILLER como indica su manual.




      • Desactiva temporalmente el Antivirus y/o Antispyware.
        • Cierra todas las ventanas abiertas.
        • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
        • Cuando termine, generará un registro en C:\ComboFix.txt.
          • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
          • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



      *Nota* Si este procedimiento Falla, Intenta ingresar en Modo Seguro con funciones de red y Ejecutas Malwarebytes siguiendo las mismas instrucciones.

      __________________________

      Nos traes los reporte de:

      ° Malwarebytes.
      ° ComboFix.
      ° TDSSKILLER
      ° Nos comentas como funciona tu sistema.

      Saludos.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #4
      Usuario Avatar de spm145
      Registrado
      mar 2006
      Ubicación
      barcelona
      Mensajes
      28

      Re: Bloqueo explorer Ramsomware

      Buenas de nuebo y gracias por la pronta respuesta.

      actualice/pase el Ccleaner y Malwarebytes’ Anti-Malware mas TDSSKiller generandome los txt pero cuando le doy a ComboFix.exe se abre un ventana con letras en verde y en unos segundos desaparece teniendo todo parado y sin tocar ni raton lo volvi a ejecutar y ni nada y no me crea ningun txt en C: por el contrario si me a creado dos accesos al mi pc uno llamado: ComboFix y otro: 32788R22FWJFW al clicar voy a mi pc peor no encuentro ningun .txt generado por combofix por el momento os dejo los otros dos y ya me direis si he hecho algo mal con el combofix,gracias de nuebo.




      Malwarebytes Anti-Malware 1.60.1.1000
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.03.12.01

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      triton :: SERGIO [administrador]

      12/03/2012 10:36:36
      mbam-log-2012-03-12 (10-36-36).txt

      Tipos de Análisis: Análisis Completo
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 481218
      Tiempo transcurrido: 1 hora(s), 40 minuto(s), 39 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 1
      C:\WINDOWS\system32\tmxpflt.dll (Rootkit.0Access) -> Se eliminarán al reiniciar.

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 15
      D:\AzTorrent\de todo\WinRar - 3.62 Spanish + Crack [www.emwreloaded.com]\winrar3.6x.multilanguage-patch.exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      D:\MP3.Doctor.v5.11.049.Incl-Crack\Crack\Patch.exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      C:\WINDOWS\system32\tmxpflt.dll (Rootkit.0Access) -> Se eliminarán al reiniciar.
      C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\X (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\U\00000001.@ (Backdoor.0Access) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\U\000000c0.@ (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\U\000000cb.@ (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\U\000000cf.@ (Trojan.Agent) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\triton\Configuración local\Datos de programa\c15fbfad\U\800000c0.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
      D:\AzTorrent\de todo\programas para edicion video y audio\dvdalab pro\Dvd-Lab Pro 1.53 Traducción Español.exe (Adware.Onlinegames) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.
      C:\Documents and Settings\triton\Configuración local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.
      C:\WINDOWS\system32\config\systemprofile\Configuración local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.
      C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.

      fin)





      12:31:30.0671 0208 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 1743
      12:31:32.0671 0208 ============================================================
      12:31:32.0671 0208 Current date / time: 2012/03/12 12:31:32.0671
      12:31:32.0671 0208 SystemInfo:
      12:31:32.0671 0208
      12:31:32.0671 0208 OS Version: 5.1.2600 ServicePack: 3.0
      12:31:32.0671 0208 Product type: Workstation
      12:31:32.0671 0208 ComputerName: SERGIO
      12:31:32.0671 0208 UserName: triton
      12:31:32.0671 0208 Windows directory: C:\WINDOWS
      12:31:32.0671 0208 System windows directory: C:\WINDOWS
      12:31:32.0671 0208 Processor architecture: Intel x86
      12:31:32.0671 0208 Number of processors: 2
      12:31:32.0671 0208 Page size: 0x1000
      12:31:32.0671 0208 Boot type: Normal boot
      12:31:32.0671 0208 ============================================================
      12:31:35.0156 0208 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
      12:31:35.0156 0208 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
      12:31:35.0171 0208 Drive \Device\Harddisk2\DR4 - Size: 0x755800000 (29.34 Gb), SectorSize: 0x200, Cylinders: 0xEF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
      12:31:35.0171 0208 \Device\Harddisk0\DR0:
      12:31:35.0171 0208 MBR used
      12:31:35.0171 0208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
      12:31:35.0171 0208 \Device\Harddisk1\DR1:
      12:31:35.0171 0208 MBR used
      12:31:35.0171 0208 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
      12:31:35.0171 0208 \Device\Harddisk2\DR4:
      12:31:35.0171 0208 MBR used
      12:31:35.0171 0208 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3AAA000
      12:31:35.0937 0208 Initialize success
      12:31:35.0937 0208 ============================================================
      12:32:08.0265 3732 ============================================================
      12:32:08.0265 3732 Scan started
      12:32:08.0265 3732 Mode: Manual;
      12:32:08.0265 3732 ============================================================
      12:32:09.0187 3732 Abiosdsk - ok
      12:32:09.0218 3732 abp480n5 - ok
      12:32:09.0281 3732 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      12:32:09.0281 3732 ACPI - ok
      12:32:09.0328 3732 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
      12:32:09.0328 3732 ACPIEC - ok
      12:32:09.0359 3732 adpu160m - ok
      12:32:09.0406 3732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      12:32:09.0421 3732 aec - ok
      12:32:09.0468 3732 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
      12:32:09.0468 3732 AFD - ok
      12:32:09.0500 3732 Aha154x - ok
      12:32:09.0531 3732 aic78u2 - ok
      12:32:09.0562 3732 aic78xx - ok
      12:32:09.0609 3732 AliIde - ok
      12:32:09.0640 3732 amsint - ok
      12:32:09.0687 3732 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
      12:32:09.0687 3732 Arp1394 - ok
      12:32:09.0718 3732 asc - ok
      12:32:09.0750 3732 asc3350p - ok
      12:32:09.0828 3732 asc3550 - ok
      12:32:09.0875 3732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      12:32:09.0875 3732 AsyncMac - ok
      12:32:09.0906 3732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      12:32:09.0906 3732 atapi - ok
      12:32:09.0937 3732 Atdisk - ok
      12:32:10.0265 3732 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
      12:32:10.0312 3732 ati2mtag - ok
      12:32:10.0375 3732 AtiHDAudioService (0d6b8359677d05142b624f09c28d643a) C:\WINDOWS\system32\drivers\AtihdXP3.sys
      12:32:10.0375 3732 AtiHDAudioService - ok
      12:32:10.0421 3732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      12:32:10.0421 3732 Atmarpc - ok
      12:32:10.0468 3732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      12:32:10.0468 3732 audstub - ok
      12:32:10.0515 3732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      12:32:10.0515 3732 Beep - ok
      12:32:10.0593 3732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      12:32:10.0593 3732 cbidf2k - ok
      12:32:10.0625 3732 cd20xrnt - ok
      12:32:10.0718 3732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      12:32:10.0718 3732 Cdaudio - ok
      12:32:10.0750 3732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      12:32:10.0750 3732 Cdfs - ok
      12:32:10.0796 3732 Cdrom (e6392dec620a1027b33c4718ed60de47) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      12:32:10.0796 3732 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: e6392dec620a1027b33c4718ed60de47, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
      12:32:10.0796 3732 Cdrom ( Virus.Win32.ZAccess.g ) - infected
      12:32:10.0796 3732 Cdrom - detected Virus.Win32.ZAccess.g (0)
      12:32:10.0843 3732 Changer - ok
      12:32:10.0906 3732 CmdIde - ok
      12:32:10.0968 3732 Cpqarray - ok
      12:32:11.0015 3732 dac2w2k - ok
      12:32:11.0046 3732 dac960nt - ok
      12:32:11.0125 3732 dgderdrv (4f63ff698dc72ec2ec0262427f8b53cb) C:\WINDOWS\system32\drivers\dgderdrv.sys
      12:32:11.0125 3732 dgderdrv - ok
      12:32:11.0203 3732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      12:32:11.0218 3732 Disk - ok
      12:32:11.0343 3732 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
      12:32:11.0453 3732 dmboot - ok
      12:32:11.0578 3732 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
      12:32:11.0765 3732 dmio - ok
      12:32:11.0843 3732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      12:32:11.0843 3732 dmload - ok
      12:32:11.0921 3732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      12:32:11.0953 3732 DMusic - ok
      12:32:12.0031 3732 dpti2o - ok
      12:32:12.0109 3732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      12:32:12.0109 3732 drmkaud - ok
      12:32:12.0234 3732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      12:32:12.0234 3732 Fastfat - ok
      12:32:12.0453 3732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
      12:32:12.0453 3732 Fdc - ok
      12:32:12.0578 3732 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
      12:32:12.0718 3732 FETNDIS - ok
      12:32:12.0828 3732 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
      12:32:12.0828 3732 Fips - ok
      12:32:12.0859 3732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
      12:32:12.0859 3732 Flpydisk - ok
      12:32:12.0906 3732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
      12:32:12.0906 3732 FltMgr - ok
      12:32:12.0968 3732 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
      12:32:12.0968 3732 fssfltr - ok
      12:32:13.0015 3732 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
      12:32:13.0046 3732 FsUsbExDisk - ok
      12:32:13.0078 3732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      12:32:13.0078 3732 Fs_Rec - ok
      12:32:13.0125 3732 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      12:32:13.0125 3732 Ftdisk - ok
      12:32:13.0156 3732 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
      12:32:13.0156 3732 gameenum - ok
      12:32:13.0203 3732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
      12:32:13.0203 3732 GEARAspiWDM - ok
      12:32:13.0234 3732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      12:32:13.0234 3732 Gpc - ok
      12:32:13.0281 3732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
      12:32:13.0281 3732 HDAudBus - ok
      12:32:13.0328 3732 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      12:32:13.0328 3732 hidusb - ok
      12:32:13.0390 3732 hpn - ok
      12:32:13.0453 3732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      12:32:13.0468 3732 HTTP - ok
      12:32:13.0500 3732 i2omgmt - ok
      12:32:13.0546 3732 i2omp - ok
      12:32:13.0593 3732 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      12:32:13.0593 3732 i8042prt - ok
      12:32:13.0640 3732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      12:32:13.0640 3732 Imapi - ok
      12:32:13.0718 3732 ini910u - ok
      12:32:13.0984 3732 IntcAzAudAddService (8cd7f3fb0b2418af79914adb1e265184) C:\WINDOWS\system32\drivers\RtkHDAud.sys
      12:32:14.0000 3732 IntcAzAudAddService - ok
      12:32:14.0046 3732 IntelIde - ok
      12:32:14.0078 3732 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
      12:32:14.0078 3732 intelppm - ok
      12:32:14.0125 3732 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
      12:32:14.0125 3732 ip6fw - ok
      12:32:14.0203 3732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      12:32:14.0203 3732 IpFilterDriver - ok
      12:32:14.0250 3732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      12:32:14.0250 3732 IpInIp - ok
      12:32:14.0296 3732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      12:32:14.0296 3732 IpNat - ok
      12:32:14.0343 3732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      12:32:14.0343 3732 IPSec - ok
      12:32:14.0375 3732 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
      12:32:14.0390 3732 irda - ok
      12:32:14.0406 3732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      12:32:14.0421 3732 IRENUM - ok
      12:32:14.0453 3732 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
      12:32:14.0453 3732 irsir - ok
      12:32:14.0500 3732 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      12:32:14.0500 3732 isapnp - ok
      12:32:14.0531 3732 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      12:32:14.0531 3732 Kbdclass - ok
      12:32:14.0578 3732 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
      12:32:14.0578 3732 kbdhid - ok
      12:32:14.0625 3732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      12:32:14.0625 3732 kmixer - ok
      12:32:14.0656 3732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      12:32:14.0671 3732 KSecDD - ok
      12:32:14.0718 3732 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
      12:32:14.0718 3732 Lbd - ok
      12:32:14.0750 3732 lbrtfdc - ok
      12:32:14.0812 3732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      12:32:14.0812 3732 mnmdd - ok
      12:32:14.0843 3732 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
      12:32:14.0843 3732 Modem - ok
      12:32:14.0890 3732 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      12:32:14.0906 3732 Mouclass - ok
      12:32:14.0937 3732 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
      12:32:14.0937 3732 mouhid - ok
      12:32:14.0968 3732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      12:32:14.0968 3732 MountMgr - ok
      12:32:15.0000 3732 mraid35x - ok
      12:32:15.0031 3732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      12:32:15.0046 3732 MRxDAV - ok
      12:32:15.0093 3732 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      12:32:15.0125 3732 MRxSmb - ok
      12:32:15.0156 3732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      12:32:15.0156 3732 Msfs - ok
      12:32:15.0203 3732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      12:32:15.0203 3732 MSKSSRV - ok
      12:32:15.0234 3732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      12:32:15.0234 3732 MSPCLOCK - ok
      12:32:15.0265 3732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      12:32:15.0265 3732 MSPQM - ok
      12:32:15.0312 3732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      12:32:15.0312 3732 mssmbios - ok
      12:32:15.0343 3732 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
      12:32:15.0359 3732 ms_mpu401 - ok
      12:32:15.0390 3732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
      12:32:15.0406 3732 Mup - ok
      12:32:15.0453 3732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      12:32:15.0453 3732 NDIS - ok
      12:32:15.0484 3732 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      12:32:15.0500 3732 NdisTapi - ok
      12:32:15.0531 3732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      12:32:15.0531 3732 Ndisuio - ok
      12:32:15.0578 3732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      12:32:15.0578 3732 NdisWan - ok
      12:32:15.0625 3732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
      12:32:15.0625 3732 NDProxy - ok
      12:32:15.0656 3732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      12:32:15.0656 3732 NetBIOS - ok
      12:32:15.0703 3732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      12:32:15.0703 3732 NetBT - ok
      12:32:15.0750 3732 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
      12:32:15.0750 3732 NIC1394 - ok
      12:32:15.0828 3732 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
      12:32:15.0843 3732 nmwcd - ok
      12:32:15.0875 3732 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
      12:32:15.0875 3732 nmwcdc - ok
      12:32:15.0906 3732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      12:32:15.0906 3732 Npfs - ok
      12:32:15.0953 3732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      12:32:15.0984 3732 Ntfs - ok
      12:32:16.0015 3732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      12:32:16.0015 3732 Null - ok
      12:32:16.0062 3732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      12:32:16.0062 3732 NwlnkFlt - ok
      12:32:16.0109 3732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      12:32:16.0109 3732 NwlnkFwd - ok
      12:32:16.0140 3732 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
      12:32:16.0140 3732 ohci1394 - ok
      12:32:16.0171 3732 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\DRIVERS\parport.sys
      12:32:16.0187 3732 Parport - ok
      12:32:16.0218 3732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      12:32:16.0218 3732 PartMgr - ok
      12:32:16.0281 3732 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
      12:32:16.0281 3732 ParVdm - ok
      12:32:16.0328 3732 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
      12:32:16.0328 3732 pavboot - ok
      12:32:16.0375 3732 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
      12:32:16.0375 3732 pccsmcfd - ok
      12:32:16.0406 3732 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
      12:32:16.0406 3732 PCI - ok
      12:32:16.0437 3732 PCIDump - ok
      12:32:16.0468 3732 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
      12:32:16.0468 3732 PCIIde - ok
      12:32:16.0515 3732 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
      12:32:16.0531 3732 Pcmcia - ok
      12:32:16.0593 3732 PDCOMP - ok
      12:32:16.0625 3732 PDFRAME - ok
      12:32:16.0671 3732 PDRELI - ok
      12:32:16.0703 3732 PDRFRAME - ok
      12:32:16.0796 3732 perc2 - ok
      12:32:17.0140 3732 perc2hib - ok
      12:32:17.0343 3732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      12:32:17.0390 3732 PptpMiniport - ok
      12:32:17.0453 3732 Processor (d4d8634dfdae3eca83620ee4088f7aa9) C:\WINDOWS\system32\DRIVERS\processr.sys
      12:32:17.0468 3732 Processor - ok
      12:32:17.0562 3732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      12:32:17.0578 3732 PSched - ok
      12:32:17.0859 3732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      12:32:17.0875 3732 Ptilink - ok
      12:32:18.0015 3732 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
      12:32:18.0078 3732 PxHelp20 - ok
      12:32:18.0140 3732 ql1080 - ok
      12:32:18.0218 3732 Ql10wnt - ok
      12:32:18.0359 3732 ql12160 - ok
      12:32:18.0453 3732 ql1240 - ok
      12:32:18.0484 3732 ql1280 - ok
      12:32:18.0781 3732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      12:32:18.0812 3732 RasAcd - ok
      12:32:18.0890 3732 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
      12:32:18.0921 3732 Rasirda - ok
      12:32:19.0062 3732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      12:32:19.0078 3732 Rasl2tp - ok
      12:32:19.0156 3732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      12:32:19.0156 3732 RasPppoe - ok
      12:32:19.0203 3732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      12:32:19.0203 3732 Raspti - ok
      12:32:19.0250 3732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      12:32:19.0250 3732 Rdbss - ok
      12:32:19.0359 3732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      12:32:19.0359 3732 RDPCDD - ok
      12:32:19.0515 3732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      12:32:19.0531 3732 rdpdr - ok
      12:32:19.0687 3732 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
      12:32:19.0687 3732 RDPWD - ok
      12:32:19.0781 3732 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
      12:32:19.0796 3732 redbook - ok
      12:32:19.0921 3732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      12:32:19.0921 3732 Secdrv - ok
      12:32:19.0984 3732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
      12:32:19.0984 3732 serenum - ok
      12:32:20.0015 3732 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\DRIVERS\serial.sys
      12:32:20.0015 3732 Serial - ok
      12:32:20.0078 3732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      12:32:20.0078 3732 Sfloppy - ok
      12:32:20.0125 3732 Simbad - ok
      12:32:20.0171 3732 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
      12:32:20.0171 3732 SONYPVU1 - ok
      12:32:20.0218 3732 Sparrow - ok
      12:32:20.0265 3732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      12:32:20.0265 3732 splitter - ok
      12:32:20.0312 3732 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\System32\DRIVERS\sr.sys
      12:32:20.0328 3732 sr - ok
      12:32:20.0375 3732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
      12:32:20.0390 3732 Srv - ok
      12:32:20.0453 3732 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
      12:32:20.0453 3732 ss_bbus - ok
      12:32:20.0484 3732 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
      12:32:20.0484 3732 ss_bmdfl - ok
      12:32:20.0531 3732 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
      12:32:20.0531 3732 ss_bmdm - ok
      12:32:20.0578 3732 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\WINDOWS\system32\DRIVERS\ss_bserd.sys
      12:32:20.0593 3732 ss_bserd - ok
      12:32:20.0625 3732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      12:32:20.0625 3732 swenum - ok
      12:32:20.0671 3732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      12:32:20.0671 3732 swmidi - ok
      12:32:20.0703 3732 symc810 - ok
      12:32:20.0734 3732 symc8xx - ok
      12:32:20.0765 3732 sym_hi - ok
      12:32:20.0796 3732 sym_u3 - ok
      12:32:20.0828 3732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      12:32:20.0828 3732 sysaudio - ok
      12:32:20.0906 3732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      12:32:20.0921 3732 Tcpip - ok
      12:32:20.0984 3732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      12:32:20.0984 3732 TDPIPE - ok
      12:32:21.0015 3732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      12:32:21.0015 3732 TDTCP - ok
      12:32:21.0062 3732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      12:32:21.0062 3732 TermDD - ok
      12:32:21.0109 3732 TosIde - ok
      12:32:21.0156 3732 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
      12:32:21.0156 3732 uagp35 - ok
      12:32:21.0218 3732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      12:32:21.0218 3732 Udfs - ok
      12:32:21.0234 3732 ultra - ok
      12:32:21.0359 3732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      12:32:21.0375 3732 Update - ok
      12:32:21.0421 3732 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
      12:32:21.0421 3732 upperdev - ok
      12:32:21.0484 3732 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
      12:32:21.0484 3732 USBAAPL - ok
      12:32:21.0531 3732 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
      12:32:21.0531 3732 usbbus - ok
      12:32:21.0593 3732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      12:32:21.0593 3732 usbccgp - ok
      12:32:21.0640 3732 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
      12:32:21.0640 3732 UsbDiag - ok
      12:32:21.0671 3732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      12:32:21.0671 3732 usbehci - ok
      12:32:21.0703 3732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      12:32:21.0718 3732 usbhub - ok
      12:32:21.0750 3732 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
      12:32:21.0750 3732 USBModem - ok
      12:32:21.0781 3732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
      12:32:21.0781 3732 usbprint - ok
      12:32:21.0812 3732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
      12:32:21.0812 3732 usbscan - ok
      12:32:21.0859 3732 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
      12:32:21.0859 3732 UsbserFilt - ok
      12:32:21.0890 3732 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      12:32:21.0890 3732 USBSTOR - ok
      12:32:21.0921 3732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      12:32:21.0921 3732 usbuhci - ok
      12:32:21.0953 3732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      12:32:21.0953 3732 VgaSave - ok
      12:32:21.0984 3732 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
      12:32:21.0984 3732 ViaIde - ok
      12:32:22.0015 3732 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
      12:32:22.0015 3732 VolSnap - ok
      12:32:22.0062 3732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      12:32:22.0062 3732 Wanarp - ok
      12:32:22.0156 3732 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
      12:32:22.0187 3732 Wdf01000 - ok
      12:32:22.0203 3732 WDICA - ok
      12:32:22.0250 3732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      12:32:22.0265 3732 wdmaud - ok
      12:32:22.0343 3732 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
      12:32:22.0343 3732 WpdUsb - ok
      12:32:22.0390 3732 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      12:32:22.0390 3732 WudfPf - ok
      12:32:22.0421 3732 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      12:32:22.0421 3732 WudfRd - ok
      12:32:22.0453 3732 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk0\DR0
      12:32:22.0703 3732 \Device\Harddisk0\DR0 - ok
      12:32:22.0781 3732 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk1\DR1
      12:32:22.0953 3732 \Device\Harddisk1\DR1 - ok
      12:32:22.0968 3732 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
      12:32:22.0968 3732 \Device\Harddisk2\DR4 - ok
      12:32:22.0968 3732 Boot (0x1200) (2e00d2ed053beb83ae8f29072d7a6576) \Device\Harddisk0\DR0\Partition0
      12:32:22.0968 3732 \Device\Harddisk0\DR0\Partition0 - ok
      12:32:22.0968 3732 Boot (0x1200) (a9182094834556f0b6776b4f30dc72e3) \Device\Harddisk1\DR1\Partition0
      12:32:22.0968 3732 \Device\Harddisk1\DR1\Partition0 - ok
      12:32:22.0984 3732 Boot (0x1200) (083f173cc4d83745650c3f58f352ce8c) \Device\Harddisk2\DR4\Partition0
      12:32:22.0984 3732 \Device\Harddisk2\DR4\Partition0 - ok
      12:32:22.0984 3732 ============================================================
      12:32:22.0984 3732 Scan finished
      12:32:22.0984 3732 ============================================================
      12:32:23.0000 3708 Detected object count: 1
      12:32:23.0000 3708 Actual detected object count: 1
      12:32:37.0750 3708 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
      12:32:43.0250 3708 Backup copy found, using it..
      12:32:43.0718 3708 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
      12:33:04.0000 3708 Cdrom ( Virus.Win32.ZAccess.g ) - User select action: Cure
      12:33:38.0437 1940 Deinitialize success

    5. #5
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.607

      Re: Bloqueo explorer Ramsomware

      Buenas


      Antes de continuar, como funciona tu PC ¿?


      Saludos.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de spm145
      Registrado
      mar 2006
      Ubicación
      barcelona
      Mensajes
      28

      Re: Bloqueo explorer Ramsomware

      por el momento parece que normal pero el firefox me a dado un advertencia diciendo que hay algo que intenta hacer una falsa actualizacion. y el tds killer al pasarlo por segunda vez aun me dectecta algo.

    7. #7
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.607

      Re: Bloqueo explorer Ramsomware

      Buenas.


      Trae el reporte de Tdsskiller asi veo ese algo,



      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de spm145
      Registrado
      mar 2006
      Ubicación
      barcelona
      Mensajes
      28

      Re: Bloqueo explorer Ramsomware

      Buenas de nuebo perdona que haya tardado en contestar tube un pequeño problema se me desconfiguraron los drivers del teclado creo que al pasar el SUPERAntiSpyware intentando limpiar aun mas el pc,decir que despues de pelearme para conseguir hacer funcionar el teclado de nuebo volvia a ir lento el pc y repeti los pasos que me diste y ahora el TDSSKiller ya no me detecta nada y parece que comboofix si hizo algo no como la primera vez que se quedaba parado aun que tampoco a generado ningun archivo .txt en C: por el momento va bastante ligero y parece haberse solucionado.

      Ahora tengo unas dudas,en C: se me a creado una carpeta llamada "TDSSKiller_Quarantine" tambien tengo un icono de un ordenador llamado "ComboFix"que es un acceso directo a lo que seria mi pc ademas de una carpeta llamada "Qoobox" de todo esto puedo eliminar borrar,algo,todo,nada???

      Gracias por vuestra ayuda y a ti personalmente Tyny's se agradece mucho siempre recomiendo vuestro foro a todo el mundo ya que haceis una gran lavor gracias de nuebo.

    9. #9
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.607

      Re: Bloqueo explorer Ramsomware

      Buenas.


      Son todos archivos creados por las herramientas de desinfeccion,


      Para terminar solo te quedaría desinstalar CF de la siguiente manera:

      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")


      Si este procedimiento Falla Descarga OTC.exe en el escritorio. Lo ejecutas y presionas Cleanup.



      Consejos Utiles





      ____________________________

      **Tema solucionado** Si queres reabrir el tema hace clic aquique un moderador atendera tu consulta.
      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.

      Saludos.
      Atentamente
      El Equipo de InfoSpyware
      www.infospyware.com
      www.forospyware.com

      Twitter: @InfoSpyware
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.