• Registrarse
  • Iniciar sesión


  • Resultados 1 al 5 de 5

    Virus sgae-policia

    Resumen del tema: Virus sgae-policia - Yo tengo el mismo problema. He pasado el Karpesky rescue 10 y me dejo de salir la pantalla blanca,pero en cualquier modo me sale la pantalla negra en la que si puedo mover el raton,pero ...

      
    1. #1
      Usuario Avatar de papitayranita
      Registrado
      mar 2012
      Ubicación
      Sevilla
      Mensajes
      11

      Virus sgae-policia

      Yo tengo el mismo problema.
      He pasado el Karpesky rescue 10 y me dejo de salir la pantalla blanca,pero en cualquier modo me sale la pantalla negra en la que si puedo mover el raton,pero no aparece mas nada,asi que me baje el polifix,ya que ahora si me deja iniciar el administrador de tareas,ejecute el polifix y cuando termino me reinicio el ordenador.
      Por ahora sigue todo igual,la pantalla negra y sin iconos ni nada,solo puedo ejecutar cosas desde el administrador de tareas.
      Tambien ejecute y actualize el malwarebytes,pero este no encuentra nada.
      Hay alguna solucion?

    2. #2
      FS-Admin
      Avatar de ElPiedra
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      39.945

      Re: Virus sgae-policia

      Hola papitayranita,

      Si tienes acceso al "Símbolo del Sistema" poder probar con la nueva versión de nuestra herramienta PoliFix 2.0.3 siguiendo los pasos descritos en nuestra:



      También puedes generar y dejarnos un reporte de OTL




      Salu2


      PD//Otra utilidad de LiveCD que estamos probando con aparentes buenos resultados es: PandaRescueDisk.ISO.
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de papitayranita
      Registrado
      mar 2012
      Ubicación
      Sevilla
      Mensajes
      11

      Re: Virus sgae-policia

      Buenas,he seguido todos los pasos y nada,y en el simbolo de sistema e ejecutado el polifix 2.0.3 y la cosa sigue igual.Tambien e de decirte que en el modo de simbolo de sistema y de prueba de errores tampoco me salen iconos en el escritorio,todo sale negro y el boton derecho del raton no funciona,asi que he ejecutado polifix con el administrador de tareas.
      Tambien he usado el cd del doctor web,me encuentra varios troyanos y le doy a cure,pero tampoco lo soluciona.
      El ultimo paso que he realizado es pasar el OTL,y el reporte es el siguiente:

      OTL logfile created on: 5/31/2012 6:18:57 PM - Run 1
      OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Daniel\Desktop
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3.75 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 76.07% Memory free
      7.50 Gb Paging File | 6.57 Gb Available in Paging File | 87.59% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 918.88 Gb Total Space | 155.75 Gb Free Space | 16.95% Space Free | Partition Type: NTFS
      Drive D: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

      Computer Name: DANIEL-HP | User Name: Daniel | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/05/31 18:06:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
      PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      PRC - [2012/01/03 1542 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
      PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


      ========== Modules (No Company Name) ==========


      ========== Win32 Services (SafeList) ==========

      SRV:64bit: - [2011/03/22 08:36:20 | 002,421,384 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
      SRV:64bit: - [2010/11/20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
      SRV:64bit: - [2010/08/09 04:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
      SRV:64bit: - [2010/01/04 15:32:34 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
      SRV:64bit: - [2010/01/04 15:32:32 | 000,502,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
      SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
      SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
      SRV:64bit: - [2009/07/14 03:39:46 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\incdrm.dll -- (w200mdm)
      SRV - [2012/04/16 13:54:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
      SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
      SRV - [2012/01/03 1542 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
      SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
      SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
      SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
      SRV - [2010/01/04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
      SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
      SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
      SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
      SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
      DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
      DRV:64bit: - [2012/01/05 1411 | 000,161,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
      DRV:64bit: - [2012/01/05 00:54:58 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
      DRV:64bit: - [2011/11/30 19:37:29 | 000,128,264 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
      DRV:64bit: - [2011/11/23 10:59:45 | 000,149,768 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
      DRV:64bit: - [2011/09/02 22:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
      DRV:64bit: - [2011/09/02 22:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
      DRV:64bit: - [2011/06/02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
      DRV:64bit: - [2011/06/02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
      DRV:64bit: - [2011/06/02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
      DRV:64bit: - [2011/04/28 13:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
      DRV:64bit: - [2011/04/28 13:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
      DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
      DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
      DRV:64bit: - [2011/03/03 01:05:13 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
      DRV:64bit: - [2010/12/21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
      DRV:64bit: - [2010/12/21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
      DRV:64bit: - [2010/12/21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
      DRV:64bit: - [2010/12/21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
      DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
      DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV:64bit: - [2010/11/20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
      DRV:64bit: - [2010/09/15 10:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
      DRV:64bit: - [2010/09/15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
      DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
      DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
      DRV:64bit: - [2010/02/25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
      DRV:64bit: - [2009/10/28 0302 | 000,346,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
      DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
      DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
      DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
      DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
      DRV:64bit: - [2009/07/14 0233 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
      DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
      DRV:64bit: - [2009/07/06 16:33:50 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
      DRV:64bit: - [2009/07/06 16:32:36 | 000,658,432 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
      DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
      DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
      DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
      DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
      DRV:64bit: - [2007/08/13 20:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
      DRV:64bit: - [2006/12/26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
      DRV:64bit: - [2006/12/26 14:54:33 | 000,013,520 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
      DRV - [2010/09/15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
      DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
      DRV - [2006/12/26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
      DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
      IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{D57FCAC6-C66E-4421-93BF-86ABBDEEA303}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
      IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
      IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
      IE - HKLM\..\SearchScopes\{D57FCAC6-C66E-4421-93BF-86ABBDEEA303}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{71868739-05E4-4030-8735-BF3B475D0CF5}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
      IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: ""
      FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb"
      FF - prefs.js..browser.search.order.1: "Search Results"
      FF - prefs.js..browser.search.selectedEngine: ""
      FF - prefs.js..browser.startup.homepage: ""
      FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="
      FF - prefs.js..network.proxy.http: "64.66.192.61"
      FF - prefs.js..network.proxy.http_port: 80
      FF - prefs.js..network.proxy.type: 0
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/17 07:04:01 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2012/03/10 22:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
      [2012/04/29 11:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions
      [2012/03/07 06:47:11 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
      [2012/03/07 06:47:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
      [2012/04/29 11:57:51 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
      [2012/03/07 06:47:11 | 000,000,000 | ---D | M] (uTorrentBar_ES Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}
      [2012/05/31 19:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      [2011/10/17 07:03:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\[email protected]
      [2012/01/26 18:33:07 | 000,002,515 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mvrnnw1e.default\searchplugins\Search_Results.xml
      [2011/10/17 18:51:01 | 000,003,915 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mvrnnw1e.default\searchplugins\sweetim.xml
      [2012/05/10 18:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/03/07 06:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
      [2011/09/30 15:21:36 | 000,627,675 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVRNNW1E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
      [2011/09/15 18:53:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/03/06 15:54:50 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
      [2011/10/16 13:54:41 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      [2011/10/15 18:19:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2011/10/15 18:19:00 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2011/10/15 18:19:00 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/01/26 18:33:07 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
      [2011/10/15 18:19:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2011/10/15 18:19:00 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Iminent (Enabled)
      CHR - default_search_provider: search_url = http://search.iminent.com/?appId=C6DB066E-9587-4E87-A152-34A049AB2D5E&ref=toolbox&q={searchTerms}
      CHR - default_search_provider: suggest_url =
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
      CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
      CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2012/03/04 16:58:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
      O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
      O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
      O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} - No CLSID value found.
      O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
      O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
      O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      O8:64bit: - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
      O8 - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16 - DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} http://estaticosak1.tuenti.com/client_apps/3_TuentiPhotoUploader.31740.cab (TuentiFotoUploader Control)
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
      O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.42.230.24 62.42.63.52
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A919BB0-BF87-4EB1-AEAF-D2FA8A293B14}: DhcpNameServer = 62.42.230.24 62.42.63.52
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\opret0l.exe) - File not found
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
      O31 - SafeBoot: AlternateShell - C:\Users\Daniel\AppData\Local\Temp\opret0l.exe
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{62751497-e7de-11df-9bb7-7071bc2e162b}\Shell - "" = AutoRun
      O33 - MountPoints2\{62751497-e7de-11df-9bb7-7071bc2e162b}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 7 Days ==========

      [2012/05/31 18:06:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
      [2012/05/29 23:28:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
      [2012/05/29 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.WebSigner
      [2012/05/28 21:19:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\A Dos Metros Bajo Tierra-1
      [2012/05/25 17:24:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\NCAA Basketball 09 MME

      ========== Files - Modified Within 7 Days ==========

      [2012/05/31 18:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/05/31 18:13:29 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
      [2012/05/31 18:12:39 | 000,611,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/05/31 18:12:39 | 000,102,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/05/31 18:07:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/05/31 18:07:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/05/31 18:06:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
      [2012/05/31 18:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006UA.job
      [2012/05/31 09:09:23 | 001,555,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/05/31 09:09:23 | 000,703,824 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/05/31 09:09:23 | 000,137,822 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/05/31 08:59:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1004UA.job
      [2012/05/31 08:59:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1004Core.job
      [2012/05/31 08:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005UA.job
      [2012/05/31 08:40:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001UA.job
      [2012/05/31 08:30:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003UA.job
      [2012/05/31 08:23:03 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/05/29 20:00:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003UA.job
      [2012/05/29 15:30:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003Core.job
      [2012/05/29 15:26:14 | 000,234,516 | ---- | M] () -- C:\Users\Daniel\Documents\destinos madrid.pdf
      [2012/05/29 12:05:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006Core.job
      [2012/05/29 11:00:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003Core.job
      [2012/05/28 23:40:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001Core.job
      [2012/05/28 15:57:18 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDaniel.job
      [2012/05/28 09:47:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005Core.job

      ========== Files Created - No Company Name ==========

      [2012/05/29 15:26:12 | 000,234,516 | ---- | C] () -- C:\Users\Daniel\Documents\destinos madrid.pdf
      [2012/05/27 11:55:49 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDaniel.job
      [2012/01/24 14:02:22 | 000,000,448 | -H-- | C] () -- C:\ProgramData\GolksVyHYDoZE9
      [2012/01/24 13:46:31 | 000,000,456 | ---- | C] () -- C:\ProgramData\s74G8nDNhNmFta
      [2012/01/05 00:58:16 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
      [2011/11/28 19:40:27 | 000,000,105 | ---- | C] () -- C:\Windows\winDecrypt.INI
      [2011/09/16 12:17:13 | 000,000,275 | ---- | C] () -- C:\Users\Daniel\AppData\Local\HamsterVideoConverterSettings.cfg
      [2011/09/06 14:25:32 | 000,000,000 | ---- | C] () -- C:\Windows\topocr-demo.INI
      [2011/07/10 19:47:09 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
      [2011/03/08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
      [2011/03/08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
      [2011/03/08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
      [2011/03/08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
      [2011/03/08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
      [2011/01/12 19:39:16 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
      [2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
      [2010/09/06 16:53:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
      [2010/09/03 18:04:15 | 000,000,848 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat
      [2010/09/02 18:05:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
      [2010/09/02 18:05:16 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
      [2010/09/02 18:05:16 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
      [2010/09/02 18:05:15 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
      [2010/09/02 17:58:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2010/07/13 05:13:02 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 24 bytes -> C:\Windows:75D58DE6FB98B89C
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8DAF83BD
      @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

      < End of report >

      Se te ocurre que mas puedo hacer?Gracias por tu ayuda
      Última edición por papitayranita fecha: 31/05/12 a las 13:35:47 Razón: mal funcionameinto del ordenador por virus

    4. #4
      FS-Admin
      Avatar de ElPiedra
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      39.945

      Re: Virus sgae-policia

      Hola papitayranita,

      Hay muchas entradas en el registro de faltantes de archivos y demás cosas...

      Intenta ejecutar ComboFix en lugar de OTL a ver si te deja:



      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacerle doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.




      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de papitayranita
      Registrado
      mar 2012
      Ubicación
      Sevilla
      Mensajes
      11

      Re: Virus sgae-policia

      Wenas,el reporte de combofix es el siguiente:

      ComboFix 12-06-01.01 - Daniel 01/06/2012 12:52:44.1.2 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3839.2589 [GMT 2:00]
      Running from: c:\users\Daniel\Desktop\ComboFix.exe
      AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
      FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
      SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ADS - Windows: deleted 24 bytes in 1 streams.
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\install.exe
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
      c:\users\Daniel\AppData\Local\39524c4e\U
      c:\users\Daniel\AppData\Local\39524c4e\U\80000000.@
      c:\users\Daniel\AppData\Roaming\froot
      c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Defender
      c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
      c:\users\Daniel\Documents\Internet Explorer.lnk
      c:\windows\assembly\tmp\U
      c:\windows\assembly\tmp\U\000000c0.@
      c:\windows\assembly\tmp\U\000000cf.@
      c:\windows\SysWow64\muzapp.exe
      c:\windows\SysWow64\system32
      c:\windows\SysWow64\system32\3DAudio.ax
      c:\windows\SysWow64\system32\avrt.dll
      c:\windows\SysWow64\system32\cis-2.4.dll
      c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
      c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
      c:\windows\SysWow64\system32\issacapi_se-2.3.dll
      c:\windows\SysWow64\system32\MACXMLProto.dll
      c:\windows\SysWow64\system32\MaDRM.dll
      c:\windows\SysWow64\system32\MaJGUILib.dll
      c:\windows\SysWow64\system32\MAMACExtract.dll
      c:\windows\SysWow64\system32\MASetupCleaner.exe
      c:\windows\SysWow64\system32\MaXMLProto.dll
      c:\windows\SysWow64\system32\mfplat.dll
      c:\windows\SysWow64\system32\MK_Lyric.dll
      c:\windows\SysWow64\system32\MSCLib.dll
      c:\windows\SysWow64\system32\MSFLib.dll
      c:\windows\SysWow64\system32\MSLUR71.dll
      c:\windows\SysWow64\system32\msvcp60.dll
      c:\windows\SysWow64\system32\MTTELECHIP.dll
      c:\windows\SysWow64\system32\MTXSYNCICON.dll
      c:\windows\SysWow64\system32\muzaf1.dll
      c:\windows\SysWow64\system32\muzapp.dll
      c:\windows\SysWow64\system32\muzapp.exe
      c:\windows\SysWow64\system32\muzdecode.ax
      c:\windows\SysWow64\system32\muzeffect.ax
      c:\windows\SysWow64\system32\muzmp4sp.ax
      c:\windows\SysWow64\system32\muzmpgsp.ax
      c:\windows\SysWow64\system32\muzoggsp.ax
      c:\windows\SysWow64\system32\muzwmts.dll
      c:\windows\SysWow64\system32\psapi.dll
      c:\windows\XSxS
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
      .
      .
      2012-06-01 11:03 . 2012-06-01 11:23 -------- d-----w- c:\users\Daniel\AppData\Local\temp
      2012-06-01 11:03 . 2012-06-01 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-06-01 05:39 . 2012-06-01 05:39 -------- d-----w- c:\program files (x86)\Common Files\Java
      2012-06-01 05:38 . 2012-06-01 05:38 -------- d-----w- c:\program files (x86)\Oracle
      2012-06-01 05:38 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2012-05-29 21:28 . 2012-05-30 23:29 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
      2012-05-29 13:23 . 2012-05-29 13:23 -------- d-----w- c:\users\Daniel\.WebSigner
      2012-05-19 07:39 . 2012-05-19 12:44 -------- d-----w- c:\programdata\F4D561F30003F13B001EBA2AB4EB2367
      2012-05-11 10:09 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
      2012-05-11 10:09 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
      2012-05-11 10:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-05-11 10:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
      2012-05-11 10:09 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2012-05-11 10:09 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2012-05-11 10:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
      2012-05-11 10:08 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-05-11 10:08 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
      2012-05-11 10:08 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
      2012-05-11 10:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
      2012-05-11 10:08 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
      2012-05-11 10:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
      2012-05-09 07:40 . 2012-06-01 02:56 -------- d-----w- c:\users\Marco
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-04-16 11:54 . 2012-04-16 11:54 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-04-16 11:54 . 2011-06-02 15:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-04-04 13:56 . 2012-03-01 19:10 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-03-27 09:19 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
      2012-03-27 09:19 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      2012-03-08 22:19 . 2012-03-08 22:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
      2012-03-08 22:19 . 2012-03-08 22:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
      2012-03-08 22:19 . 2012-03-08 22:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
      2012-03-08 22:19 . 2012-03-08 22:19 85504 ----a-w- c:\windows\system32\iesetup.dll
      2012-03-08 22:19 . 2012-03-08 22:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
      2012-03-08 22:19 . 2012-03-08 22:19 76800 ----a-w- c:\windows\system32\tdc.ocx
      2012-03-08 22:19 . 2012-03-08 22:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
      2012-03-08 22:19 . 2012-03-08 22:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
      2012-03-08 22:19 . 2012-03-08 22:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
      2012-03-08 22:19 . 2012-03-08 22:19 603648 ----a-w- c:\windows\system32\vbscript.dll
      2012-03-08 22:19 . 2012-03-08 22:19 49664 ----a-w- c:\windows\system32\imgutil.dll
      2012-03-08 22:19 . 2012-03-08 22:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
      2012-03-08 22:19 . 2012-03-08 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
      2012-03-08 22:19 . 2012-03-08 22:19 448512 ----a-w- c:\windows\system32\html.iec
      2012-03-08 22:19 . 2012-03-08 22:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
      2012-03-08 22:19 . 2012-03-08 22:19 367104 ----a-w- c:\windows\SysWow64\html.iec
      2012-03-08 22:19 . 2012-03-08 22:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
      2012-03-08 22:19 . 2012-03-08 22:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
      2012-03-08 22:19 . 2012-03-08 22:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
      2012-03-08 22:19 . 2012-03-08 22:19 222208 ----a-w- c:\windows\system32\msls31.dll
      2012-03-08 22:19 . 2012-03-08 22:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
      2012-03-08 22:19 . 2012-03-08 22:19 165888 ----a-w- c:\windows\system32\iexpress.exe
      2012-03-08 22:19 . 2012-03-08 22:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
      2012-03-08 22:19 . 2012-03-08 22:19 160256 ----a-w- c:\windows\system32\wextract.exe
      2012-03-08 22:19 . 2012-03-08 22:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
      2012-03-08 22:19 . 2012-03-08 22:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
      2012-03-08 22:19 . 2012-03-08 22:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2012-03-08 22:19 . 2012-03-08 22:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
      2012-03-08 22:19 . 2012-03-08 22:19 12288 ----a-w- c:\windows\system32\mshta.exe
      2012-03-08 22:19 . 2012-03-08 22:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
      2012-03-08 22:19 . 2012-03-08 22:19 114176 ----a-w- c:\windows\system32\admparse.dll
      2012-03-08 22:19 . 2012-03-08 22:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
      2012-03-08 22:19 . 2012-03-08 22:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
      2012-03-08 22:19 . 2012-03-08 22:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
      2012-03-07 15:05 . 2012-02-29 22:14 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-21 880496]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
      "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
      "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "EnableShellExecuteHooks"= 1 (0x1)
      .
      [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001
      .
      R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
      R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-03-22 2421384]
      R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
      R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
      R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
      R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
      R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
      R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
      R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
      R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
      R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
      S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
      2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:54]
      .
      2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001Core.job
      - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 13:30]
      .
      2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001UA.job
      - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 13:30]
      .
      2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003Core.job
      - c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
      .
      2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003UA.job
      - c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
      .
      2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005Core.job
      - c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
      .
      2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005UA.job
      - c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
      .
      2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006Core.job
      - c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
      .
      2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006UA.job
      - c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
      .
      2012-05-28 c:\windows\Tasks\HPCeeScheduleForDaniel.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
      .
      2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
      - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
      .
      .
      --------- x86-64 -----------
      .
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      wusb54gv2svc
      rpskt
      w200mdm
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uLocal Page = c:\windows\system32\blank.htm
      uDefault_Search_URL = hxxp://www.google.com/ie
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Buscar en la web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
      TCP: DhcpNameServer = 62.42.230.24 62.42.63.52
      DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} - hxxp://estaticosak1.tuenti.com/client_apps/3_TuentiPhotoUploader.31740.cab
      FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mvrnnw1e.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
      FF - prefs.js: browser.search.selectedEngine -
      FF - prefs.js: browser.startup.homepage -
      FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
      FF - prefs.js: network.proxy.http - 64.66.192.61
      FF - prefs.js: network.proxy.http_port - 80
      FF - prefs.js: network.proxy.type - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
      Toolbar-10 - (no file)
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      Toolbar-10 - (no file)
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      WebBrowser-{DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} - (no file)
      WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
      WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
      AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
      AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
      AddRemove-JClic - c:\windows\system32\javaws.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\windows\SysWOW64\ezSharedSvcHost.exe
      c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
      c:\program files (x86)\Java\jre7\bin\javaws.exe
      c:\program files (x86)\Java\jre7\bin\javaw.exe
      .
      **************************************************************************
      .
      Completion time: 2012-06-01 13:28:50 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-06-01 11:28
      .
      Pre-Run: 168.894.042.112 bytes libres
      Post-Run: 171.726.409.728 bytes libres
      .
      - - End Of File - - CF338A10729D692B92ECFD875FFC30A0

      Ahora parece que todo va bien,menos el internet explorer,ya que el boton derecho del raton no funciona en dicho programa,no podia ni pegar el reporte de combofix asi que e usado el chrome.¿Es esto normal?
      Y por ultimo,¿como desinstalo combofix?¿debo actualizar java para no tener mas problemas con el virus de la sgae-policia?
      Muchas gracias por tu ayuda