• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    Pantallazo Policía

    Resumen del tema: Pantallazo Policía - Hola a todos, mil gracias por anticipado. Estoy sufriendo el virus del pantallazo de la policía. He instalado el OTL y hecho el análisis que adjunto. Agradeceré mucho la ayuda. Saludos OTL logfile created on: ...

      
    1. #1
      Usuario Avatar de polpol
      Registrado
      ago 2012
      Ubicación
      Spain
      Mensajes
      5

      Pantallazo Policía

      Hola a todos, mil gracias por anticipado. Estoy sufriendo el virus del pantallazo de la policía. He instalado el OTL y hecho el análisis que adjunto. Agradeceré mucho la ayuda. Saludos

      OTL logfile created on: 19/08/2012 18:37:21 - Run 2
      OTL by OldTimer - Version 3.2.58.0 Folder = D:\Users\Pablo\Desktop\OTL
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      7,97 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,69% Memory free
      15,94 Gb Paging File | 13,77 Gb Available in Paging File | 86,41% Paging File free
      Paging file location(s): d:\pagefile.sys 0 0 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 32,00 Gb Total Space | 15,94 Gb Free Space | 49,81% Space Free | Partition Type: NTFS
      Drive D: | 899,51 Gb Total Space | 617,26 Gb Free Space | 68,62% Space Free | Partition Type: NTFS

      Computer Name: AMD-FX8150 | User Name: Pablo | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - D:\Users\Pablo\Desktop\OTL\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
      PRC - D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
      PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
      PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
      PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
      PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
      PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


      ========== Modules (No Company Name) ==========

      MOD - D:\Users\Pablo\AppData\Local\Temp\sfamcc00001.dll ()
      MOD - D:\Users\Pablo\AppData\Local\Temp\sfareca00001.dll ()
      MOD - D:\Users\Pablo\AppData\Local\Temp\install_0_msi.exe ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
      MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
      MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\es-ES\THXAudio.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()


      ========== Win32 Services (SafeList) ==========

      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
      SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
      SRV:64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
      SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
      DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
      DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
      DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
      DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
      DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
      DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
      DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
      DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
      DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
      DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
      DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
      DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
      DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
      DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
      DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
      DRV - (NTIOLib_1_0_2) -- C:\Program Files (x86)\MSI\BIOS Code Unlocked Technology\NTIOLib_X64.sys (MSI)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F BC 54 54 A9 CC 01 [binary data]
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..\SearchScopes,DefaultScope = {EEB56BE8-7ECF-4205-B6DA-5987966824B6}
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..\SearchScopes\{EEB56BE8-7ECF-4205-B6DA-5987966824B6}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: ""
      FF - prefs.js..browser.search.selectedEngine: ""
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/14 01:25:51 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 23:40:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2011/11/22 22:24:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Pablo\AppData\Roaming\Mozilla\Extensions
      [2012/03/24 13:42:17 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Pablo\AppData\Roaming\Mozilla\Firefox\Profiles\fu3apdkl.default\extensions
      [2012/03/30 21:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/03/30 21:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
      [2012/03/24 13:42:17 | 000,032,381 | ---- | M] () (No name found) -- D:\USERS\PABLO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FU3APDKL.DEFAULT\EXTENSIONS\[email protected]
      [2012/03/02 16:51:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/03/02 16:51:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/03/02 16:51:46 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/03/02 16:51:46 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/03/02 16:51:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/03/02 16:51:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/03/02 16:51:46 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/08/19 18:13:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
      O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
      O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
      O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
      O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
      O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
      O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
      O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Program Files (x86)\DNIe\udcs.exe ()
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found
      O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
      O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
      O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - Startup: D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
      O16 - DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab (CtlTGVI Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab (OAdedinet Class)
      O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab (AeatCtl Class)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{706FA2C3-E9EE-4B37-81D7-B43AAFB69860}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{9fbe48ac-1567-11e1-bf09-8c89a533edb3}\Shell - "" = AutoRun
      O33 - MountPoints2\{9fbe48ac-1567-11e1-bf09-8c89a533edb3}\Shell\AutoRun\command - "" = F:\autorun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (lsdelete)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

      MsConfig:64bit - StartUpReg: PdfAgent1050 - hkey= - key= - D:\Users\Pablo\AppData\Local\Cyclon\Cyclon1050\pdfagent.exe ()
      MsConfig:64bit - StartUpReg: PdfFrame1050 - hkey= - key= - D:\Users\Pablo\AppData\Local\Cyclon\Cyclon1050\frpdf.exe ()
      MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
      MsConfig:64bit - State: "services" - Reg Error: Key error.
      MsConfig:64bit - State: "startup" - Reg Error: Key error.

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/08/19 18:06:31 | 000,000,000 | ---D | C] -- D:\Users\Pablo\Desktop\OTL
      [2012/08/19 16:57:14 | 000,000,000 | ---D | C] -- C:\Windows\rescache
      [2012/08/06 02:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
      [2012/07/31 02:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
      [2012/07/31 02:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
      [2012/07/31 02:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

      ========== Files - Modified Within 30 Days ==========

      [2012/08/19 18:21:43 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/08/19 18:21:43 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/08/19 18:14:39 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
      [2012/08/19 18:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/08/19 18:13:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
      [2012/08/19 18:03:53 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
      [2012/08/19 17:16:44 | 000,289,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/08/17 03:11:40 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
      [2012/08/17 03:08:03 | 000,001,787 | ---- | M] () -- D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      [2012/08/17 03:06:53 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
      [2012/08/17 03:06:53 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
      [2012/08/13 13:01:05 | 000,060,044 | ---- | M] () -- D:\Users\Pablo\Desktop\Solicitud Comisión Servicio Pablo Villalba Controlador.pdf
      [2012/08/13 12:34:06 | 001,555,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/08/13 12:34:06 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/08/13 12:34:06 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/08/13 12:34:06 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/08/13 12:34:06 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/07/26 01:58:28 | 000,102,626 | ---- | M] () -- D:\Users\Pablo\Desktop\FORMACION FIO.pdf

      ========== Files Created - No Company Name ==========

      [2012/08/19 18:02:09 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
      [2012/08/19 16:33:45 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
      [2012/08/17 03:11:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
      [2012/08/17 03:08:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
      [2012/08/17 03:08:03 | 000,001,787 | ---- | C] () -- D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      [2012/08/13 13:00:52 | 000,060,044 | ---- | C] () -- D:\Users\Pablo\Desktop\Solicitud Comisión Servicio Pablo Villalba Controlador.pdf
      [2012/07/26 01:58:28 | 000,102,626 | ---- | C] () -- D:\Users\Pablo\Desktop\FORMACION FIO.pdf
      [2012/07/14 01:28:04 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
      [2012/06/22 02:02:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\adedinet.dll
      [2012/04/20 02:01:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
      [2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
      [2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
      [2011/11/29 23:09:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
      [2011/11/29 23:09:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
      [2011/11/23 04:27:37 | 000,000,017 | ---- | C] () -- D:\Users\Pablo\AppData\Local\resmon.resmoncfg
      [2011/11/23 03:42:16 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2011/11/23 03:19:28 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2011/11/23 02:19:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011/11/23 02:05:34 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
      [2011/11/23 02:05:34 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
      [2011/11/23 02:05:34 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
      [2011/11/23 02:05:33 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
      [2011/11/23 02:05:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
      [2011/11/23 00:07:55 | 000,022,443 | ---- | C] () -- D:\Users\Pablo\default.br2
      [2011/11/23 00:07:55 | 000,001,442 | ---- | C] () -- D:\Users\Pablo\default.bar
      [2011/11/23 00:07:49 | 000,004,499 | ---- | C] () -- D:\Users\Pablo\wincmd.ini
      [2011/11/22 22:07:54 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
      [2011/11/22 22:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
      [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
      [2011/02/10 06:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

      ========== LOP Check ==========

      [2012/03/03 02:27:58 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Audacity
      [2011/11/23 02:16:09 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\DAEMON Tools Lite
      [2011/11/23 02:46:43 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\DeepBurner
      [2012/01/24 02:20:07 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Downloaded Installations
      [2012/08/19 18:15:33 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Dropbox
      [2011/11/23 16:32:37 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\ImgBurn
      [2012/07/13 18:12:40 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\MiniLyrics
      [2012/08/13 13:01:04 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Nitro PDF
      [2012/07/14 01:24:19 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\OpenCandy
      [2012/07/14 01:34:20 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\pdfforge
      [2011/12/08 18:19:12 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\TeamViewer
      [2011/11/23 02:35:54 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Toshiba
      [2012/01/11 02:55:02 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\UDC Profiles
      [2012/01/20 18:08:41 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Youtube Downloader HD
      [2012/08/19 18:14:39 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
      [2012/05/12 18:19:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/08/19 18:14:24 | 000,003,393 | ---- | M] () -- C:\aaw7boot.log
      [2010/11/21 05:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2008/01/02 01:13:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2011/11/22 21:41:32 | 000,000,000 | RHS- | M] () -- C:\eajb.ld
      [2011/11/22 21:41:32 | 000,294,595 | RHS- | M] () -- C:\GCAEK
      [2012/04/12 21:04:55 | 000,000,096 | ---- | M] () -- C:\rtve.txt

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 46 bytes -> D:\Users\Pablo\Desktop\20110917 Guadamur.MP4:com.dropbox.attributes

      < End of report >

    2. #2
      Usuario Avatar de francisco_0
      Registrado
      oct 2011
      Ubicación
      Guatemala
      Mensajes
      85

      Articulo Re: Pantallazo Policía

      Hola Amigo perdón por la confusión pero te dejo que hacer :D

      Descarga el Polifix:

      PoliFix 2.0.5 (by InfoSpyware) | InfoSpyware

      Pasos para usarlo:

      1- Descarga PoliFix en una memoria USB desde otro PC
      2- Inicia el PC infectado en Modo a prueba de errores
      3- Conecta el pendrive en el ordenador
      4- Ejecuta PoliFix desde el pendrive y espera

      Este genera el log en

      C:\PoliFix-log.txt en donde muestra las acciones realizadas.

      Analizas y me pasas el log..

      Saludos!
      Última edición por francisco_0 fecha: 20/08/12 a las 20:44:35 Razón: Falto información acerca del uso de la aplicación

    3. #3
      Usuario Avatar de polpol
      Registrado
      ago 2012
      Ubicación
      Spain
      Mensajes
      5

      Re: Pantallazo Policía

      Muy buenas, y mil gracias por tu respuesta. Te adjunto el resultado del análisis hecho con el OTL. Intentaré hacerlo también con el polifix, que de momento no soy capaz. Saludos












      OTL logfile created on: 19/08/2012 18:37:21 - Run 2
      OTL by OldTimer - Version 3.2.58.0 Folder = D:\Users\Pablo\Desktop\OTL
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      7,97 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,69% Memory free
      15,94 Gb Paging File | 13,77 Gb Available in Paging File | 86,41% Paging File free
      Paging file location(s): d:\pagefile.sys 0 0 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 32,00 Gb Total Space | 15,94 Gb Free Space | 49,81% Space Free | Partition Type: NTFS
      Drive D: | 899,51 Gb Total Space | 617,26 Gb Free Space | 68,62% Space Free | Partition Type: NTFS

      Computer Name: AMD-FX8150 | User Name: Pablo | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - D:\Users\Pablo\Desktop\OTL\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
      PRC - D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
      PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
      PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
      PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
      PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
      PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


      ========== Modules (No Company Name) ==========

      MOD - D:\Users\Pablo\AppData\Local\Temp\sfamcc00001.dll ()
      MOD - D:\Users\Pablo\AppData\Local\Temp\sfareca00001.dll ()
      MOD - D:\Users\Pablo\AppData\Local\Temp\install_0_msi.exe ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
      MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
      MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\es-ES\THXAudio.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()


      ========== Win32 Services (SafeList) ==========

      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
      SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
      SRV:64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
      SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
      DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
      DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
      DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
      DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
      DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
      DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
      DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
      DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
      DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
      DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
      DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
      DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
      DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
      DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
      DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
      DRV - (NTIOLib_1_0_2) -- C:\Program Files (x86)\MSI\BIOS Code Unlocked Technology\NTIOLib_X64.sys (MSI)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F BC 54 54 A9 CC 01 [binary data]
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..\SearchScopes,DefaultScope = {EEB56BE8-7ECF-4205-B6DA-5987966824B6}
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..\SearchScopes\{EEB56BE8-7ECF-4205-B6DA-5987966824B6}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: ""
      FF - prefs.js..browser.search.selectedEngine: ""
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/14 01:25:51 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 23:40:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2011/11/22 22:24:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Pablo\AppData\Roaming\Mozilla\Extensions
      [2012/03/24 13:42:17 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Pablo\AppData\Roaming\Mozilla\Firefox\Profiles\fu3apdkl.default\extensions
      [2012/03/30 21:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/03/30 21:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
      [2012/03/24 13:42:17 | 000,032,381 | ---- | M] () (No name found) -- D:\USERS\PABLO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FU3APDKL.DEFAULT\EXTENSIONS\[email protected]
      [2012/03/02 16:51:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/03/02 16:51:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/03/02 16:51:46 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/03/02 16:51:46 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/03/02 16:51:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/03/02 16:51:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/03/02 16:51:46 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/08/19 18:13:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
      O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
      O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
      O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
      O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
      O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
      O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
      O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Program Files (x86)\DNIe\udcs.exe ()
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found
      O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
      O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
      O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - Startup: D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKU\S-1-5-21-3990244059-3011912875-2109899910-1000\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
      O16 - DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab (CtlTGVI Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab (OAdedinet Class)
      O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab (AeatCtl Class)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{706FA2C3-E9EE-4B37-81D7-B43AAFB69860}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{9fbe48ac-1567-11e1-bf09-8c89a533edb3}\Shell - "" = AutoRun
      O33 - MountPoints2\{9fbe48ac-1567-11e1-bf09-8c89a533edb3}\Shell\AutoRun\command - "" = F:\autorun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (lsdelete)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

      MsConfig:64bit - StartUpReg: PdfAgent1050 - hkey= - key= - D:\Users\Pablo\AppData\Local\Cyclon\Cyclon1050\pdfagent.exe ()
      MsConfig:64bit - StartUpReg: PdfFrame1050 - hkey= - key= - D:\Users\Pablo\AppData\Local\Cyclon\Cyclon1050\frpdf.exe ()
      MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
      MsConfig:64bit - State: "services" - Reg Error: Key error.
      MsConfig:64bit - State: "startup" - Reg Error: Key error.

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/08/19 18:06:31 | 000,000,000 | ---D | C] -- D:\Users\Pablo\Desktop\OTL
      [2012/08/19 16:57:14 | 000,000,000 | ---D | C] -- C:\Windows\rescache
      [2012/08/06 02:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
      [2012/07/31 02:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
      [2012/07/31 02:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
      [2012/07/31 02:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

      ========== Files - Modified Within 30 Days ==========

      [2012/08/19 18:21:43 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/08/19 18:21:43 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/08/19 18:14:39 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
      [2012/08/19 18:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/08/19 18:13:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
      [2012/08/19 18:03:53 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
      [2012/08/19 17:16:44 | 000,289,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/08/17 03:11:40 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
      [2012/08/17 03:08:03 | 000,001,787 | ---- | M] () -- D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      [2012/08/17 03:06:53 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
      [2012/08/17 03:06:53 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
      [2012/08/13 13:01:05 | 000,060,044 | ---- | M] () -- D:\Users\Pablo\Desktop\Solicitud Comisión Servicio Pablo Villalba Controlador.pdf
      [2012/08/13 12:34:06 | 001,555,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/08/13 12:34:06 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/08/13 12:34:06 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/08/13 12:34:06 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/08/13 12:34:06 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/07/26 01:58:28 | 000,102,626 | ---- | M] () -- D:\Users\Pablo\Desktop\FORMACION FIO.pdf

      ========== Files Created - No Company Name ==========

      [2012/08/19 18:02:09 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
      [2012/08/19 16:33:45 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
      [2012/08/17 03:11:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
      [2012/08/17 03:08:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
      [2012/08/17 03:08:03 | 000,001,787 | ---- | C] () -- D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      [2012/08/13 13:00:52 | 000,060,044 | ---- | C] () -- D:\Users\Pablo\Desktop\Solicitud Comisión Servicio Pablo Villalba Controlador.pdf
      [2012/07/26 01:58:28 | 000,102,626 | ---- | C] () -- D:\Users\Pablo\Desktop\FORMACION FIO.pdf
      [2012/07/14 01:28:04 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
      [2012/06/22 02:02:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\adedinet.dll
      [2012/04/20 02:01:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
      [2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
      [2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
      [2011/11/29 23:09:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
      [2011/11/29 23:09:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
      [2011/11/23 04:27:37 | 000,000,017 | ---- | C] () -- D:\Users\Pablo\AppData\Local\resmon.resmoncfg
      [2011/11/23 03:42:16 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2011/11/23 03:19:28 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2011/11/23 02:19:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011/11/23 02:05:34 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
      [2011/11/23 02:05:34 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
      [2011/11/23 02:05:34 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
      [2011/11/23 02:05:33 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
      [2011/11/23 02:05:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
      [2011/11/23 00:07:55 | 000,022,443 | ---- | C] () -- D:\Users\Pablo\default.br2
      [2011/11/23 00:07:55 | 000,001,442 | ---- | C] () -- D:\Users\Pablo\default.bar
      [2011/11/23 00:07:49 | 000,004,499 | ---- | C] () -- D:\Users\Pablo\wincmd.ini
      [2011/11/22 22:07:54 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
      [2011/11/22 22:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
      [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
      [2011/02/10 06:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

      ========== LOP Check ==========

      [2012/03/03 02:27:58 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Audacity
      [2011/11/23 02:16:09 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\DAEMON Tools Lite
      [2011/11/23 02:46:43 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\DeepBurner
      [2012/01/24 02:20:07 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Downloaded Installations
      [2012/08/19 18:15:33 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Dropbox
      [2011/11/23 16:32:37 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\ImgBurn
      [2012/07/13 18:12:40 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\MiniLyrics
      [2012/08/13 13:01:04 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Nitro PDF
      [2012/07/14 01:24:19 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\OpenCandy
      [2012/07/14 01:34:20 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\pdfforge
      [2011/12/08 18:19:12 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\TeamViewer
      [2011/11/23 02:35:54 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Toshiba
      [2012/01/11 02:55:02 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\UDC Profiles
      [2012/01/20 18:08:41 | 000,000,000 | ---D | M] -- D:\Users\Pablo\AppData\Roaming\Youtube Downloader HD
      [2012/08/19 18:14:39 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
      [2012/05/12 18:19:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/08/19 18:14:24 | 000,003,393 | ---- | M] () -- C:\aaw7boot.log
      [2010/11/21 05:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2008/01/02 01:13:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2011/11/22 21:41:32 | 000,000,000 | RHS- | M] () -- C:\eajb.ld
      [2011/11/22 21:41:32 | 000,294,595 | RHS- | M] () -- C:\GCAEK
      [2012/04/12 21:04:55 | 000,000,096 | ---- | M] () -- C:\rtve.txt

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 46 bytes -> D:\Users\Pablo\Desktop\20110917 Guadamur.MP4:com.dropbox.attributes

      < End of report >

    4. #4
      Usuario Avatar de polpol
      Registrado
      ago 2012
      Ubicación
      Spain
      Mensajes
      5

      Re: Pantallazo Policía

      Este está más actualizado... Sigo intentando el del polifix... Gracias




      OTL logfile created on: 26/08/2012 16:48:15 - Run 3
      OTL by OldTimer - Version 3.2.58.0 Folder = D:\Users\Pablo\Desktop\OTL
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      7,97 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 80,04% Memory free
      15,94 Gb Paging File | 14,29 Gb Available in Paging File | 89,65% Paging File free
      Paging file location(s): d:\pagefile.sys 0 0 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 32,00 Gb Total Space | 15,28 Gb Free Space | 47,75% Space Free | Partition Type: NTFS
      Drive D: | 899,51 Gb Total Space | 604,03 Gb Free Space | 67,15% Space Free | Partition Type: NTFS

      Computer Name: AMD-FX8150 | User Name: Pablo | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
      PRC - D:\Users\Pablo\Desktop\OTL\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
      PRC - D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
      PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
      PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
      PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
      PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
      PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


      ========== Modules (No Company Name) ==========

      MOD - D:\Users\Pablo\AppData\Local\Temp\sfamcc00001.dll ()
      MOD - D:\Users\Pablo\AppData\Local\Temp\sfareca00001.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
      MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
      MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\es-ES\THXAudio.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()


      ========== Win32 Services (SafeList) ==========

      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
      SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
      SRV:64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
      SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
      DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
      DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
      DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
      DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
      DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
      DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
      DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
      DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
      DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
      DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
      DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
      DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
      DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
      DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
      DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
      DRV - (NTIOLib_1_0_2) -- C:\Program Files (x86)\MSI\BIOS Code Unlocked Technology\NTIOLib_X64.sys (MSI)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F BC 54 54 A9 CC 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {EEB56BE8-7ECF-4205-B6DA-5987966824B6}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{EEB56BE8-7ECF-4205-B6DA-5987966824B6}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: ""
      FF - prefs.js..browser.search.selectedEngine: ""
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
      FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/14 01:25:51 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 23:40:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2011/11/22 22:24:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Pablo\AppData\Roaming\Mozilla\Extensions
      [2012/03/24 13:42:17 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Pablo\AppData\Roaming\Mozilla\Firefox\Profiles\fu3apdkl.default\extensions
      [2012/03/30 21:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/03/30 21:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
      [2012/03/24 13:42:17 | 000,032,381 | ---- | M] () (No name found) -- D:\USERS\PABLO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FU3APDKL.DEFAULT\EXTENSIONS\[email protected]
      [2012/03/02 16:51:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/03/02 16:51:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/03/02 16:51:46 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/03/02 16:51:46 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/03/02 16:51:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/03/02 16:51:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/03/02 16:51:46 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/08/19 18:13:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
      O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
      O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
      O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
      O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
      O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
      O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
      O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Program Files (x86)\DNIe\udcs.exe ()
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found
      O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
      O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
      O4 - Startup: D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
      O16 - DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab (CtlTGVI Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab (OAdedinet Class)
      O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab (AeatCtl Class)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{706FA2C3-E9EE-4B37-81D7-B43AAFB69860}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{9fbe48ac-1567-11e1-bf09-8c89a533edb3}\Shell - "" = AutoRun
      O33 - MountPoints2\{9fbe48ac-1567-11e1-bf09-8c89a533edb3}\Shell\AutoRun\command - "" = F:\autorun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (lsdelete)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/08/26 16:36:07 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
      [2012/08/26 16:36:03 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      [2012/08/19 18:51:56 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
      [2012/08/19 18:51:56 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
      [2012/08/19 18:51:56 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
      [2012/08/19 18:51:51 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
      [2012/08/19 18:51:51 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
      [2012/08/19 18:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
      [2012/08/19 18:06:31 | 000,000,000 | ---D | C] -- D:\Users\Pablo\Desktop\OTL
      [2012/08/19 17:13:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
      [2012/08/19 17:13:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
      [2012/08/19 17:13:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
      [2012/08/19 17:13:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
      [2012/08/19 17:13:42 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
      [2012/08/19 17:13:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
      [2012/08/19 17:13:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
      [2012/08/19 17:13:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
      [2012/08/19 17:13:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
      [2012/08/19 17:13:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
      [2012/08/19 17:13:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
      [2012/08/19 17:13:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
      [2012/08/19 17:13:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
      [2012/08/19 17:11:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
      [2012/08/19 17:11:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
      [2012/08/19 17:11:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
      [2012/08/19 17:11:38 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
      [2012/08/19 17:11:37 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
      [2012/08/19 17:11:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
      [2012/08/19 17:11:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
      [2012/08/19 17:11:35 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
      [2012/08/19 16:57:14 | 000,000,000 | ---D | C] -- C:\Windows\rescache
      [2012/08/06 02:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
      [2012/07/31 02:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
      [2012/07/31 02:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
      [2012/07/31 02:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

      ========== Files - Modified Within 30 Days ==========

      [2012/08/26 16:46:01 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
      [2012/08/26 16:45:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/08/26 16:36:01 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
      [2012/08/26 16:36:01 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
      [2012/08/26 16:36:01 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
      [2012/08/26 16:36:01 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
      [2012/08/26 16:36:01 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      [2012/08/26 16:31:08 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/08/26 16:31:08 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/08/26 16:08:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
      [2012/08/25 19:49:57 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
      [2012/08/25 19:49:57 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
      [2012/08/20 21:03:53 | 000,917,720 | ---- | M] () -- D:\Users\Pablo\Desktop\permuta 001.jpg
      [2012/08/19 18:51:48 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
      [2012/08/19 18:51:48 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
      [2012/08/19 18:51:48 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
      [2012/08/19 18:51:48 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
      [2012/08/19 18:51:48 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
      [2012/08/19 18:13:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
      [2012/08/19 17:16:44 | 000,289,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/08/17 03:11:40 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
      [2012/08/13 13:01:05 | 000,060,044 | ---- | M] () -- D:\Users\Pablo\Desktop\Solicitud Comisión Servicio Pablo Villalba Controlador.pdf
      [2012/08/13 12:34:06 | 001,555,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/08/13 12:34:06 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/08/13 12:34:06 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/08/13 12:34:06 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/08/13 12:34:06 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/07/31 16:04:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
      [2012/07/31 16:04:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      [2012/07/28 05:48:35 | 1700,517,888 | ---- | M] () -- D:\Users\Pablo\Desktop\Les.Luthiers.-.(2009).Lutherapia.(Spanish).DVD-Rip.XviD-AC3.by.lailopimo07-Eugen.(tusseries-filibusteros).avi

      ========== Files Created - No Company Name ==========

      [2012/08/26 16:46:01 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
      [2012/08/20 21:02:10 | 000,917,720 | ---- | C] () -- D:\Users\Pablo\Desktop\permuta 001.jpg
      [2012/08/19 16:33:45 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
      [2012/08/17 03:11:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
      [2012/08/17 03:08:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
      [2012/08/13 13:00:52 | 000,060,044 | ---- | C] () -- D:\Users\Pablo\Desktop\Solicitud Comisión Servicio Pablo Villalba Controlador.pdf
      [2012/07/30 11:45:56 | 1700,517,888 | ---- | C] () -- D:\Users\Pablo\Desktop\Les.Luthiers.-.(2009).Lutherapia.(Spanish).DVD-Rip.XviD-AC3.by.lailopimo07-Eugen.(tusseries-filibusteros).avi
      [2012/07/14 01:28:04 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
      [2012/06/22 02:02:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\adedinet.dll
      [2012/04/20 02:01:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
      [2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
      [2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
      [2011/11/29 23:09:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
      [2011/11/29 23:09:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
      [2011/11/23 04:27:37 | 000,000,017 | ---- | C] () -- D:\Users\Pablo\AppData\Local\resmon.resmoncfg
      [2011/11/23 03:42:16 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2011/11/23 03:19:28 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2011/11/23 02:19:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011/11/23 02:05:34 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
      [2011/11/23 02:05:34 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
      [2011/11/23 02:05:34 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
      [2011/11/23 02:05:33 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
      [2011/11/23 02:05:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
      [2011/11/23 00:07:55 | 000,022,443 | ---- | C] () -- D:\Users\Pablo\default.br2
      [2011/11/23 00:07:55 | 000,001,442 | ---- | C] () -- D:\Users\Pablo\default.bar
      [2011/11/23 00:07:49 | 000,004,499 | ---- | C] () -- D:\Users\Pablo\wincmd.ini
      [2011/11/22 22:07:54 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
      [2011/11/22 22:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
      [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
      [2011/02/10 06:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 46 bytes -> D:\Users\Pablo\Desktop\20110917 Guadamur.MP4:com.dropbox.attributes

      < End of report >

    5. #5
      Usuario Avatar de francisco_0
      Registrado
      oct 2011
      Ubicación
      Guatemala
      Mensajes
      85

      Re: Pantallazo Policía

      Que reporte mas bestial del OTL

      Pasame el log de polifix cuando lo puedas usar
      ya que OTL dudo que repare el pantallazo del virus

      Saludos!

    6. #6
      Usuario Avatar de polpol
      Registrado
      ago 2012
      Ubicación
      Spain
      Mensajes
      5

      Re: Pantallazo Policía

      Ok, hecho. Ahí va el reporte...




      //////////////////// PoliFix 2.0.5 By InfoSpyware ////////////////////

      Ejecutado Deste: D:\Users\Pablo\Desktop\OTL\POLIFIX\polifix.exe
      Fecha: 26/08/2012 | Hora: 16:55:23
      Sistema Operativo: Windows 7 De X64 Bits
      Modo De Arranque: Modo Normal
      Usuario: Pablo | (Administrador)
      Antivirus: Lavasoft Ad-Watch Live! Anti-Virus
      AntiSpyware: Windows Defender
      AntiSpyware: Lavasoft Ad-Watch Live!
      Version De Java 32: 7.0.60.24
      Version De Java 64: 7.0.50.6
      Punto de Restauracion: PoliFix_2.0.5


      ============================ Malwares Eliminados ============================



      ============================ Heuristica ============================


      ============================ Startup ============================

      HKLM64 - Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
      HKLM64 - Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
      HKLM - Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
      HKLM - Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
      HKLM - Run: [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
      HKLM - Run: [THX Audio Control Panel] - "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
      HKLM - Run: [ITSecMng] - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
      HKLM - Run: [RegistrarUsrDNIeCertStoreDLL] - "C:\Program Files (x86)\DNIe\udcs.exe"
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM - Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      HKLM - Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      HKLM - Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
      HKLM - Run: [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
      HKLM - Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      Startup: D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe


      ============================ Scan Suplementario ============================

      C:\ProgramData\23lldnur.pad
      C:\ProgramData\AMD
      C:\ProgramData\Apple
      C:\ProgramData\Apple Computer
      C:\ProgramData\Application Data
      C:\ProgramData\Ask
      C:\ProgramData\ATI
      C:\ProgramData\DAEMON Tools Lite
      C:\ProgramData\Desktop
      C:\ProgramData\Documents
      C:\ProgramData\Downloaded Installations
      C:\ProgramData\Favorites
      C:\ProgramData\IBUpdaterService
      C:\ProgramData\ism_0_llatsni.pad
      C:\ProgramData\Lavasoft
      C:\ProgramData\Microsoft
      C:\ProgramData\Nitro PDF
      C:\ProgramData\ntuser.pol
      C:\ProgramData\Ralink Driver
      C:\ProgramData\Real
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Templates
      C:\ProgramData\TOSHIBA
      C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
      D:\Users\Pablo\AppData\Roaming\Adobe
      D:\Users\Pablo\AppData\Roaming\Apple Computer
      D:\Users\Pablo\AppData\Roaming\ATI
      D:\Users\Pablo\AppData\Roaming\Audacity
      D:\Users\Pablo\AppData\Roaming\DAEMON Tools Lite
      D:\Users\Pablo\AppData\Roaming\DeepBurner
      D:\Users\Pablo\AppData\Roaming\Downloaded Installations
      D:\Users\Pablo\AppData\Roaming\Dropbox
      D:\Users\Pablo\AppData\Roaming\dvdcss
      D:\Users\Pablo\AppData\Roaming\Identities
      D:\Users\Pablo\AppData\Roaming\ImgBurn
      D:\Users\Pablo\AppData\Roaming\InstallShield
      D:\Users\Pablo\AppData\Roaming\Macromedia
      D:\Users\Pablo\AppData\Roaming\Media Center Programs
      D:\Users\Pablo\AppData\Roaming\Media Player Classic
      D:\Users\Pablo\AppData\Roaming\Microsoft
      D:\Users\Pablo\AppData\Roaming\MiniLyrics
      D:\Users\Pablo\AppData\Roaming\Mozilla
      D:\Users\Pablo\AppData\Roaming\Nitro PDF
      D:\Users\Pablo\AppData\Roaming\OpenCandy
      D:\Users\Pablo\AppData\Roaming\pdfforge
      D:\Users\Pablo\AppData\Roaming\Real
      D:\Users\Pablo\AppData\Roaming\TeamViewer
      D:\Users\Pablo\AppData\Roaming\Toshiba
      D:\Users\Pablo\AppData\Roaming\UDC Profiles
      D:\Users\Pablo\AppData\Roaming\vlc
      D:\Users\Pablo\AppData\Roaming\Youtube Downloader HD
      D:\Users\Pablo\AppData\Local\Temp\SET339D.tmp
      D:\Users\Pablo\AppData\Local\Temp\SETB328.tmp
      D:\Users\Pablo\AppData\Local\Temp\SETB50B.tmp
      D:\Users\Pablo\AppData\Local\Temp\SETC8AB.tmp
      D:\Users\Pablo\AppData\Local\Temp\Setup.INI
      D:\Users\Pablo\AppData\Local\Temp\_isB921.tmp


      ============================ 26/08/2012 - 16:55:39 ============================

    7. #7
      Usuario Avatar de francisco_0
      Registrado
      oct 2011
      Ubicación
      Guatemala
      Mensajes
      85

      Articulo Re: Pantallazo Policía



      Pasame el screenshot de el pantallazo de la policia...


      Y descargate el MalwareByte's

      Malwarebytes Anti-Malware 1.62.0.1300 | InfoSpyware

      Lee el manual!

      Manual de Malwarebytes Anti-Malware 2.0

      Actualizalo y analiza completo

      Despues sigue estos pasos!

      Eliminar Virus de la Policía (Ransomware)

      Luego pasame el log...

      Saludos
      Última edición por francisco_0 fecha: 26/08/12 a las 13:17:50 Razón: falto informacion

    8. #8
      Usuario Habitual Avatar de Federicols
      Registrado
      may 2011
      Ubicación
      Rosario, Santa fe.
      Mensajes
      4.043

      Re: Pantallazo Policía

      Hola.

      Con permiso

      Descarga OTM by OldTimer en el escritorio. (si lo tienes no lo vuelvas a descargar)

      • Haz doble clic sobre el icono OTM.exe para ejecutarlo
      • Pega lo siguiente bajo el area "Paste Instructions for items to be Moved" (Se excluyen la palabras "Código:").

      Código:
      :Files
      D:\Users\Pablo\AppData\Roaming\Dropbox /d
      D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      D:\Users\Pablo\AppData\Roaming\OpenCandy /d
      C:\ProgramData\Ask /d
      D:\Users\Pablo\AppData\Local\Temp\*.tmp
      C:\Windows\System32\*.tmp
      C:\Windows\SysWow64\*.tmp
      ipconfig /flushdns /c
      
      :Commands
      [PURITY] 
      [EMPTYTEMP]
      [EMPTYFLASH]
      [RESETHOSTS]
      [CREATERESTOREPOINT]
      • Presiona el boton rojo MoveIt!
      • Espera hasta cuando el resultado aparezca en el marco Results.
      • Permite que se reinicie el equipo, esto es importante.
      • Envía el reporte de OTM situado sobre C: \ _ OTM\MovedFiles\***_***.log
      • Comenta como continua el problema.


      Saludos.
      El éxito es la realización progresiva de un sueño.

    9. #9
      Usuario Avatar de polpol
      Registrado
      ago 2012
      Ubicación
      Spain
      Mensajes
      5

      Re: Pantallazo Policía

      Muy buenas. Este es el archivo de bloc de notas que se ha generado.
      A ver si ha habido suerte. Informaré de como va. Un millón de gracias!

      All processes killed
      ========== FILES ==========
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50015b79 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50015b9e deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50015bb7 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50015d0b deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500168ad deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5001fc03 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5001fc41 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5001fcb0 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50020c6d deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50020fbc deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500c7039 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500d8be2 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500d8f05 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500e8e2a deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500f2602 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500f3559 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\500ff613 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50100d37 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50107020 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50107298 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50107628 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50107ce3 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50108819 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5011ce4a deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501702cd deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50171ac5 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5017e5b0 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5017ec28 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50192e26 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501f06af deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501f0dae deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501f109c deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501f10b7 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501f10e2 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\501f1207 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5021a7c9 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5022477d deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502409af deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50283997 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5028d790 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5028dc32 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5028e161 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d98a5 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d9946 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d99eb deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d9a6b deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d9a9d deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d9ac7 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\502d9f3f deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50302a27 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50302b06 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50302bbf deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50302bd4 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5030efc4 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5030f095 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503100c6 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310266 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5031036e deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310505 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5031051d deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310577 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5031098c deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310b40 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310bfb deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310cc2 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310cc5 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310d38 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310de9 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310e8e deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310ef1 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50310f24 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503110e7 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503110ea deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50311207 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503288ca deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50328946 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50328967 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503289ec deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50328a26 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\50328f5f deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5038f993 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5039254e deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\5039260e deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2cc5 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2d01 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2d39 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2db3 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2e12 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2f21 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a2f9c deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a30cf deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a317b deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a3698 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a3924 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a3f63 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a4c9c deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\503a81cc deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l\new_trace deleted successfully.
      Folder delete failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l scheduled to be deleted on reboot.
      Folder delete failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext scheduled to be deleted on reboot.
      D:\Users\Pablo\AppData\Roaming\Dropbox\l\5030f097 deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\l folder deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\installer\l folder deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\installer folder deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Dropbox.exe.log deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll deleted successfully.
      File delete failed. D:\Users\Pablo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll scheduled to be deleted on reboot.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\itag deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\msvcp71.dll deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\msvcr71.dll deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\Uninstall.exe deleted successfully.
      Folder delete failed. D:\Users\Pablo\AppData\Roaming\Dropbox\bin scheduled to be deleted on reboot.
      D:\Users\Pablo\AppData\Roaming\Dropbox\config.db deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\config.dbx deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\filecache.dbx deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\host.db deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\host.dbx deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\photo.dbx deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\sigstore.dbx deleted successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\unlink.db deleted successfully.
      Folder delete failed. D:\Users\Pablo\AppData\Roaming\Dropbox scheduled to be deleted on reboot.
      File\Folder D:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
      D:\Users\Pablo\AppData\Roaming\OpenCandy\OpenCandy_C0DEA2C2DA7E40B5A6049B90A990706C folder deleted successfully.
      D:\Users\Pablo\AppData\Roaming\OpenCandy\C0DEA2C2DA7E40B5A6049B90A990706C\NitroPDFsp64_p2v1Installer.exe deleted successfully.
      D:\Users\Pablo\AppData\Roaming\OpenCandy\C0DEA2C2DA7E40B5A6049B90A990706C folder deleted successfully.
      D:\Users\Pablo\AppData\Roaming\OpenCandy\92E8660F8145404B895BFE2837610608\RealPlayer_es.exe deleted successfully.
      D:\Users\Pablo\AppData\Roaming\OpenCandy\92E8660F8145404B895BFE2837610608\RealPlayer_es_p20v1.exe deleted successfully.
      D:\Users\Pablo\AppData\Roaming\OpenCandy\92E8660F8145404B895BFE2837610608 folder deleted successfully.
      D:\Users\Pablo\AppData\Roaming\OpenCandy folder deleted successfully.
      C:\ProgramData\Ask\APN-Stub\ATU2\APNIC.dll deleted successfully.
      C:\ProgramData\Ask\APN-Stub\ATU2 folder deleted successfully.
      C:\ProgramData\Ask\APN-Stub folder deleted successfully.
      C:\ProgramData\Ask folder deleted successfully.
      D:\Users\Pablo\AppData\Local\Temp\SET339D.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\SETB328.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\SETB50B.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\SETC8AB.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\SFC9B73.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\SFC9F0C.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\_isB921.tmp moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\~DF1E85E8FFD8B000FC.TMP moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\~DF8515F454ABE18F42.TMP moved successfully.
      D:\Users\Pablo\AppData\Local\Temp\~DF8E01C73E34A271C9.TMP moved successfully.
      File\Folder C:\Windows\System32\*.tmp not found.
      File\Folder C:\Windows\SysWow64\*.tmp not found.
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      D:\Users\Pablo\Desktop\OTL\cmd.bat deleted successfully.
      D:\Users\Pablo\Desktop\OTL\cmd.txt deleted successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Pablo
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 14576065 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 36291069 bytes
      ->Flash cache emptied: 506 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 3040 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
      RecycleBin emptied: 145562 bytes

      Total Files Cleaned = 49,00 mb


      [EMPTYFLASH]

      User: Pablo
      ->Flash cache emptied: 0 bytes

      Total Flash Files Cleaned = 0,00 mb

      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully
      Restore point Set: OTL Restore Point

      OTL by OldTimer - Version 3.2.58.0 log created on 08272012_004656

      Files\Folders moved on Reboot...
      Folder move failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l scheduled to be moved on reboot.
      Folder move failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l scheduled to be moved on reboot.
      Folder move failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext scheduled to be moved on reboot.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll moved successfully.
      D:\Users\Pablo\AppData\Roaming\Dropbox\bin folder moved successfully.
      Folder move failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l scheduled to be moved on reboot.
      Folder move failed. D:\Users\Pablo\AppData\Roaming\Dropbox\shellext scheduled to be moved on reboot.
      Folder move failed. D:\Users\Pablo\AppData\Roaming\Dropbox scheduled to be moved on reboot.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\adloader[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\default[2].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\Messenger[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\xmlProxy[2].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\ads[2].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\flextag[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\InboxLight[2].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\LocalStorage[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\t436942[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\xmlProxy[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\xmlProxy[2].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SJDTE6P\resourcespreload[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SJDTE6P\RteFrame_16.2.6151.0801[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SJDTE6P\tt[3].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\AjaxHistoryFrame[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\EditMessageLight[3].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\flextag[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\WebIMPop[1].htm moved successfully.
      D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\xmlProxy[1].htm moved successfully.

      PendingFileRenameOperations files...
      File D:\Users\Pablo\AppData\Roaming\Dropbox\shellext\l not found!
      File D:\Users\Pablo\AppData\Roaming\Dropbox\shellext not found!
      File D:\Users\Pablo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll not found!
      File D:\Users\Pablo\AppData\Roaming\Dropbox\bin not found!
      File D:\Users\Pablo\AppData\Roaming\Dropbox not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\adloader[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\default[2].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\Messenger[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYYRQHF5\xmlProxy[2].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\ads[2].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\flextag[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\InboxLight[2].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\LocalStorage[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\t436942[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\xmlProxy[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU34RE0\xmlProxy[2].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SJDTE6P\resourcespreload[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SJDTE6P\RteFrame_16.2.6151.0801[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SJDTE6P\tt[3].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\AjaxHistoryFrame[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\EditMessageLight[3].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\flextag[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\WebIMPop[1].htm not found!
      File D:\Users\Pablo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E30AALJ\xmlProxy[1].htm not found!

      Registry entries deleted on Reboot...

    10. #10
      Usuario Avatar de francisco_0
      Registrado
      oct 2011
      Ubicación
      Guatemala
      Mensajes
      85

      Re: Pantallazo Policía

      Reiniciaste tu pc al terminar de analizar el OTM?

      y cuentanos que tal esta tu pc parece que elimino procesos..

    Página 1 de 2 12 ÚltimoÚltimo