• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

    Buenas, es la segunda vez que se me mete un troyano en menos de un mes en el PC, caso anterior este , y desde esa vez como que he ido con cautela a la ...

    1. #1
      Usuario Avatar de P.P.P
      Registrado
      ago 2008
      Ubicación
      spy
      Mensajes
      28

      Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Buenas, es la segunda vez que se me mete un troyano en menos de un mes en el PC, caso anterior este, y desde esa vez como que he ido con cautela a la hora de usar el pc, tampoco me meto en webs comprometidas o no seguras, pero nose si es todo por propagandas que meten en las webs o yo que se, pero cada 2 por 3 me salta el nod32.

      Esta vez me salto el Nod32 diciendo que lubwuhedofym.exe Win32/Wigon.PB Troyano, se ha detectado amenazas en la memoria!, Memoria operativa = C/User/XXXX/lubwuhedofym.exe. Amenaza: Win32/Wigon.PB Troyano. Informacion: no se ha podido desinfectar -archivo eliminado-, puesto en cuarentena.

      Bien buscando informacion aqui, encontre este mensaje:
      http://www.forospyware.com/t440899.html

      Y hice los mismos pasos:

      Pase el Malwarebytes:

      Malwarebytes Anti-Malware (Versión de Prueba) 1.65.0.1400
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.10.05.06

      Windows Vista Service Pack 2 x64 NTFS
      Internet Explorer 9.0.8112.16421
      XXXX :: XXXX [administrador]

      Protección: Habilitado

      05/10/2012 17:54:39
      mbam-log-2012-10-05 (17-54-39).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 618445
      Tiempo transcurrido: 3 hora(s), 31 minuto(s), 28 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)



      Pase el TDSSKiller.exe, el reporte este:

      21:33:35.0624 6552 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
      21:33:35.0697 6552 ============================================================
      21:33:35.0697 6552 Current date / time: 2012/10/05 21:33:35.0697
      21:33:35.0697 6552 SystemInfo:
      21:33:35.0697 6552
      21:33:35.0697 6552 OS Version: 6.0.6002 ServicePack: 2.0
      21:33:35.0697 6552 Product type: Workstation
      21:33:35.0697 6552 ComputerName: XXXX
      21:33:35.0698 6552 UserName: XXXX
      21:33:35.0698 6552 Windows directory: C:\Windows
      21:33:35.0698 6552 System windows directory: C:\Windows
      21:33:35.0698 6552 Running under WOW64
      21:33:35.0698 6552 Processor architecture: Intel x64
      21:33:35.0698 6552 Number of processors: 4
      21:33:35.0698 6552 Page size: 0x1000
      21:33:35.0698 6552 Boot type: Normal boot
      21:33:35.0698 6552 ============================================================
      21:33:37.0650 6552 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
      21:33:37.0659 6552 Drive \Device\Harddisk1\DR1 - Size: 0xF1A0000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
      21:33:37.0677 6552 ============================================================
      21:33:37.0677 6552 \Device\Harddisk0\DR0:
      21:33:37.0678 6552 MBR partitions:
      21:33:37.0678 6552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72AEC6D8
      21:33:37.0678 6552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72AEC717, BlocksNum 0x1C192AA
      21:33:37.0678 6552 \Device\Harddisk1\DR1:
      21:33:37.0679 6552 MBR partitions:
      21:33:37.0679 6552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x65, BlocksNum 0x78C9B
      21:33:37.0679 6552 ============================================================
      21:33:37.0763 6552 C: <-> \Device\Harddisk0\DR0\Partition1
      21:33:37.0855 6552 D: <-> \Device\Harddisk0\DR0\Partition2
      21:33:38.0067 6552 ============================================================
      21:33:38.0068 6552 Initialize success
      21:33:38.0068 6552 ============================================================
      21:33:59.0338 2332 ============================================================
      21:33:59.0338 2332 Scan started
      21:33:59.0339 2332 Mode: Manual; SigCheck; TDLFS;
      21:33:59.0339 2332 ============================================================
      21:34:00.0246 2332 ================ Scan system memory ========================
      21:34:00.0246 2332 System memory - ok
      21:34:00.0246 2332 ================ Scan services =============================
      21:34:00.0400 2332 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      21:34:00.0773 2332 ACDaemon - ok
      21:34:00.0937 2332 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
      21:34:01.0035 2332 ACPI - ok
      21:34:01.0102 2332 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
      21:34:01.0182 2332 adp94xx - ok
      21:34:01.0217 2332 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
      21:34:01.0279 2332 adpahci - ok
      21:34:01.0310 2332 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
      21:34:01.0346 2332 adpu160m - ok
      21:34:01.0374 2332 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
      21:34:01.0394 2332 adpu320 - ok
      21:34:01.0431 2332 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
      21:34:01.0974 2332 AeLookupSvc - ok
      21:34:02.0056 2332 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
      21:34:02.0241 2332 AFD - ok
      21:34:02.0308 2332 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
      21:34:02.0344 2332 agp440 - ok
      21:34:02.0393 2332 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
      21:34:02.0412 2332 aic78xx - ok
      21:34:02.0431 2332 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
      21:34:02.0610 2332 ALG - ok
      21:34:02.0631 2332 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
      21:34:02.0662 2332 aliide - ok
      21:34:02.0667 2332 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
      21:34:02.0698 2332 amdide - ok
      21:34:02.0724 2332 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
      21:34:02.0821 2332 AmdK8 - ok
      21:34:02.0904 2332 [ 76A79621E1B0D9E6919B3C422101CBC9 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
      21:34:02.0935 2332 AnyDVD - ok
      21:34:02.0970 2332 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
      21:34:03.0058 2332 Appinfo - ok
      21:34:03.0125 2332 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      21:34:03.0139 2332 Apple Mobile Device - ok
      21:34:03.0197 2332 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
      21:34:03.0231 2332 arc - ok
      21:34:03.0245 2332 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
      21:34:03.0279 2332 arcsas - ok
      21:34:03.0440 2332 [ E82656EBABE84D08BE01A0016A43DCAF ] ASAPIW2K C:\Windows\syswow64\ASAPI64.sys
      21:34:03.0569 2332 ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
      21:34:03.0569 2332 ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
      21:34:03.0752 2332 aspnet_state - ok
      21:34:03.0829 2332 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
      21:34:03.0908 2332 AsyncMac - ok
      21:34:03.0939 2332 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
      21:34:03.0973 2332 atapi - ok
      21:34:04.0061 2332 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
      21:34:04.0098 2332 AudioEndpointBuilder - ok
      21:34:04.0128 2332 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
      21:34:04.0161 2332 AudioSrv - ok
      21:34:04.0230 2332 [ 9F4320BA8E7CE2342517B182A2F2C0E6 ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
      21:34:04.0291 2332 azvusb - ok
      21:34:04.0359 2332 Beep - ok
      21:34:04.0481 2332 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
      21:34:04.0548 2332 BFE - ok
      21:34:04.0648 2332 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
      21:34:04.0850 2332 BITS - ok
      21:34:04.0878 2332 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
      21:34:04.0947 2332 blbdrive - ok
      21:34:05.0046 2332 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
      21:34:05.0062 2332 Bonjour Service - ok
      21:34:05.0135 2332 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
      21:34:05.0196 2332 bowser - ok
      21:34:05.0220 2332 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
      21:34:05.0278 2332 BrFiltLo - ok
      21:34:05.0310 2332 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
      21:34:05.0361 2332 BrFiltUp - ok
      21:34:05.0397 2332 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
      21:34:05.0474 2332 Browser - ok
      21:34:05.0527 2332 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
      21:34:05.0716 2332 Brserid - ok
      21:34:05.0749 2332 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
      21:34:05.0850 2332 BrSerWdm - ok
      21:34:05.0882 2332 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
      21:34:05.0998 2332 BrUsbMdm - ok
      21:34:06.0030 2332 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
      21:34:06.0086 2332 BrUsbSer - ok
      21:34:06.0104 2332 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
      21:34:06.0194 2332 BTHMODEM - ok
      21:34:06.0267 2332 catchme - ok
      21:34:06.0288 2332 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
      21:34:06.0366 2332 cdfs - ok
      21:34:06.0439 2332 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
      21:34:06.0517 2332 cdrom - ok
      21:34:06.0560 2332 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
      21:34:06.0612 2332 CertPropSvc - ok
      21:34:06.0643 2332 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
      21:34:06.0707 2332 circlass - ok
      21:34:06.0759 2332 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
      21:34:06.0812 2332 CLFS - ok
      21:34:06.0895 2332 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      21:34:06.0910 2332 clr_optimization_v2.0.50727_32 - ok
      21:34:07.0091 2332 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
      21:34:07.0106 2332 clr_optimization_v2.0.50727_64 - ok
      21:34:07.0195 2332 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      21:34:07.0213 2332 clr_optimization_v4.0.30319_32 - ok
      21:34:07.0231 2332 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      21:34:07.0247 2332 clr_optimization_v4.0.30319_64 - ok
      21:34:07.0272 2332 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
      21:34:07.0303 2332 cmdide - ok
      21:34:07.0323 2332 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
      21:34:07.0340 2332 Compbatt - ok
      21:34:07.0345 2332 COMSysApp - ok
      21:34:07.0383 2332 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
      21:34:07.0415 2332 crcdisk - ok
      21:34:07.0464 2332 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
      21:34:07.0535 2332 CryptSvc - ok
      21:34:07.0652 2332 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
      21:34:07.0756 2332 DcomLaunch - ok
      21:34:07.0809 2332 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
      21:34:07.0894 2332 DfsC - ok
      21:34:08.0030 2332 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
      21:34:08.0297 2332 DFSR - ok
      21:34:08.0376 2332 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
      21:34:08.0438 2332 Dhcp - ok
      21:34:08.0480 2332 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
      21:34:08.0498 2332 disk - ok
      21:34:08.0566 2332 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
      21:34:08.0598 2332 Dnscache - ok
      21:34:08.0656 2332 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
      21:34:08.0716 2332 dot3svc - ok
      21:34:08.0757 2332 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
      21:34:08.0826 2332 DPS - ok
      21:34:08.0872 2332 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
      21:34:08.0946 2332 drmkaud - ok
      21:34:09.0001 2332 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
      21:34:09.0070 2332 DXGKrnl - ok
      21:34:09.0091 2332 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
      21:34:09.0194 2332 E1G60 - ok
      21:34:09.0293 2332 [ A2D551A61EC9E8A4BC5DF17BC1FEFEAD ] eamon C:\Windows\system32\DRIVERS\eamon.sys
      21:34:09.0328 2332 eamon - ok
      21:34:09.0386 2332 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
      21:34:09.0605 2332 EapHost - ok
      21:34:09.0659 2332 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
      21:34:09.0697 2332 Ecache - ok
      21:34:09.0789 2332 [ F3448EE861344636DA8ED1B3F5E8E1A8 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
      21:34:09.0825 2332 ehdrv - ok
      21:34:09.0888 2332 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
      21:34:09.0962 2332 ehRecvr - ok
      21:34:09.0995 2332 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
      21:34:10.0041 2332 ehSched - ok
      21:34:10.0070 2332 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
      21:34:10.0222 2332 ehstart - ok
      21:34:10.0319 2332 [ D881E29C2973427406A1B506F636C971 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      21:34:10.0333 2332 EhttpSrv - ok
      21:34:10.0407 2332 [ FDDAD27E9A20D0DAC04FACBF67AFBFC1 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
      21:34:10.0452 2332 ekrn - ok
      21:34:10.0532 2332 [ A14D6E3EF78F6D6AC42F98D633F2400A ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
      21:34:10.0564 2332 ElbyCDIO - ok
      21:34:10.0613 2332 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
      21:34:10.0665 2332 elxstor - ok
      21:34:10.0747 2332 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
      21:34:10.0841 2332 EMDMgmt - ok
      21:34:10.0963 2332 [ 9B7E8CF67DE13F71AE8951D0874AF447 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
      21:34:10.0997 2332 epfwwfpr - ok
      21:34:11.0121 2332 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
      21:34:11.0221 2332 ErrDev - ok
      21:34:11.0392 2332 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
      21:34:11.0464 2332 EventSystem - ok
      21:34:11.0533 2332 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
      21:34:11.0798 2332 exfat - ok
      21:34:11.0802 2332 ezSharedSvc - ok
      21:34:11.0953 2332 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
      21:34:12.0172 2332 fastfat - ok
      21:34:12.0244 2332 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
      21:34:12.0309 2332 fdc - ok
      21:34:12.0372 2332 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
      21:34:12.0409 2332 fdPHost - ok
      21:34:12.0491 2332 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
      21:34:12.0604 2332 FDResPub - ok
      21:34:12.0677 2332 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
      21:34:12.0711 2332 FileInfo - ok
      21:34:12.0769 2332 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
      21:34:12.0866 2332 Filetrace - ok
      21:34:12.0919 2332 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
      21:34:13.0000 2332 flpydisk - ok
      21:34:13.0044 2332 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
      21:34:13.0147 2332 FltMgr - ok
      21:34:13.0335 2332 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
      21:34:13.0461 2332 FontCache - ok
      21:34:13.0547 2332 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      21:34:13.0559 2332 FontCache3.0.0.0 - ok
      21:34:13.0606 2332 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
      21:34:13.0634 2332 Fs_Rec - ok
      21:34:13.0660 2332 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
      21:34:13.0710 2332 gagp30kx - ok
      21:34:13.0816 2332 [ CC1C8068B05283D63EC5FE782D2D3946 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
      21:34:13.0837 2332 GameConsoleService - ok
      21:34:13.0871 2332 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
      21:34:13.0945 2332 GEARAspiWDM - ok
      21:34:13.0994 2332 [ 1DD4BB8F2110A8AEB1466A2805AE57BB ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
      21:34:14.0011 2332 getPlusHelper - ok
      21:34:14.0123 2332 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
      21:34:14.0202 2332 gpsvc - ok
      21:34:14.0248 2332 gupdate1c9ec96699fa44c - ok
      21:34:14.0266 2332 gupdatem - ok
      21:34:14.0347 2332 [ 6D0F56D217545E2D0ADDBF301B35260F ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
      21:34:14.0530 2332 HCW85BDA - ok
      21:34:14.0614 2332 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
      21:34:14.0655 2332 HdAudAddService - ok
      21:34:14.0719 2332 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
      21:34:14.0841 2332 HDAudBus - ok
      21:34:14.0894 2332 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
      21:34:15.0011 2332 HidBth - ok
      21:34:15.0069 2332 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
      21:34:15.0158 2332 HidIr - ok
      21:34:15.0315 2332 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
      21:34:15.0377 2332 hidserv - ok
      21:34:15.0447 2332 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
      21:34:15.0525 2332 HidUsb - ok
      21:34:15.0565 2332 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
      21:34:15.0633 2332 hkmsvc - ok
      21:34:15.0708 2332 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
      21:34:15.0715 2332 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
      21:34:15.0715 2332 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
      21:34:15.0781 2332 [ DEB82AF183F1CD06813D91ED104C645C ] HPBtnSrv c:\hp\HPEZBTN\HPBtnSrv.exe
      21:34:15.0796 2332 HPBtnSrv - ok
      21:34:15.0813 2332 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
      21:34:15.0847 2332 HpCISSs - ok
      21:34:15.0896 2332 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
      21:34:16.0040 2332 HTTP - ok
      21:34:16.0062 2332 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
      21:34:16.0078 2332 i2omp - ok
      21:34:16.0103 2332 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
      21:34:16.0183 2332 i8042prt - ok
      21:34:16.0237 2332 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      21:34:16.0259 2332 IAANTMON - ok
      21:34:16.0323 2332 [ 8EACF469269FB1509561961A3188F670 ] iaStor C:\Windows\system32\drivers\iastor.sys
      21:34:16.0344 2332 iaStor - ok
      21:34:16.0385 2332 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
      21:34:16.0490 2332 iaStorV - ok
      21:34:16.0577 2332 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
      21:34:16.0660 2332 idsvc - ok
      21:34:16.0746 2332 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
      21:34:16.0762 2332 iirsp - ok
      21:34:17.0104 2332 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
      21:34:17.0179 2332 IKEEXT - ok
      21:34:17.0186 2332 IntcAzAudAddService - ok
      21:34:17.0233 2332 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
      21:34:17.0265 2332 intelide - ok
      21:34:17.0296 2332 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
      21:34:17.0371 2332 intelppm - ok
      21:34:17.0456 2332 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
      21:34:17.0535 2332 IPBusEnum - ok
      21:34:17.0582 2332 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
      21:34:17.0623 2332 IpFilterDriver - ok
      21:34:17.0657 2332 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
      21:34:17.0725 2332 iphlpsvc - ok
      21:34:17.0729 2332 IpInIp - ok
      21:34:17.0751 2332 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
      21:34:17.0822 2332 IPMIDRV - ok
      21:34:17.0842 2332 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
      21:34:17.0932 2332 IPNAT - ok
      21:34:17.0993 2332 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
      21:34:18.0038 2332 iPod Service - ok
      21:34:18.0074 2332 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
      21:34:18.0150 2332 IRENUM - ok
      21:34:18.0222 2332 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
      21:34:18.0255 2332 isapnp - ok
      21:34:18.0306 2332 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
      21:34:18.0327 2332 iScsiPrt - ok
      21:34:18.0355 2332 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
      21:34:18.0371 2332 iteatapi - ok
      21:34:18.0392 2332 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
      21:34:18.0408 2332 iteraid - ok
      21:34:18.0432 2332 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
      21:34:18.0465 2332 kbdclass - ok
      21:34:18.0515 2332 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
      21:34:18.0560 2332 kbdhid - ok
      21:34:18.0620 2332 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
      21:34:18.0682 2332 KeyIso - ok
      21:34:18.0730 2332 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
      21:34:18.0760 2332 KSecDD - ok
      21:34:18.0777 2332 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
      21:34:18.0854 2332 ksthunk - ok
      21:34:18.0932 2332 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
      21:34:19.0017 2332 KtmRm - ok
      21:34:19.0131 2332 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
      21:34:19.0245 2332 LanmanServer - ok
      21:34:19.0461 2332 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
      21:34:19.0624 2332 LanmanWorkstation - ok
      21:34:19.0743 2332 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
      21:34:19.0803 2332 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
      21:34:19.0803 2332 LightScribeService - detected UnsignedFile.Multi.Generic (1)
      21:34:19.0835 2332 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
      21:34:19.0907 2332 lltdio - ok
      21:34:19.0949 2332 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
      21:34:20.0013 2332 lltdsvc - ok
      21:34:20.0039 2332 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
      21:34:20.0104 2332 lmhosts - ok
      21:34:20.0146 2332 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
      21:34:20.0180 2332 LSI_FC - ok
      21:34:20.0217 2332 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
      21:34:20.0269 2332 LSI_SAS - ok
      21:34:20.0291 2332 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
      21:34:20.0325 2332 LSI_SCSI - ok
      21:34:20.0404 2332 [ 639D24E769BDBEC6145E4C1921669B73 ] Ltn_stk7070P_64 C:\Windows\system32\DRIVERS\Ltn_stk7070P_64.sys
      21:34:20.0539 2332 Ltn_stk7070P_64 - ok
      21:34:20.0625 2332 [ E028DF5A96827A87898D4D7EB768E3AB ] Ltn_stkrc_64 C:\Windows\system32\DRIVERS\Ltn_stkrc_64.sys
      21:34:20.0657 2332 Ltn_stkrc_64 - ok
      21:34:20.0737 2332 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
      21:34:20.0798 2332 luafv - ok
      21:34:20.0871 2332 [ 3D44DFF5E7857E0B85A4C54188BA4BB8 ] lxdnCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe
      21:34:20.0884 2332 lxdnCATSCustConnectService - ok
      21:34:20.0888 2332 lxdn_device - ok
      21:34:20.0966 2332 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
      21:34:20.0983 2332 MBAMProtector - ok
      21:34:21.0100 2332 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
      21:34:21.0125 2332 MBAMScheduler - ok
      21:34:21.0195 2332 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      21:34:21.0239 2332 MBAMService - ok
      21:34:21.0372 2332 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
      21:34:21.0393 2332 McComponentHostService - ok
      21:34:21.0485 2332 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
      21:34:21.0543 2332 Mcx2Svc - ok
      21:34:21.0569 2332 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
      21:34:21.0618 2332 megasas - ok
      21:34:21.0653 2332 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
      21:34:21.0706 2332 MegaSR - ok
      21:34:21.0730 2332 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
      21:34:21.0792 2332 MMCSS - ok
      21:34:21.0816 2332 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
      21:34:21.0894 2332 Modem - ok
      21:34:21.0926 2332 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
      21:34:22.0011 2332 monitor - ok
      21:34:22.0141 2332 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
      21:34:22.0190 2332 mouclass - ok
      21:34:22.0225 2332 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
      21:34:22.0312 2332 mouhid - ok
      21:34:22.0361 2332 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
      21:34:22.0438 2332 MountMgr - ok
      21:34:22.0534 2332 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      21:34:22.0552 2332 MozillaMaintenance - ok
      21:34:22.0576 2332 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
      21:34:22.0610 2332 mpio - ok
      21:34:22.0631 2332 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
      21:34:22.0719 2332 mpsdrv - ok
      21:34:22.0792 2332 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
      21:34:22.0892 2332 MpsSvc - ok
      21:34:22.0917 2332 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
      21:34:22.0932 2332 Mraid35x - ok
      21:34:22.0981 2332 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
      21:34:23.0048 2332 MRxDAV - ok
      21:34:23.0070 2332 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
      21:34:23.0108 2332 mrxsmb - ok
      21:34:23.0126 2332 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
      21:34:23.0199 2332 mrxsmb10 - ok
      21:34:23.0232 2332 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
      21:34:23.0249 2332 mrxsmb20 - ok
      21:34:23.0271 2332 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
      21:34:23.0304 2332 msahci - ok
      21:34:23.0372 2332 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
      21:34:23.0423 2332 msdsm - ok
      21:34:23.0453 2332 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
      21:34:23.0517 2332 MSDTC - ok
      21:34:23.0552 2332 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
      21:34:23.0648 2332 Msfs - ok
      21:34:23.0653 2332 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
      21:34:23.0670 2332 msisadrv - ok
      21:34:23.0744 2332 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
      21:34:23.0813 2332 MSiSCSI - ok
      21:34:23.0818 2332 msiserver - ok
      21:34:23.0848 2332 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
      21:34:23.0923 2332 MSKSSRV - ok
      21:34:23.0958 2332 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
      21:34:24.0041 2332 MSPCLOCK - ok
      21:34:24.0067 2332 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
      21:34:24.0133 2332 MSPQM - ok
      21:34:24.0188 2332 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
      21:34:24.0211 2332 MsRPC - ok
      21:34:24.0222 2332 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
      21:34:24.0255 2332 mssmbios - ok
      21:34:24.0270 2332 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
      21:34:24.0349 2332 MSTEE - ok
      21:34:24.0354 2332 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
      21:34:24.0389 2332 Mup - ok
      21:34:24.0446 2332 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
      21:34:24.0516 2332 napagent - ok
      21:34:24.0570 2332 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
      21:34:24.0640 2332 NativeWifiP - ok
      21:34:24.0731 2332 NAVENG - ok
      21:34:24.0735 2332 NAVEX15 - ok
      21:34:24.0806 2332 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
      21:34:24.0856 2332 NDIS - ok
      21:34:24.0889 2332 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
      21:34:24.0949 2332 NdisTapi - ok
      21:34:24.0984 2332 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
      21:34:25.0062 2332 Ndisuio - ok
      21:34:25.0114 2332 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
      21:34:25.0188 2332 NdisWan - ok
      21:34:25.0223 2332 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
      21:34:25.0299 2332 NDProxy - ok
      21:34:25.0482 2332 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
      21:34:25.0538 2332 Nero BackItUp Scheduler 4.0 - ok
      21:34:25.0572 2332 NeroMediaHomeService.4 - ok
      21:34:25.0610 2332 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
      21:34:25.0677 2332 NetBIOS - ok
      21:34:25.0729 2332 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
      21:34:25.0778 2332 netbt - ok
      21:34:25.0819 2332 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
      21:34:25.0857 2332 Netlogon - ok
      21:34:25.0900 2332 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
      21:34:25.0982 2332 Netman - ok
      21:34:26.0017 2332 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
      21:34:26.0118 2332 netprofm - ok
      21:34:26.0172 2332 [ 8E6AF418ED39B976B172F1CEA9E6F538 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
      21:34:26.0294 2332 netr28x - ok
      21:34:26.0377 2332 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
      21:34:26.0392 2332 NetTcpPortSharing - ok
      21:34:26.0426 2332 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
      21:34:26.0475 2332 nfrd960 - ok
      21:34:26.0501 2332 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
      21:34:26.0572 2332 NlaSvc - ok
      21:34:26.0620 2332 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
      21:34:26.0695 2332 Npfs - ok
      21:34:26.0734 2332 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
      21:34:26.0803 2332 nsi - ok
      21:34:26.0834 2332 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
      21:34:26.0900 2332 nsiproxy - ok
      21:34:26.0976 2332 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
      21:34:27.0045 2332 Ntfs - ok
      21:34:27.0077 2332 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
      21:34:27.0153 2332 Null - ok
      21:34:27.0500 2332 [ 828E3D31D9E5B81A4927885D3752C996 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
      21:34:28.0154 2332 nvlddmkm - ok
      21:34:28.0178 2332 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
      21:34:28.0195 2332 nvraid - ok
      21:34:28.0218 2332 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
      21:34:28.0251 2332 nvstor - ok
      21:34:28.0288 2332 [ 1C63E34632CEBD6A37B82DC77C4F7575 ] nvsvc C:\Windows\system32\nvvsvc.exe
      21:34:28.0333 2332 nvsvc - ok
      21:34:28.0462 2332 [ 4A5A9DDEF3C7E4E37EB22DE00AE8B9F1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      21:34:28.0613 2332 nvUpdatusService - ok
      21:34:28.0641 2332 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
      21:34:28.0660 2332 nv_agp - ok
      21:34:28.0664 2332 NwlnkFlt - ok
      21:34:28.0670 2332 NwlnkFwd - ok
      21:34:28.0775 2332 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
      21:34:28.0854 2332 ohci1394 - ok
      21:34:28.0928 2332 [ FC6039FC5E0A204A70390DD146F75D03 ] P2PFire C:\Program Files (x86)\P2PHazard2\P2PFire.sys
      21:34:28.0994 2332 P2PFire ( UnsignedFile.Multi.Generic ) - warning
      21:34:28.0994 2332 P2PFire - detected UnsignedFile.Multi.Generic (1)
      21:34:29.0055 2332 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
      21:34:29.0167 2332 p2pimsvc - ok
      21:34:29.0183 2332 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
      21:34:29.0243 2332 p2psvc - ok
      21:34:29.0303 2332 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
      21:34:29.0401 2332 Parport - ok
      21:34:29.0444 2332 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
      21:34:29.0478 2332 partmgr - ok
      21:34:29.0542 2332 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
      21:34:29.0558 2332 pavboot - ok
      21:34:29.0648 2332 [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
      21:34:29.0683 2332 pbfilter - ok
      21:34:29.0715 2332 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
      21:34:29.0791 2332 PcaSvc - ok
      21:34:29.0877 2332 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
      21:34:29.0984 2332 pccsmcfd - ok
      21:34:30.0025 2332 PcdrNdisuio - ok
      21:34:30.0093 2332 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
      21:34:30.0132 2332 pci - ok
      21:34:30.0148 2332 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
      21:34:30.0179 2332 pciide - ok
      21:34:30.0184 2332 PCLEPCI - ok
      21:34:30.0212 2332 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
      21:34:30.0271 2332 pcmcia - ok
      21:34:30.0299 2332 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
      21:34:30.0417 2332 PEAUTH - ok
      21:34:30.0469 2332 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
      21:34:30.0531 2332 PerfHost - ok
      21:34:30.0590 2332 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
      21:34:30.0728 2332 pla - ok
      21:34:30.0796 2332 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
      21:34:30.0859 2332 PlugPlay - ok
      21:34:30.0899 2332 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
      21:34:30.0926 2332 PNRPAutoReg - ok
      21:34:30.0999 2332 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
      21:34:31.0027 2332 PNRPsvc - ok
      21:34:31.0117 2332 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
      21:34:31.0221 2332 PolicyAgent - ok
      21:34:31.0273 2332 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
      21:34:31.0349 2332 PptpMiniport - ok
      21:34:31.0376 2332 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
      21:34:31.0453 2332 Processor - ok
      21:34:31.0519 2332 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
      21:34:31.0583 2332 ProfSvc - ok
      21:34:31.0608 2332 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
      21:34:31.0623 2332 ProtectedStorage - ok
      21:34:31.0705 2332 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
      21:34:31.0752 2332 PSched - ok
      21:34:31.0792 2332 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
      21:34:31.0866 2332 ql2300 - ok
      21:34:31.0922 2332 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
      21:34:32.0694 2332 ql40xx - ok
      21:34:32.0866 2332 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
      21:34:32.0921 2332 QWAVE - ok
      21:34:32.0963 2332 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
      21:34:33.0028 2332 QWAVEdrv - ok
      21:34:33.0054 2332 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
      21:34:33.0139 2332 RasAcd - ok
      21:34:33.0175 2332 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
      21:34:33.0215 2332 RasAuto - ok
      21:34:33.0275 2332 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
      21:34:33.0330 2332 Rasl2tp - ok
      21:34:33.0381 2332 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
      21:34:33.0448 2332 RasMan - ok
      21:34:33.0493 2332 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
      21:34:33.0568 2332 RasPppoe - ok
      21:34:33.0615 2332 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
      21:34:33.0692 2332 RasSstp - ok
      21:34:33.0747 2332 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
      21:34:33.0835 2332 rdbss - ok
      21:34:33.0865 2332 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
      21:34:33.0919 2332 RDPCDD - ok
      21:34:33.0987 2332 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
      21:34:34.0079 2332 rdpdr - ok
      21:34:34.0084 2332 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
      21:34:34.0138 2332 RDPENCDD - ok
      21:34:34.0242 2332 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
      21:34:34.0294 2332 RDPWD - ok
      21:34:34.0328 2332 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
      21:34:34.0395 2332 RemoteAccess - ok
      21:34:34.0446 2332 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
      21:34:34.0507 2332 RemoteRegistry - ok
      21:34:34.0563 2332 RkPavproc1 - ok
      21:34:34.0569 2332 RkPavproc2 - ok
      21:34:34.0575 2332 RkPavproc3 - ok
      21:34:34.0594 2332 RkPavproc4 - ok
      21:34:34.0601 2332 RkPavproc5 - ok
      21:34:34.0637 2332 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
      21:34:34.0703 2332 RpcLocator - ok
      21:34:34.0817 2332 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
      21:34:34.0871 2332 RpcSs - ok
      21:34:34.0910 2332 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
      21:34:35.0009 2332 rspndr - ok
      21:34:35.0053 2332 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
      21:34:35.0133 2332 RTL8169 - ok
      21:34:35.0152 2332 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
      21:34:35.0168 2332 SamSs - ok
      21:34:35.0195 2332 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
      21:34:35.0244 2332 sbp2port - ok
      21:34:35.0306 2332 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
      21:34:35.0367 2332 SCardSvr - ok
      21:34:35.0428 2332 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
      21:34:35.0527 2332 Schedule - ok
      21:34:35.0591 2332 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
      21:34:35.0619 2332 SCPolicySvc - ok
      21:34:35.0657 2332 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
      21:34:35.0731 2332 SDRSVC - ok
      21:34:35.0743 2332 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
      21:34:35.0815 2332 secdrv - ok
      21:34:35.0870 2332 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
      21:34:35.0934 2332 seclogon - ok
      21:34:35.0966 2332 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
      21:34:36.0031 2332 SENS - ok
      21:34:36.0057 2332 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
      21:34:36.0149 2332 Serenum - ok
      21:34:36.0178 2332 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
      21:34:36.0278 2332 Serial - ok
      21:34:36.0309 2332 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
      21:34:36.0415 2332 sermouse - ok
      21:34:36.0584 2332 [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
      21:34:36.0599 2332 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
      21:34:36.0599 2332 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
      21:34:36.0652 2332 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
      21:34:36.0716 2332 SessionEnv - ok
      21:34:36.0742 2332 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
      21:34:36.0820 2332 sffdisk - ok
      21:34:36.0855 2332 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
      21:34:36.0893 2332 sffp_mmc - ok
      21:34:36.0905 2332 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
      21:34:36.0958 2332 sffp_sd - ok
      21:34:36.0974 2332 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
      21:34:37.0067 2332 sfloppy - ok
      21:34:37.0122 2332 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
      21:34:37.0165 2332 SharedAccess - ok
      21:34:37.0217 2332 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
      21:34:37.0325 2332 ShellHWDetection - ok
      21:34:37.0346 2332 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
      21:34:37.0379 2332 SiSRaid2 - ok
      21:34:37.0402 2332 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
      21:34:37.0436 2332 SiSRaid4 - ok
      21:34:37.0587 2332 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
      21:34:37.0732 2332 slsvc - ok
      21:34:37.0884 2332 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
      21:34:37.0942 2332 SLUINotify - ok
      21:34:38.0018 2332 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
      21:34:38.0119 2332 Smb - ok
      21:34:38.0222 2332 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
      21:34:38.0264 2332 SNMPTRAP - ok
      21:34:38.0368 2332 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
      21:34:38.0397 2332 speedfan - ok
      21:34:38.0458 2332 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
      21:34:38.0486 2332 spldr - ok
      21:34:38.0549 2332 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
      21:34:38.0619 2332 Spooler - ok
      21:34:38.0705 2332 [ AA90A319BB067E0D149B4C95608C4B05 ] sptd C:\Windows\system32\Drivers\sptd.sys
      21:34:38.0705 2332 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: AA90A319BB067E0D149B4C95608C4B05
      21:34:38.0707 2332 sptd ( LockedFile.Multi.Generic ) - warning
      21:34:38.0707 2332 sptd - detected LockedFile.Multi.Generic (1)
      21:34:38.0733 2332 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
      21:34:38.0865 2332 srv - ok
      21:34:38.0927 2332 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
      21:34:39.0032 2332 srv2 - ok
      21:34:39.0076 2332 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
      21:34:39.0146 2332 srvnet - ok
      21:34:39.0182 2332 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
      21:34:39.0277 2332 SSDPSRV - ok
      21:34:39.0314 2332 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
      21:34:39.0360 2332 SstpSvc - ok
      21:34:39.0435 2332 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
      21:34:39.0526 2332 stisvc - ok
      21:34:39.0592 2332 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
      21:34:39.0607 2332 swenum - ok
      21:34:39.0664 2332 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
      21:34:39.0754 2332 swprv - ok
      21:34:39.0789 2332 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
      21:34:39.0821 2332 Symc8xx - ok
      21:34:39.0830 2332 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
      21:34:39.0863 2332 Sym_hi - ok
      21:34:39.0877 2332 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
      21:34:39.0930 2332 Sym_u3 - ok
      21:34:40.0041 2332 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
      21:34:40.0137 2332 SysMain - ok
      21:34:40.0213 2332 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
      21:34:40.0258 2332 TabletInputService - ok
      21:34:40.0333 2332 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
      21:34:40.0368 2332 TapiSrv - ok
      21:34:40.0385 2332 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
      21:34:40.0459 2332 TBS - ok
      21:34:40.0535 2332 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
      21:34:40.0624 2332 Tcpip - ok
      21:34:40.0692 2332 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
      21:34:40.0735 2332 Tcpip6 - ok
      21:34:40.0792 2332 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
      21:34:40.0873 2332 tcpipreg - ok
      21:34:40.0886 2332 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
      21:34:40.0955 2332 TDPIPE - ok
      21:34:40.0975 2332 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
      21:34:41.0054 2332 TDTCP - ok
      21:34:41.0138 2332 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
      21:34:41.0216 2332 tdx - ok
      21:34:41.0261 2332 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
      21:34:41.0296 2332 TermDD - ok
      21:34:41.0373 2332 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
      21:34:41.0453 2332 TermService - ok
      21:34:41.0483 2332 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
      21:34:41.0502 2332 Themes - ok
      21:34:41.0529 2332 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
      21:34:41.0566 2332 THREADORDER - ok
      21:34:41.0601 2332 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
      21:34:41.0666 2332 TrkWks - ok
      21:34:41.0830 2332 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
      21:34:41.0859 2332 TrustedInstaller - ok
      21:34:41.0879 2332 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
      21:34:41.0940 2332 tssecsrv - ok
      21:34:41.0967 2332 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
      21:34:42.0001 2332 tunmp - ok
      21:34:42.0040 2332 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
      21:34:42.0103 2332 tunnel - ok
      21:34:42.0136 2332 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
      21:34:42.0170 2332 uagp35 - ok
      21:34:42.0229 2332 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
      21:34:42.0312 2332 udfs - ok
      21:34:42.0322 2332 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
      21:34:42.0363 2332 UI0Detect - ok
      21:34:42.0394 2332 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
      21:34:42.0427 2332 uliagpkx - ok
      21:34:42.0474 2332 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
      21:34:42.0524 2332 uliahci - ok
      21:34:42.0547 2332 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
      21:34:42.0582 2332 UlSata - ok
      21:34:42.0610 2332 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
      21:34:42.0658 2332 ulsata2 - ok
      21:34:42.0721 2332 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
      21:34:42.0759 2332 umbus - ok
      21:34:42.0812 2332 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
      21:34:42.0901 2332 upnphost - ok
      21:34:42.0905 2332 upperdev - ok
      21:34:42.0996 2332 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
      21:34:43.0068 2332 USBAAPL64 - ok
      21:34:43.0082 2332 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
      21:34:43.0189 2332 usbccgp - ok
      21:34:43.0221 2332 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
      21:34:43.0282 2332 usbcir - ok
      21:34:43.0327 2332 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
      21:34:43.0401 2332 usbehci - ok
      21:34:43.0447 2332 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
      21:34:43.0551 2332 usbhub - ok
      21:34:43.0575 2332 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
      21:34:43.0663 2332 usbohci - ok
      21:34:43.0703 2332 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
      21:34:43.0773 2332 usbprint - ok
      21:34:43.0813 2332 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
      21:34:43.0884 2332 usbscan - ok
      21:34:43.0935 2332 [ 5A8D98330F21E69D19459ED65847111D ] usbser C:\Windows\system32\DRIVERS\usbser.sys
      21:34:43.0999 2332 usbser - ok
      21:34:44.0044 2332 UsbserFilt - ok
      21:34:44.0095 2332 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
      21:34:44.0169 2332 USBSTOR - ok
      21:34:44.0204 2332 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
      21:34:44.0261 2332 usbuhci - ok
      21:34:44.0375 2332 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
      21:34:44.0405 2332 UxSms - ok
      21:34:44.0471 2332 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
      21:34:44.0512 2332 vds - ok
      21:34:44.0539 2332 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
      21:34:44.0630 2332 vga - ok
      21:34:44.0665 2332 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
      21:34:44.0735 2332 VgaSave - ok
      21:34:44.0751 2332 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
      21:34:44.0782 2332 viaide - ok
      21:34:44.0805 2332 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
      21:34:44.0856 2332 volmgr - ok
      21:34:44.0923 2332 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
      21:34:44.0977 2332 volmgrx - ok
      21:34:45.0035 2332 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
      21:34:45.0086 2332 volsnap - ok
      21:34:45.0110 2332 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
      21:34:45.0129 2332 vsmraid - ok
      21:34:45.0216 2332 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
      21:34:45.0369 2332 VSS - ok
      21:34:45.0466 2332 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
      21:34:45.0538 2332 W32Time - ok
      21:34:45.0564 2332 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
      21:34:45.0643 2332 WacomPen - ok
      21:34:45.0691 2332 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
      21:34:45.0781 2332 Wanarp - ok
      21:34:45.0786 2332 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
      21:34:45.0814 2332 Wanarpv6 - ok
      21:34:45.0893 2332 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
      21:34:45.0966 2332 wcncsvc - ok
      21:34:46.0055 2332 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
      21:34:46.0108 2332 WcsPlugInService - ok
      21:34:46.0137 2332 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
      21:34:46.0170 2332 Wd - ok
      21:34:46.0219 2332 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
      21:34:46.0270 2332 Wdf01000 - ok
      21:34:46.0300 2332 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
      21:34:46.0340 2332 WdiServiceHost - ok
      21:34:46.0345 2332 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
      21:34:46.0383 2332 WdiSystemHost - ok
      21:34:46.0444 2332 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
      21:34:46.0497 2332 WebClient - ok
      21:34:46.0546 2332 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
      21:34:46.0625 2332 Wecsvc - ok
      21:34:46.0638 2332 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
      21:34:46.0669 2332 wercplsupport - ok
      21:34:46.0738 2332 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
      21:34:46.0795 2332 WerSvc - ok
      21:34:46.0824 2332 WinDefend - ok
      21:34:46.0830 2332 WinHttpAutoProxySvc - ok
      21:34:46.0970 2332 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
      21:34:47.0000 2332 Winmgmt - ok
      21:34:47.0105 2332 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
      21:34:47.0204 2332 WinRM - ok
      21:34:47.0328 2332 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
      21:34:47.0457 2332 Wlansvc - ok
      21:34:47.0596 2332 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      21:34:47.0741 2332 wlidsvc - ok
      21:34:47.0780 2332 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
      21:34:47.0825 2332 WmiAcpi - ok
      21:34:47.0888 2332 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
      21:34:47.0921 2332 wmiApSrv - ok
      21:34:47.0948 2332 WMPNetworkSvc - ok
      21:34:47.0982 2332 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
      21:34:48.0064 2332 WPCSvc - ok
      21:34:48.0152 2332 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
      21:34:48.0178 2332 WPDBusEnum - ok
      21:34:48.0223 2332 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
      21:34:48.0256 2332 WpdUsb - ok
      21:34:48.0395 2332 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
      21:34:48.0482 2332 WPFFontCache_v0400 - ok
      21:34:48.0507 2332 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
      21:34:48.0588 2332 ws2ifsl - ok
      21:34:48.0676 2332 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
      21:34:48.0696 2332 wscsvc - ok
      21:34:48.0700 2332 WSearch - ok
      21:34:48.0817 2332 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
      21:34:49.0023 2332 wuauserv - ok
      21:34:49.0080 2332 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
      21:34:49.0136 2332 WUDFRd - ok
      21:34:49.0171 2332 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
      21:34:49.0210 2332 wudfsvc - ok
      21:34:49.0218 2332 ================ Scan global ===============================
      21:34:49.0323 2332 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
      21:34:49.0392 2332 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
      21:34:49.0412 2332 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
      21:34:49.0512 2332 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
      21:34:49.0518 2332 [Global] - ok
      21:34:49.0518 2332 ================ Scan MBR ==================================
      21:34:49.0533 2332 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
      21:34:49.0809 2332 \Device\Harddisk0\DR0 - ok
      21:34:49.0818 2332 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
      21:34:49.0985 2332 \Device\Harddisk1\DR1 - ok
      21:34:49.0985 2332 ================ Scan VBR ==================================
      21:34:49.0988 2332 [ 409F8B705D2CB1FC238AD050948F05F0 ] \Device\Harddisk0\DR0\Partition1
      21:34:49.0989 2332 \Device\Harddisk0\DR0\Partition1 - ok
      21:34:49.0994 2332 [ 5AB1014D3307DDD9B9A4993B0A5EE436 ] \Device\Harddisk0\DR0\Partition2
      21:34:49.0995 2332 \Device\Harddisk0\DR0\Partition2 - ok
      21:34:50.0001 2332 [ 6132ED741C9A0628DB158A2DBA41C1C9 ] \Device\Harddisk1\DR1\Partition1
      21:34:50.0003 2332 \Device\Harddisk1\DR1\Partition1 - ok
      21:34:50.0003 2332 ============================================================
      21:34:50.0003 2332 Scan finished
      21:34:50.0003 2332 ============================================================
      21:34:50.0016 2660 Detected object count: 6
      21:34:50.0016 2660 Actual detected object count: 6
      21:41:20.0956 2660 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
      21:41:20.0956 2660 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
      21:41:20.0958 2660 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
      21:41:20.0958 2660 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
      21:41:20.0960 2660 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
      21:41:20.0961 2660 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
      21:41:20.0962 2660 P2PFire ( UnsignedFile.Multi.Generic ) - skipped by user
      21:41:20.0962 2660 P2PFire ( UnsignedFile.Multi.Generic ) - User select action: Skip
      21:41:20.0965 2660 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
      21:41:20.0965 2660 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
      21:41:20.0967 2660 sptd ( LockedFile.Multi.Generic ) - skipped by user
      21:41:20.0967 2660 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
      21:41:24.0862 6712 Deinitialize success
      ------------------------------

      Pase tambien el ccleaner, limpiador y registro, y el paso de Herramientas y Inicio, a pesar de no ver lubwuhedofym.exe, nose como pegaros aqui todo lo que me sale, no se donde esta la opcion esa en el programa.

      Buscando informacion del archivo .exe, encontre esto:
      http://www.superantispyware.com/malwarefiles/LUBWUHEDOFYM.EXE.html


      Pero bueno, nose si es que el Pc esta infectado con este troyano, esta en cuarentena, porque he hecho los tres pasos y no me ha dado nada fuera de lo normal, creo. A ver que dice alguno de vosotros.

      Gracias.
      Última edición por P.P.P fecha: 05/10/12 a las 22:46:35

    2. #2
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Buenas.



      Descargá OTL By OldTimer a Tu escritorio

      Ejecutá OTL

      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo hasta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.



      Debido al accionar de las infecciones, que impide la ejecución de Todo lo relacionado a Antimalwares, vas a descargar OTL con su Extensión modificada desde cualquiera de los enlaces de abajo, para que este pueda correr.



      Nota:
      Cuando utilice estos enlaces, use Internet Explorer.

      Si utiliza Firefox, haga un clic derecho y seleccione "Guardar enlace como", de lo contrario, en algunos sistemas, cuando se intenta abrir el archivo, aparecería como una secuéncia de comandos y sólo verás muchas líneas de código en la pantalla.

      Una vez descargado OTL con su extensión cambiada, ejecútelo tal cual está explicado anteriormente.


      Nos traes el reporte de OTL.

      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de P.P.P
      Registrado
      ago 2008
      Ubicación
      spy
      Mensajes
      28

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      OTL logfile created on: 06/10/2012 20:35:53 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop
      64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,31% Memory free
      8,19 Gb Paging File | 6,20 Gb Available in Paging File | 75,77% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 917,46 Gb Total Space | 16,94 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
      Drive D: | 14,05 Gb Total Space | 1,93 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
      Drive G: | 241,50 Mb Total Space | 204,72 Mb Free Space | 84,77% Space Free | Partition Type: FAT

      Computer Name: XXXX | User Name: XXXx | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
      PRC - C:\Users\XXXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
      PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
      PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
      PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
      PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
      PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
      PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
      PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
      PRC - C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
      PRC - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
      PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
      PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
      PRC - C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ()
      PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
      PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
      MOD - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
      MOD - C:\Users\XXXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6cc7aca81a3abfc1ab90b0c72f302702\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll ()
      MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
      MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
      SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
      SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
      SRV - (EhttpSrv) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
      SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
      SRV - (ezSharedSvc) -- C:\WINDOWS\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
      SRV - (lxdnCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe ()
      SRV - (lxdn_device) -- C:\WINDOWS\SysWOW64\lxdncoms.exe ( )
      SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
      DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
      DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
      DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
      DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
      DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys (ESET)
      DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
      DRV:64bit: - (eamon) -- C:\Windows\SysNative\DRIVERS\eamon.sys (ESET)
      DRV:64bit: - (azvusb) -- C:\Windows\SysNative\DRIVERS\azvusb.sys (AzureWave Technologies, Inc.)
      DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
      DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
      DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
      DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
      DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
      DRV:64bit: - (Ltn_stk7070P_64) -- C:\Windows\SysNative\DRIVERS\Ltn_stk7070P_64.sys (LITEON)
      DRV:64bit: - (Ltn_stkrc_64) -- C:\Windows\SysNative\DRIVERS\Ltn_stkrc_64.sys (LITEON)
      DRV - (AnyDVD) -- C:\WINDOWS\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
      DRV - (pbfilter) -- C:\Archivos de programa\PeerBlock\pbfilter.sys ()
      DRV - (P2PFire) -- C:\Program Files (x86)\P2PHazard2\P2PFire.sys (ModMa Technologies)
      DRV - (PCLEPCI) -- C:\WINDOWS\SysWOW64\drivers\Pclepci.sys (Pinnacle Systems GmbH)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ECD3804-B56C-407B-B039-C3A0836FCA34}
      IE:64bit: - HKLM\..\SearchScopes\{840BB070-8B75-4DE3-8B0D-771DDCE2D316}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE:64bit: - HKLM\..\SearchScopes\{9ECD3804-B56C-407B-B039-C3A0836FCA34}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {9ECD3804-B56C-407B-B039-C3A0836FCA34}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{840BB070-8B75-4DE3-8B0D-771DDCE2D316}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE - HKLM\..\SearchScopes\{9ECD3804-B56C-407B-B039-C3A0836FCA34}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\..\SearchScopes,DefaultScope = {9ECD3804-B56C-407B-B039-C3A0836FCA34}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
      IE - HKCU\..\SearchScopes\{840BB070-8B75-4DE3-8B0D-771DDCE2D316}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE - HKCU\..\SearchScopes\{9ECD3804-B56C-407B-B039-C3A0836FCA34}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es
      IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=uuseetvbar_adr
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
      FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\XXXX\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907280-0-npoctoshape.xpt ()
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/05 18:51:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 02:55:05 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 02:55:00 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/22 21:07:48 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 02:55:05 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 02:55:00 | 000,000,000 | ---D | M]

      [2010/07/21 00:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
      [2012/08/25 21:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\keqbt39j.default\extensions
      [2012/08/06 21:32:30 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\keqbt39j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
      [2012/09/07 02:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/09/07 02:54:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      [2012/09/07 02:55:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
      [2009/07/17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
      [2009/09/18 20:39:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
      [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
      [2012/08/31 00:00:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/07/14 03:47:20 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/07/14 03:47:20 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/08/31 00:00:03 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/07/14 03:47:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/07/14 03:47:20 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: http://www.google.es/
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.es/
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\XXXX\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\XXXX\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\XXXX\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\XXXX\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
      CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
      CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
      CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
      CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
      CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
      CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
      CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
      CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
      CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
      CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
      CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
      CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
      CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
      CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\XXXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

      O1 HOSTS File: ([2012/09/06 22:34:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
      O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
      O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
      O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
      O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
      O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
      O4:64bit: - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" File not found
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
      O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
      O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
      O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
      O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
      O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
      O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
      O4 - HKLM..\Run: [OsdMaestro] c:\Archivos de programa\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
      O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
      O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
      O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
      O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
      O4 - HKCU..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (PCTV Systems S.à r.l.)
      O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\XXXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O8:64bit: - Extra context menu item: &AOL Toolbar Buscar - C:\ProgramData\AOL\ieToolbar\resources\es-ES\local\search.html File not found
      O8:64bit: - Extra context menu item: &D&escargue &con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8:64bit: - Extra context menu item: &D&escargue todo con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8:64bit: - Extra context menu item: &D&escargue todos los vídeos con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: &AOL Toolbar Buscar - C:\ProgramData\AOL\ieToolbar\resources\es-ES\local\search.html File not found
      O8 - Extra context menu item: &D&escargue &con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&escargue todo con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&escargue todos los vídeos con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
      O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
      O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
      O9 - Extra Button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel File not found
      O9 - Extra 'Tools' menuitem : ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel File not found
      O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91732BEF-763C-4158-8C35-61DDD55E0705}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O24 - Desktop BackupWallPaper: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2010/01/16 17:11:01 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/10/06 20:28:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
      [2012/09/24 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
      [2012/09/23 03:00:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
      [2012/09/23 03:00:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
      [2012/09/23 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
      [2012/09/23 03:00:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
      [2012/09/23 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
      [2012/09/23 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
      [2012/09/23 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
      [2012/09/23 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
      [2012/09/23 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
      [2012/09/23 03:00:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
      [2012/09/23 03:00:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
      [2012/09/23 03:00:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
      [2012/09/23 03:00:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
      [2012/09/23 03:00:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
      [2012/09/23 03:00:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
      [2012/09/18 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      [2012/09/18 06:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
      [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      [2012/09/07 03:05:44 | 000,000,000 | --SD | C] -- C:\ComboFix
      [2012/09/07 03:02:41 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
      [2012/09/07 02:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2012/09/06 22:43:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
      [2012/09/06 22:35:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
      [2009/06/12 20:16:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\XXXX\AppData\Roaming\pcouffin.sys

      ========== Files - Modified Within 30 Days ==========

      [2012/10/06 20:30:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
      [2012/10/06 20:28:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
      [2012/10/06 20:26:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000UA.job
      [2012/10/06 20:20:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/10/06 20:20:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/10/06 20:20:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/10/06 15:37:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000UA.job
      [2012/10/06 14:26:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000Core.job
      [2012/10/06 00:46:33 | 000,144,896 | ---- | M] () -- C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/10/06 00:41:45 | 2247,475,554 | ---- | M] () -- C:\Users\XXXX\Desktop\rgry5.avi
      [2012/10/06 00:37:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000Core.job
      [2012/10/06 00:00:47 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-xxxx1_xxxx.job
      [2012/10/05 17:53:07 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/10/05 17:43:12 | 000,008,930 | ---- | M] () -- C:\Users\xxxx\Desktop\XXXX\Documents\Documents\Documents\cc_20121005_174303.reg
      [2012/09/30 21:56:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP
      [2012/09/27 2025 | 000,064,108 | ---- | M] () -- C:\Users\XXXX\Desktop\$T2eC16V,!)kE9s4,!!NMBQ()hNWOow~~60_12.JPG
      [2012/09/24 19:23:06 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
      [2012/09/18 06:31:48 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/09/06 22:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

      ========== Files Created - No Company Name ==========

      [2012/10/06 00:43:12 | 2247,475,554 | ---- | C] () -- C:\Users\XXXX\Desktop\rgry5.avi
      [2012/09/27 2024 | 000,064,108 | ---- | C] () -- C:\Users\XXXX\Desktop\$T2eC16V,!)kE9s4,!!NMBQ()hNWOow~~60_12.JPG
      [2012/09/18 06:31:48 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012/01/05 18:05:57 | 000,001,460 | ---- | C] () -- C:\Users\XXXX\AppData\Local\d3d9caps64.dat
      [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
      [2010/01/11 15:42:14 | 000,000,845 | ---- | C] () -- C:\Users\XXXX\.recently-used.xbel
      [2009/12/16 03:34:04 | 000,008,484 | ---- | C] () -- C:\Users\XXXX\AppData\Local\d3d9caps.dat
      [2009/11/11 21:30:03 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
      [2009/11/11 21:24:59 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
      [2009/10/24 09:43:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
      [2009/10/22 22:12:12 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2009/10/16 16:53:00 | 000,000,094 | ---- | C] () -- C:\Users\XXXX\AppData\Local\fusioncache.dat
      [2009/10/11 05:20:42 | 000,000,029 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\default.rss
      [2009/10/11 05:20:42 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\downloads.m3u
      [2009/07/30 02:51:44 | 000,001,650 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\wklnhst.dat
      [2009/06/12 20:16:47 | 000,007,859 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\pcouffin.cat
      [2009/06/12 20:16:47 | 000,001,167 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\pcouffin.inf
      [2009/06/11 23:40:30 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
      [2009/03/28 15:59:51 | 000,144,896 | ---- | C] () -- C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== ZeroAccess Check ==========

      [2006/11/02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2009/10/26 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Audacity
      [2009/09/18 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Babylon
      [2009/10/31 01:47:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\BSplayer
      [2009/10/31 01:44:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\BSplayer Pro
      [2009/10/25 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Cool Record Edit Pro
      [2010/06/14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Cycling '74
      [2010/07/29 21:33:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DVDVideoSoftIEHelpers
      [2009/09/16 02:55:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ESET
      [2009/10/25 14:36:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Free Sound Recorder
      [2009/11/14 09:05:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GeoVid
      [2010/01/27 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GrabPro
      [2010/01/11 15:42:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\gtk-2.0
      [2010/07/28 01:48:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HandBrake
      [2009/10/05 07:58:21 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech
      [2009/04/01 08:31:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Lexmark Productivity Studio
      [2012/09/25 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MassTube
      [2009/10/07 21:32:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Megaupload
      [2010/03/09 21:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MPEG Streamclip
      [2010/08/19 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nokia
      [2009/10/29 03:14:12 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Octoshape
      [2010/07/22 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Opera
      [2010/01/27 19:06:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Orbit
      [2009/12/14 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PandoraRecovery
      [2010/08/05 19:07:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PC Suite
      [2009/10/19 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Pegasys Inc
      [2009/06/19 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SharePod
      [2009/09/21 21:56:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Skinux
      [2009/03/27 19:27:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softplicity
      [2010/01/11 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SPlayer
      [2012/08/16 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Spotify
      [2009/07/30 02:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Template
      [2010/07/06 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thinstall
      [2010/09/06 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\VDownloader
      [2009/06/12 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Vso
      [2010/09/07 00:34:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Youtube Downloader HD

      ========== Purity Check ==========



      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:66633281
      @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3440EB47
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0888F409

      < End of report >




      Ahora voy a pasarlo con la extension? Lo bajare del primer enlace y vuelvo a copiar el registro.

    4. #4
      Usuario Avatar de P.P.P
      Registrado
      ago 2008
      Ubicación
      spy
      Mensajes
      28

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Este es el reporte, con la otra extension del programa que me pusiste en la cita:


      OTL logfile created on: 06/10/2012 20:59:10 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop
      64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      4,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 44,74% Memory free
      8,19 Gb Paging File | 5,93 Gb Available in Paging File | 72,45% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 917,46 Gb Total Space | 16,94 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
      Drive D: | 14,05 Gb Total Space | 1,93 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
      Drive G: | 241,50 Mb Total Space | 204,72 Mb Free Space | 84,77% Space Free | Partition Type: FAT

      Computer Name: xxxx | User Name: xxxx | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\xxxx\Desktop\OTL.com (OldTimer Tools)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Users\xxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
      PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
      PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
      PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
      PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
      PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
      PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
      PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
      PRC - C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
      PRC - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
      PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
      PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
      PRC - c:\program files (x86)\aol\aol toolbar 5.0\AolTbServer.exe (AOL LLC)
      PRC - C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
      PRC - C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ()
      PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
      PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Users\xxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6cc7aca81a3abfc1ab90b0c72f302702\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
      MOD - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
      MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
      MOD - c:\program files (x86)\aol\aol toolbar 5.0\apopup.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll ()
      MOD - C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll ()
      MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
      MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
      SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
      SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
      SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
      SRV - (EhttpSrv) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
      SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
      SRV - (ezSharedSvc) -- C:\WINDOWS\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
      SRV - (lxdnCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe ()
      SRV - (lxdn_device) -- C:\WINDOWS\SysWOW64\lxdncoms.exe ( )
      SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
      DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
      DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
      DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
      DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
      DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys (ESET)
      DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
      DRV:64bit: - (eamon) -- C:\Windows\SysNative\DRIVERS\eamon.sys (ESET)
      DRV:64bit: - (azvusb) -- C:\Windows\SysNative\DRIVERS\azvusb.sys (AzureWave Technologies, Inc.)
      DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
      DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
      DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
      DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
      DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
      DRV:64bit: - (Ltn_stk7070P_64) -- C:\Windows\SysNative\DRIVERS\Ltn_stk7070P_64.sys (LITEON)
      DRV:64bit: - (Ltn_stkrc_64) -- C:\Windows\SysNative\DRIVERS\Ltn_stkrc_64.sys (LITEON)
      DRV - (AnyDVD) -- C:\WINDOWS\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
      DRV - (pbfilter) -- C:\Archivos de programa\PeerBlock\pbfilter.sys ()
      DRV - (P2PFire) -- C:\Program Files (x86)\P2PHazard2\P2PFire.sys (ModMa Technologies)
      DRV - (PCLEPCI) -- C:\WINDOWS\SysWOW64\drivers\Pclepci.sys (Pinnacle Systems GmbH)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ECD3804-B56C-407B-B039-C3A0836FCA34}
      IE:64bit: - HKLM\..\SearchScopes\{840BB070-8B75-4DE3-8B0D-771DDCE2D316}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE:64bit: - HKLM\..\SearchScopes\{9ECD3804-B56C-407B-B039-C3A0836FCA34}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {9ECD3804-B56C-407B-B039-C3A0836FCA34}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{840BB070-8B75-4DE3-8B0D-771DDCE2D316}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE - HKLM\..\SearchScopes\{9ECD3804-B56C-407B-B039-C3A0836FCA34}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\..\SearchScopes,DefaultScope = {9ECD3804-B56C-407B-B039-C3A0836FCA34}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
      IE - HKCU\..\SearchScopes\{840BB070-8B75-4DE3-8B0D-771DDCE2D316}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE - HKCU\..\SearchScopes\{9ECD3804-B56C-407B-B039-C3A0836FCA34}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es
      IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=uuseetvbar_adr
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
      FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\xxxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907280-0-npoctoshape.xpt ()
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/05 18:51:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 02:55:05 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 02:55:00 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/22 21:07:48 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 02:55:05 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 02:55:00 | 000,000,000 | ---D | M]

      [2010/07/21 00:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
      [2012/08/25 21:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\keqbt39j.default\extensions
      [2012/08/06 21:32:30 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\keqbt39j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
      [2012/09/07 02:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/09/07 02:54:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      [2012/09/07 02:55:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
      [2009/07/17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
      [2009/09/18 20:39:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
      [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
      [2012/08/31 00:00:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/07/14 03:47:20 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/07/14 03:47:20 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/08/31 00:00:03 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/07/14 03:47:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/07/14 03:47:20 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: http://www.google.es/
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.es/
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
      CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
      CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
      CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
      CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
      CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
      CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
      CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
      CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\xxxx\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
      CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
      CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
      CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
      CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
      CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
      CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\xxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

      O1 HOSTS File: ([2012/09/06 22:34:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
      O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
      O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
      O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
      O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
      O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
      O4:64bit: - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" File not found
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
      O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
      O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
      O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
      O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
      O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
      O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
      O4 - HKLM..\Run: [OsdMaestro] c:\Archivos de programa\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
      O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
      O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
      O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
      O4 - HKCU..\Run: [Facebook Update] C:\Users\xxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
      O4 - HKCU..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (PCTV Systems S.à r.l.)
      O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\xxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O8:64bit: - Extra context menu item: &AOL Toolbar Buscar - C:\ProgramData\AOL\ieToolbar\resources\es-ES\local\search.html File not found
      O8:64bit: - Extra context menu item: &D&escargue &con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8:64bit: - Extra context menu item: &D&escargue todo con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8:64bit: - Extra context menu item: &D&escargue todos los vídeos con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: &AOL Toolbar Buscar - C:\ProgramData\AOL\ieToolbar\resources\es-ES\local\search.html File not found
      O8 - Extra context menu item: &D&escargue &con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&escargue todo con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&escargue todos los vídeos con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
      O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
      O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
      O9 - Extra Button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel File not found
      O9 - Extra 'Tools' menuitem : ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel File not found
      O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91732BEF-763C-4158-8C35-61DDD55E0705}: DhcpNameServer = 8x.x8.6x.x50 8x.x8.6x.x54
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O24 - Desktop BackupWallPaper: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2010/01/16 17:11:01 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/10/06 20:55:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.com
      [2012/10/06 20:28:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
      [2012/09/24 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
      [2012/09/23 03:00:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
      [2012/09/23 03:00:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
      [2012/09/23 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
      [2012/09/23 03:00:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
      [2012/09/23 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
      [2012/09/23 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
      [2012/09/23 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
      [2012/09/23 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
      [2012/09/23 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
      [2012/09/23 03:00:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
      [2012/09/23 03:00:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
      [2012/09/23 03:00:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
      [2012/09/23 03:00:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
      [2012/09/23 03:00:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
      [2012/09/23 03:00:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
      [2012/09/18 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      [2012/09/18 06:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
      [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      [2012/09/07 03:05:44 | 000,000,000 | --SD | C] -- C:\ComboFix
      [2012/09/07 03:02:41 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
      [2012/09/07 02:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2012/09/06 22:43:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
      [2012/09/06 22:35:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
      [2009/06/12 20:16:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\xxxx\AppData\Roaming\pcouffin.sys

      ========== Files - Modified Within 30 Days ==========

      [2012/10/06 20:55:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.com
      [2012/10/06 20:30:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
      [2012/10/06 20:28:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
      [2012/10/06 20:26:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000UA.job
      [2012/10/06 20:20:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/10/06 20:20:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/10/06 20:20:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/10/06 15:37:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000UA.job
      [2012/10/06 14:26:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000Core.job
      [2012/10/06 00:46:33 | 000,144,896 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/10/06 00:41:45 | 2247,475,554 | ---- | M] () -- C:\Users\xxxx\Desktop\rgry5.avi
      [2012/10/06 00:37:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000Core.job
      [2012/10/06 00:00:47 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-xxxx1_xxxx.job
      [2012/10/05 17:53:07 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/30 21:56:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP
      [2012/09/27 2025 | 000,064,108 | ---- | M] () -- C:\Users\xxxx\Desktop\$T2eC16V,!)kE9s4,!!NMBQ()hNWOow~~60_12.JPG
      [2012/09/24 19:23:06 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
      [2012/09/18 06:31:48 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/09/06 22:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

      ========== Files Created - No Company Name ==========

      [2012/10/06 00:43:12 | 2247,475,554 | ---- | C] () -- C:\Users\xxxx\Desktop\rgry5.avi
      [2012/09/27 2024 | 000,064,108 | ---- | C] () -- C:\Users\xxxx\Desktop\$T2eC16V,!)kE9s4,!!NMBQ()hNWOow~~60_12.JPG
      [2012/09/18 06:31:48 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012/01/05 18:05:57 | 000,001,460 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps64.dat
      [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
      [2010/01/11 15:42:14 | 000,000,845 | ---- | C] () -- C:\Users\xxxx\.recently-used.xbel
      [2009/12/16 03:34:04 | 000,008,484 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
      [2009/11/11 21:30:03 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
      [2009/11/11 21:24:59 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
      [2009/10/24 09:43:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
      [2009/10/22 22:12:12 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2009/10/16 16:53:00 | 000,000,094 | ---- | C] () -- C:\Users\xxxx\AppData\Local\fusioncache.dat
      [2009/10/11 05:20:42 | 000,000,029 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\default.rss
      [2009/10/11 05:20:42 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\downloads.m3u
      [2009/07/30 02:51:44 | 000,001,650 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\wklnhst.dat
      [2009/06/12 20:16:47 | 000,007,859 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\pcouffin.cat
      [2009/06/12 20:16:47 | 000,001,167 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\pcouffin.inf
      [2009/06/11 23:40:30 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
      [2009/03/28 15:59:51 | 000,144,896 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== ZeroAccess Check ==========

      [2006/11/02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2009/10/26 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Audacity
      [2009/09/18 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Babylon
      [2009/10/31 01:47:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\BSplayer
      [2009/10/31 01:44:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\BSplayer Pro
      [2009/10/25 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Cool Record Edit Pro
      [2010/06/14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Cycling '74
      [2010/07/29 21:33:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DVDVideoSoftIEHelpers
      [2009/09/16 02:55:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ESET
      [2009/10/25 14:36:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Free Sound Recorder
      [2009/11/14 09:05:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GeoVid
      [2010/01/27 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GrabPro
      [2010/01/11 15:42:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\gtk-2.0
      [2010/07/28 01:48:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HandBrake
      [2009/10/05 07:58:21 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech
      [2009/04/01 08:31:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Lexmark Productivity Studio
      [2012/09/25 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MassTube
      [2009/10/07 21:32:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Megaupload
      [2010/03/09 21:03:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MPEG Streamclip
      [2010/08/19 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nokia
      [2009/10/29 03:14:12 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Octoshape
      [2010/07/22 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Opera
      [2010/01/27 19:06:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Orbit
      [2009/12/14 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PandoraRecovery
      [2010/08/05 19:07:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PC Suite
      [2009/10/19 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Pegasys Inc
      [2009/06/19 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SharePod
      [2009/09/21 21:56:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Skinux
      [2009/03/27 19:27:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softplicity
      [2010/01/11 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SPlayer
      [2012/08/16 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Spotify
      [2009/07/30 02:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Template
      [2010/07/06 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thinstall
      [2010/09/06 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\VDownloader
      [2009/06/12 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Vso
      [2010/09/07 00:34:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Youtube Downloader HD

      ========== Purity Check ==========



      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:66633281
      @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3440EB47
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0888F409

      < End of report >





      Que es lo que se puede ver en estos 2 reportes?

    5. #5
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Buenas.


      Se puede ver un virus muy peligroso.







      Ejecutá OTL.exe


      1.- Copiar el siguiente texto (excluyendo la palabra Código):
      Código:
      :OTL
      O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\xxxx\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe ()
      
      
      :Commands
      [PURITY] 
      [RESETHOSTS]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      2.- Pegar el contenido sobre el apartado: Análisis Personalizados /Código de Reparación.


      3.- Presionar el botón Reparar para comenzar el procedimiento. Presionar OK.


      OTL va a reiniciar el ordenador para completar el procedimiento.

      Guardar el nuevo reporte generado. Copiar y pegarlo en su próxima respuesta, comentando como funciona el Sistema.

      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de P.P.P
      Registrado
      ago 2008
      Ubicación
      spy
      Mensajes
      28

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Me salio esto en el registro:


      All processes killed
      Error: Unable to interpret <Código:> in the current context!
      ========== OTL ==========
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper not found.
      File C:\Users\xxxx\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe not found.
      ========== COMMANDS ==========
      File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
      HOSTS file reset successfully

      [EMPTYFLASH]

      User: All Users

      User: Default

      User: Default User

      User: NeroMediaHomeUser.4

      User: Public

      User: UpdatusUser

      User: xxxx
      ->Flash cache emptied: 492 bytes

      Total Flash Files Cleaned = 0,00 mb


      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: NeroMediaHomeUser.4
      ->Temp folder emptied: 0 bytes

      User: Public
      ->Temp folder emptied: 0 bytes

      User: UpdatusUser
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: xxxx
      ->Temp folder emptied: 1767521 bytes
      ->Temporary Internet Files folder emptied: 217168 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 6561325 bytes
      ->Google Chrome cache emptied: 0 bytes
      ->Apple Safari cache emptied: 0 bytes
      ->Opera cache emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 0 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59058012 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 64,00 mb

      Restore point Set: OTL Restore Point

      OTL by OldTimer - Version 3.2.69.0 log created on 10072012_154250

      Files\Folders moved on Reboot...
      File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...




      Que es lo que se ve?

    7. #7
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Buenas


      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.Comentando como esta funcionado tu sistema.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de P.P.P
      Registrado
      ago 2008
      Ubicación
      spy
      Mensajes
      28

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      ComboFix 12-09-30.03 - xxxx 08/10/2012 4:54.3.4 - x64
      Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.4094.1775 [GMT 2:00]
      Running from: c:\users\xxxx\Desktop\ComboFix.exe
      AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
      SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      - REDUCED FUNCTIONALITY MODE -
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-07 12:06 . 2012-10-07 12:06 -------- d-----w- C:\_OTL
      2012-10-05 22:18 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF5CDE4D-31F2-422C-B132-01F758954D72}\mpengine.dll
      2012-09-18 04:31 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
      2012-09-18 04:29 . 2012-09-18 04:29 -------- d-----w- c:\program files\iPod
      2012-09-18 04:29 . 2012-09-18 04:31 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
      2012-09-18 04:29 . 2012-09-18 04:31 -------- d-----w- c:\program files\iTunes
      2012-09-18 04:29 . 2012-09-18 04:31 -------- d-----w- c:\program files (x86)\iTunes
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-12 01:01 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
      2012-09-07 15:04 . 2010-08-09 18:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-08-26 09:05 . 2012-06-29 21:39 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-08-26 09:05 . 2011-12-30 19:19 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-08-21 11:01 . 2010-01-18 21:04 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
      2012-08-21 11:01 . 2010-01-18 21:04 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
      2012-07-24 18:39 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      2012-07-21 01:46 . 2012-07-21 01:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
      2012-07-21 01:46 . 2012-07-21 01:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
      2012-07-21 01:46 . 2012-07-21 01:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
      2012-07-21 01:46 . 2012-07-21 01:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
      2012-07-21 01:46 . 2012-07-21 01:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
      2012-07-21 01:46 . 2012-07-21 01:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
      2012-07-21 01:46 . 2012-07-21 01:46 367104 ----a-w- c:\windows\SysWow64\html.iec
      2012-07-21 01:46 . 2012-07-21 01:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
      2012-07-21 01:46 . 2012-07-21 01:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
      2012-07-21 01:46 . 2012-07-21 01:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
      2012-07-21 01:46 . 2012-07-21 01:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
      2012-07-21 01:46 . 2012-07-21 01:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
      2012-07-21 01:46 . 2012-07-21 01:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
      2012-07-21 01:46 . 2012-07-21 01:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
      2012-07-21 01:46 . 2012-07-21 01:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
      2012-07-21 01:46 . 2012-07-21 01:46 222208 ----a-w- c:\windows\system32\msls31.dll
      2012-07-21 01:46 . 2012-07-21 01:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
      2012-07-21 01:46 . 2012-07-21 01:46 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
      2012-07-21 01:46 . 2012-07-21 01:46 49664 ----a-w- c:\windows\system32\imgutil.dll
      2012-07-21 01:46 . 2012-07-21 01:46 267776 ----a-w- c:\windows\system32\ieaksie.dll
      2012-07-21 01:46 . 2012-07-21 01:46 197120 ----a-w- c:\windows\system32\msrating.dll
      2012-07-21 01:46 . 2012-07-21 01:46 163840 ----a-w- c:\windows\system32\ieakui.dll
      2012-07-21 01:46 . 2012-07-21 01:46 145920 ----a-w- c:\windows\system32\iepeers.dll
      2012-07-21 01:46 . 2012-07-21 01:46 136192 ----a-w- c:\windows\system32\advpack.dll
      2012-07-21 01:46 . 2012-07-21 01:46 12288 ----a-w- c:\windows\system32\mshta.exe
      2012-07-21 01:46 . 2012-07-21 01:46 114176 ----a-w- c:\windows\system32\admparse.dll
      2012-07-21 01:46 . 2012-07-21 01:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
      2012-07-21 01:46 . 2012-07-21 01:46 76800 ----a-w- c:\windows\system32\tdc.ocx
      2012-07-21 01:46 . 2012-07-21 01:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
      2012-07-21 01:46 . 2012-07-21 01:46 160256 ----a-w- c:\windows\system32\ieakeng.dll
      2012-07-21 01:46 . 2012-07-21 01:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
      2012-07-21 01:46 . 2012-07-21 01:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
      2012-07-21 01:46 . 2012-07-21 01:46 10752 ----a-w- c:\windows\system32\msfeedssync.exe
      2012-07-21 01:46 . 2012-07-21 01:46 89088 ----a-w- c:\windows\system32\ie4uinit.exe
      2012-07-21 01:46 . 2012-07-21 01:46 85504 ----a-w- c:\windows\system32\iesetup.dll
      2012-07-21 01:46 . 2012-07-21 01:46 82432 ----a-w- c:\windows\system32\icardie.dll
      2012-07-21 01:46 . 2012-07-21 01:46 534528 ----a-w- c:\windows\system32\ieapfltr.dll
      2012-07-21 01:46 . 2012-07-21 01:46 452608 ----a-w- c:\windows\system32\dxtmsft.dll
      2012-07-21 01:46 . 2012-07-21 01:46 448512 ----a-w- c:\windows\system32\html.iec
      2012-07-21 01:46 . 2012-07-21 01:46 403248 ----a-w- c:\windows\system32\iedkcs32.dll
      2012-07-21 01:46 . 2012-07-21 01:46 39936 ----a-w- c:\windows\system32\iernonce.dll
      2012-07-21 01:46 . 2012-07-21 01:46 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
      2012-07-21 01:46 . 2012-07-21 01:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
      2012-07-21 01:46 . 2012-07-21 01:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
      2012-07-21 01:46 . 2012-07-21 01:46 249344 ----a-w- c:\windows\system32\webcheck.dll
      2012-07-21 01:46 . 2012-07-21 01:46 103936 ----a-w- c:\windows\system32\inseng.dll
      2012-07-21 01:46 . 2012-07-21 01:46 165888 ----a-w- c:\windows\system32\iexpress.exe
      2012-07-21 01:46 . 2012-07-21 01:46 160256 ----a-w- c:\windows\system32\wextract.exe
      2012-07-21 01:46 . 2012-07-21 01:46 65024 ----a-w- c:\windows\system32\pngfilt.dll
      2012-07-21 01:46 . 2012-07-21 01:46 149504 ----a-w- c:\windows\system32\occache.dll
      2012-07-21 01:44 . 2012-07-21 01:44 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
      2012-07-21 01:44 . 2012-07-21 01:44 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
      2012-07-21 01:44 . 2012-07-21 01:44 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
      2012-07-21 01:44 . 2012-07-21 01:44 377344 ----a-w- c:\windows\system32\mfmp4src.dll
      2012-07-21 01:44 . 2012-07-21 01:44 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
      2012-07-21 01:44 . 2012-07-21 01:44 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
      2012-07-21 01:44 . 2012-07-21 01:44 3548672 ----a-w- c:\windows\system32\mf.dll
      2012-07-21 01:44 . 2012-07-21 01:44 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
      2012-07-21 01:44 . 2012-07-21 01:44 34304 ----a-w- c:\windows\system32\mfpmp.exe
      2012-07-21 01:44 . 2012-07-21 01:44 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
      2012-07-21 01:44 . 2012-07-21 01:44 195072 ----a-w- c:\windows\system32\mfps.dll
      2012-07-21 01:44 . 2012-07-21 01:44 2873344 ----a-w- c:\windows\SysWow64\mf.dll
      2012-07-21 01:44 . 2012-07-21 01:44 98816 ----a-w- c:\windows\SysWow64\mfps.dll
      2012-07-21 01:44 . 2012-07-21 01:44 278528 ----a-w- c:\windows\system32\mfplat.dll
      2012-07-21 01:44 . 2012-07-21 01:44 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
      2012-07-21 01:44 . 2012-07-21 01:44 748544 ----a-w- c:\windows\system32\stobject.dll
      2012-07-21 01:44 . 2012-07-21 01:44 586240 ----a-w- c:\windows\SysWow64\stobject.dll
      2012-07-21 01:44 . 2012-07-21 01:44 1204224 ----a-w- c:\windows\system32\shdocvw.dll
      2012-07-21 01:43 . 2012-07-21 01:43 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
      2012-07-21 01:43 . 2012-07-21 01:43 566272 ----a-w- c:\windows\system32\d3d10level9.dll
      2012-07-21 01:43 . 2012-07-21 01:43 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
      2012-07-21 01:43 . 2012-07-21 01:43 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
      2012-07-21 01:43 . 2012-07-21 01:43 625152 ----a-w- c:\windows\system32\dxgi.dll
      2012-07-21 01:43 . 2012-07-21 01:43 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
      2012-07-21 01:43 . 2012-07-21 01:43 47104 ----a-w- c:\windows\system32\cdd.dll
      2012-07-21 01:43 . 2012-07-21 01:43 366592 ----a-w- c:\windows\system32\winspool.drv
      2012-07-21 01:43 . 2012-07-21 01:43 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
      2012-07-21 01:43 . 2012-07-21 01:43 287232 ----a-w- c:\windows\system32\d3d10core.dll
      2012-07-21 01:43 . 2012-07-21 01:43 258048 ----a-w- c:\windows\SysWow64\winspool.drv
      2012-07-21 01:43 . 2012-07-21 01:43 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
      2012-07-21 01:43 . 2012-07-21 01:43 1268224 ----a-w- c:\windows\system32\d3d10.dll
      2012-07-21 01:43 . 2012-07-21 01:43 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
      2012-07-21 01:43 . 2012-07-21 01:43 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
      2012-07-21 01:43 . 2012-07-21 01:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
      2012-07-21 01:43 . 2012-07-21 01:43 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
      2012-07-21 01:43 . 2012-07-21 01:43 3068416 ----a-w- c:\windows\system32\xpsservices.dll
      2012-07-21 01:43 . 2012-07-21 01:43 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
      2012-07-21 01:43 . 2012-07-21 01:43 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
      2012-07-21 01:42 . 2012-07-21 01:42 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
      2012-07-21 01:42 . 2012-07-21 01:42 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
      2012-07-21 01:42 . 2012-07-21 01:42 449024 ----a-w- c:\windows\system32\WMPhoto.dll
      2012-07-21 01:42 . 2012-07-21 01:42 328192 ----a-w- c:\windows\system32\dxdiag.exe
      2012-07-21 01:42 . 2012-07-21 01:42 262656 ----a-w- c:\windows\system32\dxdiagn.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
      "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
      "PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
      "RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944]
      "Facebook Update"="c:\users\xxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
      "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
      "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
      "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
      "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
      "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
      "FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 320168]
      "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
      "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2006-09-07 15360]
      "NokiaMusic FastStart"="c:\program files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
      "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
      "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-27 113664]
      Buscar actualizaciones.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
      McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
      Software Kodak EasyShare.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
      getPlusHelper REG_MULTI_SZ getPlusHelper
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      Themes
      ezSharedSvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000Core.job
      - c:\users\xxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-29 22:32]
      .
      2012-10-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000UA.job
      - c:\users\xxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-29 22:32]
      .
      2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000Core.job
      - c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 19:11]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258622934-2799181398-629544736-1000UA.job
      - c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 19:11]
      .
      2012-10-07 c:\windows\Tasks\NeroLiveEpgUpdate-xxxx1_xxxx.job
      - c:\program files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 12:51]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
      "lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2007-12-17 660136]
      "lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2007-12-17 16040]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      IE: &AOL Toolbar Buscar - c:\programdata\AOL\ieToolbar\resources\es-ES\local\search.html
      IE: &D&escargue &con BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
      IE: &D&escargue todo con BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
      IE: &D&escargue todos los vídeos con BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
      IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel
      TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
      CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
      FF - ProfilePath - c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\keqbt39j.default\
      .
      - - - - ORPHANS REMOVED - - - -
      .
      HKLM-Run-OsdMaestro - c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
      @="Shockwave Flash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
      @Denied: (A 2) (Everyone)
      @=""
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
      @="FlashBroker"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
      "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
      00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
      .
      Completion time: 2012-10-08 05:03:42
      ComboFix-quarantined-files.txt 2012-10-08 03:03
      .
      Pre-Run: 29.539.315.712 bytes libres
      Post-Run: 28.656.041.984 bytes libres
      .
      - - End Of File - - C30EA8F3A4CB6FA44335DADF853C4B46




      Que es lo que ven ?

    9. #9
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Infectado con, lubwuhedofym.exe Win32/Wigon.PB Troyano?

      Buenas.


      Esta todo correcto, como funciona tu pc?


      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.