• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    troyano lollipop y nveckry.exe

    Buenas tardes, soy Angela y soy nueva por aqui. Tengo dos problemas, que no se si tendran relación.. el primero es lollipop.exe que por lo que he leido es un troyano, me abre las ventanas ...

    1. #1
      Usuario Avatar de angelalopezruiz
      Registrado
      ene 2013
      Ubicación
      españa
      Mensajes
      4

      Malware troyano lollipop y nveckry.exe

      Buenas tardes, soy Angela y soy nueva por aqui.

      Tengo dos problemas, que no se si tendran relación..
      el primero es lollipop.exe que por lo que he leido es un troyano, me abre las ventanas de publicidad solas.

      He pasado el antivirus que tengo eset smart segurity 5, y ya no lo detecta. Le pasado malwarebytes y tampoco. y el ccleaner, para limpiar.

      he desistalar programas me aparece y lo intento quitar y no me deja. Pero las paginas las sigue abriendo.

      Por otro lado cuando analizo el equipo con el eset sart segurty me sale esta infeccion que me dice que es imposible de eliminar ;
      nveckry.exe(1976) variante de win32... no se si tendra algo que ver con lollipop.exe

      tampoco lo detecta malwarebytes... si el antivirus pero no puedo desinfectar!! espero vuestra ayuda!

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      re: troyano lollipop y nveckry.exe

      Hola




      Descargá OTL By OldTimer





      >>> Ejecutá OTL
      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo asta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Pegá el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:

        NOTA: No copiar la palabra Cita.
        msconfig
        netsvcs
        baseservices
        %systemdrive%\*.*
        %programfiles%\*.exe
        %appdata%\*.exe /s /5
        %localappdata%\*.exe /s /5
        %systemroot%\*. /mp /s
        CREATERESTOREPOINT
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.




      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de angelalopezruiz
      Registrado
      ene 2013
      Ubicación
      españa
      Mensajes
      4

      re: troyano lollipop y nveckry.exe

      gracias por la atención...el contenido es este;

      OTL logfile created on: 03/01/2013 12:57:08 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Mis documentos\Downloads
      Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1022,42 Mb Total Physical Memory | 363,86 Mb Available Physical Memory | 35,59% Memory free
      2,40 Gb Paging File | 1,74 Gb Available in Paging File | 72,28% Paging File free
      Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
      Drive C: | 292,98 Gb Total Space | 277,22 Gb Free Space | 94,62% Space Free | Partition Type: NTFS
      Drive D: | 172,77 Gb Total Space | 172,70 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

      Computer Name: ANGELA | User Name: Administrador | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Documents and Settings\Administrador\Mis documentos\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop\nveckry.exe ()
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
      PRC - C:\Archivos de programa\Java\jre7\bin\jqs.exe (Oracle Corporation)
      PRC - C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      PRC - C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe (ESET)
      PRC - C:\Archivos de programa\ESET\ESET Smart Security\egui.exe (ESET)
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)


      ========== Modules (No Company Name) ==========

      MOD - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop\nveckry.exe ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
      MOD - C:\WINDOWS\system32\msdmo.dll ()
      MOD - C:\WINDOWS\system32\nvapi.dll ()


      ========== Services (SafeList) ==========

      SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (JavaQuickStarterService) -- C:\Archivos de programa\Java\jre7\bin\jqs.exe (Oracle Corporation)
      SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe (ESET)
      SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (WDICA) -- File not found
      DRV - (PDRFRAME) -- File not found
      DRV - (PDRELI) -- File not found
      DRV - (PDFRAME) -- File not found
      DRV - (PDCOMP) -- File not found
      DRV - (PCIDump) -- File not found
      DRV - (lbrtfdc) -- File not found
      DRV - (i2omgmt) -- File not found
      DRV - (Changer) -- File not found
      DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
      DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
      DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
      DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
      DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
      DRV - (DumpDrv) -- C:\WINDOWS\System32\drivers\dumpdrv.sys (Microsoft Corporation)
      DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
      DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
      DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)


      ========== Standard Registry (All) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 91 6B 76 D0 A7 CD 01 [binary data]
      IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = %s - Google Search
      IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114757&tt=4712_6&babsrc=SP_ss&mntrId=24ccf6eb0000000000000019db3523da
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3266100&CUI=UN36193434335185267
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/10/11 17:29:07 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET Smart Security\Mozilla Thunderbird [2012/10/11 22:57:42 | 000,000,000 | ---D | M]

      [2012/11/28 13:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\0\extensions
      [2012/11/28 13:08:30 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\0\extensions\[email protected]

      ========== Chrome ==========

      CHR - homepage: Search
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: Search
      CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
      CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
      CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
      CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Archivos de programa\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
      CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

      O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Administrador\Datos de programa\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKCU\..\Toolbar\ShellBrowser: (&Dirección) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
      O4 - HKLM..\Run: [egui] C:\Archivos de programa\ESET\ESET Smart Security\egui.exe (ESET)
      O4 - HKLM..\Run: [HDAudDeck] C:\Archivos de programa\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [SweetIM] C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Archivos de programa\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found
      O4 - HKCU..\Run: [Bubble Dock] "C:\Documents and Settings\Administrador\Datos de programa\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found
      O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [nveckry] c:\documents and settings\administrador\configuración local\datos de programa\lollipop\nveckry.exe ()
      O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9172A2E9-547D-494E-8291-D14BC70EFFF9}: NameServer = 80.58.61.250,80.58.61.254
      O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ipp - No CLSID value found
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
      O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Invalid data type.) - Reg Error: Invalid data type. File not found
      O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
      O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
      O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
      O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
      O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precargador Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
      O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demonio de caché de las categorías de componente - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
      O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
      O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
      O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2012/10/11 17:25:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


      NetSvcs: 6to4 - File not found
      NetSvcs: Ias - File not found
      NetSvcs: Iprip - File not found
      NetSvcs: Irmon - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: WmdmPmSp - File not found

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/01/02 13:49:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
      [2013/01/02 10:14:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
      [2012/12/28 11:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
      [2012/12/28 11:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
      [2012/12/28 11:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
      [2012/12/28 11:15:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2012/12/28 11:15:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
      [2012/12/28 11:14:06 | 000,000,000 | ---D | C] -- C:\_AT-Destroyer
      [2012/12/28 11:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CCleaner
      [2012/12/28 11:06:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
      [2012/12/27 19:30:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Conduit
      [2012/12/27 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Temp
      [2012/12/27 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Conduit
      [2012/12/27 19:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\CRE
      [2012/12/27 19:27:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Nosibay
      [2012/12/27 19:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Nosibay
      [2012/12/27 19:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Ares
      [2012/12/27 12:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop
      [2012/12/24 12:53:24 | 000,000,000 | ---D | C] -- C:\FAKEPATH
      [2012/12/13 11:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Originals
      [2012/12/05 13:36:15 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Real
      [2012/12/05 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Real
      [2012/12/05 13:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Real
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\Documents and Settings\Administrador\*.tmp files -> C:\Documents and Settings\Administrador\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2013/01/03 12:51:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
      [2013/01/03 12:25:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2013/01/03 11:25:02 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2013/01/03 11:09:01 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2013/01/03 11:08:57 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2013/01/03 11:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2013/01/02 13:39:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2013/01/02 09:38:09 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2012/12/28 11:16:01 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
      [2012/12/28 11:06:55 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
      [2012/12/27 19:30:53 | 000,000,009 | ---- | M] () -- C:\END
      [2012/12/19 20:37:45 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\COMPARTIDA.lnk
      [2012/12/19 11:09:37 | 000,012,288 | -H-- | M] () -- C:\Documents and Settings\Administrador\Escritorio\photothumb.db
      [2012/12/18 20:23:25 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2012/12/14 12:07:28 | 000,058,053 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Acta_Comunidad_Propietarios (4).pdf
      [2012/12/13 13:23:01 | 000,107,772 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\paco chalet.pdf
      [2012/12/13 11:17:08 | 000,098,676 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\38993_413484433866_4399493_n.jpg
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\Documents and Settings\Administrador\*.tmp files -> C:\Documents and Settings\Administrador\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/12/28 11:16:01 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
      [2012/12/28 11:06:54 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
      [2012/12/27 19:30:52 | 000,000,009 | ---- | C] () -- C:\END
      [2012/12/13 13:45:34 | 000,058,053 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Acta_Comunidad_Propietarios (4).pdf
      [2012/12/13 13:23:01 | 000,107,772 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\paco chalet.pdf
      [2012/12/13 11:15:50 | 000,098,676 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\38993_413484433866_4399493_n.jpg
      [2012/12/05 13:38:01 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2012/12/05 13:37:59 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2012/12/04 10:53:13 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
      [2012/10/16 19:04:01 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/10/11 22:53:42 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
      [2012/10/11 22:53:40 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
      [2012/10/11 22:53:40 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
      [2012/10/11 22:53:39 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
      [2012/10/11 22:25:21 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
      [2012/10/11 17:53:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
      [2012/10/11 17:41:48 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Administrador\DelF60.bat
      [2012/10/11 17:32:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2012/10/11 17:21:37 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
      [2012/10/11 17:21:14 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
      [2012/10/11 17:21:13 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
      [2012/10/11 17:21:12 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
      [2012/10/11 17:20:59 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
      [2012/10/11 17:20:59 | 000,023,640 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
      [2012/10/11 17:20:59 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
      [2012/10/11 17:20:58 | 000,016,892 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
      [2012/10/11 17:20:58 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
      [2012/10/11 16:33:39 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
      [2012/10/11 16:29:39 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

      ========== ZeroAccess Check ==========

      [2012/10/11 17:26:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/08/30 23:38:50 | 000,473,600 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/11/23 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Babylon
      [2012/10/11 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\ESET
      [2012/11/26 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\PhotoScape
      [2012/10/18 16:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Unity
      [2012/10/11 17:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Windows Desktop Search
      [2012/10/22 09:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Windows Search
      [2012/11/23 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Babylon
      [2012/10/11 22:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
      [2013/01/02 10:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\SweetIM
      [2012/10/31 10:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\temp

      ========== Purity Check ==========



      ========== Custom Scans ==========

      ========== Base Services ==========
      SRV - [2008/04/14 12:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
      SRV - [2009/08/30 23:42:30 | 000,022,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
      SRV - [2009/08/30 23:40:39 | 000,408,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
      SRV - [2012/07/06 14:58:04 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
      SRV - [2008/04/14 12:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
      SRV - [2009/08/30 23:38:43 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
      SRV - [2009/08/30 23:38:44 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
      SRV - [2009/08/30 23:40:46 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
      SRV - [2008/04/14 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
      SRV - [2009/08/30 23:41:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
      SRV - [2008/04/14 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
      SRV - [2008/04/14 09:48:22 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
      SRV - [2008/04/14 12:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
      SRV - [2008/04/14 12:00:00 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
      SRV - [2008/04/14 12:00:00 | 000,225,792 | ---- | M] (Microsoft Corp., VERITAS Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
      SRV - [2008/04/14 12:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
      SRV - [2008/04/14 12:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
      SRV - [2009/08/30 23:40:16 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
      SRV - [2009/08/30 23:40:46 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
      SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
      SRV - [2008/04/14 12:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
      SRV - [2008/04/14 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
      SRV - [2009/08/30 23:40:44 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
      SRV - [2008/04/14 12:00:00 | 000,437,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
      SRV - [2008/04/14 12:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
      SRV - [2008/04/14 12:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
      SRV - [2010/08/27 06:53:17 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
      SRV - [2009/08/30 23:41:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
      SRV - [2008/04/14 12:00:00 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
      SRV - [2008/04/14 12:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
      SRV - [2008/04/14 12:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
      SRV - [2009/08/30 23:41:15 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
      SRV - [2009/08/30 23:41:16 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
      SRV - [2009/08/30 23:41:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
      SRV - [2008/04/14 12:00:00 | 000,293,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
      SRV - [2008/04/14 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
      SRV - [2009/08/30 23:39:18 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
      SRV - [2008/04/14 12:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
      SRV - [2009/08/30 23:40:06 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
      SRV - [2008/04/14 12:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
      SRV - [2009/08/30 23:38:31 | 000,685,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
      SRV - [2009/08/30 23:38:44 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
      SRV - [2009/08/30 23:52:22 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
      SRV - [2009/08/30 23:41:37 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

      < %systemdrive%\*.* >
      [2013/01/02 18:50:52 | 000,017,402 | ---- | M] () -- C:\AT-Destroyer.txt
      [2012/10/11 17:25:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
      [2012/10/11 17:02:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
      [2008/04/14 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
      [2012/10/11 17:25:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
      [2012/12/27 19:30:53 | 000,000,009 | ---- | M] () -- C:\END
      [2012/10/11 17:25:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/10/11 17:25:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2008/04/14 12:00:00 | 000,251,168 | RHS- | M] () -- C:\ntldr
      [2013/01/03 11:08:42 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

      < %programfiles%\*.exe >

      < %appdata%\*.exe /s /5 >
      Invalid Environment Variable: localappdata

      < %systemroot%\*. /mp /s >

      < End of report >

    4. #4
      Usuario Avatar de angelalopezruiz
      Registrado
      ene 2013
      Ubicación
      españa
      Mensajes
      4

      re: troyano lollipop y nveckry.exe

      gracias por la atención...el contenido es este;

      OTL logfile created on: 03/01/2013 12:57:08 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Mis documentos\Downloads
      Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1022,42 Mb Total Physical Memory | 363,86 Mb Available Physical Memory | 35,59% Memory free
      2,40 Gb Paging File | 1,74 Gb Available in Paging File | 72,28% Paging File free
      Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
      Drive C: | 292,98 Gb Total Space | 277,22 Gb Free Space | 94,62% Space Free | Partition Type: NTFS
      Drive D: | 172,77 Gb Total Space | 172,70 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

      Computer Name: ANGELA | User Name: Administrador | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Documents and Settings\Administrador\Mis documentos\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop\nveckry.exe ()
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
      PRC - C:\Archivos de programa\Java\jre7\bin\jqs.exe (Oracle Corporation)
      PRC - C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      PRC - C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe (ESET)
      PRC - C:\Archivos de programa\ESET\ESET Smart Security\egui.exe (ESET)
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)


      ========== Modules (No Company Name) ==========

      MOD - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop\nveckry.exe ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
      MOD - C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
      MOD - C:\WINDOWS\system32\msdmo.dll ()
      MOD - C:\WINDOWS\system32\nvapi.dll ()


      ========== Services (SafeList) ==========

      SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (JavaQuickStarterService) -- C:\Archivos de programa\Java\jre7\bin\jqs.exe (Oracle Corporation)
      SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe (ESET)
      SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (WDICA) -- File not found
      DRV - (PDRFRAME) -- File not found
      DRV - (PDRELI) -- File not found
      DRV - (PDFRAME) -- File not found
      DRV - (PDCOMP) -- File not found
      DRV - (PCIDump) -- File not found
      DRV - (lbrtfdc) -- File not found
      DRV - (i2omgmt) -- File not found
      DRV - (Changer) -- File not found
      DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
      DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
      DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
      DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
      DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
      DRV - (DumpDrv) -- C:\WINDOWS\System32\drivers\dumpdrv.sys (Microsoft Corporation)
      DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
      DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
      DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)


      ========== Standard Registry (All) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 91 6B 76 D0 A7 CD 01 [binary data]
      IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = %s - Google Search
      IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114757&tt=4712_6&babsrc=SP_ss&mntrId=24ccf6eb0000000000000019db3523da
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3266100&CUI=UN36193434335185267
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/10/11 17:29:07 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET Smart Security\Mozilla Thunderbird [2012/10/11 22:57:42 | 000,000,000 | ---D | M]

      [2012/11/28 13:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\0\extensions
      [2012/11/28 13:08:30 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\0\extensions\[email protected]

      ========== Chrome ==========

      CHR - homepage: Search
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: Search
      CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\23.0.1271.97\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
      CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
      CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
      CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Archivos de programa\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
      CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

      O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Administrador\Datos de programa\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKCU\..\Toolbar\ShellBrowser: (&Dirección) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
      O4 - HKLM..\Run: [egui] C:\Archivos de programa\ESET\ESET Smart Security\egui.exe (ESET)
      O4 - HKLM..\Run: [HDAudDeck] C:\Archivos de programa\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [SweetIM] C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Archivos de programa\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found
      O4 - HKCU..\Run: [Bubble Dock] "C:\Documents and Settings\Administrador\Datos de programa\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found
      O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [nveckry] c:\documents and settings\administrador\configuración local\datos de programa\lollipop\nveckry.exe ()
      O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9172A2E9-547D-494E-8291-D14BC70EFFF9}: NameServer = 80.58.61.250,80.58.61.254
      O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ipp - No CLSID value found
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
      O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Invalid data type.) - Reg Error: Invalid data type. File not found
      O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
      O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
      O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
      O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
      O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
      O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precargador Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
      O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demonio de caché de las categorías de componente - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
      O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
      O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
      O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2012/10/11 17:25:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


      NetSvcs: 6to4 - File not found
      NetSvcs: Ias - File not found
      NetSvcs: Iprip - File not found
      NetSvcs: Irmon - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: WmdmPmSp - File not found

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/01/02 13:49:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
      [2013/01/02 10:14:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
      [2012/12/28 11:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
      [2012/12/28 11:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
      [2012/12/28 11:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
      [2012/12/28 11:15:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2012/12/28 11:15:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
      [2012/12/28 11:14:06 | 000,000,000 | ---D | C] -- C:\_AT-Destroyer
      [2012/12/28 11:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CCleaner
      [2012/12/28 11:06:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
      [2012/12/27 19:30:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Conduit
      [2012/12/27 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Temp
      [2012/12/27 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Conduit
      [2012/12/27 19:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\CRE
      [2012/12/27 19:27:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Nosibay
      [2012/12/27 19:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Nosibay
      [2012/12/27 19:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Ares
      [2012/12/27 12:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop
      [2012/12/24 12:53:24 | 000,000,000 | ---D | C] -- C:\FAKEPATH
      [2012/12/13 11:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Originals
      [2012/12/05 13:36:15 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Real
      [2012/12/05 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Real
      [2012/12/05 13:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Real
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\Documents and Settings\Administrador\*.tmp files -> C:\Documents and Settings\Administrador\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2013/01/03 12:51:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
      [2013/01/03 12:25:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2013/01/03 11:25:02 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2013/01/03 11:09:01 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2013/01/03 11:08:57 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2013/01/03 11:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2013/01/02 13:39:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2013/01/02 09:38:09 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2012/12/28 11:16:01 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
      [2012/12/28 11:06:55 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
      [2012/12/27 19:30:53 | 000,000,009 | ---- | M] () -- C:\END
      [2012/12/19 20:37:45 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\COMPARTIDA.lnk
      [2012/12/19 11:09:37 | 000,012,288 | -H-- | M] () -- C:\Documents and Settings\Administrador\Escritorio\photothumb.db
      [2012/12/18 20:23:25 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2012/12/14 12:07:28 | 000,058,053 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Acta_Comunidad_Propietarios (4).pdf
      [2012/12/13 13:23:01 | 000,107,772 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\paco chalet.pdf
      [2012/12/13 11:17:08 | 000,098,676 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\38993_413484433866_4399493_n.jpg
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\Documents and Settings\Administrador\*.tmp files -> C:\Documents and Settings\Administrador\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/12/28 11:16:01 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
      [2012/12/28 11:06:54 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
      [2012/12/27 19:30:52 | 000,000,009 | ---- | C] () -- C:\END
      [2012/12/13 13:45:34 | 000,058,053 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Acta_Comunidad_Propietarios (4).pdf
      [2012/12/13 13:23:01 | 000,107,772 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\paco chalet.pdf
      [2012/12/13 11:15:50 | 000,098,676 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\38993_413484433866_4399493_n.jpg
      [2012/12/05 13:38:01 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2012/12/05 13:37:59 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-602609370-1606980848-500.job
      [2012/12/04 10:53:13 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
      [2012/10/16 19:04:01 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/10/11 22:53:42 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
      [2012/10/11 22:53:40 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
      [2012/10/11 22:53:40 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
      [2012/10/11 22:53:39 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
      [2012/10/11 22:25:21 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
      [2012/10/11 17:53:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
      [2012/10/11 17:41:48 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Administrador\DelF60.bat
      [2012/10/11 17:32:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2012/10/11 17:21:37 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
      [2012/10/11 17:21:14 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
      [2012/10/11 17:21:13 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
      [2012/10/11 17:21:12 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
      [2012/10/11 17:20:59 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
      [2012/10/11 17:20:59 | 000,023,640 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
      [2012/10/11 17:20:59 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
      [2012/10/11 17:20:58 | 000,016,892 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
      [2012/10/11 17:20:58 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
      [2012/10/11 16:33:39 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
      [2012/10/11 16:29:39 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

      ========== ZeroAccess Check ==========

      [2012/10/11 17:26:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/08/30 23:38:50 | 000,473,600 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/11/23 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Babylon
      [2012/10/11 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\ESET
      [2012/11/26 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\PhotoScape
      [2012/10/18 16:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Unity
      [2012/10/11 17:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Windows Desktop Search
      [2012/10/22 09:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Windows Search
      [2012/11/23 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Babylon
      [2012/10/11 22:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
      [2013/01/02 10:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\SweetIM
      [2012/10/31 10:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\temp

      ========== Purity Check ==========



      ========== Custom Scans ==========

      ========== Base Services ==========
      SRV - [2008/04/14 12:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
      SRV - [2009/08/30 23:42:30 | 000,022,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
      SRV - [2009/08/30 23:40:39 | 000,408,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
      SRV - [2012/07/06 14:58:04 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
      SRV - [2008/04/14 12:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
      SRV - [2009/08/30 23:38:43 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
      SRV - [2009/08/30 23:38:44 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
      SRV - [2009/08/30 23:40:46 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
      SRV - [2008/04/14 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
      SRV - [2009/08/30 23:41:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
      SRV - [2008/04/14 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
      SRV - [2008/04/14 09:48:22 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
      SRV - [2008/04/14 12:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
      SRV - [2008/04/14 12:00:00 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
      SRV - [2008/04/14 12:00:00 | 000,225,792 | ---- | M] (Microsoft Corp., VERITAS Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
      SRV - [2008/04/14 12:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
      SRV - [2008/04/14 12:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
      SRV - [2009/08/30 23:40:16 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
      SRV - [2009/08/30 23:40:46 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
      SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
      SRV - [2008/04/14 12:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
      SRV - [2008/04/14 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
      SRV - [2009/08/30 23:40:44 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
      SRV - [2008/04/14 12:00:00 | 000,437,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
      SRV - [2008/04/14 12:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
      SRV - [2008/04/14 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
      SRV - [2008/04/14 12:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
      SRV - [2010/08/27 06:53:17 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
      SRV - [2009/08/30 23:41:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
      SRV - [2008/04/14 12:00:00 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
      SRV - [2008/04/14 12:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
      SRV - [2008/04/14 12:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
      SRV - [2009/08/30 23:41:15 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
      SRV - [2009/08/30 23:41:16 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
      SRV - [2009/08/30 23:41:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
      SRV - [2008/04/14 12:00:00 | 000,293,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
      SRV - [2008/04/14 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
      SRV - [2009/08/30 23:39:18 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
      SRV - [2008/04/14 12:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
      SRV - [2009/08/30 23:40:06 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
      SRV - [2008/04/14 12:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
      SRV - [2009/08/30 23:38:31 | 000,685,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
      SRV - [2009/08/30 23:38:44 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
      SRV - [2009/08/30 23:52:22 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
      SRV - [2009/08/30 23:41:37 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

      < %systemdrive%\*.* >
      [2013/01/02 18:50:52 | 000,017,402 | ---- | M] () -- C:\AT-Destroyer.txt
      [2012/10/11 17:25:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
      [2012/10/11 17:02:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
      [2008/04/14 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
      [2012/10/11 17:25:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
      [2012/12/27 19:30:53 | 000,000,009 | ---- | M] () -- C:\END
      [2012/10/11 17:25:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/10/11 17:25:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2008/04/14 12:00:00 | 000,251,168 | RHS- | M] () -- C:\ntldr
      [2013/01/03 11:08:42 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

      < %programfiles%\*.exe >

      < %appdata%\*.exe /s /5 >
      Invalid Environment Variable: localappdata

      < %systemroot%\*. /mp /s >

      < End of report >

    5. #5
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      re: troyano lollipop y nveckry.exe

      Hola de Nuevo




      Ejecutá OTL.exe


      Copiá y Pegá el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación



      :OTL
      PRC - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop\nveckry.exe ()
      PRC - C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      MOD - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop\nveckry.exe ()
      O4 - HKLM..\Run: [SweetIM] C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Archivos de programa\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found
      O4 - HKCU..\Run: [Bubble Dock] "C:\Documents and Settings\Administrador\Datos de programa\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found
      O4 - HKCU..\Run: [nveckry] c:\documents and settings\administrador\configuración local\datos de programa\lollipop\nveckry.exe ()
      [2012/12/27 12:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Lollipop
      :Files
      ipconfig /flushdns /c
      :Commands
      [PURITY]
      [EMPTYTEMP]
      [EMPTYFLASH]
      [RESETHOSTS]

      Presioná el Boton Reparar para lanzar la eliminación. Presionas OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.


      Guardas el nuevo reporte generado. Lo copias y pegas en Tu próxima respuesta y nos comentas como sigue el ordenador ahora.





      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    6. #6
      Usuario Avatar de angelalopezruiz
      Registrado
      ene 2013
      Ubicación
      españa
      Mensajes
      4

      Re: troyano lollipop y nveckry.exe

      hola. no puedo hacer lo que me dices, ya que lo hago pero la pantalla se queda sin iconos y el programa se queda pillado...tarda muchisimo,. he tenido que reinciar el pc...es normal que tarde eso???

    7. #7
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: troyano lollipop y nveckry.exe

      Hola


      Hacelo, pero iniciando el PC en Modo Seguro.



      Nos comentas ...
      Síguenos en Twitter y hazte nuestro amigo en Facebook.