• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    Gusano Brontok I

    Hola!! pues escribo porque uso el Panda Cloud pero hace unos días algó falló y creo que dejó de funcionar debido a un error. He estado como dos semanas sin antivirus y hoy he desinstalado ...

    1. #1
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Gusano Brontok I

      Hola!!

      pues escribo porque uso el Panda Cloud pero hace unos días algó falló y creo que dejó de funcionar debido a un error.
      He estado como dos semanas sin antivirus y hoy he desinstalado el antivirus y lo he vuelto a descargar e instalar desde la página de Panda.

      He hecho un análisis optimizado del sistema y el resultado es que mi laptop contiene 13 archivos infectados. Al ver el resumen compruebo que son todos Gusanos del tipo Brontok pero con distinto nombre al final, Brontok GS, Brontok H y Brontok I. El antivirus ha eliminado todos excepto los de nombre Brontok I, y veo que los archivos afectados se llaman lsass.exe, services.exe y winlogon.exe.

      He leído varias cosas en la red sobre ellos pero no sé qué hacer, y realmente no sé si son virus o no.

      Agradecería la ayuda para poder hacer algo.

      Muachas gracias!!

    2. #2
      Moderador
      Avatar de @Maxfernandez
      Registrado
      dic 2007
      Ubicación
      Venezuela
      Mensajes
      16.076

      Re: Gusano Brontok I

      Hola


      Realiza lo siguiente:
      1. Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware.
        • En la pestaña Escáner,marcas "Realizar un Examen Completo".
        • Con la opción de "quitar lo seleccionado" lo mandas todo a la cuarentena y reinicia.
        • En la pestaña "Logs" o "Registros" en español, encontrarás el reporte del MBAM, lo copias y lo pones aquí para analizarlo.



      2. Descarga OTL a tu escritorio.
        • Cerrar todas las ventanas y programas abiertos antes de ejecutarlo.
        • Hacer doble click en el ícono OTL.exe para comenzar.
        • Cuando la interfaz aparezca, marcar las siguientes opciones: bajo de: "Tipo de Análisis" cambielo a Resultado Mínimo
        • Cambia a Todos donde dice Registro Normal
        • Marcar las opciones: Buscar LOP y Buscar Purity
        • Presione el boton Análizar
          Una vez termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt.
          Por favor copiar y pegar el contenido de OTL.Txt en su siguiente Post
      Nota: Por favor No cambiar el resto de la configuración a menos que se le indique.

      Saludos
      [email protected]


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Re: Gusano Brontok I

      Hola!!

      tengo dos respuestas y realmente no tengo muy claro cuál seguir

      jjeje qué hago??

      De todas formas gracias a ambos por la ayuda :)

      Edito: de acuerdo [email protected], sigo las instrucciones. Gracias :)
      Última edición por leireAgi fecha: 25/01/13 a las 13:47:05

    4. #4
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Re: Gusano Brontok I

      Hola!!

      este es el reporte del MBAM:

      Malwarebytes Anti-Malware 1.70.0.1100
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2013.01.25.07

      Windows 7 x64 NTFS
      Internet Explorer 8.0.7600.16385
      usuario :: USUARIO-HP [administrador]

      25/01/2013 17:49:08
      mbam-log-2013-01-25 (17-49-08).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|Q:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 512686
      Tiempo transcurrido: 2 hora(s), 47 minuto(s), 23 segundo(s)

      Procesos en Memoria Detectados: 3
      C:\Users\usuario\AppData\Local\winlogon.exe (Trojan.Dropper) -> 3988 -> Se eliminarán al reiniciar.
      C:\Users\usuario\AppData\Local\services.exe (Trojan.Dropper) -> 4300 -> Se eliminarán al reiniciar.
      C:\Users\usuario\AppData\Local\lsass.exe (Trojan.Dropper) -> 4392 -> Se eliminarán al reiniciar.

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 5
      C:\Users\usuario\AppData\Local\winlogon.exe (Trojan.Dropper) -> Se eliminarán al reiniciar.
      C:\Users\usuario\AppData\Local\services.exe (Trojan.Dropper) -> Se eliminarán al reiniciar.
      C:\Users\usuario\AppData\Local\lsass.exe (Trojan.Dropper) -> Se eliminarán al reiniciar.
      C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com (Trojan.Dropper) -> En cuarentena y eliminado con éxito.
      C:\Users\usuario\Music\Massive Attack- 100th Window\massive.jpg (Extension.Mismatch) -> En cuarentena y eliminado con éxito.

      fin)

    5. #5
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Re: Gusano Brontok I

      Y este es el contenido del OTL.Txt:

      OTL logfile created on: 26/01/2013 11:19:22 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuario\Downloads
      64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7600.16385)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3,80 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 60,67% Memory free
      7,60 Gb Paging File | 5,68 Gb Available in Paging File | 74,74% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 443,58 Gb Total Space | 85,36 Gb Free Space | 19,24% Space Free | Partition Type: NTFS
      Drive D: | 21,88 Gb Total Space | 3,19 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
      Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

      Computer Name: USUARIO-HP | User Name: usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\usuario\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      PRC - C:\Users\usuario\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
      PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
      PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
      PRC - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
      PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
      PRC - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe (Symantec Corporation)
      PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      PRC - C:\Program Files (x86)\FileServe Manager\FSStarter.exe (FileServe Limited)
      PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
      PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
      PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
      PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
      PRC - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
      MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      MOD - C:\Program Files (x86)\FileServe Manager\FFChromeExtHelper.dll ()
      MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
      MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
      MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
      MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.esp ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
      SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
      SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
      SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
      SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
      SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
      SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe (Symantec Corporation)
      SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
      SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
      SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
      SRV - (FLEXnet Licensing Service 64) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
      SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
      SRV - (HP Wireless Assistant Service) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
      SRV - (STacSV) -- C:\Archivos de programa\IDT\WDM\stacsv64.exe (IDT, Inc.)
      SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
      SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (DpHost) -- C:\Archivos de programa\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
      SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
      SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
      SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (AESTFilters) -- C:\Archivos de programa\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
      SRV - (mi-raysat_3dsmax9_32) -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
      DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
      DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
      DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
      DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
      DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\NNSStrm.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\NNStlsc.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\NNSPrv.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\NNSSmtp.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\NNSProt.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\NNSPop3.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\NNSPihsw.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\NNSIds.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\NNSpicc.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\NNSHttp.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\NNSAlpc.sys (Panda Security, S.L.)
      DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security, S.L.)
      DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
      DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys (Symantec Corporation)
      DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys (Symantec Corporation)
      DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys (Symantec Corporation)
      DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys (Symantec Corporation)
      DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys (Symantec Corporation)
      DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys (Symantec Corporation)
      DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys (Symantec Corporation)
      DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
      DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
      DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
      DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
      DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
      DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
      DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
      DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
      DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows (R) Win 7 DDK provider)
      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
      DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
      DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
      DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
      DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
      DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
      DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
      DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
      DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
      DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
      DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
      DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120612.002\ex64.sys (Symantec Corporation)
      DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
      DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120612.002\eng64.sys (Symantec Corporation)
      DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
      DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120609.001\IDSviA64.sys (Symantec Corporation)
      DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120531.001\BHDrvx64.sys (Symantec Corporation)
      DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (All) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {620B7CF9-A6BC-40CF-BB7F-93AB0B8AD7A9}
      IE:64bit: - HKLM\..\SearchScopes\{620B7CF9-A6BC-40CF-BB7F-93AB0B8AD7A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
      IE:64bit: - HKLM\..\SearchScopes\{910CF4F4-2990-4D7D-BF0E-16271B1AEC01}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{B1643AF8-6334-4D26-B827-9BEFB912F1D3}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKLM\..\SearchScopes,DefaultScope = {620B7CF9-A6BC-40CF-BB7F-93AB0B8AD7A9}
      IE - HKLM\..\SearchScopes\{620B7CF9-A6BC-40CF-BB7F-93AB0B8AD7A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
      IE - HKLM\..\SearchScopes\{910CF4F4-2990-4D7D-BF0E-16271B1AEC01}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
      IE - HKLM\..\SearchScopes\{B1643AF8-6334-4D26-B827-9BEFB912F1D3}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart
      IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
      IE - HKCU\..\SearchScopes,DefaultScope = {620B7CF9-A6BC-40CF-BB7F-93AB0B8AD7A9}
      IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}
      IE - HKCU\..\SearchScopes\{620B7CF9-A6BC-40CF-BB7F-93AB0B8AD7A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
      IE - HKCU\..\SearchScopes\{910CF4F4-2990-4D7D-BF0E-16271B1AEC01}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
      IE - HKCU\..\SearchScopes\{B1643AF8-6334-4D26-B827-9BEFB912F1D3}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.selectedEngine: "Panda Safe Search"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
      FF - prefs.js..extensions.enabledAddons: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:5.0
      FF - prefs.js..extensions.enabledAddons: {db131c55-60c8-4adc-84dc-9e76ab06e2dc}:3.16.0.3
      FF - prefs.js..extensions.enabledAddons: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.7.2
      FF - prefs.js..extensions.enabledAddons: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:4.0
      FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
      FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851619&SearchSource=2&q="
      FF - prefs.js..network.proxy.type: 0
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 00:16:31 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/21 20:53:23 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/01/26 10:23:37 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011/09/23 07:47:56 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/03 21:30:06 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 13:08:38 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/03 21:30:05 | 000,000,000 | ---D | M]

      [2011/04/14 15:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions
      [2013/01/25 13:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions
      [2011/08/02 09:43:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      [2013/01/25 13:09:26 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
      [2012/12/20 17:26:40 | 000,000,000 | ---D | M] (uTorrentBar_ES Community Toolbar) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}
      [2012/04/05 08:20:17 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\[email protected]
      [2012/06/18 17:00:09 | 000,164,722 | ---- | M] () (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\r0udd649.default\extensions\[email protected]
      [2013/01/25 12:49:08 | 000,106,687 | ---- | M] () (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\r0udd649.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
      [2012/12/20 17:26:39 | 000,013,972 | ---- | M] () (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\r0udd649.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
      [2012/10/20 11:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/11/25 20:37:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2012/11/25 20:38:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
      [2012/07/21 19:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      [2012/09/04 14:22:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
      [2012/10/20 11:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
      [2012/11/25 20:37:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/11/25 20:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/11/25 20:36:54 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/06/18 05:22:21 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/11/25 20:36:54 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
      [2012/01/27 15:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml
      [2012/11/25 20:36:54 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/06/18 05:22:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/06/18 05:22:21 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: Google
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
      CHR - homepage: Google
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
      CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
      CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
      CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
      CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
      CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
      CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\usuario\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
      CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: Cuevana Stream = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.0_0\
      CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
      CHR - Extension: Gmail = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
      CHR - Extension: Codecv = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppjemjejnnojomfekgbpbbnecicblllf\1.0_0\

      O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
      O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
      O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (Aplicación auxiliar de inicio de sesión de Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
      O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
      O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
      O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
      O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
      O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
      O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
      O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
      O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Archivos de programa\IDT\WDM\sttray64.exe (IDT, Inc.)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
      O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
      O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files (x86)\FileServe Manager\FSStarter.exe (FileServe Limited)
      O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
      O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
      O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
      O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
      O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
      O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      O4 - HKCU..\Run: [Google Update] C:\Users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
      O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
      O4 - HKCU..\Run: [Spotify] C:\Users\usuario\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
      O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\usuario\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
      O4 - Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
      O8:64bit: - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8:64bit: - Extra context menu item: Anexar destino de vínculo a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8:64bit: - Extra context menu item: Convertir a Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8:64bit: - Extra context menu item: Convertir destino de vínculo a Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8:64bit: - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm File not found
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Convertir a Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
      O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
      O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
      O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
      O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCF791E-C01B-4D6B-A37D-61A53F768304}: DhcpNameServer = 192.168.1.1 192.168.1.1
      O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

    6. #6
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Re: Gusano Brontok I

      continuación

      O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
      O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
      O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
      O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
      O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2012/11/06 16:37:44 | 000,000,073 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
      O33 - MountPoints2\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\Shell - "" = AutoRun
      O33 - MountPoints2\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
      O33 - MountPoints2\{22e00d91-6645-11e0-a7c5-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{22e00d91-6645-11e0-a7c5-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{22e00d93-6645-11e0-a7c5-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{22e00d93-6645-11e0-a7c5-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{42291981-c1a1-11e0-ae5b-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{42291981-c1a1-11e0-ae5b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{836f6e7d-e613-11e0-af60-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{836f6e7d-e613-11e0-af60-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{836f6e86-e613-11e0-af60-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{836f6e86-e613-11e0-af60-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{b1af8878-7dad-11e0-aae7-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{b1af8878-7dad-11e0-aae7-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{b1af8880-7dad-11e0-aae7-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{b1af8880-7dad-11e0-aae7-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O33 - MountPoints2\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\Shell - "" = AutoRun
      O33 - MountPoints2\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/01/26 02:01:19 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D358CE5E-80B0-4AF9-97BB-C5191C591E06}
      [2013/01/25 17:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2013/01/25 17:42:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2013/01/25 17:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [2013/01/25 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{968F9194-48A0-4228-9A2C-64967B6B9429}
      [2013/01/25 13:17:03 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\panda4_0dn
      [2013/01/25 13:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pandasecuritytb
      [2013/01/25 13:07:18 | 000,058,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
      [2013/01/25 13:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
      [2013/01/25 02:00:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2A0B080D-6C7A-49D4-95A1-BEB7C54B096F}
      [2013/01/25 01:32:34 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-25
      [2013/01/24 11:57:21 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D02B089A-AFA2-4128-9647-E7AEC12C30D7}
      [2013/01/24 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-24
      [2013/01/23 20:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2013/01/23 20:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2013/01/23 16:43:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{21F83E15-9E35-447F-988C-B72B7FC60971}
      [2013/01/23 00:40:07 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D8624A70-288D-48E4-8A59-BE7B28B840B9}
      [2013/01/23 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-23
      [2013/01/22 00:14:03 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D5C37EBC-7F61-4965-84D4-0ED15663F584}
      [2013/01/22 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-22
      [2013/01/21 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-21
      [2013/01/20 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{CC23F797-7FB4-49A7-97F7-7860164EEEE6}
      [2013/01/20 12:38:53 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-20
      [2013/01/19 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Loc.Mail.Bron.Tok
      [2013/01/19 15:37:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Ok-SendMail-Bron-tok
      [2013/01/19 15:31:56 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-19
      [2013/01/19 00:44:38 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9D9D31D8-EAD4-4DF4-B3C8-307993422249}
      [2013/01/18 00:38:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{27430E4C-8405-4FE3-8EA6-DA14D06278CC}
      [2013/01/17 02:17:53 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2A89CD60-04C6-4656-B22F-318D5980B162}
      [2013/01/13 16:29:38 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DBCB8D1D-F1B1-4FF0-A41A-9F4EE688E6B4}
      [2013/01/13 03:02:50 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{0728D302-B0B8-4EB4-BB32-738D8F8CCEAE}
      [2013/01/12 10:49:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D0D7F537-6BFE-4BD6-8B4A-AEB927D47E3D}
      [2013/01/11 22:49:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7E06C6BE-4790-4D47-B817-7326E50C0B6B}
      [2013/01/11 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{97D0C238-CBD1-4C14-A114-E66A94430385}
      [2013/01/10 14:36:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{02A42E2C-A5EA-46F7-B8D1-7FE19B437B57}
      [2013/01/09 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\usuario\Desktop\fog liverpool
      [2013/01/09 17:02:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{80359359-0A8B-4C49-81DD-00013790888A}
      [2013/01/09 09:03:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
      [2013/01/09 09:03:17 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
      [2013/01/09 09:03:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
      [2013/01/09 09:03:00 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
      [2013/01/09 09:02:57 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
      [2013/01/09 09:02:57 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
      [2013/01/09 09:02:57 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
      [2013/01/09 09:02:57 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
      [2013/01/09 09:02:57 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
      [2013/01/09 09:02:57 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
      [2013/01/09 09:02:57 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
      [2013/01/09 09:02:57 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
      [2013/01/09 09:02:57 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
      [2013/01/09 09:02:57 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
      [2013/01/09 09:02:57 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
      [2013/01/09 09:02:57 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
      [2013/01/09 09:02:57 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
      [2013/01/09 09:02:57 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
      [2013/01/09 09:02:57 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
      [2013/01/09 09:02:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
      [2013/01/09 09:02:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
      [2013/01/09 09:02:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
      [2013/01/09 09:02:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
      [2013/01/09 09:02:57 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
      [2013/01/09 09:02:57 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
      [2013/01/09 09:02:56 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
      [2013/01/09 09:02:56 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
      [2013/01/09 09:02:56 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
      [2013/01/09 09:02:56 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
      [2013/01/09 09:02:56 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
      [2013/01/09 09:02:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
      [2013/01/09 09:02:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
      [2013/01/09 09:02:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
      [2013/01/09 09:02:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
      [2013/01/09 09:02:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
      [2013/01/09 09:02:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
      [2013/01/09 09:02:32 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
      [2013/01/09 09:02:31 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
      [2013/01/09 09:02:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
      [2013/01/09 09:02:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
      [2013/01/09 09:02:31 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
      [2013/01/09 09:02:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
      [2013/01/09 09:02:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
      [2013/01/09 09:02:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
      [2013/01/09 09:02:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
      [2013/01/09 09:02:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
      [2013/01/09 09:02:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
      [2013/01/09 09:02:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
      [2013/01/09 09:02:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
      [2013/01/09 09:02:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
      [2013/01/09 09:02:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
      [2013/01/09 00:05:50 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{EDD8C4E5-B6AE-485B-B3C5-5F9F740F3946}
      [2013/01/07 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{6F3DAC0C-C6E1-468E-9910-9857A9183AD1}
      [2013/01/07 00:26:44 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C7E6FF1C-4FCC-405C-8E1D-AB8438D6AF9E}
      [2013/01/06 02:07:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{614327B4-2140-4505-A0FC-A722080B2469}
      [2013/01/05 11:59:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{46239028-1019-4C77-91D9-7FEB4BDF8D4C}
      [2013/01/04 23:58:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{87E8DE8F-B284-4AFF-9081-BD0605216E0E}
      [2013/01/03 17:11:32 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{83BB2593-BF81-4386-8655-62FD30D8BC3A}
      [2013/01/03 00:01:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E7BAD85A-3D49-472D-BBC2-BDDFC296373D}
      [2013/01/01 17:20:08 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{6B61A143-BEE9-401E-9855-6F18036A9BA9}
      [2013/01/01 17:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
      [2012/12/30 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2CC2C58C-ECD2-4930-A6B5-AE73F998E4AB}
      [2012/12/29 17:56:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DE98159A-20AC-4D3D-897E-10C1FFF8BCB6}
      [2012/12/28 17:35:13 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A8325A16-8579-4D7F-A3D0-ED4D378E1017}
      [2012/12/27 16:07:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C153DC3B-3CD4-4314-892F-24B55C273A12}
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2013/01/26 10:41:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-91876763-3999690965-4275158585-1000UA.job
      [2013/01/26 10:29:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/01/26 10:29:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/01/26 10:28:24 | 000,001,013 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
      [2013/01/26 10:28:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013/01/26 10:20:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/01/26 10:20:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
      [2013/01/25 17:42:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013/01/25 17:40:26 | 000,590,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2013/01/25 13:04:15 | 000,012,393 | ---- | M] () -- C:\Users\usuario\AppData\Local\Bron.tok.A12.em.bin
      [2013/01/25 10:23:21 | 001,672,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2013/01/25 10:23:21 | 000,746,150 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2013/01/25 10:23:21 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2013/01/25 10:23:21 | 000,158,360 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2013/01/25 10:23:21 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2013/01/25 10:17:04 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-91876763-3999690965-4275158585-1000Core.job
      [2013/01/23 20:53:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
      [2013/01/17 23:59:44 | 000,275,157 | ---- | M] () -- C:\Users\usuario\Desktop\CR_787122_troll_science.jpg
      [2013/01/11 10:44:56 | 000,097,315 | ---- | M] () -- C:\Users\usuario\Desktop\abbey_06.jpg
      [2013/01/10 18:28:37 | 000,008,376 | ---- | M] () -- C:\Users\usuario\Desktop\tapandose los ojos.jpg
      [2013/01/10 15:41:32 | 000,040,448 | ---- | M] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2013/01/10 09:28:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
      [2013/01/10 09:28:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      [2013/01/09 20:32:30 | 001,650,968 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2013/01/09 01:03:23 | 000,296,936 | ---- | M] () -- C:\Users\usuario\Desktop\abbey_05.jpg
      [2013/01/06 10:25:56 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForusuario.job
      [2013/01/05 23:53:07 | 000,040,880 | ---- | M] () -- C:\Users\usuario\Desktop\537966_473206216048023_536168862_n.jpg
      [2013/01/05 12:20:13 | 000,077,566 | ---- | M] () -- C:\Users\usuario\Desktop\abbey_04.jpg
      [2013/01/03 22:22:05 | 000,386,335 | ---- | M] () -- C:\Users\usuario\Desktop\VID-20120820-WA0003.MOV
      [2013/01/01 18:01:47 | 103,809,024 | ---- | M] () -- C:\Users\usuario\Desktop\Un.Funeral.de.Muerte.DVDRiP.part2.rar
      [2013/01/01 17:04:22 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
      [2012/12/28 18:06:45 | 000,083,872 | ---- | M] () -- C:\Users\usuario\Desktop\Miren.dwg
      [2012/12/28 17:17:43 | 000,348,474 | ---- | M] () -- C:\Users\usuario\Desktop\POTEO 2012.jpg
      [2012/12/28 17:15:22 | 000,370,132 | ---- | M] () -- C:\Users\usuario\Desktop\POTEO 2012.pdf
      [2012/12/28 16:19:20 | 000,249,249 | ---- | M] () -- C:\Users\usuario\Desktop\Miren Model (1).pdf
      [2012/12/28 16:15:16 | 000,056,096 | ---- | M] () -- C:\Users\usuario\Desktop\Miren.bak
      [2012/12/28 16:05:15 | 001,298,771 | ---- | M] () -- C:\Users\usuario\Desktop\Bares Miren copia.jpg
      [2012/12/28 14:12:19 | 000,010,334 | ---- | M] () -- C:\Users\usuario\Desktop\Bilbao.zip
      [2012/12/27 16:25:27 | 004,442,563 | ---- | M] () -- C:\Users\usuario\Desktop\Bares Miren.psd
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2013/01/25 17:42:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013/01/25 13:04:15 | 000,012,393 | ---- | C] () -- C:\Users\usuario\AppData\Local\Bron.tok.A12.em.bin
      [2013/01/17 23:59:42 | 000,275,157 | ---- | C] () -- C:\Users\usuario\Desktop\CR_787122_troll_science.jpg
      [2013/01/11 10:44:55 | 000,097,315 | ---- | C] () -- C:\Users\usuario\Desktop\abbey_06.jpg
      [2013/01/10 18:28:36 | 000,008,376 | ---- | C] () -- C:\Users\usuario\Desktop\tapandose los ojos.jpg
      [2013/01/09 01:03:21 | 000,296,936 | ---- | C] () -- C:\Users\usuario\Desktop\abbey_05.jpg
      [2013/01/05 23:53:07 | 000,040,880 | ---- | C] () -- C:\Users\usuario\Desktop\537966_473206216048023_536168862_n.jpg
      [2013/01/05 12:20:13 | 000,077,566 | ---- | C] () -- C:\Users\usuario\Desktop\abbey_04.jpg
      [2013/01/03 22:21:27 | 000,386,335 | ---- | C] () -- C:\Users\usuario\Desktop\VID-20120820-WA0003.MOV
      [2013/01/01 17:27:56 | 103,809,024 | ---- | C] () -- C:\Users\usuario\Desktop\Un.Funeral.de.Muerte.DVDRiP.part2.rar
      [2013/01/01 17:04:22 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
      [2012/12/28 18:06:45 | 000,056,096 | ---- | C] () -- C:\Users\usuario\Desktop\Miren.bak
      [2012/12/28 17:17:43 | 000,348,474 | ---- | C] () -- C:\Users\usuario\Desktop\POTEO 2012.jpg
      [2012/12/28 17:05:25 | 000,370,132 | ---- | C] () -- C:\Users\usuario\Desktop\POTEO 2012.pdf
      [2012/12/28 16:19:20 | 000,249,249 | ---- | C] () -- C:\Users\usuario\Desktop\Miren Model (1).pdf
      [2012/12/28 16:05:13 | 001,298,771 | ---- | C] () -- C:\Users\usuario\Desktop\Bares Miren copia.jpg
      [2012/12/28 14:12:42 | 000,010,334 | ---- | C] () -- C:\Users\usuario\Desktop\Bilbao.zip
      [2012/12/28 12:50:06 | 000,083,872 | ---- | C] () -- C:\Users\usuario\Desktop\Miren.dwg
      [2012/12/27 16:25:22 | 004,442,563 | ---- | C] () -- C:\Users\usuario\Desktop\Bares Miren.psd
      [2012/09/27 23:07:32 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
      [2012/09/27 23:07:32 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
      [2012/07/23 15:05:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
      [2012/04/24 14:20:53 | 000,345,722 | ---- | C] () -- C:\Users\usuario\vero_00.jpg
      [2012/04/24 14:11:12 | 002,473,679 | ---- | C] () -- C:\Users\usuario\vero_00.xml
      [2011/09/25 18:17:58 | 000,001,940 | ---- | C] () -- C:\Users\usuario\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
      [2011/04/28 17:50:28 | 000,001,854 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\GhostObjGAFix.xml
      [2011/04/17 14:35:59 | 000,040,448 | ---- | C] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2011/04/12 22:20:13 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
      [2011/04/12 22:19:13 | 001,650,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2011/01/29 15:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
      [2011/01/29 15:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
      [2011/01/29 15:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
      [2011/01/29 15:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

      ========== ZeroAccess Check ==========

      [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2011/04/14 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Autodesk
      [2011/05/17 14:16:07 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Canneverbe Limited
      [2011/09/26 14:18:58 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Canon
      [2012/11/24 1334 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\DAEMON Tools Lite
      [2011/04/12 22:04:55 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\DigitalPersona
      [2013/01/26 10:28:31 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Dropbox
      [2011/04/12 22:14:49 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\FreeCDRipper
      [2011/04/27 10:34:23 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\GetRightToGo
      [2011/04/12 22:20:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\KeePass
      [2011/04/12 22:28:15 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\OpenOffice.org
      [2012/06/18 05:38:50 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Panda Security
      [2012/04/06 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Samsung
      [2012/12/28 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\SoftGrid Client
      [2012/11/24 13:37:02 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Sports Interactive
      [2013/01/26 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Spotify
      [2011/05/17 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Techno Design IP
      [2011/09/23 07:52:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Tific
      [2011/04/17 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\TP
      [2013/01/03 23:24:57 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\uTorrent
      [2011/09/23 18:41:58 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Vodafone
      [2011/05/03 21:30:38 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Windows Live Writer
      [2012/09/06 10:48:34 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\YourFileDownloader
      [2011/04/14 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\_MDLogs

      ========== Purity Check ==========



      < End of report >


      Un saludo!

    7. #7
      Moderador
      Avatar de @Maxfernandez
      Registrado
      dic 2007
      Ubicación
      Venezuela
      Mensajes
      16.076

      Re: Gusano Brontok I

      Hola.

      Realice lo siguiente:

      1. Sombree el contenido del siguiente recuadro (excepto la palabra código), luego haga clic derecho con el ratón > Copiar.
        Código:
        :OTL
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart
        FF - prefs.js..browser.startup.homepage: "http://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0"
        FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851619&SearchSource=2&q="
        C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
        [2012/12/20 17:26:40 | 000,000,000 | ---D | M] (uTorrentBar_ES Community Toolbar) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}
        [2012/04/05 08:20:17 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\[email protected]
        O4 - HKLM..\Run: [] File not found
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
        O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
        O33 - MountPoints2\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\Shell - "" = AutoRun
        O33 - MountPoints2\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
        O33 - MountPoints2\{22e00d91-6645-11e0-a7c5-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{22e00d91-6645-11e0-a7c5-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{22e00d93-6645-11e0-a7c5-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{22e00d93-6645-11e0-a7c5-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{42291981-c1a1-11e0-ae5b-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{42291981-c1a1-11e0-ae5b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{836f6e7d-e613-11e0-af60-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{836f6e7d-e613-11e0-af60-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{836f6e86-e613-11e0-af60-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{836f6e86-e613-11e0-af60-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{b1af8878-7dad-11e0-aae7-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{b1af8878-7dad-11e0-aae7-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{b1af8880-7dad-11e0-aae7-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{b1af8880-7dad-11e0-aae7-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        O33 - MountPoints2\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\Shell - "" = AutoRun
        O33 - MountPoints2\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
        [2013/01/25 01:32:34 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-25
        [2013/01/24 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-24
        [2013/01/23 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-23
        [2013/01/22 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-22
        [2013/01/21 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-21
        [2013/01/20 12:38:53 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-20
        [2013/01/19 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Loc.Mail.Bron.Tok
        [2013/01/19 15:37:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Ok-SendMail-Bron-tok
        [2013/01/19 15:31:56 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Bron.tok-12-19
        [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
        
        :files
        ipconfig /flushdns /c
        
        
        :commands
        [emptytemp]
        [createrestorepoint]
      2. Ejecutar OTL.exe
        • Clic derecho con el ratón bajo la casilla Análisis Personalizados/Código de Reparación > Pegar.
        • Luego haga clic en el botón Reparar ubicado en la parte superior.
        • Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
        • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.

      3. Descarga UsbFix a tu escritorio y lo ejecutas de este modo:
        1. Conecte todos sus dispositivos extraibles, Pendrive\Micro SD, etc.
        2. Haga doble Click sobre USBFix
        3. Pulse sobre la opción Supresión
        4. Aparecera una advertencia para que conecte sus USB, pulse en Aceptar y proceso de desinfección/vacunación se iniciará.
        5. Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
        6. Al finalizar, USBFix genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt debe pegar su contenido en el próximo mensaje


      Nos comentas los resultados.

      Saludos.
      [email protected]


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Re: Gusano Brontok I

      Bien, este es el log de OTL.exe:

      All processes killed
      ========== OTL ==========
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
      Prefs.js: "http://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0" removed from browser.startup.homepage
      Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851619&SearchSource=2&q=" removed from keyword.URL
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\searchplugin folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\Plugins folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\modules folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\META-INF folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\defaults folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\components folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\chrome folder moved successfully.
      C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc} folder moved successfully.
      Folder C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\r0udd649.default\extensions\[email protected]\ not found.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
      Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ea4fae-4c44-11e1-a1b0-9e87b0ad5903}\ not found.
      File "F:\WD SmartWare.exe" autoplay=true not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e00d91-6645-11e0-a7c5-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e00d91-6645-11e0-a7c5-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e00d91-6645-11e0-a7c5-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e00d91-6645-11e0-a7c5-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e00d93-6645-11e0-a7c5-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e00d93-6645-11e0-a7c5-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e00d93-6645-11e0-a7c5-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e00d93-6645-11e0-a7c5-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42291981-c1a1-11e0-ae5b-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42291981-c1a1-11e0-ae5b-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42291981-c1a1-11e0-ae5b-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42291981-c1a1-11e0-ae5b-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b9a035-65b6-11e0-9cc6-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b9a03b-65b6-11e0-9cc6-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba02-e5b8-11e0-879b-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba0e-e5b8-11e0-879b-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba14-e5b8-11e0-879b-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f5ba1a-e5b8-11e0-879b-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836f6e7d-e613-11e0-af60-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{836f6e7d-e613-11e0-af60-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836f6e7d-e613-11e0-af60-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{836f6e7d-e613-11e0-af60-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836f6e86-e613-11e0-af60-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{836f6e86-e613-11e0-af60-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836f6e86-e613-11e0-af60-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{836f6e86-e613-11e0-af60-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1af8878-7dad-11e0-aae7-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1af8878-7dad-11e0-aae7-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1af8878-7dad-11e0-aae7-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1af8878-7dad-11e0-aae7-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1af8880-7dad-11e0-aae7-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1af8880-7dad-11e0-aae7-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1af8880-7dad-11e0-aae7-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1af8880-7dad-11e0-aae7-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc94b599-9b7f-11e0-ac38-ac81120c657d}\ not found.
      File F:\StartVMCLite.exe not found.
      C:\Users\usuario\AppData\Local\Bron.tok-12-25 folder moved successfully.
      C:\Users\usuario\AppData\Local\Bron.tok-12-24 folder moved successfully.
      C:\Users\usuario\AppData\Local\Bron.tok-12-23 folder moved successfully.
      C:\Users\usuario\AppData\Local\Bron.tok-12-22 folder moved successfully.
      C:\Users\usuario\AppData\Local\Bron.tok-12-21 folder moved successfully.
      C:\Users\usuario\AppData\Local\Bron.tok-12-20 folder moved successfully.
      C:\Users\usuario\AppData\Local\Loc.Mail.Bron.Tok folder moved successfully.
      C:\Users\usuario\AppData\Local\Ok-SendMail-Bron-tok folder moved successfully.
      C:\Users\usuario\AppData\Local\Bron.tok-12-19 folder moved successfully.
      C:\Windows\msdownld.tmp folder deleted successfully.
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      C:\Users\usuario\Downloads\cmd.bat deleted successfully.
      C:\Users\usuario\Downloads\cmd.txt deleted successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Administrator

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Public

      User: usuario
      ->Temp folder emptied: 233422529 bytes
      ->Temporary Internet Files folder emptied: 16183345 bytes
      ->Java cache emptied: 2325096 bytes
      ->FireFox cache emptied: 68226268 bytes
      ->Google Chrome cache emptied: 463580075 bytes
      ->Flash cache emptied: 4158 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 98605676 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50539 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 842,00 mb

      Restore point Set: OTL Restore Point

      OTL by OldTimer - Version 3.2.69.0 log created on 01262013_195659

      Files\Folders moved on Reboot...
      C:\Users\usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...



      Ahora al descargar el USBFix, justo cuando termina la descarga, el Panda Antivirus salta y me dice que es un Troyano, por lo que no me permite ni descargarlo. No sé qué es lo que debería hacer...

      Gracias de nuevo.

    9. #9
      Moderador
      Avatar de @Maxfernandez
      Registrado
      dic 2007
      Ubicación
      Venezuela
      Mensajes
      16.076

      Re: Gusano Brontok I

      Hola.

      Desactiva el antivirus, luego de ejecutar UsbFix lo reactivas.

      Saludos.
      [email protected]


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de leireAgi
      Registrado
      ene 2011
      Ubicación
      bilbao
      Mensajes
      20

      Re: Gusano Brontok I

      Hola!!

      me es imposible ejecutar correctamente UsbFix.
      - Desactivo el antivirus, descargo el archivo en mi escritorio tal y como indican las instrucciones.
      - Conecto los pen drives y demás y lo ejecuto.
      - Pulso Supresión, y Aceptar. El análisis comienza y me dice que puede ser que algunos procesos vitales sean interrumpidos y hago click en Aceptar.
      - Entonces como me comentabas, el escritorio desaparece y sólo queda la interfaz del UsbFix con el porcentaje del proceso de desinfección... pero cuando éste llega al 14% se queda bloqueado. En la propia interfaz del UsbFix me indica [No Responde] y ya no continúa.

      He intentado hacerlo varias veces y siempre ocurre igual. Y siempre tengo que reiniciar mediante el botón de encendido/apagado ya que no responde a nada.

      ¿Puedo continuar de alguna forma?

      Gracias y un saludo!

    Página 1 de 2 12 ÚltimoÚltimo