• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Problema con un troyano

    Buenas, Tengo un problema con un troyano, el KS me pasa diciendo en algunas circunstancias que ha detectado un virus pero no puede ser borrado porque es parte del sistema, le ha pasado el ks ...

    1. #1
      Usuario Avatar de Acrono
      Registrado
      sep 2012
      Ubicación
      /dev/null
      Mensajes
      6

      Problema con un troyano

      Buenas,

      Tengo un problema con un troyano, el KS me pasa diciendo en algunas circunstancias que ha detectado un virus pero no puede ser borrado porque es parte del sistema, le ha pasado el ks específicamente a ese archivo y no detecta nada así que asumo que el virus proviene de una entrada del registro del windows.

      Le he pasado varios antivirus como el Malwarebytes, Emsisoft Anti-Malware, SUPERAntiSpyware, KS, Combofix (el único que me lo detecta pero no hace nada) etc y no detecta nada, para los antivirus estoy "safe" no puedo eliminar ese molesto virus.

      El virus es Backdoor.Win32.DarkKomet.eku al parecer es un virus "reciente" y no hay mucha información de este.



      Espero que me puedan ayudar.

    2. #2
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Problema con un troyano

      Realiza lo siguiente:


      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
        • *Nota* No vuelvas a utilizar ComboFix ni ningun otro programa antivirus hasta que no te de una respuesta.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Acrono
      Registrado
      sep 2012
      Ubicación
      /dev/null
      Mensajes
      6

      Re: Problema con un troyano

      Combofix Report

      ComboFix 12-09-24.03 - User 25/09/2012 21:09:41.2.6 - x64 NETWORK
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.503.3082.18.16382.14914 [GMT -6:00]
      Running from: c:\users\User\Downloads\ComboFix.exe
      AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
      AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
      SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
      SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\windows\SysWow64\winlogon.exe . . . is infected!!
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-26 03:27 . 2012-09-26 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-25 23:52 . 2012-09-26 03:35 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
      2012-09-25 23:48 . 2012-09-25 23:49 -------- d-----w- c:\programdata\FlyVPN
      2012-09-25 22:35 . 2012-09-26 01:49 -------- d-----w- c:\users\User\AppData\Roaming\ScanSpyware
      2012-09-25 22:19 . 2012-09-25 22:19 -------- d-----w- c:\users\User\AppData\Roaming\Curiolab
      2012-09-25 16:24 . 2012-09-25 16:24 -------- d-----w- C:\_OTM
      2012-09-25 16:04 . 2012-09-25 16:04 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
      2012-09-25 16:01 . 2012-09-25 16:04 -------- d-----w- c:\program files\SUPERAntiSpyware
      2012-09-25 16:01 . 2012-09-25 16:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
      2012-09-25 07:24 . 2012-09-25 07:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-09-24 07:53 . 2012-09-24 08:54 -------- d-----w- c:\users\User\Cisco Packet Tracer 5.3.3
      2012-09-24 07:53 . 2012-09-24 07:53 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3.3
      2012-09-21 19:03 . 2012-09-21 19:03 -------- d-----w- c:\users\User\AppData\Local\Runic Games
      2012-09-20 21:32 . 2012-09-20 21:32 -------- d-----w- c:\programdata\Sony Corporation
      2012-09-20 21:32 . 2012-09-20 21:32 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
      2012-09-20 21:32 . 2012-09-20 21:32 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
      2012-09-20 21:32 . 2004-07-16 06:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
      2012-09-20 21:32 . 2004-07-16 06:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
      2012-09-20 21:32 . 2004-07-16 06:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
      2012-09-20 21:32 . 2004-07-16 06:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
      2012-09-20 21:32 . 2004-07-16 06:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
      2012-09-20 21:32 . 2004-07-16 06:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
      2012-09-20 15:38 . 2012-09-20 15:37 289768 ----a-w- c:\windows\system32\javaws.exe
      2012-09-20 15:38 . 2012-09-20 15:37 916456 ----a-w- c:\windows\system32\deployJava1.dll
      2012-09-20 15:38 . 2012-09-20 15:37 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-09-20 15:37 . 2012-09-20 15:37 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
      2012-09-20 15:37 . 2012-09-20 15:37 189416 ----a-w- c:\windows\system32\javaw.exe
      2012-09-20 15:37 . 2012-09-20 15:37 188904 ----a-w- c:\windows\system32\java.exe
      2012-09-20 15:37 . 2012-09-20 15:37 -------- d-----w- c:\program files\Java
      2012-09-18 01:11 . 2012-07-11 23:09 64856 ----a-w- c:\windows\system32\klfphc.dll
      2012-09-18 01:10 . 2012-09-18 01:10 -------- d-----w- c:\windows\ELAMBKUP
      2012-09-18 01:10 . 2012-09-26 03:32 -------- d-----w- c:\programdata\Kaspersky Lab
      2012-09-18 01:10 . 2012-09-18 01:10 -------- d-----w- c:\program files (x86)\Kaspersky Lab
      2012-09-18 01:10 . 2012-09-19 14:33 610648 ----a-w- c:\windows\system32\drivers\klif.sys
      2012-09-18 01:10 . 2012-08-14 00:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
      2012-09-15 21:45 . 2007-04-16 06:00 289792 --sh--w- c:\windows\SysWow64\winlogon.exe
      2012-09-13 19:19 . 2012-09-13 19:19 -------- d-sh--w- c:\programdata\DSS
      2012-09-12 21:30 . 2012-09-12 21:30 -------- d-----w- c:\users\User\Tracing
      2012-09-12 20:57 . 2012-09-12 20:57 -------- d-----w- c:\programdata\Applications
      2012-09-06 08:09 . 2012-09-06 08:09 -------- d-----w- c:\users\User\AppData\Roaming\SQLiteManager
      2012-08-29 11:43 . 2012-08-29 11:43 -------- d-----w- c:\users\User\AppData\Roaming\TightVNC
      2012-08-29 11:43 . 2012-08-29 11:43 -------- d-----w- c:\program files\TightVNC
      2012-08-28 14:15 . 2012-08-28 14:15 -------- d-----w- c:\programdata\ATI
      2012-08-27 22:20 . 2012-08-27 22:20 519 ----a-w- C:\user.js
      2012-08-27 22:20 . 2012-08-27 22:20 -------- d-----w- c:\program files (x86)\BabylonToolbar
      2012-08-27 22:20 . 2012-08-27 22:20 -------- d-----w- c:\users\User\AppData\Roaming\Babylon
      2012-08-27 22:20 . 2012-08-27 22:20 -------- d-----w- c:\programdata\Babylon
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-23 00:58 . 2011-03-25 02:21 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
      2012-09-23 00:58 . 2011-03-25 02:20 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
      2012-09-21 17:02 . 2012-04-01 15:56 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-21 17:02 . 2011-05-21 18:48 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-09-20 01:27 . 2011-03-25 02:20 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
      2012-09-19 14:33 . 2012-07-25 20:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
      2012-09-19 14:33 . 2012-05-26 01:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
      2012-09-07 23:04 . 2011-04-28 15:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-08-29 02:24 . 2012-06-15 01:06 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
      2012-08-29 02:24 . 2011-03-19 01:29 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-08-20 07:53 . 2012-08-25 06:01 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{304C28DA-55EB-459B-A9D1-142F1CA99404}\mpengine.dll
      2012-08-15 05:03 . 2011-03-25 02:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
      2012-08-14 17:17 . 2012-08-15 01:23 3227136 ----a-w- c:\windows\SysWow64\pbsvc_grfs.exe
      2012-08-13 22:49 . 2012-08-13 22:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
      2012-08-02 21:09 . 2012-08-02 21:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
      2012-07-28 04:09 . 2011-11-30 16:28 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
      2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
      2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
      2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
      2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
      2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
      2012-07-28 02:15 . 2011-11-30 17:03 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
      2012-07-28 02:13 . 2011-09-24 02:01 1100288 ----a-w- c:\windows\system32\aticfx64.dll
      2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
      2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
      2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
      2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
      2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
      2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
      2012-07-28 01:51 . 2011-09-24 01:43 7052288 ----a-w- c:\windows\system32\atidxx64.dll
      2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
      2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
      2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
      2012-07-28 01:32 . 2011-11-30 16:24 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
      2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
      2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
      2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
      2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
      2012-07-28 01:13 . 2011-11-30 16:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll
      2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
      2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
      2012-07-28 01:13 . 2011-11-30 16:12 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
      2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
      2012-07-19 07:43 . 2012-07-19 07:43 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
      2012-07-19 07:43 . 2012-07-19 07:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
      2011-12-18 14:06 . 2011-12-20 02:06 44 ---h--w- c:\program files (x86)\e74dd66e.tmp
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-03 1353080]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 5664640]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
      "BelkinAPM"="c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe" [2011-03-30 114688]
      "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
      "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
      "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-18 218880]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      "SoftwareSASGeneration"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
      R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO64.sys [x]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
      R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-07-01 52352]
      R3 atillk64;atillk64;c:\users\User\Documents\ATI OC\ati_winflash_2.0.1.14\atillk64.sys [2006-07-20 14608]
      R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
      R3 DAUpdaterSvc;Dragon Age: Origins - Programa de actualización de contenido;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
      R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
      R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
      R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
      R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
      R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-06-26 15672]
      R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
      R3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
      R3 WowzaMediaServer;Wowza Media Server;c:\users\User\AppData\Local\Programs\Wowza Media Systems\Wowza Media Server 2.2.4\bin\wrapper.exe [2011-04-22 204800]
      R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
      S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
      S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
      S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
      S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
      S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
      S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-09-19 3082640]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
      S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
      S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
      S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
      S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
      S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
      S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
      S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-05-01 66320]
      S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
      S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
      S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
      S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [2011-06-17 1308160]
      S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-19 29016]
      S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-19 29528]
      S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
      S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
      S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
      S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-05-26 397600]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - A2ACC
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:02]
      .
      2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477063558-2216802112-3760810025-1000Core.job
      - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 23:50]
      .
      2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477063558-2216802112-3760810025-1000UA.job
      - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 23:50]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
      "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
      "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
      "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
      "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
      "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
      "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
      "CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = about:blank
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyServer = socks=localhost:8080
      uInternet Settings,ProxyOverride = local
      uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
      TCP: Interfaces\{C0B00F41-E148-4457-9AE6-352CF7C31635}: NameServer = 216.184.96.4,208.67.222.222
      DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
      @Denied: (2) (LocalSystem)
      "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
      5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
      "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
      76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
      "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
      94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
      "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
      b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
      "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
      e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
      "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
      2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
      @Denied: (2) (LocalSystem)
      "Timestamp"=hex:88,06,a0,a4,85,65,cd,01
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
      @Denied: (2) (LocalSystem)
      "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,57,8c,48,ac,4c,c5,41,85,27,9f,\
      "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,57,8c,48,ac,4c,c5,41,85,27,9f,\
      .
      [HKEY_USERS\S-1-5-21-2477063558-2216802112-3760810025-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      @Allowed: (Read) (RestrictedCode)
      "??"=hex:84,ea,ba,9a,11,0f,9b,05,0f,35,9b,20,e0,3b,1e,da,8c,1e,ba,28,74,28,e7,
      7a,d0,da,8b,a8,ec,e5,15,b5,5d,e7,67,ba,65,3b,ee,e5,05,81,80,54,e4,e0,d6,96,\
      "??"=hex:f7,53,b0,38,f6,2d,e0,b0,b2,ca,dc,86,13,3e,f7,10
      .
      [HKEY_USERS\S-1-5-21-2477063558-2216802112-3760810025-1000\Software\SecuROM\License information*]
      "datasecu"=hex:18,0d,3e,c6,0a,8a,4a,03,24,98,8b,b2,d6,de,68,4c,c4,0c,c8,7d,bf,
      4b,19,0b,37,99,2d,04,e4,2b,08,ef,f8,4c,53,37,ac,8d,1f,9b,c5,d4,73,b3,9e,5f,\
      "rkeysecu"=hex:59,a4,e4,ae,e3,fe,2c,10,4b,55,b4,15,a9,37,5e,63
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
      "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
      "0"="Microsoft Actions Pane 3"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\SysWOW64\PnkBstrA.exe
      c:\windows\DAODx.exe
      c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
      c:\program files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
      c:\program files\Corsair USB Headset\customapp\program\CAHS.EXE
      c:\program files\Corsair USB Headset\customapp\program\CAHS.EXE
      .
      **************************************************************************
      .
      Completion time: 2012-09-25 21:38:50 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-09-26 03:38
      ComboFix2.txt 2012-09-26 03:06
      .
      Pre-Run: 212,890,476,544 bytes libres
      Post-Run: 212,627,705,856 bytes libres
      .
      - - End Of File - - AF076948DD93E260745D011521D3BBFE
      Última edición por Dany3j fecha: 27/09/12 a las 13:33:49

    4. #4
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Problema con un troyano

      Realiza lo siguiente:

      Descarga SystemLook a tu escritorio.

      • Ejecuta SystemLook.exe.
      • Copia el siguiente codigo en el recuadro de texto.

        Código:
        :filefind
        winlogon.exe
      • Presiona el boton Look.
      • Espera que el programa haga su trabajo.

      Se abrirá un bloc de notas, copia el contenido en tu próxima respuesta.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Acrono
      Registrado
      sep 2012
      Ubicación
      /dev/null
      Mensajes
      6

      Re: Problema con un troyano

      SystemLook

      SystemLook 30.07.11 by jpshortstuff
      Log created at 11:40 on 27/09/2012 by User
      Administrator - Elevation successful

      ========== filefind ==========

      Searching for "winlogon.exe"
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 218696 bytes [07:24 25/09/2012] [23:04 07/09/2012] 4E0D8C9F83B7FD82393F7D8CCC27E7AE
      C:\Windows\erdnt\cache64\winlogon.exe --a---- 390656 bytes [03:05 26/09/2012] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
      C:\Windows\System32\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
      C:\Windows\SysWOW64\winlogon.exe ---hs-- 289792 bytes [21:45 15/09/2012] [06:00 16/04/2007] (Unable to calculate MD5)
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457

      -= EOF =-

    6. #6
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Problema con un troyano

      Hola de nuevo

      Realiza lo siguiente :

      • Clic en INICIO > EJECUTAR >
        • Y ahí pones notepad.exe y ACEPTAR
        • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad


      Código:
      KillAll::
      ClearJavaCache::
      
      File::
      C:\user.js
      c:\windows\SysWow64\PnkBstrB.ex0
      c:\program files (x86)\e74dd66e.tmp
      C:\Windows\SysWOW64\winlogon.exe
      
      Folder::
      c:\program files (x86)\BabylonToolbar
      c:\users\User\AppData\Roaming\Babylon
      c:\programdata\Babylon


      • Guarda este archivo con el nombre CFScript.txt
      • Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.



      • ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.




      Después de reiniciar, comprobas en funcionamiento y nos comentás.



      saludos

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de Acrono
      Registrado
      sep 2012
      Ubicación
      /dev/null
      Mensajes
      6

      Re: Problema con un troyano

      La verdad que no me fije de esos parámetros que pusiste y me borro dos programas uno es PnkBstrB que es del programa PunkBuster Anti-Cheat y otro un programa de la logitech que lo voy a tener que reinstalar ambos y lo mejor de todo fue que el virus siempre esta ahí aunque diga "was found and disinfected"


      ComboFix


      ComboFix 12-09-27.03 - User 27/09/2012 12:54:43.3.6 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.503.3082.18.16382.13418 [GMT -6:00]
      Running from: c:\users\User\Desktop\ComboFix.exe
      Command switches used :: c:\users\User\Desktop\CFScript.txt
      AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
      AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
      SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
      SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      FILE ::
      "c:\program files (x86)\e74dd66e.tmp"
      "C:\user.js"
      "c:\windows\SysWow64\PnkBstrB.ex0"
      "c:\windows\SysWOW64\winlogon.exe"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files (x86)\BabylonToolbar
      c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll
      c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarEng.dll
      c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
      c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
      c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\escortShld.dll
      c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\uninstall.exe
      c:\program files (x86)\e74dd66e.tmp
      c:\programdata\Babylon
      C:\user.js
      c:\users\User\AppData\Roaming\Babylon
      c:\users\User\AppData\Roaming\Babylon\log_file.txt
      c:\users\User\AppData\Roaming\chrtmp
      c:\windows\SysWow64\PnkBstrB.ex0
      .
      Infected copy of c:\windows\System32\winlogon.exe was found and disinfected
      Restored copy from - c:\windows\erdnt\cache64\winlogon.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-27 19:01 . 2012-09-27 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-25 23:52 . 2012-09-27 18:21 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
      2012-09-25 23:48 . 2012-09-25 23:49 -------- d-----w- c:\programdata\FlyVPN
      2012-09-25 22:35 . 2012-09-26 01:49 -------- d-----w- c:\users\User\AppData\Roaming\ScanSpyware
      2012-09-25 22:19 . 2012-09-25 22:19 -------- d-----w- c:\users\User\AppData\Roaming\Curiolab
      2012-09-25 16:24 . 2012-09-25 16:24 -------- d-----w- C:\_OTM
      2012-09-25 16:04 . 2012-09-25 16:04 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
      2012-09-25 16:01 . 2012-09-25 16:04 -------- d-----w- c:\program files\SUPERAntiSpyware
      2012-09-25 16:01 . 2012-09-25 16:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
      2012-09-25 07:24 . 2012-09-25 07:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-09-24 07:53 . 2012-09-24 08:54 -------- d-----w- c:\users\User\Cisco Packet Tracer 5.3.3
      2012-09-24 07:53 . 2012-09-24 07:53 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3.3
      2012-09-21 19:03 . 2012-09-21 19:03 -------- d-----w- c:\users\User\AppData\Local\Runic Games
      2012-09-20 21:32 . 2012-09-20 21:32 -------- d-----w- c:\programdata\Sony Corporation
      2012-09-20 21:32 . 2012-09-20 21:32 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
      2012-09-20 21:32 . 2012-09-20 21:32 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
      2012-09-20 21:32 . 2004-07-16 06:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
      2012-09-20 21:32 . 2004-07-16 06:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
      2012-09-20 21:32 . 2004-07-16 06:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
      2012-09-20 21:32 . 2004-07-16 06:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
      2012-09-20 21:32 . 2004-07-16 06:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
      2012-09-20 21:32 . 2004-07-16 06:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
      2012-09-20 15:38 . 2012-09-20 15:37 289768 ----a-w- c:\windows\system32\javaws.exe
      2012-09-20 15:38 . 2012-09-20 15:37 916456 ----a-w- c:\windows\system32\deployJava1.dll
      2012-09-20 15:38 . 2012-09-20 15:37 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-09-20 15:37 . 2012-09-20 15:37 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
      2012-09-20 15:37 . 2012-09-20 15:37 189416 ----a-w- c:\windows\system32\javaw.exe
      2012-09-20 15:37 . 2012-09-20 15:37 188904 ----a-w- c:\windows\system32\java.exe
      2012-09-20 15:37 . 2012-09-20 15:37 -------- d-----w- c:\program files\Java
      2012-09-18 01:11 . 2012-07-11 23:09 64856 ----a-w- c:\windows\system32\klfphc.dll
      2012-09-18 01:10 . 2012-09-18 01:10 -------- d-----w- c:\windows\ELAMBKUP
      2012-09-18 01:10 . 2012-09-27 19:05 -------- d-----w- c:\programdata\Kaspersky Lab
      2012-09-18 01:10 . 2012-09-18 01:10 -------- d-----w- c:\program files (x86)\Kaspersky Lab
      2012-09-18 01:10 . 2012-09-27 16:37 611160 ----a-w- c:\windows\system32\drivers\klif.sys
      2012-09-18 01:10 . 2012-08-14 00:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
      2012-09-15 21:45 . 2007-04-16 06:00 289792 --sha-w- c:\windows\SysWow64\winlogon.exe
      2012-09-13 19:19 . 2012-09-13 19:19 -------- d-sh--w- c:\programdata\DSS
      2012-09-12 21:30 . 2012-09-12 21:30 -------- d-----w- c:\users\User\Tracing
      2012-09-12 20:57 . 2012-09-12 20:57 -------- d-----w- c:\programdata\Applications
      2012-09-06 08:09 . 2012-09-06 08:09 -------- d-----w- c:\users\User\AppData\Roaming\SQLiteManager
      2012-08-29 11:43 . 2012-08-29 11:43 -------- d-----w- c:\users\User\AppData\Roaming\TightVNC
      2012-08-29 11:43 . 2012-08-29 11:43 -------- d-----w- c:\program files\TightVNC
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-23 00:58 . 2011-03-25 02:21 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
      2012-09-23 00:58 . 2011-03-25 02:20 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
      2012-09-21 17:02 . 2012-04-01 15:56 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-21 17:02 . 2011-05-21 18:48 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-09-19 14:33 . 2012-07-25 20:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
      2012-09-19 14:33 . 2012-05-26 01:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
      2012-09-07 23:04 . 2011-04-28 15:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-08-29 02:24 . 2012-06-15 01:06 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
      2012-08-29 02:24 . 2011-03-19 01:29 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-08-20 07:53 . 2012-08-25 06:01 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{304C28DA-55EB-459B-A9D1-142F1CA99404}\mpengine.dll
      2012-08-15 05:03 . 2011-03-25 02:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
      2012-08-14 17:17 . 2012-08-15 01:23 3227136 ----a-w- c:\windows\SysWow64\pbsvc_grfs.exe
      2012-08-13 22:49 . 2012-08-13 22:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
      2012-08-02 21:09 . 2012-08-02 21:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
      2012-07-28 04:09 . 2011-11-30 16:28 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
      2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
      2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
      2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
      2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
      2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
      2012-07-28 02:15 . 2011-11-30 17:03 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
      2012-07-28 02:13 . 2011-09-24 02:01 1100288 ----a-w- c:\windows\system32\aticfx64.dll
      2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
      2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
      2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
      2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
      2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
      2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
      2012-07-28 01:51 . 2011-09-24 01:43 7052288 ----a-w- c:\windows\system32\atidxx64.dll
      2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
      2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
      2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
      2012-07-28 01:32 . 2011-11-30 16:24 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
      2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
      2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
      2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
      2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
      2012-07-28 01:13 . 2011-11-30 16:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll
      2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
      2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
      2012-07-28 01:13 . 2011-11-30 16:12 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
      2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
      2012-07-19 07:43 . 2012-07-19 07:43 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
      2012-07-19 07:43 . 2012-07-19 07:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-03 1353080]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
      "BelkinAPM"="c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe" [2011-03-30 114688]
      "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
      "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
      "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-18 218880]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      "SoftwareSASGeneration"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
      R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO64.sys [x]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
      R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-07-01 52352]
      R3 atillk64;atillk64;c:\users\User\Documents\ATI OC\ati_winflash_2.0.1.14\atillk64.sys [2006-07-20 14608]
      R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
      R3 DAUpdaterSvc;Dragon Age: Origins - Programa de actualización de contenido;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
      R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
      R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
      R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
      R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
      R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-06-26 15672]
      R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
      R3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
      R3 WowzaMediaServer;Wowza Media Server;c:\users\User\AppData\Local\Programs\Wowza Media Systems\Wowza Media Server 2.2.4\bin\wrapper.exe [2011-04-22 204800]
      R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
      S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
      S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
      S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
      S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
      S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
      S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-09-19 3082640]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
      S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
      S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
      S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
      S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
      S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
      S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
      S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-05-01 66320]
      S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
      S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
      S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
      S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [2011-06-17 1308160]
      S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-19 29016]
      S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-19 29528]
      S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
      S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
      S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
      S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-05-26 397600]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:02]
      .
      2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477063558-2216802112-3760810025-1000Core.job
      - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 23:50]
      .
      2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477063558-2216802112-3760810025-1000UA.job
      - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 23:50]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
      "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
      "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
      "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
      "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
      "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
      "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
      "CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = about:blank
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyServer = socks=localhost:8080
      uInternet Settings,ProxyOverride = local
      uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
      TCP: Interfaces\{C0B00F41-E148-4457-9AE6-352CF7C31635}: NameServer = 216.184.96.4,208.67.222.222
      DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\uninstall.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
      @Denied: (2) (LocalSystem)
      "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
      5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
      "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
      76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
      "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
      94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
      "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
      b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
      "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
      e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
      "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
      2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
      @Denied: (2) (LocalSystem)
      "Timestamp"=hex:88,06,a0,a4,85,65,cd,01
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
      @Denied: (2) (LocalSystem)
      "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,57,8c,48,ac,4c,c5,41,85,27,9f,\
      "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,57,8c,48,ac,4c,c5,41,85,27,9f,\
      .
      [HKEY_USERS\S-1-5-21-2477063558-2216802112-3760810025-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      @Allowed: (Read) (RestrictedCode)
      "??"=hex:84,ea,ba,9a,11,0f,9b,05,0f,35,9b,20,e0,3b,1e,da,8c,1e,ba,28,74,28,e7,
      7a,d0,da,8b,a8,ec,e5,15,b5,5d,e7,67,ba,65,3b,ee,e5,05,81,80,54,e4,e0,d6,96,\
      "??"=hex:f7,53,b0,38,f6,2d,e0,b0,b2,ca,dc,86,13,3e,f7,10
      .
      [HKEY_USERS\S-1-5-21-2477063558-2216802112-3760810025-1000\Software\SecuROM\License information*]
      "datasecu"=hex:18,0d,3e,c6,0a,8a,4a,03,24,98,8b,b2,d6,de,68,4c,c4,0c,c8,7d,bf,
      4b,19,0b,37,99,2d,04,e4,2b,08,ef,f8,4c,53,37,ac,8d,1f,9b,c5,d4,73,b3,9e,5f,\
      "rkeysecu"=hex:59,a4,e4,ae,e3,fe,2c,10,4b,55,b4,15,a9,37,5e,63
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
      "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
      "0"="Microsoft Actions Pane 3"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\progra~2\BELKIN~2\BELKIN~4.EXE
      c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
      c:\windows\SysWOW64\PnkBstrA.exe
      c:\progra~2\BELKIN~2\BELKIN~3.EXE
      c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
      c:\windows\DAODx.exe
      c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
      c:\program files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
      c:\program files\Corsair USB Headset\customapp\program\CAHS.EXE
      c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
      .
      **************************************************************************
      .
      Completion time: 2012-09-27 13:09:52 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-09-27 19:09
      ComboFix2.txt 2012-09-26 03:38
      ComboFix3.txt 2012-09-26 03:06
      .
      Pre-Run: 208,163,532,800 bytes libres
      Post-Run: 207,710,420,992 bytes libres
      .
      - - End Of File - - 4631453E9862AF4A2D122430F9716F73

    8. #8
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Problema con un troyano

      Realiza lo siguiente:

      Descarga SystemLook a tu escritorio.

      • Ejecuta SystemLook.exe.
      • Copia el siguiente codigo en el recuadro de texto.

        Código:
        :filefind
        winlogon*
      • Presiona el boton Look.
      • Espera que el programa haga su trabajo.
      Puedes reinstalar los programas que dejaron de funcionar o bien podemos restaurarlos de la cuarentena. Sobre logitech no hay nada relacionado en el reporte.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de Acrono
      Registrado
      sep 2012
      Ubicación
      /dev/null
      Mensajes
      6

      Re: Problema con un troyano

      Pues eso es lo curioso porque tampoco veo nada relacionado con el reporte pero borro el C:\Program Files\Common Files\LogiShrd\CDDRV3\LDConfig.exe pero ya lo reinstale ya no debería de dar problema.

      PD: siempre que pasa cualquier cosa que scanea el system me brinca el KS sobre ese virus ya hasta me aburrio ese msg.

      SystemLook

      SystemLook 30.07.11 by jpshortstuff
      Log created at 13:45 on 27/09/2012 by User
      Administrator - Elevation successful

      ========== filefind ==========

      Searching for "winlogon*"
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 218696 bytes [07:24 25/09/2012] [23:04 07/09/2012] 4E0D8C9F83B7FD82393F7D8CCC27E7AE
      C:\Windows\erdnt\cache64\winlogon.exe --a---- 390656 bytes [03:05 26/09/2012] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
      C:\Windows\PolicyDefinitions\WinLogon.admx --a---- 5237 bytes [21:41 13/07/2009] [21:04 10/06/2009] 89D8F50E186A16C2CED3CF36DBBC0B2C
      C:\Windows\PolicyDefinitions\es-ES\WinLogon.adml --a---- 9447 bytes [07:08 21/11/2010] [07:08 21/11/2010] 6E1FD41BBE0D48299276EEEA15907DB4
      C:\Windows\System32\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
      C:\Windows\System32\es-ES\winlogon.exe.mui --a---- 25600 bytes [07:08 21/11/2010] [07:08 21/11/2010] 6E0D080A325C8720CE18008D7FE8EBC2
      C:\Windows\System32\migwiz\dlmanifests\winlogon-DL.man --a---- 2346 bytes [21:04 10/06/2009] [21:04 10/06/2009] 0D22A775CE54F69925A7B65632D3D782
      C:\Windows\System32\wbem\winlogon.mof --a---- 3192 bytes [21:41 13/07/2009] [20:30 13/07/2009] DF722B96F32A61783BC310FACF10240B
      C:\Windows\System32\wbem\es-ES\winlogon.mfl --a---- 1080 bytes [07:08 21/11/2010] [07:08 21/11/2010] 1B0EBA857919BF17EB2C7432671755FF
      C:\Windows\System32\wdi\perftrack\WinlogonEvents.ptxml --a---- 1028 bytes [20:30 13/07/2009] [20:30 13/07/2009] 65AF8144A53A88F7F963AFAB3E2120E5
      C:\Windows\SysWOW64\winlogon.exe --ahs-- 289792 bytes [21:45 15/09/2012] [06:00 16/04/2007] (Unable to calculate MD5)
      C:\Windows\SysWOW64\migwiz\dlmanifests\winlogon-DL.man --a---- 2346 bytes [21:43 10/06/2009] [21:43 10/06/2009] 0D22A775CE54F69925A7B65632D3D782
      C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_609ebaed9a394a1c\winlogon-DL.man --a---- 2346 bytes [21:04 10/06/2009] [21:04 10/06/2009] 0D22A775CE54F69925A7B65632D3D782
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f0c46012f6b9f215\WinLogon.adml --a---- 9447 bytes [07:08 21/11/2010] [07:08 21/11/2010] 6E1FD41BBE0D48299276EEEA15907DB4
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx --a---- 5237 bytes [21:41 13/07/2009] [21:04 10/06/2009] 89D8F50E186A16C2CED3CF36DBBC0B2C
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon-events_31bf3856ad364e35_6.1.7600.16385_none_69321e45a1bbc706\WinlogonEvents.ptxml --a---- 1028 bytes [20:30 13/07/2009] [20:30 13/07/2009] 65AF8144A53A88F7F963AFAB3E2120E5
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_847b31e13926c41b\winlogon.mfl --a---- 1080 bytes [07:08 21/11/2010] [07:08 21/11/2010] 1B0EBA857919BF17EB2C7432671755FF
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof --a---- 3192 bytes [21:41 13/07/2009] [20:30 13/07/2009] DF722B96F32A61783BC310FACF10240B
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_es-es_28e9f3de1adcee20\winlogon.exe.mui --a---- 25600 bytes [07:08 21/11/2010] [07:08 21/11/2010] 6E0D080A325C8720CE18008D7FE8EBC2
      C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
      C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\winlogon-DL.man --a---- 2346 bytes [21:43 10/06/2009] [21:43 10/06/2009] 0D22A775CE54F69925A7B65632D3D782

      -= EOF =-
      Última edición por Acrono fecha: 27/09/12 a las 16:13:30

    10. #10
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Problema con un troyano

      Realiza lo siguiente:

      Inicia en modo seguro.

      Activa la opción de ver archivo ocultos y extensiones.

      Ubica el archivo y eliminalo manualmente:

      C:\Windows\SysWOW64\winlogon.exe

      Cualquier novedad me la comentas.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo