• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 13

    ( Certified-toolbar ) Como eliminar ??? (Solucionado)

    Resumen del tema: ( Certified-toolbar ) Como eliminar ??? (Solucionado) - en estos dias instale unos programas en compu y creo que me infecto. Ahora cada vez que quiero hacer una busqueda me sale este buscador : Por favor si alguien me puede decir como desintalar ...

      
    1. #1
      Usuario Avatar de macllery
      Registrado
      jun 2011
      Ubicación
      Paraguay
      Mensajes
      28

      ( Certified-toolbar ) Como eliminar ??? (Solucionado)

      en estos dias instale unos programas en compu y creo que me infecto. Ahora cada vez que quiero hacer una busqueda me sale este buscador :

      Por favor si alguien me puede decir como desintalar y solucionar el problema ???
      Se los gradesco mucho desde ya !!!

    2. #2
      Warrior Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.878

      Re: ( certified-toolbar ) Como eliminar ???

      Buenas.



      Realiza el siguiente procedimiento respetando el orden de los pasos. También lee los manuales de las herramientas indicadas. Si un paso resulta imposible realizar continua con el siguiente. Recomiendo imprimir los pasos para realizarlos con todos los programas y ventanas cerrados.



      1.- Descarga las siguientes herramientas en tu escritorio (No las ejecutes aun):



      2.- Ahora ejecuta una a una en el siguiente orden con todas las ventanas cerradas:


      a) AT-Destroyer

      • Has doble clic sobre AT-Destroyer.exe para ejecutar la herramienta.
      • Has clic en Si para aceptar los términos, pulsa la tecla 1, a continuación pulsa enter.
      • El escritorio desaparecerá momentáneamente, terminando el análisis clic en Aceptar.


      b) Malwarebytes Anti-Malware

      • En su pestaña Escáner > seleccione Realizar un Análisis completo
      • Haga clic en Analizar, seleccione todas las unidades > haga clic en "Examinar"
      • Terminando en "Mostrar resultados" > haga clic en Eliminar seleccionados
      • Aceptar el reinicio si se solicita > un reporte quedara guardado en la pestaña Registros.


      c) CCleaner

      • Ejecútalo en su opción Limpiador & Registro tal y como indica su Manual.



      3.- Para terminar copia y pega el contenido de los reportes ubicados en:

      • Malwarebytes Anti-Malware > Pestaña Registros
      • AT-Destroyer > Sobre C:\AT-Destroyer.txt



      Me comentas como funciona el ordenador en relación al problema planteado inicialmente.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de macllery
      Registrado
      jun 2011
      Ubicación
      Paraguay
      Mensajes
      28

      Re: ( certified-toolbar ) Como eliminar ???

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      InfoSpyware
      Fecha iniciada en el analisis 23/11/2012
      Hora iniciada en el analisis 21:12:20,54
      Usuario Actual : [C:\Users\Administrador]
      Sistema Operativo: Windows 7 Ultimate
      Service pack: Service Pack 1
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Administrador-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 16.0.2

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKLM\SOFTWARE\SimplyGen


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}
      C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120602210411.log
      C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\BBE233C33A982BAF
      "C:\ProgramData\InstallMate"
      C:\ProgramData\Premium\Setup
      "C:\ProgramData\Premium"
      C:\Users\Administrador\AppData\Roaming\OpenCandy\9B95BB28B8214B0DAD2F8111D0824556
      C:\Users\Administrador\AppData\Roaming\OpenCandy\9B95BB28B8214B0DAD2F8111D0824556\3420.ico
      C:\Users\Administrador\AppData\Roaming\OpenCandy\9B95BB28B8214B0DAD2F8111D0824556\LatestDLMgr.exe
      C:\Users\Administrador\AppData\Roaming\OpenCandy\9B95BB28B8214B0DAD2F8111D0824556\OpenCandyU1Dlm.dll
      C:\Users\Administrador\AppData\Roaming\OpenCandy\9B95BB28B8214B0DAD2F8111D0824556\Pokki.exe
      "C:\Users\Administrador\AppData\Roaming\OpenCandy"
      C:\Users\Administrador\Appdata\Local\Babylon\Setup
      C:\Users\Administrador\Appdata\Local\Babylon\Setup\latest_6.21.zpb
      C:\Users\Administrador\Appdata\Local\Babylon\Setup\Setup-tbmntr903.zpb
      "C:\Users\Administrador\Appdata\Local\Babylon"
      C:\Users\Administrador\AppData\Roaming\Babylon\log_file.txt
      "C:\Users\Administrador\AppData\Roaming\Babylon"
      "C:\ProgramData\Babylon"
      C:\ProgramData\Ask\APN-Stub
      C:\ProgramData\Ask\APN-Stub\ATU2
      C:\ProgramData\Ask\APN-Stub\ATU3
      C:\ProgramData\Ask\APN-Stub\ATU2\APNIC.dll
      C:\ProgramData\Ask\APN-Stub\ATU3\Local
      C:\ProgramData\Ask\APN-Stub\ATU3\Local\APNIC.dll
      "C:\ProgramData\Ask"
      C:\Users\Administrador\Appdata\Local\GDIPFONTCACHEV1.DAT
      C:\Windows\system32\DEBUG.log


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Certified-Toolbar Search
      Local Page == C:\Windows\system32\blank.htm
      Default_Search_URL == Certified-Toolbar Search

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Certified-Toolbar Search
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == Certified-Toolbar Search
      Default_Page_URL == MSN.com


      "HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Certified-Toolbar Search
      Local Page == C:\Windows\system32\blank.htm
      Default_Search_URL == Certified-Toolbar Search




      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("pref.browser.homepage.disable_button.current_page", false);
      user_pref("pref.browser.homepage.disable_button.restore_default", false);
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======


      Y el otro seria este :

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.23.09

      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Administrador :: WIN-8LJKR92I2T0 [administrador]

      23/11/2012 09:15:58 p.m.
      mbam-log-2012-11-23 (23-11-16).txt

      Tipos de Análisis: Análisis Completo (C:\|F:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 388810
      Tiempo transcurrido: 1 hora(s), 53 minuto(s), 43 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 8
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> No se tomaron medidas.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 4
      C:\Program Files\Sony\Vegas Pro 11.0\Patch_SVP.11_(32bit).exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      C:\Users\Administrador\Videos\Nueva carpeta\SONY Vegas Pro 11.0 Build 370 + Patch (32-bit) [RH]\SONY Vegas Pro 11.0 Build 370\Patch_(32bit)\Patch_SVP.11_(32bit).exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      F:\Mac\Archivos\copia de seguridad disco duro\Program Files\Xara\Xara_3D_Maker_7\Xara_3D_Maker_7_en-GB_setup.exe (Heuristics.Shuriken) -> No se tomaron medidas.
      C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> No se tomaron medidas.

      fin)

      Voy a provar unos dias y te estoy avisando, al parecer si se soluciono el problema...

    4. #4
      Warrior Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.878

      Re: ( certified-toolbar ) Como eliminar ???

      Buenas.


      Pasa una de dos cosas con el reporte de Malwarebytes Anti-Malware, o lo pegaste antes de que reiniciaras el ordenador o no hiciste clic en Eliminar seleccionados. Repite el Análisis completo, esta vez has clic en Eliminas seleccionados y acepta el reinicio del ordenador.


      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de macllery
      Registrado
      jun 2011
      Ubicación
      Paraguay
      Mensajes
      28

      Re: ( certified-toolbar ) Como eliminar ???

      Este seria, ahora lo que no me deja es escribir una busqueda directamente en la barra del navegador y siento que esta un poco lento :S

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.23.09

      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Administrador :: WIN-8LJKR92I2T0 [administrador]

      23/11/2012 09:15:58 p.m.
      mbam-log-2012-11-23 (21-15-58).txt

      Tipos de Análisis: Análisis Completo (C:\|F:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 388810
      Tiempo transcurrido: 1 hora(s), 53 minuto(s), 43 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 8
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Malo: (Certified-Toolbar Search) Bueno: (Google) -> En cuarentena y reparado con éxito.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 4
      C:\Program Files\Sony\Vegas Pro 11.0\Patch_SVP.11_(32bit).exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      C:\Users\Administrador\Videos\Nueva carpeta\SONY Vegas Pro 11.0 Build 370 + Patch (32-bit) [RH]\SONY Vegas Pro 11.0 Build 370\Patch_(32bit)\Patch_SVP.11_(32bit).exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      F:\Mac\Archivos\copia de seguridad disco duro\Program Files\Xara\Xara_3D_Maker_7\Xara_3D_Maker_7_en-GB_setup.exe (Heuristics.Shuriken) -> En cuarentena y eliminado con éxito.
      C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> En cuarentena y eliminado con éxito.

      fin)

    6. #6
      Warrior Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.878

      Re: ( certified-toolbar ) Como eliminar ???

      Buenas.



      Realiza lo siguiente:


      - Descarga la herramienta ComboFix.exe y guárdala en tu escritorio.


      • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
      • *Nota* CF puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      • *Nota* Si recibes el mensaje "Intento de operacion ilegal en una clave del registro que estaba marcada para su eliminacion" reinicia el ordenador.

      ¡Atención! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      • Se generará un reporte en C:\ComboFix.txt, del cual debes pegar todo el contenido en tu siguiente respuesta.



      Saludos.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de macllery
      Registrado
      jun 2011
      Ubicación
      Paraguay
      Mensajes
      28

      Re: ( certified-toolbar ) Como eliminar ???

      Compa ahora si que tengo un problema...

      Estoy desde otra pc, la mía no me deja ejecutar ningun exe... que hago ?

      Este es el reporte de combofix


      ComboFix 12-11-26.01 - Administrador 26/11/2012 8:17.1.2 - x86
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.2047.1146 [GMT -3:00]
      Running from: c:\users\Administrador\Downloads\ComboFix.exe
      AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\windows\system32\URTTemp
      c:\windows\system32\URTTemp\regtlib.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-26 11:26 . 2012-11-26 11:28 -------- d-----w- c:\users\Administrador\AppData\Local\temp
      2012-11-24 11:23 . 2012-11-24 11:23 -------- d-----w- c:\program files\ESET
      2012-11-24 00:14 . 2012-11-24 00:14 -------- d-----w- c:\users\Administrador\AppData\Roaming\Malwarebytes
      2012-11-24 00:11 . 2012-06-29 16:55 22528 ----a-w- c:\windows\AT-Uninstall.exe
      2012-11-24 00:11 . 2012-03-13 02:27 11776 ----a-w- c:\windows\Colous.exe
      2012-11-24 00:11 . 2008-03-25 13:39 69660 ----a-w- c:\windows\Fart.exe
      2012-11-24 00:08 . 2012-11-24 00:08 -------- d-----w- c:\programdata\Malwarebytes
      2012-11-24 00:08 . 2012-09-29 22:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-24 00:08 . 2012-11-24 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-11-23 21:45 . 2012-11-23 21:46 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
      2012-11-23 19:15 . 2012-11-23 21:48 -------- d-----w- c:\program files\Enigma Software Group
      2012-11-23 19:14 . 2012-11-23 19:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
      2012-11-22 16:54 . 2012-08-30 06:01 15432 ----a-w- c:\windows\Launcher.exe
      2012-11-22 16:53 . 2012-02-17 18:58 83968 ----a-w- c:\windows\system32\lwsky.dll
      2012-11-22 16:53 . 2012-01-30 15:35 83968 ----a-w- c:\windows\system32\bvcsky.dll
      2012-11-22 16:53 . 2011-09-22 19:26 38912 ----a-w- c:\windows\system32\MangoMax_LWx64.dll
      2012-11-22 16:53 . 2011-09-22 19:24 33792 ----a-w- c:\windows\system32\MangoMax_LWx86.dll
      2012-11-22 16:53 . 2011-09-22 19:20 38400 ----a-w- c:\windows\system32\MangoMax_LWx64_RunDLL.exe
      2012-11-22 16:51 . 2012-11-22 16:51 -------- d-----w- c:\users\Administrador\AppData\Local\Programs
      2012-11-22 11:12 . 2012-11-22 11:12 74 --sh--r- c:\windows\CT6PRET.BIN
      2012-11-22 11:11 . 2008-05-30 17:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
      2012-11-22 11:11 . 2008-03-05 18:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
      2012-11-22 11:10 . 2012-11-22 11:10 -------- d-----w- c:\programdata\Reallusion
      2012-11-22 11:10 . 2012-11-22 11:10 -------- d-----w- c:\program files\Common Files\Reallusion
      2012-11-22 11:09 . 2007-10-31 23:11 81920 ----a-w- c:\windows\system32\wavdest.ax
      2012-11-22 11:09 . 2012-11-22 11:09 -------- d-----w- c:\program files\Reallusion
      2012-11-22 11:07 . 2012-11-22 11:07 -------- d-----w- c:\users\Administrador\AppData\Roaming\InstallShield
      2012-11-22 03:28 . 2012-11-22 03:28 -------- d-----w- c:\program files\MSXML 4.0
      2012-11-21 00:58 . 2012-11-21 01:06 -------- d-----w- c:\program files\Nero
      2012-11-21 00:57 . 2012-11-21 01:13 -------- d-----w- c:\program files\Common Files\Nero
      2012-11-16 01:10 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
      2012-11-16 01:10 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
      2012-11-16 01:10 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
      2012-11-16 01:09 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
      2012-11-16 01:09 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
      2012-11-16 01:09 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
      2012-11-16 01:09 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
      2012-11-16 01:09 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
      2012-11-16 01:09 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
      2012-11-16 01:09 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
      2012-11-15 19:24 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-11-15 19:24 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
      2012-11-15 19:24 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
      2012-11-15 19:24 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
      2012-11-15 19:24 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
      2012-11-15 19:24 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
      2012-11-15 19:24 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
      2012-11-15 19:24 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
      2012-11-15 19:24 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
      2012-11-15 19:24 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
      2012-11-15 19:11 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
      2012-11-15 19:06 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
      2012-11-14 11:25 . 2012-11-14 11:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
      2012-11-13 22:48 . 2012-11-13 22:49 -------- d-----w- c:\users\Administrador\AppData\Local\Deployment
      2012-11-13 22:48 . 2012-11-13 22:48 -------- d-----w- c:\users\Administrador\AppData\Local\Apps
      2012-11-12 00:37 . 2012-11-12 00:37 -------- d-----w- c:\program files\Common Files\Xara
      2012-11-12 00:36 . 2012-11-12 00:36 -------- d-----w- c:\program files\Common Files\InstallShield
      2012-11-12 00:06 . 2012-11-12 00:40 -------- d-----w- c:\users\Administrador\AppData\Local\Xara
      2012-11-12 00:02 . 2012-11-22 11:09 -------- d--h--w- c:\program files\InstallShield Installation Information
      2012-11-12 00:02 . 2012-11-12 00:37 -------- d-----w- c:\program files\Xara
      2012-11-02 23:18 . 2012-11-02 23:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-29 11:06 . 2012-04-01 11:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-29 11:06 . 2012-03-23 12:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-17 05:32 . 2012-10-25 13:31 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{145ECF1C-DB32-4F7B-B809-179FDDEA3FE2}\mpengine.dll
      2012-10-11 00:15 . 2012-10-11 00:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
      2012-10-11 00:15 . 2012-10-11 00:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
      2012-10-11 00:14 . 2012-09-14 12:42 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
      2012-10-11 00:14 . 2012-04-01 11:58 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
      2012-10-11 00:14 . 2012-10-11 00:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
      2012-10-11 00:14 . 2011-05-21 09:01 2428776 ----a-w- c:\windows\system32\nvapi.dll
      2012-10-11 00:14 . 2012-10-11 00:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
      2012-10-11 00:14 . 2012-10-11 00:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
      2012-10-11 00:14 . 2012-10-11 00:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
      2012-10-11 00:14 . 2012-04-01 09:49 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
      2012-10-11 00:14 . 2012-10-11 00:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
      2012-10-11 00:14 . 2012-10-11 00:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
      2012-10-02 19:29 . 2012-04-01 10:10 645992 ----a-w- c:\windows\system32\nvvsvc.exe
      2012-10-02 19:29 . 2012-04-01 10:10 62312 ----a-w- c:\windows\system32\nvshext.dll
      2012-10-02 19:29 . 2012-04-01 10:10 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
      2012-10-02 19:29 . 2012-04-01 10:10 108392 ----a-w- c:\windows\system32\nvmctray.dll
      2012-10-02 19:29 . 2012-04-01 10:10 2853224 ----a-w- c:\windows\system32\nvsvc.dll
      2012-10-02 19:28 . 2012-04-01 10:10 3965288 ----a-w- c:\windows\system32\nvcpl.dll
      2012-10-02 16:15 . 2012-10-02 16:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
      2012-09-24 18:32 . 2012-07-04 10:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
      2012-09-24 18:32 . 2012-03-05 13:54 473072 ----a-w- c:\windows\system32\deployJava1.dll
      2012-09-14 18:28 . 2012-10-18 17:24 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-09-12 19:07 . 2012-09-12 19:07 58368 ----a-w- c:\windows\system32\sirenacm.dll
      2012-09-07 23:26 . 2012-10-25 14:39 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
      2012-09-07 23:26 . 2012-10-25 14:39 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2012-09-07 23:26 . 2012-10-25 14:39 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2012-08-31 17:18 . 2012-10-18 17:45 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2012-08-30 17:12 . 2012-10-18 17:24 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-08-30 17:12 . 2012-10-18 17:24 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-10-24 17:50 . 2012-11-14 11:25 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
      "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-07-12 296096]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 0 (0x0)
      "EnableInstallerDetection"= 0 (0x0)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableLockWorkstation"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "AlwaysShowClassicMenu"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "mixer5"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
      backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2012-09-23 23:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
      2012-04-04 09:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
      2012-03-09 19:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
      2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2012-03-05 13:55 136176 ----atw- c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
      2010-02-19 16:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-07-12 20:04 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
      R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [x]
      S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
      S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
      S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
      S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
      S2 AntiVirSchedulerService;Avira Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
      S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
      S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
      S3 SiSGbeLH;Controlador de dispositivo Ethernet SiS191/SiS190 NDIS 6.0;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-12 14:05]
      .
      2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-12 14:05]
      .
      2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2884106914-2541375731-1512056492-500Core.job
      - c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 13:55]
      .
      2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2884106914-2541375731-1512056492-500UA.job
      - c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 13:55]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      uDefault_Search_URL = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Bar = hxxp://www.google.com
      uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
      IE: &Enviar a OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
      IE: Enviar a &Bluetooth - c:\program files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
      TCP: DhcpNameServer = 192.168.1.1
      FF - ProfilePath - c:\users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\8u0jgmu4.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://google.com
      FF - prefs.js: keyword.URL - hxxp://google.com
      .
      - - - - ORPHANS REMOVED - - - -
      .
      HKCU-Run-Intel32 - (no file)
      HKCU-Run-AdobeBridge - (no file)
      MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
      MSConfigStartUp-DriverScanner - c:\progra~1\Uniblue\DRIVER~1\launcher.exe
      MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
      MSConfigStartUp-SpeedUpMyPC - c:\progra~1\Uniblue\SPEEDU~1\launcher.exe
      AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\Approved Extensions]
      @Denied: (2) (Administrator)
      "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c5,
      09,9e,ba,ec,09,b0,9c,bc,17,8e,68,fc,de
      "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,0e,
      67,c3,84,43,0d,a3,e1,92,9a,f3,9f,6c,5e
      "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e9,
      a5,12,5c,36,02,af,28,04,f3,02,c8,43,e2
      "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d2,
      ca,76,f6,34,08,a9,7e,da,65,c3,83,c9,b4
      "{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,3b,1b,e1,e7,70,
      6e,56,b2,48,0d,b7,f7,c7,43,64,70,3c,1c
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
      @Denied: (2) (Administrator)
      "Timestamp"=hex:98,87,83,56,34,ca,cd,01
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\User Preferences]
      @Denied: (2) (Administrator)
      "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4f,b4,c6,d4,91,77,43,b5,a6,72,\
      "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4f,b4,c6,d4,91,77,43,b5,a6,72,\
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="0_auto_file"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3G2"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3G2"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3GP"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ac3"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.alac"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.amr"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ape"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.apl"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AU"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AVI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.CDA"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dmp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Applications\\notepad.exe"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Applications\\WINWORD.EXE"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.dts"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Adobe.Illustrator.EPS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fh10\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="fh10_auto_file"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.flac"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.hdmov"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFO\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="mplayerc.ifo"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="PhotoViewer.FileAssoc.Jpeg"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.m3u"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.M4A"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="IE.AssocFile.MHT"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="IE.AssocFile.MHT"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mka"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP3"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealPlayer.MP3.6"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP4"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpls"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpv4"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.oga"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ogg"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="AcroExch.Document"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Photoshop.Image.13"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WinRAR"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealPlayer.RMVB.6"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AU"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Applications\\IExplore.exe"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tps"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tta"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.TTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="IE.AssocFile.URL"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="mplayerc.vob"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WAV"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WAX"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.webm"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealJukebox.wma.1"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMD"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealPlayer.wmv.6"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMZ"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WPL"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.wv"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\program files\Avira\AntiVir Desktop\avshadow.exe
      c:\windows\system32\conhost.exe
      c:\windows\system32\nvvsvc.exe
      c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
      c:\windows\system32\nvvsvc.exe
      c:\windows\system32\taskhost.exe
      c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files\Microsoft LifeCam\MSCamS32.exe
      c:\windows\system32\conhost.exe
      c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\program files\NVIDIA Corporation\Display\nvtray.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-26 08:34:19 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-26 11:34
      .
      Pre-Run: 22.982.787.072 bytes libres
      Post-Run: 23.286.882.304 bytes libres
      .
      - - End Of File - - E0073EFF27CAFC71722D68034F4D962C

      Ayudame por favor !!!

    8. #8
      Usuario Avatar de macllery
      Registrado
      jun 2011
      Ubicación
      Paraguay
      Mensajes
      28

      Re: ( certified-toolbar ) Como eliminar ???

      Ok, disculpa!!! no preste atención a la parte donde tenia que reiniciar el ordenador, ya lo hice y esta funcionando todo bien

    9. #9
      Warrior Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.878

      Re: ( certified-toolbar ) Como eliminar ???

      Hola.


      Corta ComboFix.exe de la carpeta donde esta y Pega el programa en tu Escritorio. Ejecuta nuevamente ComboFix.exe ahora que esta en el Escritorio, si te pide actualizar aceptas, terminando copias y pegas el nuevo reporte.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de macllery
      Registrado
      jun 2011
      Ubicación
      Paraguay
      Mensajes
      28

      Re: ( certified-toolbar ) Como eliminar ???

      Este seria :

      ComboFix 12-11-27.01 - Administrador 27/11/2012 9:22.2.2 - x86
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.2047.1244 [GMT -3:00]
      Running from: c:\users\Administrador\Desktop\ComboFix.exe
      AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
      Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f\samsrv.dll
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-27 12:30 . 2012-11-27 12:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
      2012-11-27 12:30 . 2012-11-27 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-11-26 11:34 . 2012-11-27 12:32 -------- d-----w- c:\users\Administrador\AppData\Local\temp
      2012-11-24 11:23 . 2012-11-24 11:23 -------- d-----w- c:\program files\ESET
      2012-11-24 00:14 . 2012-11-24 00:14 -------- d-----w- c:\users\Administrador\AppData\Roaming\Malwarebytes
      2012-11-24 00:11 . 2012-06-29 16:55 22528 ----a-w- c:\windows\AT-Uninstall.exe
      2012-11-24 00:11 . 2012-03-13 02:27 11776 ----a-w- c:\windows\Colous.exe
      2012-11-24 00:11 . 2008-03-25 13:39 69660 ----a-w- c:\windows\Fart.exe
      2012-11-24 00:08 . 2012-11-24 00:08 -------- d-----w- c:\programdata\Malwarebytes
      2012-11-24 00:08 . 2012-09-29 22:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-24 00:08 . 2012-11-24 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-11-23 21:45 . 2012-11-23 21:46 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
      2012-11-23 19:15 . 2012-11-23 21:48 -------- d-----w- c:\program files\Enigma Software Group
      2012-11-23 19:14 . 2012-11-23 19:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
      2012-11-22 16:54 . 2012-08-30 06:01 15432 ----a-w- c:\windows\Launcher.exe
      2012-11-22 16:53 . 2012-02-17 18:58 83968 ----a-w- c:\windows\system32\lwsky.dll
      2012-11-22 16:53 . 2012-01-30 15:35 83968 ----a-w- c:\windows\system32\bvcsky.dll
      2012-11-22 16:53 . 2011-09-22 19:26 38912 ----a-w- c:\windows\system32\MangoMax_LWx64.dll
      2012-11-22 16:53 . 2011-09-22 19:24 33792 ----a-w- c:\windows\system32\MangoMax_LWx86.dll
      2012-11-22 16:53 . 2011-09-22 19:20 38400 ----a-w- c:\windows\system32\MangoMax_LWx64_RunDLL.exe
      2012-11-22 16:51 . 2012-11-22 16:51 -------- d-----w- c:\users\Administrador\AppData\Local\Programs
      2012-11-22 11:12 . 2012-11-22 11:12 74 --sh--r- c:\windows\CT6PRET.BIN
      2012-11-22 11:11 . 2008-05-30 17:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
      2012-11-22 11:11 . 2008-03-05 18:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
      2012-11-22 11:10 . 2012-11-22 11:10 -------- d-----w- c:\programdata\Reallusion
      2012-11-22 11:10 . 2012-11-22 11:10 -------- d-----w- c:\program files\Common Files\Reallusion
      2012-11-22 11:09 . 2007-10-31 23:11 81920 ----a-w- c:\windows\system32\wavdest.ax
      2012-11-22 11:09 . 2012-11-22 11:09 -------- d-----w- c:\program files\Reallusion
      2012-11-22 11:07 . 2012-11-22 11:07 -------- d-----w- c:\users\Administrador\AppData\Roaming\InstallShield
      2012-11-22 03:28 . 2012-11-22 03:28 -------- d-----w- c:\program files\MSXML 4.0
      2012-11-21 00:58 . 2012-11-21 01:06 -------- d-----w- c:\program files\Nero
      2012-11-21 00:57 . 2012-11-21 01:13 -------- d-----w- c:\program files\Common Files\Nero
      2012-11-16 01:10 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
      2012-11-16 01:10 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
      2012-11-16 01:10 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
      2012-11-16 01:09 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
      2012-11-16 01:09 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
      2012-11-16 01:09 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
      2012-11-16 01:09 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
      2012-11-16 01:09 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
      2012-11-16 01:09 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
      2012-11-16 01:09 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
      2012-11-15 19:24 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-11-15 19:24 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
      2012-11-15 19:24 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
      2012-11-15 19:24 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
      2012-11-15 19:24 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
      2012-11-15 19:24 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
      2012-11-15 19:24 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
      2012-11-15 19:24 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
      2012-11-15 19:24 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
      2012-11-15 19:24 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
      2012-11-15 19:11 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
      2012-11-15 19:06 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
      2012-11-14 11:25 . 2012-11-14 11:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
      2012-11-13 22:48 . 2012-11-13 22:49 -------- d-----w- c:\users\Administrador\AppData\Local\Deployment
      2012-11-13 22:48 . 2012-11-13 22:48 -------- d-----w- c:\users\Administrador\AppData\Local\Apps
      2012-11-12 00:37 . 2012-11-12 00:37 -------- d-----w- c:\program files\Common Files\Xara
      2012-11-12 00:36 . 2012-11-12 00:36 -------- d-----w- c:\program files\Common Files\InstallShield
      2012-11-12 00:06 . 2012-11-12 00:40 -------- d-----w- c:\users\Administrador\AppData\Local\Xara
      2012-11-12 00:02 . 2012-11-22 11:09 -------- d--h--w- c:\program files\InstallShield Installation Information
      2012-11-12 00:02 . 2012-11-12 00:37 -------- d-----w- c:\program files\Xara
      2012-11-02 23:18 . 2012-11-02 23:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-29 11:06 . 2012-04-01 11:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-29 11:06 . 2012-03-23 12:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-17 05:32 . 2012-10-25 13:31 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{145ECF1C-DB32-4F7B-B809-179FDDEA3FE2}\mpengine.dll
      2012-10-11 00:15 . 2012-10-11 00:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
      2012-10-11 00:15 . 2012-10-11 00:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
      2012-10-11 00:14 . 2012-09-14 12:42 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
      2012-10-11 00:14 . 2012-04-01 11:58 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
      2012-10-11 00:14 . 2012-10-11 00:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
      2012-10-11 00:14 . 2011-05-21 09:01 2428776 ----a-w- c:\windows\system32\nvapi.dll
      2012-10-11 00:14 . 2012-10-11 00:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
      2012-10-11 00:14 . 2012-10-11 00:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
      2012-10-11 00:14 . 2012-10-11 00:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
      2012-10-11 00:14 . 2012-04-01 09:49 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
      2012-10-11 00:14 . 2012-10-11 00:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
      2012-10-11 00:14 . 2012-10-11 00:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
      2012-10-02 19:29 . 2012-04-01 10:10 645992 ----a-w- c:\windows\system32\nvvsvc.exe
      2012-10-02 19:29 . 2012-04-01 10:10 62312 ----a-w- c:\windows\system32\nvshext.dll
      2012-10-02 19:29 . 2012-04-01 10:10 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
      2012-10-02 19:29 . 2012-04-01 10:10 108392 ----a-w- c:\windows\system32\nvmctray.dll
      2012-10-02 19:29 . 2012-04-01 10:10 2853224 ----a-w- c:\windows\system32\nvsvc.dll
      2012-10-02 19:28 . 2012-04-01 10:10 3965288 ----a-w- c:\windows\system32\nvcpl.dll
      2012-10-02 16:15 . 2012-10-02 16:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
      2012-09-24 18:32 . 2012-07-04 10:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
      2012-09-24 18:32 . 2012-03-05 13:54 473072 ----a-w- c:\windows\system32\deployJava1.dll
      2012-09-14 18:28 . 2012-10-18 17:24 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-09-12 19:07 . 2012-09-12 19:07 58368 ----a-w- c:\windows\system32\sirenacm.dll
      2012-09-07 23:26 . 2012-10-25 14:39 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
      2012-09-07 23:26 . 2012-10-25 14:39 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2012-09-07 23:26 . 2012-10-25 14:39 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2012-08-31 17:18 . 2012-10-18 17:45 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2012-08-30 17:12 . 2012-10-18 17:24 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-08-30 17:12 . 2012-10-18 17:24 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-10-24 17:50 . 2012-11-14 11:25 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
      "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-07-12 296096]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 0 (0x0)
      "EnableInstallerDetection"= 0 (0x0)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableLockWorkstation"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "AlwaysShowClassicMenu"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "mixer5"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
      backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2012-09-23 23:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
      2012-04-04 09:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
      2012-03-09 19:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
      2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2012-03-05 13:55 136176 ----atw- c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
      2010-02-19 16:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-07-12 20:04 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
      R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [x]
      S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
      S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
      S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
      S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
      S2 AntiVirSchedulerService;Avira Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
      S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
      S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
      S3 SiSGbeLH;Controlador de dispositivo Ethernet SiS191/SiS190 NDIS 6.0;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-12 14:05]
      .
      2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-12 14:05]
      .
      2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2884106914-2541375731-1512056492-500Core.job
      - c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 13:55]
      .
      2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2884106914-2541375731-1512056492-500UA.job
      - c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 13:55]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      uDefault_Search_URL = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Bar = hxxp://www.google.com
      uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
      IE: &Enviar a OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
      IE: Enviar a &Bluetooth - c:\program files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
      TCP: DhcpNameServer = 192.168.1.1
      FF - ProfilePath - c:\users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\8u0jgmu4.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.py/
      FF - prefs.js: keyword.URL - hxxp://google.com
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\Approved Extensions]
      @Denied: (2) (Administrator)
      "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c5,
      09,9e,ba,ec,09,b0,9c,bc,17,8e,68,fc,de
      "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,0e,
      67,c3,84,43,0d,a3,e1,92,9a,f3,9f,6c,5e
      "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e9,
      a5,12,5c,36,02,af,28,04,f3,02,c8,43,e2
      "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d2,
      ca,76,f6,34,08,a9,7e,da,65,c3,83,c9,b4
      "{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,3b,1b,e1,e7,70,
      6e,56,b2,48,0d,b7,f7,c7,43,64,70,3c,1c
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
      @Denied: (2) (Administrator)
      "Timestamp"=hex:98,87,83,56,34,ca,cd,01
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Internet Explorer\User Preferences]
      @Denied: (2) (Administrator)
      "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4f,b4,c6,d4,91,77,43,b5,a6,72,\
      "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4f,b4,c6,d4,91,77,43,b5,a6,72,\
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="0_auto_file"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3G2"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3G2"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3GP"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ac3"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.alac"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.amr"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ape"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.apl"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AU"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AVI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.CDA"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dmp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Applications\\notepad.exe"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Applications\\WINWORD.EXE"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.dts"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Adobe.Illustrator.EPS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fh10\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="fh10_auto_file"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.flac"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.hdmov"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFO\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="mplayerc.ifo"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="PhotoViewer.FileAssoc.Jpeg"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.m3u"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.M4A"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="IE.AssocFile.MHT"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="IE.AssocFile.MHT"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mka"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP3"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealPlayer.MP3.6"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP4"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpls"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpv4"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.oga"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ogg"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="AcroExch.Document"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Photoshop.Image.13"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WinRAR"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealPlayer.RMVB.6"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AU"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="Applications\\IExplore.exe"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tps"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tta"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.TTS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="IE.AssocFile.URL"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="mplayerc.vob"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WAV"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WAX"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.webm"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealJukebox.wma.1"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMD"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMS"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="RealPlayer.wmv.6"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMZ"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WPL"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.wv"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_USERS\S-1-5-21-2884106914-2541375731-1512056492-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="FirefoxHTML"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\program files\Avira\AntiVir Desktop\avshadow.exe
      c:\windows\system32\conhost.exe
      c:\windows\system32\nvvsvc.exe
      c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
      c:\windows\system32\nvvsvc.exe
      c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files\Microsoft LifeCam\MSCamS32.exe
      c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
      c:\windows\system32\taskhost.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\windows\system32\conhost.exe
      c:\program files\NVIDIA Corporation\Display\nvtray.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-27 09:35:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-27 12:35
      ComboFix2.txt 2012-11-26 11:34
      .
      Pre-Run: 22.316.208.128 bytes libres
      Post-Run: 22.254.759.936 bytes libres
      .
      - - End Of File - - 30269B174FB91200C5A126A4EFD2D4BD



    Página 1 de 2 12 ÚltimoÚltimo