• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    Consecuencias despues de pasar combofix

    Despues de seguir el foro durante un tiempo, decidi, basandome en otros casos similares utilizar Combofix como herramienta para eliminar virus y malware, siempre despues de pasar malware bites, superantispyware o spyware and destroy y ...

    1. #1
      Usuario Avatar de albertomate
      Registrado
      feb 2013
      Ubicación
      España
      Mensajes
      3

      Consecuencias despues de pasar combofix

      Despues de seguir el foro durante un tiempo, decidi, basandome en otros casos similares utilizar Combofix como herramienta para eliminar virus y malware, siempre despues de pasar malware bites, superantispyware o spyware and destroy y la verdad es que la imagen es de una herramienta interesante que funciona, pero como en otro tema ya cerrado sobre la desaparicion de la reproduccion automatica y el no funcionamiento de los autoruns de las unidades usb me puse a investigar y es cierto, desde que pase combofix los pendrive de memoria que tenian autorun.inf asociado a un .ico no se ejecutan ni tampoco da opcion de reproduccion, mi sistema operativo es windows 7 64bits y no se si esto es un caso comun con una solucion comun o lleva bastantes cambios en el registro,daros las gracias de antemano por posibles respuestas de ayuda.

      Nota: reconozco que el uso de esta herramienta sin supervision es arriesgado pero en ese momento me parecio una opcion a tener en cuenta.

      de nuevo gracias de antemano

    2. #2
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Consecuencias despues de pasar combofix

      Hola, la pregunta seria porque motivo usaste CF?

      Por favor deja el reporte ubicado en C:\ComboFix.txt.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de albertomate
      Registrado
      feb 2013
      Ubicación
      España
      Mensajes
      3

      Re: Consecuencias despues de pasar combofix

      Cita Originalmente publicado por Dany3j Ver Mensaje
      Hola, la pregunta seria porque motivo usaste CF?

      Por favor deja el reporte ubicado en C:\ComboFix.txt.

      Hace un par de meses me entro el virus del sgae, ese tan parecido al de la policia y despues de restaurar a un punto anterior y de pasar varios anti.... el sistema se quedo tocado, los bloqueos y la lentitud se convirtieron en una constante, decidi pasar combofix, si bien es cierto que tengo pendiente una instalacion nueva desde cero en breve ya que utilizo el equipo para hacer mil pruebas con todos los programas que pasan por mis manos.



      ComboFix 13-02-03.03 - Alberto 03/02/2013 21:11:15.1.8 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.12279.9613 [GMT 1:00]
      Running from: c:\users\Alberto\Desktop\ComboFix.exe
      AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
      SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files (x86)\smartdl
      c:\program files (x86)\smartdl\gunzip.exe
      c:\program files (x86)\smartdl\status-o
      c:\users\Alberto\AppData\Local\assembly\tmp
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\_ctypes.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\_elementtree.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\_hashlib.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\_socket.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\_ssl.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\pyexpat.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\pysqlite2._sqlite.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\python26.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\pythoncom26.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\PyWinTypes26.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\select.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\unicodedata.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32api.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32com.shell.shell.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32crypt.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32event.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32file.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32inet.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32pdh.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32process.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32profile.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32security.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\win32ts.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\windows._cacheinvalidation.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._controls_.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._core_.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._gdi_.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._html2.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._misc_.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._windows_.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wx._wizard.pyd
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wxbase293u_net_vc.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wxbase293u_vc.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wxmsw293u_adv_vc.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wxmsw293u_core_vc.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wxmsw293u_html_vc.dll
      c:\users\Alberto\AppData\Local\Temp\_MEI53682\wxmsw293u_webview_vc.dll
      c:\users\Alberto\AppData\Roaming\msnmsgr
      c:\windows\XSxS
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
      .
      .
      2013-02-03 20:18 . 2013-02-03 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
      2013-02-03 10:09 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30822AB8-4FE9-4F38-92DE-1B8F3E46D411}\mpengine.dll
      2013-02-02 09:34 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2013-02-01 23:14 . 2006-10-11 14:31 50688 ----a-w- c:\windows\system32\drivers\tosporte.sys
      2013-02-01 23:13 . 2011-12-27 06:18 43616 ----a-w- c:\windows\system32\drivers\btcusb.sys
      2013-02-01 23:13 . 2011-12-27 06:18 20192 ----a-w- c:\windows\system32\btinstall.dll
      2013-02-01 23:05 . 2012-10-25 09:20 769168 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
      2013-02-01 23:05 . 2012-10-25 09:20 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
      2013-02-01 23:02 . 2013-02-01 23:02 -------- d-----w- c:\users\Alberto\AppData\Roaming\DRPSu
      2013-02-01 22:59 . 2013-02-01 22:59 -------- d-----w- c:\windows\system32\wbem\Framework
      2013-02-01 17:03 . 2013-02-01 17:03 -------- d-----w- c:\users\Alberto\AppData\Roaming\dvdcss
      2013-01-30 21:43 . 2013-02-01 17:04 -------- d-----w- c:\users\Alberto\AppData\Roaming\vlc
      2013-01-30 21:42 . 2013-01-30 21:42 -------- d-----w- c:\program files (x86)\VideoLAN
      2013-01-29 08:19 . 2013-01-29 08:19 -------- d-----w- c:\programdata\Nova Development
      2013-01-27 17:46 . 2013-01-27 17:46 -------- d-----w- c:\users\Alberto\AppData\Roaming\ABBYY
      2013-01-27 17:39 . 2013-01-27 17:39 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
      2013-01-27 17:38 . 2013-01-27 17:46 -------- d-----w- c:\program files (x86)\ABBYY FineReader 11
      2013-01-26 11:03 . 2013-01-26 11:03 -------- d-----w- c:\program files (x86)\Dojotech Software
      2013-01-25 10:22 . 2013-01-25 10:22 -------- d-----w- c:\users\Alberto\AppData\Roaming\Samsung
      2013-01-25 10:22 . 2013-01-25 10:22 -------- d-----w- c:\users\Alberto\AppData\Local\Samsung
      2013-01-25 10:21 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
      2013-01-25 10:21 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
      2013-01-25 10:21 . 2012-06-27 08:37 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
      2013-01-25 10:21 . 2012-06-27 08:37 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
      2013-01-25 10:21 . 2012-06-27 08:37 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
      2013-01-25 10:21 . 2012-06-27 08:37 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
      2013-01-25 10:21 . 2012-06-27 08:37 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
      2013-01-25 10:21 . 2012-06-27 08:37 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
      2013-01-25 10:21 . 2012-06-27 08:37 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
      2013-01-25 10:19 . 2012-12-18 09:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
      2013-01-25 10:18 . 2012-12-18 09:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
      2013-01-25 10:17 . 2013-01-25 10:20 -------- d-----w- c:\program files (x86)\Samsung
      2013-01-25 10:17 . 2013-01-25 10:20 -------- d-----w- c:\programdata\Samsung
      2013-01-23 06:12 . 2013-01-23 06:12 9584 ----a-w- c:\windows\SysWow64\ractrlkeyhook.dll
      2013-01-21 18:36 . 2013-01-21 18:36 -------- d-----w- c:\program files\EPSON
      2013-01-21 18:34 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\E_ILMJCE.DLL
      2013-01-20 18:38 . 2013-01-20 18:40 -------- d-----w- c:\program files (x86)\ElcomSoft
      2013-01-19 18:52 . 2013-01-19 18:52 -------- d-----w- c:\programdata\Zylom
      2013-01-19 08:47 . 2012-12-05 07:27 63096 ----a-w- c:\windows\system32\drivers\TMUSB64.sys
      2013-01-19 08:47 . 2013-01-19 08:47 -------- d-----w- c:\program files (x86)\EpsonNet
      2013-01-18 21:44 . 2013-02-02 19:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2013-01-18 15:15 . 2013-01-18 15:15 -------- d-----w- c:\program files (x86)\Paperless Converter
      2013-01-18 15:15 . 2012-03-29 09:58 19456 ----a-w- c:\windows\system32\Spool\prtprocs\x64\QWritex64.dll
      2013-01-18 15:14 . 2012-01-11 14:55 38912 ----a-w- c:\windows\SysWow64\plp7x64.dll
      2013-01-18 15:14 . 2013-01-18 15:14 -------- d-----w- c:\program files (x86)\Rarefind
      2013-01-17 18:54 . 2013-01-27 17:47 -------- d-----w- c:\users\Alberto\AppData\Local\ABBYY
      2013-01-17 18:53 . 2013-01-27 17:38 -------- d-----w- c:\programdata\ABBYY
      2013-01-17 18:52 . 2013-01-17 18:52 -------- d-----w- c:\programdata\UDL
      2013-01-17 16:36 . 2007-09-07 16:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
      2013-01-17 16:36 . 2007-03-28 17:26 65536 ----a-w- c:\windows\SysWow64\EEBUtil.dll
      2013-01-17 16:36 . 2006-12-19 17:31 110592 ----a-w- c:\windows\SysWow64\EEBDSCVR.dll
      2013-01-17 16:36 . 2006-12-19 17:20 77824 ----a-w- c:\windows\SysWow64\EBAPI.dll
      2013-01-17 16:36 . 2003-12-17 00:01 55808 ----a-w- c:\windows\SysWow64\EEBSDKIF.dll
      2013-01-17 15:09 . 2013-01-17 16:17 -------- d-----w- c:\program files (x86)\epson
      2013-01-17 15:08 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
      2013-01-17 15:08 . 2011-03-15 02:03 83968 ----a-w- c:\windows\system32\E_ID4BJCE.DLL
      2013-01-16 15:20 . 2012-10-24 13:17 67224 ----a-w- c:\windows\system32\vsocklib.dll
      2013-01-16 15:20 . 2012-10-24 13:17 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
      2013-01-16 15:20 . 2012-10-24 13:17 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
      2013-01-16 15:20 . 2012-11-01 01:34 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
      2013-01-16 15:19 . 2012-11-01 01:35 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
      2013-01-16 15:19 . 2012-11-01 01:34 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
      2013-01-16 15:19 . 2012-11-01 01:34 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2013-01-16 15:19 . 2012-11-01 01:35 933528 ----a-w- c:\windows\system32\vnetlib64.dll
      2013-01-16 15:19 . 2012-10-11 16:15 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
      2013-01-16 15:19 . 2013-01-16 15:19 -------- d-----w- c:\program files\Common Files\VMware
      2013-01-16 15:18 . 2013-01-16 15:18 -------- d-----w- c:\program files (x86)\Common Files\VMware
      2013-01-14 14:57 . 2013-01-14 14:57 -------- d-----w- c:\program files (x86)\Artisteer 4
      2013-01-11 09:44 . 2013-02-01 16:05 -------- d-----w- c:\program files\CCleaner
      2013-01-09 07:48 . 2007-04-11 11:11 511328 ----a-w- c:\windows\capicom.dll
      2013-01-09 07:48 . 2013-01-09 07:47 695642 ----a-w- c:\windows\unins000.exe
      2013-01-09 07:48 . 2010-04-21 17:49 3551294 ----a-w- c:\users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CertMon.exe
      2013-01-08 19:22 . 2013-01-24 22:54 -------- d-----w- c:\programdata\Nero
      2013-01-07 19:02 . 2013-01-08 20:30 -------- d-----w- c:\users\UpdatusUser
      2013-01-07 19:02 . 2013-02-03 20:20 -------- d-----w- c:\programdata\NVIDIA
      2013-01-07 19:02 . 2012-12-29 08:40 6382008 ----a-w- c:\windows\system32\nvcpl.dll
      2013-01-07 19:02 . 2012-12-29 08:40 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
      2013-01-07 19:02 . 2012-12-29 08:40 884152 ----a-w- c:\windows\system32\nvvsvc.exe
      2013-01-07 19:02 . 2012-12-29 08:40 63928 ----a-w- c:\windows\system32\nvshext.dll
      2013-01-07 19:02 . 2012-12-29 08:40 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
      2013-01-07 19:02 . 2012-12-29 08:40 118712 ----a-w- c:\windows\system32\nvmctray.dll
      2013-01-07 19:01 . 2013-01-07 19:01 -------- d-----w- c:\programdata\NVIDIA Corporation
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-02-02 19:56 . 2012-08-13 21:35 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2013-02-02 19:56 . 2012-08-13 21:35 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
      2013-01-15 07:58 . 2012-07-24 15:50 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-01-15 07:58 . 2012-07-24 15:50 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-01-09 07:55 . 2012-07-24 14:55 67599240 ----a-w- c:\windows\system32\MRT.exe
      2013-01-08 12:58 . 2012-09-24 13:38 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
      2013-01-03 23:04 . 2013-01-03 23:04 53248 ----a-r- c:\users\Alberto\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
      2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
      2012-12-22 09:17 . 2012-09-24 13:38 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
      2012-12-18 09:06 . 2012-12-18 09:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
      2012-12-18 09:06 . 2012-12-18 09:06 330240 ----a-w- c:\windows\MASetupCaller.dll
      2012-12-18 09:06 . 2012-12-18 09:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
      2012-12-18 09:06 . 2012-12-18 09:06 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
      2012-12-18 09:06 . 2012-12-18 09:06 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
      2012-12-18 09:06 . 2012-12-18 09:06 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
      2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
      2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
      2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
      2012-12-18 09:06 . 2012-12-18 09:06 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
      2012-12-18 09:06 . 2012-12-18 09:06 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
      2012-12-18 09:06 . 2012-12-18 09:06 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
      2012-12-18 09:06 . 2012-12-18 09:06 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
      2012-12-18 09:06 . 2012-12-18 09:06 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
      2012-12-18 09:06 . 2012-12-18 09:06 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
      2012-12-18 09:06 . 2012-12-18 09:06 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
      2012-12-18 09:06 . 2012-12-18 09:06 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
      2012-12-18 09:06 . 2012-12-18 09:06 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
      2012-12-18 09:06 . 2012-12-18 09:06 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
      2012-12-18 09:06 . 2012-12-18 09:06 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
      2012-12-18 09:06 . 2012-12-18 09:06 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
      2012-12-18 09:06 . 2012-12-18 09:06 172032 ----a-w- c:\windows\SysWow64\muzapp.exe
      2012-12-18 09:06 . 2012-12-18 09:06 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
      2012-12-18 09:06 . 2012-12-18 09:06 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
      2012-12-18 09:06 . 2012-12-18 09:06 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
      2012-12-18 09:06 . 2012-12-18 09:06 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
      2012-12-18 09:06 . 2012-12-18 09:06 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
      2012-12-18 09:06 . 2012-12-18 09:06 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
      2012-12-18 09:06 . 2012-12-18 09:06 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
      2012-12-16 17:11 . 2012-12-21 08:20 46080 ----a-w- c:\windows\system32\atmlib.dll
      2012-12-16 14:45 . 2012-12-21 08:20 367616 ----a-w- c:\windows\system32\atmfd.dll
      2012-12-16 14:13 . 2012-12-21 08:20 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
      2012-12-16 14:13 . 2012-12-21 08:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
      2012-12-14 15:49 . 2012-07-26 09:29 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-12-08 16:07 . 2012-12-08 16:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
      2012-12-08 16:07 . 2012-12-08 16:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
      2012-12-08 16:07 . 2012-12-08 16:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
      2012-11-30 04:45 . 2013-01-09 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
      2012-11-28 08:20 . 2012-11-28 08:21 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE27A055-055F-4B37-BB67-1B3841EAB734}\gapaengine.dll
      2012-11-14 07:06 . 2012-12-12 08:23 17811968 ----a-w- c:\windows\system32\mshtml.dll
      2012-11-14 06:32 . 2012-12-12 08:23 10925568 ----a-w- c:\windows\system32\ieframe.dll
      2012-11-14 06:11 . 2012-12-12 08:23 2312704 ----a-w- c:\windows\system32\jscript9.dll
      2012-11-14 06:04 . 2012-12-12 08:23 1346048 ----a-w- c:\windows\system32\urlmon.dll
      2012-11-14 06:04 . 2012-12-12 08:23 1392128 ----a-w- c:\windows\system32\wininet.dll
      2012-11-14 06:02 . 2012-12-12 08:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-11-14 06:02 . 2012-12-12 08:23 237056 ----a-w- c:\windows\system32\url.dll
      2012-11-14 05:59 . 2012-12-12 08:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
      2012-11-14 05:58 . 2012-12-12 08:23 816640 ----a-w- c:\windows\system32\jscript.dll
      2012-11-14 05:57 . 2012-12-12 08:23 599040 ----a-w- c:\windows\system32\vbscript.dll
      2012-11-14 05:57 . 2012-12-12 08:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
      2012-11-14 05:55 . 2012-12-12 08:23 2144768 ----a-w- c:\windows\system32\iertutil.dll
      2012-11-14 05:55 . 2012-12-12 08:23 729088 ----a-w- c:\windows\system32\msfeeds.dll
      2012-11-14 05:53 . 2012-12-12 08:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
      2012-11-14 05:52 . 2012-12-12 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
      2012-11-14 05:46 . 2012-12-12 08:23 248320 ----a-w- c:\windows\system32\ieui.dll
      2012-11-14 02:09 . 2012-12-12 08:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
      2012-11-14 01:58 . 2012-12-12 08:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2012-11-14 01:57 . 2012-12-12 08:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
      2012-11-14 01:49 . 2012-12-12 08:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2012-11-14 01:48 . 2012-12-12 08:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
      2012-11-14 01:44 . 2012-12-12 08:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
      2012-11-09 05:45 . 2012-12-12 08:17 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-11-09 04:42 . 2012-12-12 08:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "GoodSync"="c:\program files\Siber Systems\GoodSync\GoodSync.exe" [2012-01-14 8957368]
      "8A011256EB5AC1FFDD092835A88742D1DBE4A9C2._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
      "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
      "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
      "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
      "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE" [2012-02-29 283232]
      "Spotify Web Helper"="c:\users\Alberto\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-08 1199576]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
      "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-28 56128]
      "Symantec System Recovery 2011"="c:\program files (x86)\Symantec\Symantec System Recovery\Agent\VProTray.exe" [2011-02-24 2602920]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
      "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
      "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
      "vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-11-01 104088]
      "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
      .
      c:\users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      CertMon.exe [2010-4-21 3551294]
      Dropbox.lnk - c:\users\Alberto\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
      Dyn Updater Tray Icon.lnk - c:\program files (x86)\Dyn Updater\DynTray.exe [2011-11-15 78192]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 IAStorDataMgrSvc;Tecnología de almacenamiento Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-21 14904]
      R2 NAUpdate;NAUpdate; [x]
      R2 Symantec System Recovery;Symantec System Recovery;c:\program files (x86)\Symantec\Symantec System Recovery\Agent\VProSvc.exe [2011-02-24 4615080]
      R3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [x]
      R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
      R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2011-12-21 31968]
      R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
      R3 DrvSnSht;DrvSnSht; [x]
      R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
      R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2010-12-23 421376]
      R3 flash;flash;c:\windows\system32\drivers\flash.sys [x]
      R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [2011-01-14 2227216]
      R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-13 86016]
      R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]
      R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-11-26 11776]
      R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-10-15 12800]
      R3 R-ImageDisk;R-ImageDisk; [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
      R3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [x]
      R3 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys [x]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
      R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
      R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
      R3 SymSnapService;SymSnapService;c:\program files (x86)\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapServicex64.exe [2011-01-12 2965496]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-18 1255736]
      R4 Casa;Casa;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2012-11-03 3119472]
      R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
      R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
      R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
      R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-09-07 2464400]
      S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-12-21 25056]
      S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-21 651832]
      S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-21 28216]
      S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2012-06-07 319336]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]
      S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
      S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
      S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-24 272448]
      S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
      S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
      S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
      S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/09/30 18:03];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
      S2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2012-07-19 821840]
      S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
      S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
      S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-08-16 74616]
      S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-08-16 384888]
      S2 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]
      S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-11 135824]
      S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-01-14 4667320]
      S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
      S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
      S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
      S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
      S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
      S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
      S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
      S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
      S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-01 13234176]
      S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
      S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2011-01-14 66608]
      S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-26 29016]
      S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-26 29528]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
      S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-07-13 24200]
      S3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
      S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-08-27 107912]
      S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-08-27 226696]
      S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-08-29 243712]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
      .
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-01-31 22:50 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 07:58]
      .
      2013-02-03 c:\windows\Tasks\AutoKMS.job
      - c:\windows\AutoKMS\AutoKMS.exe [2012-07-24 19:11]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
      "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
      "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-12-25 6960864]
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = *.local;<local>
      IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Anexar destino de vínculo a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convertir a Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convertir destino de vínculo a Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      Trusted Zone: fnmt.es
      Trusted Zone: fnmt.es\www.cert
      TCP: Interfaces\{83F8D7C5-2EE2-4099-81B3-12FC3DBF2305}: NameServer = 62.42.230.24,62.42.63.52
      DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
      "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\BlueStacks]
      "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
      00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
      @="?????????????????? v1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
      @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
      @="?????????????????? v2"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
      @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
      c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
      c:\users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CertMon.exe
      c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
      c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      c:\windows\SysWOW64\vmnat.exe
      c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      c:\program files (x86)\BlueStacks\HD-Service.exe
      c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
      c:\windows\SysWOW64\vmnetdhcp.exe
      c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
      c:\program files (x86)\BlueStacks\HD-Network.exe
      c:\program files (x86)\BlueStacks\HD-BlockDevice.exe
      c:\program files (x86)\BlueStacks\HD-FileSystem.exe
      c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
      c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      .
      **************************************************************************
      .
      Completion time: 2013-02-03 21:25:07 - machine was rebooted
      ComboFix-quarantined-files.txt 2013-02-03 20:25
      .
      Pre-Run: 149.111.894.016 bytes libres
      Post-Run: 148.611.842.048 bytes libres
      .
      - - End Of File - - E7084503EF6E0DF85AA665C169221E24

    4. #4
      Usuario Avatar de albertomate
      Registrado
      feb 2013
      Ubicación
      España
      Mensajes
      3

      Re: Consecuencias despues de pasar combofix

      sigo con el mismo problema, pero gracias de todas maneras por responder a la primera cuestion.

      un saludo

    5. #5
      Usuario Avatar de reichelpink
      Registrado
      feb 2013
      Ubicación
      españa
      Mensajes
      1

      Re: Consecuencias despues de pasar combofix

      Despues de ejecutar combofix no me funciona nada en el ordenador. Estan todos mis iconos de programas pero intentas abrirlo y sale una ventana que dice: Intento de operacion ilegal en una clave del Registro que estaba marcada para su eliminacion. Luego cuando intento eliminar combofix en ejecutar combofix/uninstall tampoco me deja. Por favor ayuda que no me funciona nada. Lo he perdido todo???? fotos?? documentos??? AYUDA

    6. #6
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Consecuencias despues de pasar combofix

      Hola, disculpa la tardanza he estado ocupado.

      Como va el problema.?

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.