• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    Troyano?

    Hola, De repente me ha desaparecido el icono para regular el volumen del pc (que aparece habitualmente en la barra de tareas). Desde el panel de control he intentado activarlo, pero me aparece como "desactivado", ...

    1. #1
      Usuario Avatar de ernerom
      Registrado
      nov 2012
      Ubicación
      Madrid
      Mensajes
      7

      Troyano?

      Hola,

      De repente me ha desaparecido el icono para regular el volumen del pc (que aparece habitualmente en la barra de tareas).

      Desde el panel de control he intentado activarlo, pero me aparece como "desactivado", con la casilla en gris y no soy capaz de habilitarlo de nuevo.

      Por lo que he podido leer, puede tratarse de un troyano (y creo que tiene toda la pinta).

      Agradecería vuestra ayuda para buscar una solución ya que actualmente estoy sin sonido en el pc

      Muchas gracias!

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: Troyano?

      Hola



      Por favor, seguí este procedimiento:



      PASO 1

      Descargá estas herramientas a Tu escritorio, pero no ejecutes nada aún:


      º Glary Utilities. Lo instalas según Su manual.

      º Malwarebytes. Lo instalas y actualizas según su manual. Si ya lo tenes, solo debes actualizarlo.

      º ComboFix.exe




      PASO 2

      Ejecutá Malwarebytes
      • Hacé un "escaneo completo".
      • Una vez finalizado, si te detecta algo elegis "Quitar lo seleccionado" como lo indica Esta Imagen
      • Si te pide reiniciar, lo haces.





      PASO 3

      Ejecutá Glary Utilities
      • Presioná el Boton Mantenimiento un Clic
      • Presioná el Boton Ver Resultados y esperá a que termine.
      • Cuando termine, presionas el Boton Reparar Problemas.




      PASO 4

      Ejecutá ComboFix


      • Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus
      • Cerrá todas las ventanas abiertas.
      • Hacá doble clic en el archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generará un registro en C:\ComboFix.txt.




      Notas Importantes:

      • Mientras CF este trabajando, no debes mover el mouse ya que pararía su proceso.
      • ComboFix Puede Reiniciar automáticamente el PC para completar el proceso de eliminación.
      • Una vez Terminado el Trabajo de ComboFix, podes activar Tu antivirus.
      • No Pongas los Reportes Dentro de Etiquetas Code ni HTML.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.






      En tu próxima respuesta, debes poner lo siguiente:


      º El reporte de Malwarebytes -----> Pestaña Registro
      º El reporte de ComboFix -----> C:\ComboFix.txt
      º Como funciona tu pc ahora



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de ernerom
      Registrado
      nov 2012
      Ubicación
      Madrid
      Mensajes
      7

      Re: Troyano?

      Hola,

      Muchas gracias por la ayuda. Ya he llevado a cabo vuestros consejos y el resultado ha sido el que detallo más abajo (el pc me funciona correctamente):

      Malwarebytes Anti-Malware 1.70.0.1100
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2013.02.15.08

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Nuria :: NURIA [administrador]

      17/02/2013 0:06:54
      MBAM-log-2013-02-17 (10-23-40).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 375174
      Tiempo transcurrido: 1 hora(s), 29 minuto(s), 20 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 6
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3F292D6E-4EA3-445A-8DA9-BC36053E01B8} (Adware.Adurr) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F292D6E-4EA3-445A-8DA9-BC36053E01B8} (Adware.Adurr) -> No se tomaron medidas.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3F292D6E-4EA3-445A-8DA9-BC36053E01B8} (Adware.Adurr) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F292D6E-4EA3-445A-8DA9-BC36053E01B8} (Adware.Adurr) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3F292D6E-4EA3-445A-8DA9-BC36053E01B8} (Adware.Adurr) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3F292D6E-4EA3-445A-8DA9-BC36053E01B8} (Adware.Adurr) -> No se tomaron medidas.

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)


      ComboFix 13-02-13.02 - Nuria 17/02/2013 10:32:36.1.2 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4072.2318 [GMT 1:00]
      Running from: c:\users\Nuria\Desktop\ComboFix.exe
      AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
      SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\FullRemove.exe
      c:\users\Nuria\AppData\Local\DNIeService.exe
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\_ctypes.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\_elementtree.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\_hashlib.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\_socket.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\_ssl.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\pyexpat.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\pysqlite2._sqlite.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\python26.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\pythoncom26.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\PyWinTypes26.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\select.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\unicodedata.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32api.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32com.shell.shell.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32crypt.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32event.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32file.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32inet.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32pdh.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32process.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32profile.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32security.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\win32ts.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\windows._cacheinvalidation.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._controls_.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._core_.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._gdi_.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._html2.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._misc_.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._windows_.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wx._wizard.pyd
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wxbase293u_net_vc.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wxbase293u_vc.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wxmsw293u_adv_vc.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wxmsw293u_core_vc.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wxmsw293u_html_vc.dll
      c:\users\Nuria\AppData\Local\Temp\_MEI42042\wxmsw293u_webview_vc.dll
      c:\users\Nuria\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
      .
      .
      2013-02-17 10:39 . 2013-02-17 10:39 -------- d-----w- c:\users\Default\AppData\Local\temp
      2013-02-15 18:45 . 2013-02-15 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2013-02-15 18:45 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-02-15 18:45 . 2013-02-15 18:45 -------- d-----w- c:\users\Nuria\AppData\Local\Programs
      2013-02-15 18:43 . 2013-02-15 18:43 -------- d-----w- c:\users\Nuria\AppData\Roaming\GlarySoft
      2013-02-15 18:39 . 2013-02-15 18:39 -------- d-----w- c:\program files (x86)\Glary Utilities
      2013-02-15 15:14 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
      2013-02-15 15:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
      2013-02-14 18:23 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-02-14 18:23 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2013-02-14 18:23 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2013-02-14 18:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
      2013-02-14 18:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
      2013-02-14 18:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
      2013-02-14 18:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
      2013-02-14 18:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
      2013-02-14 18:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
      2013-02-14 18:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
      2013-02-14 18:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2013-02-14 18:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2013-01-20 19:37 . 2013-01-20 19:37 -------- d-----w- c:\users\Nuria\AppData\Roaming\ATI
      2013-01-20 19:37 . 2013-01-20 19:37 -------- d-----w- c:\users\Nuria\AppData\Local\ATI
      2013-01-19 18:14 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-02-17 13:07 . 2012-07-06 22:10 380 ----a-w- c:\users\Nuria\AppData\Roaming\sp_data.sys
      2013-01-04 04:43 . 2013-02-14 18:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
      2012-12-21 20:55 . 2012-10-09 20:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-12-21 20:55 . 2012-10-09 20:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-12-16 17:11 . 2012-12-21 20:35 46080 ----a-w- c:\windows\system32\atmlib.dll
      2012-12-16 14:45 . 2012-12-21 20:35 367616 ----a-w- c:\windows\system32\atmfd.dll
      2012-12-16 14:13 . 2012-12-21 20:35 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
      2012-12-16 14:13 . 2012-12-21 20:35 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
      2012-12-07 13:20 . 2013-01-10 22:05 441856 ----a-w- c:\windows\system32\Wpc.dll
      2012-12-07 13:15 . 2013-01-10 22:05 2746368 ----a-w- c:\windows\system32\gameux.dll
      2012-12-07 12:26 . 2013-01-10 22:05 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
      2012-12-07 12:20 . 2013-01-10 22:05 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
      2012-12-07 11:20 . 2013-01-10 22:05 30720 ----a-w- c:\windows\system32\usk.rs
      2012-12-07 11:20 . 2013-01-10 22:05 43520 ----a-w- c:\windows\system32\csrr.rs
      2012-12-07 11:20 . 2013-01-10 22:05 23552 ----a-w- c:\windows\system32\oflc.rs
      2012-12-07 11:20 . 2013-01-10 22:05 45568 ----a-w- c:\windows\system32\oflc-nz.rs
      2012-12-07 11:20 . 2013-01-10 22:05 44544 ----a-w- c:\windows\system32\pegibbfc.rs
      2012-12-07 11:20 . 2013-01-10 22:05 20480 ----a-w- c:\windows\system32\pegi-fi.rs
      2012-12-07 11:20 . 2013-01-10 22:05 20480 ----a-w- c:\windows\system32\pegi-pt.rs
      2012-12-07 11:19 . 2013-01-10 22:05 20480 ----a-w- c:\windows\system32\pegi.rs
      2012-12-07 11:19 . 2013-01-10 22:05 46592 ----a-w- c:\windows\system32\fpb.rs
      2012-12-07 11:19 . 2013-01-10 22:05 40960 ----a-w- c:\windows\system32\cob-au.rs
      2012-12-07 11:19 . 2013-01-10 22:05 21504 ----a-w- c:\windows\system32\grb.rs
      2012-12-07 11:19 . 2013-01-10 22:05 15360 ----a-w- c:\windows\system32\djctq.rs
      2012-12-07 11:19 . 2013-01-10 22:05 55296 ----a-w- c:\windows\system32\cero.rs
      2012-12-07 11:19 . 2013-01-10 22:05 51712 ----a-w- c:\windows\system32\esrb.rs
      2012-12-07 10:46 . 2013-01-10 22:05 43520 ----a-w- c:\windows\SysWow64\csrr.rs
      2012-12-07 10:46 . 2013-01-10 22:05 30720 ----a-w- c:\windows\SysWow64\usk.rs
      2012-12-07 10:46 . 2013-01-10 22:05 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
      2012-12-07 10:46 . 2013-01-10 22:05 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
      2012-12-07 10:46 . 2013-01-10 22:05 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
      2012-12-07 10:46 . 2013-01-10 22:05 23552 ----a-w- c:\windows\SysWow64\oflc.rs
      2012-12-07 10:46 . 2013-01-10 22:05 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
      2012-12-07 10:46 . 2013-01-10 22:05 46592 ----a-w- c:\windows\SysWow64\fpb.rs
      2012-12-07 10:46 . 2013-01-10 22:05 20480 ----a-w- c:\windows\SysWow64\pegi.rs
      2012-12-07 10:46 . 2013-01-10 22:05 21504 ----a-w- c:\windows\SysWow64\grb.rs
      2012-12-07 10:46 . 2013-01-10 22:05 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
      2012-12-07 10:46 . 2013-01-10 22:05 15360 ----a-w- c:\windows\SysWow64\djctq.rs
      2012-12-07 10:46 . 2013-01-10 22:05 55296 ----a-w- c:\windows\SysWow64\cero.rs
      2012-12-07 10:46 . 2013-01-10 22:05 51712 ----a-w- c:\windows\SysWow64\esrb.rs
      2012-11-30 05:45 . 2013-01-10 22:05 362496 ----a-w- c:\windows\system32\wow64win.dll
      2012-11-30 05:45 . 2013-01-10 22:05 243200 ----a-w- c:\windows\system32\wow64.dll
      2012-11-30 05:45 . 2013-01-10 22:05 13312 ----a-w- c:\windows\system32\wow64cpu.dll
      2012-11-30 05:43 . 2013-01-10 22:05 16384 ----a-w- c:\windows\system32\ntvdm64.dll
      2012-11-30 05:41 . 2013-01-10 22:05 424448 ----a-w- c:\windows\system32\KernelBase.dll
      2012-11-30 05:41 . 2013-01-10 22:05 1161216 ----a-w- c:\windows\system32\kernel32.dll
      2012-11-30 05:38 . 2013-01-10 22:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2012-11-30 05:38 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
      2012-11-30 04:53 . 2013-01-10 22:05 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
      2012-11-30 04:45 . 2013-01-10 22:05 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
      2012-11-30 04:45 . 2013-01-10 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
      2012-11-30 03:23 . 2013-01-10 22:05 338432 ----a-w- c:\windows\system32\conhost.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}]
      2012-07-24 16:09 46232 ----a-w- c:\program files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 129272 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
      "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
      "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]
      "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
      "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
      "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
      "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
      "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
      "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
      "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
      .
      c:\users\Nuria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\Nuria\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-11-1 113664]
      AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-19 549040]
      FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-3-24 12862]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
      R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-09 1255736]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
      S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
      S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-07 27760]
      S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-27 204288]
      S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
      S2 AntiVirSchedulerService;Avira Programador;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-07 86224]
      S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
      S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
      S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
      S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
      S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
      S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
      S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
      S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
      S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
      S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-02-02 00:04 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 20:55]
      .
      2013-02-16 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files (x86)\Glary Utilities\initialize.exe [2013-02-15 14:58]
      .
      2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 20:49]
      .
      2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 20:49]
      .
      2012-10-17 c:\windows\Tasks\HP Photo Creations Messager.job
      - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
      @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
      [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
      2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
      @="{64174815-8D98-4CE6-8646-4C039977D808}"
      [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
      2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32 162552 ----a-w- c:\users\Nuria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
      2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
      "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
      "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
      "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
      TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Toolbar-Locked - (no file)
      WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
      HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
      AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
      c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
      c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
      c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
      c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
      c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
      c:\program files (x86)\ASUS\Splendid\ACMON.exe
      c:\windows\SysWOW64\ACEngSvr.exe
      c:\windows\AsScrPro.exe
      c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
      c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
      c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
      .
      **************************************************************************
      .
      Completion time: 2013-02-17 1427 - machine was rebooted
      ComboFix-quarantined-files.txt 2013-02-17 13:10
      .
      Pre-Run: 43.349.700.608 bytes libres
      Post-Run: 43.066.314.752 bytes libres
      .
      - - End Of File - - 28320DE2875CDD06C9848A397E167440

      Un saludo!

    4. #4
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: Troyano?

      Hola

      Desinstalá CF de la siguiente manera:
      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Si No podes desinstalalrlo asì, Descargá OTC.exe en el escritorio.

      Lo ejecutás y presionás Cleanup para Desinstalar ComboFix y sus carpetas creadas.

      Eso reiniciará tu pc.



      Nos comentas como sigue Todo ahora



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.