• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    VIRUS - w32/patched.ub

    Hola, quisiera saber si hay alguna forma de desinfectar o eliminar el virus w32/patched.ub, me lo alerta el avira siempre, y dice que tiene infectado el proceso services.exe Espero una respuesta y desde ya gracias!...

    1. #1
      Usuario Avatar de vosmodi
      Registrado
      nov 2009
      Ubicación
      Corrientes
      Mensajes
      4

      VIRUS - w32/patched.ub

      Hola, quisiera saber si hay alguna forma de desinfectar o eliminar el virus w32/patched.ub, me lo alerta el avira siempre, y dice que tiene infectado el proceso services.exe
      Espero una respuesta y desde ya gracias!

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: VIRUS - w32/patched.ub

      Hola vosmodi:


      Realiza lo siguiente:

      Paso 1.- : Desactiva temporalmente el Antivirus y/o Antispyware

      Paso 2.-: Descarga Malwarebytes Anti-Rootkit Beta.zip y descomprima el contenido en su escritorio.


      1. Abra la carpeta Mbar. Doble clic en el archivo Mbar.exe
      2. En la interfaz del programa haga clic en Next.
      3. Haga clic en el botón Update. Terminando clic en Next
      4. Para iniciar el análisis clic en el botón Scan
      5. Terminando, si hay infección clic en CleanUp, si no hay clic en Exit.


      Al finalizar abra la carpeta Mbar, los archivos mbar-log.txt y system-log.txt, copie y pegue todo su contenido en la siguiente respuesta y comentando los resultados.



      Paso 2.-: Luego de reiniciar descarga la herramienta ComboFix.exe y guárdala en el escritorio.


      • Desactiva nuevamente el Antivirus y/o Antispyware


        Si te pide actualizar "Aceptas".
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.


      Nota Importante: Luego del primer reinicio que realiza el programa Combofix, realiza un reinicio mas.







      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de vosmodi
      Registrado
      nov 2009
      Ubicación
      Corrientes
      Mensajes
      4

      Re: VIRUS - w32/patched.ub

      Ok, al parecer ya se elimino pero dejo lo que me salio en los registros

      mbar-log

      Malwarebytes Anti-Rootkit BETA 1.01.0.1020
      Malwarebytes : Free anti-malware download

      Database version: v2013.02.13.09

      Windows 7 x64 NTFS
      Internet Explorer 8.0.7600.16385
      Administrador :: EXPEUEW7 [administrator]

      13/02/2013 05:36:30 p.m.
      mbar-log-2013-02-13 (17-36-30).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 26010
      Time elapsed: 6 minute(s), 25 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      (end)

      system-log

      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1020

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7600 Windows 7 x64

      Account is Administrative

      Internet Explorer version: 8.0.7600.16385

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
      CPU speed: 2.712000 GHz
      Memory total: 4294238208, free: 2622590976

      ------------ Kernel report ------------
      02/13/2013 17:28:24
      ------------ Loaded modules -----------
      \SystemRoot\system32\ntoskrnl.exe
      \SystemRoot\system32\hal.dll
      \SystemRoot\system32\kdcom.dll
      \SystemRoot\system32\mcupdate_AuthenticAMD.dll
      \SystemRoot\system32\PSHED.dll
      \SystemRoot\system32\CLFS.SYS
      \SystemRoot\system32\CI.dll
      \SystemRoot\system32\drivers\Wdf01000.sys
      \SystemRoot\system32\drivers\WDFLDR.SYS
      \SystemRoot\system32\DRIVERS\ACPI.sys
      \SystemRoot\system32\DRIVERS\WMILIB.SYS
      \SystemRoot\system32\DRIVERS\msisadrv.sys
      \SystemRoot\system32\DRIVERS\pci.sys
      \SystemRoot\system32\DRIVERS\vdrvroot.sys
      \SystemRoot\System32\drivers\partmgr.sys
      \SystemRoot\system32\DRIVERS\volmgr.sys
      \SystemRoot\System32\drivers\volmgrx.sys
      \SystemRoot\system32\DRIVERS\pciide.sys
      \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
      \SystemRoot\System32\drivers\mountmgr.sys
      \SystemRoot\system32\DRIVERS\atapi.sys
      \SystemRoot\system32\DRIVERS\ataport.SYS
      \SystemRoot\system32\DRIVERS\nvstor.sys
      \SystemRoot\system32\DRIVERS\storport.sys
      \SystemRoot\system32\DRIVERS\amdxata.sys
      \SystemRoot\system32\drivers\fltmgr.sys
      \SystemRoot\system32\drivers\fileinfo.sys
      \SystemRoot\System32\Drivers\Ntfs.sys
      \SystemRoot\System32\Drivers\msrpc.sys
      \SystemRoot\System32\Drivers\ksecdd.sys
      \SystemRoot\System32\Drivers\cng.sys
      \SystemRoot\System32\drivers\pcw.sys
      \SystemRoot\System32\Drivers\Fs_Rec.sys
      \SystemRoot\system32\drivers\ndis.sys
      \SystemRoot\system32\drivers\NETIO.SYS
      \SystemRoot\System32\Drivers\ksecpkg.sys
      \SystemRoot\System32\drivers\tcpip.sys
      \SystemRoot\System32\drivers\fwpkclnt.sys
      \SystemRoot\system32\DRIVERS\vmstorfl.sys
      \SystemRoot\system32\DRIVERS\volsnap.sys
      \SystemRoot\System32\Drivers\spldr.sys
      \SystemRoot\System32\drivers\rdyboost.sys
      \SystemRoot\System32\Drivers\mup.sys
      \SystemRoot\System32\drivers\hwpolicy.sys
      \SystemRoot\System32\DRIVERS\fvevol.sys
      \SystemRoot\system32\DRIVERS\disk.sys
      \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\drivers\VIDEOPRT.SYS
      \SystemRoot\System32\drivers\watchdog.sys
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\system32\drivers\rdpencdd.sys
      \SystemRoot\system32\drivers\rdprefmp.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\tdx.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\drivers\afd.sys
      \SystemRoot\System32\DRIVERS\netbt.sys
      \SystemRoot\system32\DRIVERS\wfplwf.sys
      \SystemRoot\system32\DRIVERS\pacer.sys
      \SystemRoot\system32\DRIVERS\vpcnfltr.sys
      \SystemRoot\system32\DRIVERS\vwififlt.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\system32\DRIVERS\serial.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\system32\drivers\vpcvmm.sys
      \SystemRoot\system32\DRIVERS\termdd.sys
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\drivers\nsiproxy.sys
      \SystemRoot\system32\DRIVERS\mssmbios.sys
      \SystemRoot\System32\drivers\discache.sys
      \SystemRoot\system32\drivers\csc.sys
      \SystemRoot\System32\Drivers\dfsc.sys
      \SystemRoot\system32\DRIVERS\blbdrive.sys
      \SystemRoot\system32\DRIVERS\avkmgr.sys
      \SystemRoot\system32\DRIVERS\avipbb.sys
      \SystemRoot\system32\DRIVERS\tunnel.sys
      \SystemRoot\system32\DRIVERS\amdppm.sys
      \SystemRoot\system32\DRIVERS\parport.sys
      \SystemRoot\system32\DRIVERS\serenum.sys
      \SystemRoot\system32\DRIVERS\usbohci.sys
      \SystemRoot\system32\DRIVERS\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\usbehci.sys
      \SystemRoot\system32\DRIVERS\HDAudBus.sys
      \SystemRoot\system32\DRIVERS\nvm62x64.sys
      \SystemRoot\system32\DRIVERS\nvlddmkm.sys
      \SystemRoot\System32\drivers\dxgkrnl.sys
      \SystemRoot\System32\drivers\dxgmms1.sys
      \SystemRoot\system32\DRIVERS\CompositeBus.sys
      \SystemRoot\system32\DRIVERS\AgileVpn.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\rassstp.sys
      \SystemRoot\system32\DRIVERS\rdpbus.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\swenum.sys
      \SystemRoot\system32\DRIVERS\ks.sys
      \SystemRoot\system32\DRIVERS\umbus.sys
      \SystemRoot\system32\DRIVERS\vpcusb.sys
      \SystemRoot\system32\DRIVERS\usbrpm.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\DRIVERS\vpchbus.sys
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\drivers\viahduaa.sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\system32\drivers\ksthunk.sys
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\system32\DRIVERS\cdfs.sys
      \SystemRoot\System32\Drivers\crashdmp.sys
      \SystemRoot\System32\Drivers\dump_diskdump.sys
      \SystemRoot\System32\Drivers\dump_nvstor.sys
      \SystemRoot\System32\Drivers\dump_dumpfve.sys
      \SystemRoot\system32\DRIVERS\usbccgp.sys
      \SystemRoot\system32\DRIVERS\hidusb.sys
      \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\system32\DRIVERS\kbdhid.sys
      \SystemRoot\system32\DRIVERS\monitor.sys
      \SystemRoot\system32\DRIVERS\USBSTOR.SYS
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\cdd.dll
      \SystemRoot\System32\ATMFD.DLL
      \SystemRoot\system32\drivers\luafv.sys
      \SystemRoot\system32\DRIVERS\avgntflt.sys
      \??\C:\Windows\system32\drivers\mbam.sys
      \SystemRoot\system32\drivers\WudfPf.sys
      \SystemRoot\system32\DRIVERS\lltdio.sys
      \SystemRoot\system32\DRIVERS\nwifi.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\DRIVERS\rspndr.sys
      \SystemRoot\system32\drivers\HTTP.sys
      \SystemRoot\system32\DRIVERS\bowser.sys
      \SystemRoot\System32\drivers\mpsdrv.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      \SystemRoot\system32\drivers\peauth.sys
      \SystemRoot\System32\Drivers\secdrv.SYS
      \SystemRoot\System32\DRIVERS\srvnet.sys
      \SystemRoot\System32\drivers\tcpipreg.sys
      \SystemRoot\System32\DRIVERS\srv2.sys
      \SystemRoot\System32\DRIVERS\srv.sys
      \SystemRoot\system32\DRIVERS\WUDFRd.sys
      \SystemRoot\system32\DRIVERS\mouhid.sys
      \SystemRoot\system32\DRIVERS\athurx.sys
      \SystemRoot\System32\drivers\vwifibus.sys
      \SystemRoot\system32\drivers\spsys.sys
      \??\C:\Windows\system32\drivers\mbamchameleon.sys
      \??\C:\Windows\system32\drivers\mbamswissarmy.sys
      \Windows\System32\ntdll.dll
      \Windows\System32\smss.exe
      \Windows\System32\apisetschema.dll
      \Windows\System32\autochk.exe
      \Windows\System32\urlmon.dll
      \Windows\System32\imm32.dll
      \Windows\System32\ws2_32.dll
      \Windows\System32\iertutil.dll
      \Windows\System32\comdlg32.dll
      \Windows\System32\shell32.dll
      \Windows\System32\difxapi.dll
      \Windows\System32\imagehlp.dll
      \Windows\System32\nsi.dll
      \Windows\System32\wininet.dll
      \Windows\System32\oleaut32.dll
      \Windows\System32\kernel32.dll
      \Windows\System32\gdi32.dll
      \Windows\System32\user32.dll
      \Windows\System32\ole32.dll
      \Windows\System32\rpcrt4.dll
      \Windows\System32\psapi.dll
      \Windows\System32\usp10.dll
      \Windows\System32\sechost.dll
      \Windows\System32\msctf.dll
      \Windows\System32\shlwapi.dll
      \Windows\System32\normaliz.dll
      \Windows\System32\Wldap32.dll
      \Windows\System32\advapi32.dll
      \Windows\System32\clbcatq.dll
      \Windows\System32\msvcrt.dll
      \Windows\System32\lpk.dll
      \Windows\System32\setupapi.dll
      \Windows\System32\wintrust.dll
      \Windows\System32\comctl32.dll
      \Windows\System32\devobj.dll
      \Windows\System32\KernelBase.dll
      \Windows\System32\cfgmgr32.dll
      \Windows\System32\crypt32.dll
      \Windows\System32\msasn1.dll
      \Windows\SysWOW64\normaliz.dll
      ----------- End -----------
      <<<1>>>
      Upper Device Name: \Device\Harddisk1\DR1
      Upper Device Object: 0xfffffa80054ee790
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\0000006e\
      Lower Device Object: 0xfffffa8005672b70
      Lower Device Driver Name: \Driver\USBSTOR\
      Driver name found: USBSTOR
      Initialization returned 0x0
      Load Function returned 0x0
      <<<1>>>
      Upper Device Name: \Device\Harddisk0\DR0
      Upper Device Object: 0xfffffa8004604610
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\0000005b\
      Lower Device Object: 0xfffffa80041a3320
      Lower Device Driver Name: \Driver\nvstor\
      Driver name found: nvstor
      Initialization returned 0x0
      Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
      Load Function returned 0x0
      Downloaded database version: v2013.02.13.09
      Initializing...
      Done!
      <<<2>>>
      Device number: 0, partition: 1
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xfffffa8004604610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa8004605040, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa8004604610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8004000c60, DeviceName: Unknown, DriverName: \Driver\ACPI\
      DevicePointer: 0xfffffa80041a3320, DeviceName: \Device\0000005b\, DriverName: \Driver\nvstor\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      Upper DeviceData: 0xfffff8a007f9e4e0, 0xfffffa8004604610, 0xfffffa8003f3b090
      Lower DeviceData: 0xfffff8a007f6bce0, 0xfffffa80041a3320, 0xfffffa8003f1ea40
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning directory: C:\Windows\system32\drivers...
      <<<2>>>
      Device number: 0, partition: 1
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Done!
      Drive 0
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: 6FB2446B

      Partition information:

      Partition 0 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 63 Numsec = 222484122
      Partition file system is NTFS
      Partition is bootable

      Partition 1 type is Primary (0x7)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 222484185 Numsec = 754283880

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Disk Size: 500107862016 bytes
      Sector size: 512 bytes

      Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
      Physical Sector Size: 0
      Drive: 1, DevicePointer: 0xfffffa80054ee790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa8005676b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa80054ee790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8005672b70, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
      ------------ End ----------
      Done!
      Performing system, memory and registry scan...
      Done!
      Scan finished
      =======================================


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1020

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7600 Windows 7 x64

      Account is Administrative

      Internet Explorer version: 8.0.7600.16385

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
      CPU speed: 2.712000 GHz
      Memory total: 4294238208, free: 2009948160

      =======================================

      ComboFix

      ComboFix 13-02-13.02 - Administrador 13/02/2013 18:36:01.1.2 - x64
      Microsoft Windows 7 Ultimate 6.1.7600.0.1252.54.3082.18.4095.2049 [GMT -3:00]
      Running from: c:\users\Administrador\Desktop\ComboFix.exe
      AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\InfoSat.txt
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Service_mpr_freader
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))))
      .
      .
      2013-02-13 04:04 . 2013-02-13 04:04 -------- d-----w- c:\users\Administrador\AppData\Local\Macromedia
      2013-02-12 23:34 . 2013-02-12 23:34 -------- d-----w- c:\users\Administrador\AppData\Roaming\Malwarebytes
      2013-02-12 23:34 . 2013-02-12 23:34 -------- d-----w- c:\programdata\Malwarebytes
      2013-02-12 23:34 . 2013-02-12 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2013-02-12 23:34 . 2012-12-14 19:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-02-12 20:26 . 2013-02-12 20:26 -------- d-----w- c:\users\Administrador\AppData\Local\Adobe
      2013-02-12 20:26 . 2013-02-12 20:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
      2013-02-12 20:26 . 2013-02-12 20:26 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
      2013-02-08 00:12 . 2013-02-08 00:12 -------- d-----w- c:\program files (x86)\Information Packaging
      2013-02-06 04:12 . 2013-02-06 04:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2013-02-06 04:12 . 2013-02-06 04:12 -------- d-----w- c:\program files (x86)\Java
      2013-02-06 04:09 . 2013-02-06 04:09 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
      2013-02-06 04:09 . 2013-02-06 04:09 -------- d-----w- c:\users\Administrador\AppData\Local\PunkBuster
      2013-02-06 04:09 . 2013-02-06 05:43 -------- d-----w- c:\programdata\Orbit
      2013-02-06 04:04 . 2013-02-06 04:09 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
      2013-02-06 04:04 . 2013-02-06 04:05 282512 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
      2013-02-06 04:04 . 2013-02-06 04:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
      2013-02-06 04:04 . 2013-02-06 01:46 3190168 ----a-w- c:\windows\SysWow64\pb.exe
      2013-02-06 01:58 . 2013-02-06 03:54 -------- d-----w- c:\program files (x86)\Real
      2013-02-05 03:48 . 2013-02-12 04:05 -------- d-----w- c:\users\Administrador\AppData\Roaming\Mp3tag
      2013-02-05 03:48 . 2013-02-05 03:48 -------- d-----w- c:\program files (x86)\Mp3tag
      2013-01-22 05:29 . 2013-01-22 05:29 -------- d-----w- c:\users\Administrador\AppData\Roaming\Unity
      2013-01-22 05:24 . 2013-01-22 05:24 -------- d-----w- c:\users\Administrador\AppData\Local\Unity
      2013-01-21 23:05 . 2013-01-21 23:05 -------- d--h--w- c:\program files (x86)\FX Uninstall Information
      2013-01-18 02:46 . 2013-01-18 02:46 -------- d-----w- c:\program files (x86)\DVD Decrypter
      2013-01-17 19:16 . 2013-02-08 04:54 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-01-17 19:16 . 2013-02-08 04:54 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-01-17 19:16 . 2013-01-17 19:16 -------- d-----w- c:\windows\system32\Macromed
      2013-01-17 02:58 . 2013-01-17 07:41 -------- d-----w- c:\users\Administrador\AppData\Roaming\DAEMON Tools Lite
      2013-01-17 02:58 . 2013-01-17 02:58 -------- d-----w- c:\programdata\DAEMON Tools Lite
      2013-01-16 04:35 . 2007-03-10 18:49 328704 ----a-w- c:\windows\system32\vsnp2std.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-02-06 04:12 . 2012-12-27 04:19 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2013-02-06 04:12 . 2012-12-27 04:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2013-01-11 20:45 . 2013-01-11 20:45 65536 ----a-r- c:\users\Administrador\AppData\Roaming\Microsoft\Installer\{95292902-411B-4390-BCBD-8EA445F9456C}\Auto_Tune_EFX_Auth_95292902411B4390BCBD8EA445F9456C.exe
      2012-12-29 10:34 . 2013-01-05 23:20 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
      2012-12-29 10:34 . 2013-01-05 23:20 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
      2012-12-29 10:34 . 2013-01-05 23:20 9389888 ----a-w- c:\windows\system32\nvcuda.dll
      2012-12-29 10:34 . 2013-01-05 23:20 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
      2012-12-29 10:34 . 2013-01-05 23:20 7565240 ----a-w- c:\windows\system32\nvopencl.dll
      2012-12-29 10:34 . 2013-01-05 23:20 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
      2012-12-29 10:34 . 2013-01-05 23:20 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
      2012-12-29 10:34 . 2013-01-05 23:20 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
      2012-12-29 10:34 . 2013-01-05 23:20 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
      2012-12-29 10:34 . 2013-01-05 23:20 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
      2012-12-29 10:34 . 2013-01-05 23:20 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
      2012-12-29 10:34 . 2013-01-05 23:20 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
      2012-12-29 10:34 . 2013-01-05 23:20 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
      2012-12-29 10:34 . 2013-01-05 23:20 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
      2012-12-29 10:34 . 2013-01-05 23:20 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
      2012-12-29 10:34 . 2012-12-20 05:28 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
      2012-12-29 10:34 . 2012-12-20 05:28 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
      2012-12-29 10:34 . 2012-12-20 05:28 2824656 ----a-w- c:\windows\system32\nvapi64.dll
      2012-12-29 10:34 . 2012-12-20 05:28 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
      2012-12-29 10:34 . 2009-07-13 21:59 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
      2012-12-29 10:34 . 2009-06-10 20:37 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
      2012-12-29 08:40 . 2012-12-20 05:28 6382008 ----a-w- c:\windows\system32\nvcpl.dll
      2012-12-29 08:40 . 2012-12-20 05:28 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
      2012-12-29 08:40 . 2012-12-20 05:28 884152 ----a-w- c:\windows\system32\nvvsvc.exe
      2012-12-29 08:40 . 2012-12-20 05:28 63928 ----a-w- c:\windows\system32\nvshext.dll
      2012-12-29 08:40 . 2012-12-20 05:28 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
      2012-12-29 08:40 . 2012-12-20 05:28 118712 ----a-w- c:\windows\system32\nvmctray.dll
      2012-12-29 05:54 . 2012-12-29 05:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
      2012-12-23 04:46 . 2012-12-23 04:46 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
      2012-12-21 02:22 . 2012-12-21 02:22 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
      2012-12-18 22:04 . 2012-12-20 09:22 288688 ----a-r- c:\windows\system32\drivers\360FltOEM.sys
      2012-12-16 16:52 . 2012-12-25 10:05 46080 ----a-w- c:\windows\system32\atmlib.dll
      2012-12-16 14:40 . 2012-12-25 10:05 367616 ----a-w- c:\windows\system32\atmfd.dll
      2012-12-16 14:25 . 2012-12-25 10:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
      2012-12-16 14:25 . 2012-12-25 10:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
      2012-12-07 11:40 . 2012-12-20 06:30 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2012-12-07 11:40 . 2012-12-20 06:30 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
      2012-12-07 11:40 . 2012-12-20 06:30 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2012-12-04 09:04 . 2012-12-04 09:04 90824 ----a-w- c:\windows\SysWow64\EasyHook32.dll
      2012-12-03 15:47 . 2012-12-20 05:28 60776 ----a-w- c:\windows\system32\OpenCL.dll
      2012-12-03 15:47 . 2012-12-20 05:28 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
      2012-11-28 18:58 . 2012-12-25 10:07 67413224 ----a-w- c:\windows\system32\MRT.exe
      2012-11-19 04:01 . 2012-12-20 05:30 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87C7F672-5002-47F9-B564-1E9F3E1FEBF3}\mpengine.dll
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
      [-] 1999-11-30 18:39 . 44ACCB28AE9F8B19FFD68BE45BDBB59E . 4880 . . [5.00.2134.1] .. c:\windows\SysWOW64\ksuser.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
      2012-12-23 04:46 431784 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AIMP3"="c:\program files (x86)\AIMP3\AIMP3.exe" [2012-12-24 1705416]
      "DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-12-23 3811544]
      "Facebook Update"="c:\users\Administrador\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-30 138096]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
      "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-07 384800]
      "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 0 (0x0)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "Userinit"="userinit.exe"
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
      R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
      R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-07-24 10719104]
      R3 sonydcam;Cámara de escritorio genérica 1394;c:\windows\system32\DRIVERS\sonydcam.sys [2009-07-14 33792]
      S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-12-07 27800]
      S2 AntiVirSchedulerService;Avira Programador;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-07 85280]
      S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
      S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-12-03 1918976]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
      S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-02-02 16:20 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-17 04:54]
      .
      2013-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-409098874-1902193967-3903981841-500Core.job
      - c:\users\Administrador\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-30 07:20]
      .
      2013-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-409098874-1902193967-3903981841-500UA.job
      - c:\users\Administrador\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-30 07:20]
      .
      2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 05:15]
      .
      2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 05:15]
      .
      .
      --------- X64 Entries -----------
      .
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
      IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
      IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
      IE: Download all links by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
      IE: Download by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
      TCP: DhcpNameServer = 192.168.1.1
      Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
      Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
      FF - ProfilePath - c:\users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\2ongvant.default\
      FF - ExtSQL: 2012-12-23 01:47; {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}; c:\program files (x86)\DAP\DAPFireFox
      FF - ExtSQL: 2012-12-23 01:47; [email protected]; c:\program files (x86)\DAP\daplinkchecker
      .
      - - - - ORPHANS REMOVED - - - -
      .
      WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
      AddRemove-PunkBusterSvc - c:\windows\system32\pb.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
      "ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Internet Explorer\User Preferences]
      @Denied: (2) (Administrator)
      "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,8e,f1,e0,c9,b1,e6,4d,a5,d0,6a,\
      "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,8e,f1,e0,c9,b1,e6,4d,a5,d0,6a,\
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3G2"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3GP"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3G2"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.3GP"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AC3\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ac3"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ADTS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AIFF"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.alac"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.amr"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.amv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.APE\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ape"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ASF"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ASX"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AU"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AVI"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.bdmv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.CDA"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.divx"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.dts"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.dv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.evo"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.f4v"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.flac"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.flv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.hdmov"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="ChromeHTML"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="ChromeHTML"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ifo"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.M2TS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.M2TS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.m3u"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.M4A"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP4"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mka"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mkv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MOV"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP3"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP3"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP4"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MP4"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPC\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpc"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpls"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MPEG"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.mpv4"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.M2TS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGA\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.oga"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ogg"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ogm"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ogv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OPUS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.opus"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ra"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.ram"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.rec"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.rm"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.MIDI"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.rmvb"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="ChromeHTML"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.AU"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tp"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tps"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.trp"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.TTS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTA\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.tta"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.TTS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WAV"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WAX"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.webm"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ASF"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMA"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMD"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMS"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMV"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.ASX"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WMZ"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WPL"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WV\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="KLCP.WMP.wv"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="WMP11.AssocFile.WVX"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="ChromeHTML"
      .
      [HKEY_USERS\S-1-5-21-409098874-1902193967-3903981841-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
      @Denied: (2) (Administrator)
      "Progid"="ChromeHTML"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
      c:\windows\SysWOW64\PnkBstrA.exe
      c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      .
      **************************************************************************
      .
      Completion time: 2013-02-13 18:44:58 - machine was rebooted
      ComboFix-quarantined-files.txt 2013-02-13 21:44
      .
      Pre-Run: 82.954.330.112 bytes libres
      Post-Run: 83.361.386.496 bytes libres
      .
      - - End Of File - - 9AA25EC872DBB18B7B8F719A0D0721B5

    4. #4
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: VIRUS - w32/patched.ub

      Hola:


      Realiza un análisis completo de tu ordenador con tu antivirus y nos comentas.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.