• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    Como eliminar el virus microsoft.vbs. (Solucionado)

    Resumen del tema: Como eliminar el virus microsoft.vbs. (Solucionado) - ola quisiera pedirles su ayuda para eliminar un archivo que crea accesos directos y oculta solamente los archivos este archivo usa un archivo llamado Microsoft.vbs que esta oculto y esta alojado en memoria USB...

      
    1. #1
      Usuario Avatar de banymosk
      Registrado
      may 2011
      Ubicación
      Mexico, df
      Mensajes
      7

      Mensaje Como eliminar el virus microsoft.vbs. (Solucionado)

      ola quisiera pedirles su ayuda para eliminar un archivo que crea accesos directos y oculta solamente los archivos este archivo usa un archivo llamado Microsoft.vbs que esta oculto y esta alojado en memoria USB
      Última edición por banymosk fecha: 23/05/13 a las 00:08:16 Razón: añadir informacion

    2. #2
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.293

      Re: como eliminar el virus microsoft.vbs

      Hola banymosk


      Realiza lo siguiente:


      Paso 1.- Descarga, Instala y/o actualiza estas herramientas: (pero no las ejecutes aun)




      Paso 2.- Ejecutas en Orden:

      CCleaner

      Usando sus dos opciones:

      • "Limpiador": Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
      • "Registro" para limpiar todo el Registro de Windows (haciendo copia de seguridad).
      • NO necesitamos este reporte


      Adwcleaner

      • Desactive temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierre todos los programas que tenga abiertos.
      • Ejecute Adwcleaner. (Si usa Windows Vista o 7 presione clic derecho y seleccione "Ejecutar como Administrador.")
      • En la ventana del programa pulsar el botón Supresión.
      • Siga las instrucciones, si le pide Reiniciar el Sistema >>> Presione Aceptar.
      • Luego de reiniciar se abrirá un Block de Notas con el reporte, que debe pegar en su próxima respuesta.
      • El mismo se encuentra en C:\AdwCleaner[S1].txt


      USBFix:


      1. Conecte todos sus dispositivos extraibles, Pendrive\Micro SD, etc.
      2. Haga doble Click sobre USBFix
      3. Pulse sobre la opción Supresión
      4. Aparecera una advertencia para que conecte sus USB, pulse en Aceptar y proceso de desinfección/vacunación se iniciará.
      5. Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
      6. Al finalizar, USBFix genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt debe pegar su contenido en el próximo mensaje


      Nota: UsbFix creará una carpeta oculta llamada "$RECYCLE.BIN" "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones.



      ComboFix

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Si te pide actualizar, Aceptas.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.





      Nos traes los reportes que te generaron las herramientas.


      Salu2

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de banymosk
      Registrado
      may 2011
      Ubicación
      Mexico, df
      Mensajes
      7

      Re: como eliminar el virus microsoft.vbs

      ok grazze y eh descargado y estoy en proceso de ejecución de los programas

    4. #4
      Usuario Avatar de banymosk
      Registrado
      may 2011
      Ubicación
      Mexico, df
      Mensajes
      7

      Re: como eliminar el virus microsoft.vbs

      el reportye de Adwcleaner
      # AdwCleaner v2.301 - Fichero creado el 23/05/2013 a 18:54:15
      # Actualizado el 16/05/2013 por Xplode
      # Sistema operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
      # Usuario : Geovanni - GEOVANNI-HP
      # Modo de inicio : Normal
      # Ejecutado desde : C:\Users\Geovanni\Desktop\adwcleaner.exe
      # Opción [Supresión]


      ***** [Servicios] *****


      ***** [Ficheros / Carpetas] *****

      Carpeta Suprimido : C:\Program Files (x86)\Gophoto.it
      Carpeta Suprimido : C:\Program Files (x86)\Iminent
      Carpeta Suprimido : C:\Program Files (x86)\PutLockerDownloader
      Carpeta Suprimido : C:\ProgramData\Ask
      Carpeta Suprimido : C:\ProgramData\Babylon
      Carpeta Suprimido : C:\ProgramData\InstallMate
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Local\Babylon
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Local\OpenCandy
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Local\PackageAware
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Local\PutLockerDownloader
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Roaming\Babylon
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\jetpack
      Carpeta Suprimido : C:\Users\Geovanni\AppData\Roaming\OpenCandy
      Carpeta Suprimido : C:\Users\noki\AppData\Local\OpenCandy
      Carpeta Suprimido : C:\Users\noki\AppData\Roaming\OpenCandy
      Fichero Suprimido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
      Fichero Suprimido : C:\Users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\extensions\[email protected]
      Fichero Suprimido : C:\Windows\Tasks\SpeedUpMyPC.job

      ***** [Registro] *****

      Clave Supprimida : HKCU\Software\1ClickDownload
      Clave Supprimida : HKCU\Software\APN PIP
      Clave Supprimida : HKCU\Software\Conduit
      Clave Supprimida : HKCU\Software\PIP
      Clave Supprimida : HKCU\Software\Softonic
      Clave Supprimida : HKCU\Software\YahooPartnerToolbar
      Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
      Clave Supprimida : HKLM\Software\Babylon
      Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
      Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
      Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
      Clave Supprimida : HKLM\SOFTWARE\Classes\PutLockerDownloader
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
      Clave Supprimida : HKLM\Software\Conduit
      Clave Supprimida : HKLM\Software\Iminent
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
      Clave Supprimida : HKLM\Software\PIP
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

      ***** [Navegadores] *****

      -\\ Internet Explorer v10.0.9200.16576

      Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=MX&userid=e93192e7-ba42-4662-bf3f-8d7861391d4d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
      Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=MX&userid=e93192e7-ba42-4662-bf3f-8d7861391d4d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
      Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=MX&userid=e93192e7-ba42-4662-bf3f-8d7861391d4d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
      Sustituido : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=MX&userid=e93192e7-ba42-4662-bf3f-8d7861391d4d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com

      -\\ Mozilla Firefox v19.0 (es-MX)

      Fichero : C:\Users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\prefs.js

      C:\Users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\user.js ... Suprimido !

      [OK] El fichero no contiene ninguna entrada ilegítima.

      -\\ Google Chrome v27.0.1453.94

      Fichero : C:\Users\Geovanni\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] El fichero no contiene ninguna entrada ilegítima.

      Fichero : C:\Users\noki\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] El fichero no contiene ninguna entrada ilegítima.

      -\\ Opera v [Imposible obtener la versión]

      Fichero : C:\Users\Geovanni\AppData\Roaming\Opera\Opera\operaprefs.ini

      [OK] El fichero no contiene ninguna entrada ilegítima.

      *************************

      AdwCleaner[S1].txt - [15603 octets] - [23/05/2013 18:54:15]

      ########## EOF - C:\AdwCleaner[S1].txt - [15664 octets] ##########




      reporte de USBFix:

      ############################## | UsbFix V 7.126 | [Supresión]

      Usuario: Geovanni (Administrador) # GEOVANNI-HP
      Actualizado el 13/05/2013 por El Desaparecido
      Comenzó a 19:01:48 | 23/05/2013

      Sitio web: SosVirus
      Upload Malware: Upload Malware pour analyse
      Contacto: [email protected]

      PC: Hewlett-Packard (s5602la) (x64-based PC)
      CPU: AMD Athlon(tm) II X2 220 Processor (2800)
      RAM -> [Total : 2815 | Free : 1541]
      BIOS: BIOS Date: 09/08/10 14:17:58 Ver: 6.13
      BOOT: Normal boot

      OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
      WB: Windows Internet Explorer 10.0.9200.16576

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      AV: ESET Smart Security 6.0 [Enabled | Updated]
      FW: Windows FireWall Service [Enabled]

      C:\ (%systemdrive%) -> Disco fijo # 453 Gb (132 Mb libre(s) - 29%) [OS] # NTFS
      D:\ -> Disco fijo # 13 Gb (2 Mb libre(s) - 12%) [HP_RECOVERY] # NTFS
      E:\ -> CD-ROM
      G:\ -> Disco extraíble # 7 Gb (6 Mb libre(s) - 90%) [BANY MOSK] # FAT32

      ################## | El Desaparecido Section |

      HKLM\SOFTWARE | Run : [] -
      HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE\wow6432Node | Run : [] -
      HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM\SOFTWARE | RunOnce : [] -
      HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
      HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
      HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

      ################## | Procesos Parados |

      Parado! C:\Windows\system32\nvvsvc.exe (760)
      Parado! C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (264)
      Parado! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1184)
      Parado! C:\Windows\system32\nvvsvc.exe (1192)
      Parado! C:\Windows\System32\spoolsv.exe (1388)
      Parado! C:\Windows\system32\taskeng.exe (1408)
      Parado! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1648)
      Parado! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1668)
      Parado! C:\Program Files\Bonjour\mDNSResponder.exe (1760)
      Parado! C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (1808)
      Parado! C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (1852)
      Parado! C:\Windows\system32\taskhost.exe (1932)
      Parado! C:\Windows\system32\taskeng.exe (2012)
      Parado! C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (1568)
      Parado! C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe (1796)
      Parado! C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (1296)
      Parado! c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1880)
      Parado! C:\Program Files (x86)\PDF Complete\pdfsvc.exe (2068)
      Parado! C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (2196)
      Parado! C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (2496)
      Parado! C:\Program Files\ESET\ESET Smart Security\egui.exe (2520)
      Parado! C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (2532)
      Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2400)
      Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2392)
      Parado! C:\Windows\system32\NOTEPAD.EXE (2292)
      Parado! C:\Windows\servicing\TrustedInstaller.exe (3200)
      Parado! C:\Windows\System32\WUDFHost.exe (3724)
      Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (3920)
      Parado! C:\Windows\system32\SearchIndexer.exe (1924)
      Parado! C:\Windows\system32\SearchProtocolHost.exe (1820)
      Parado! C:\Windows\system32\SearchFilterHost.exe (3036)
      Parado! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (2608)
      Parado! C:\Windows\system32\sppsvc.exe (668)

      ################## | Archivos # Carpetas infectadas |

      Suprimido ! C:\Users\Geovanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs
      Suprimido ! C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
      Suprimido ! C:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job
      Suprimido ! C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
      Suprimido ! C:\Users\Geovanni\AppData\Roaming\Microsoft.vbs
      Suprimido ! G:\Microsoft.vbs

      (!) Archivos temporales suprimido.

      ################## | Registro |

      Suprimido ! HKCU\Software\8DDYX0ZBPZ
      Suprimido ! HKCU\Software\NtWqIVLZEWZU
      Suprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

      ################## | Mountpoints2 |

      Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{9b5e9ea7-68a8-11e2-a584-7071bcc15d41}
      Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{ac9c5a87-dc39-11e1-946a-7071bcc15d41}

      ################## | Listing |

      [05/05/2013 - 19:48:07 | SHD ] C:\$RECYCLE.BIN
      [23/05/2013 - 18:55:06 | N | 15640] C:\AdwCleaner[S1].txt
      [22/05/2011 - 00:23:34 | D ] C:\Archivos de programa
      [24/07/2009 - 13:31:30 | SHD ] C:\Boot
      [13/07/2009 - 20:38:58 | RASH | 383562] C:\bootmgr
      [24/07/2009 - 13:31:31 | N | 8192] C:\BOOTSECT.BAK
      [14/07/2009 - 00:08:56 | SHD ] C:\Documents and Settings
      [26/10/2011 - 22:33:50 | D ] C:\fc0305d8aa3f3328f0048b0abe
      [23/05/2013 - 18:56:42 | ASH | 2214043648] C:\hiberfil.sys
      [10/11/2010 - 19:55:59 | D ] C:\hp
      [02/12/2011 - 17:40:04 | RHD ] C:\MSOCache
      [07/12/2011 - 00:05:52 | D ] C:\NVIDIA
      [11/11/2010 - 05:03:26 | N | 0] C:\OS
      [23/05/2013 - 18:56:42 | ASH | 4427087872] C:\pagefile.sys
      [11/03/2012 - 03:39:28 | D ] C:\PerfLogs
      [20/03/2013 - 23:05:58 | D ] C:\Program Files
      [23/05/2013 - 18:54:47 | D ] C:\Program Files (x86)
      [23/05/2013 - 18:54:47 | HD ] C:\ProgramData
      [24/07/2009 - 12:41:20 | SHD ] C:\Recovery
      [22/05/2011 - 01:29:00 | D ] C:\swsetup
      [22/05/2013 - 21:28:47 | SHD ] C:\System Volume Information
      [22/05/2011 - 00:32:14 | D ] C:\SYSTEM.SAV
      [13/05/2013 - 19:11:08 | D ] C:\temp
      [23/05/2013 - 19:13:06 | D ] C:\UsbFix
      [23/05/2013 - 19:13:17 | A | 6231] C:\UsbFix [Clean 1] GEOVANNI-HP.txt
      [07/05/2013 - 21:17:41 | D ] C:\Users
      [23/05/2013 - 18:57:26 | D ] C:\Windows
      [05/05/2013 - 19:48:07 | SHD ] D:\$RECYCLE.BIN
      [23/01/2011 - 18:03:30 | SHD ] D:\boot
      [13/07/2009 - 21:39:00 | ASH | 383562] D:\bootmgr
      [22/05/2011 - 00:23:39 | N | 0] D:\BT_HP.FLG
      [11/11/2010 - 05:43:25 | N | 493] D:\CSP.DAT
      [11/11/2010 - 06:00:07 | N | 20638] D:\DeployRp.log
      [15/03/2011 - 17:57:43 | D ] D:\hp
      [16/05/2011 - 16:17:43 | N | 20] D:\HPSF_Rep.txt
      [23/01/2011 - 1820 | N | 8] D:\HP_WSD.dat
      [22/05/2011 - 00:23:38 | N | 44] D:\language.ini
      [23/01/2011 - 18:03:30 | SHD ] D:\preload
      [21/05/2011 - 17:20:00 | SD ] D:\Recovery
      [11/11/2010 - 06:00:06 | N | 0] D:\RPCONFIG.LOG
      [22/05/2011 - 10:02:08 | SHD ] D:\System Volume Information
      [22/05/2013 - 22:17:38 | D ] G:\archivos
      [22/05/2013 - 20:14:08 | D ] G:\diseña software multimedia
      [22/05/2013 - 20:15:00 | D ] G:\flas carpeta
      [22/05/2013 - 20:15:36 | D ] G:\MEDIAGO
      [22/05/2013 - 20:15:52 | D ] G:\music
      [22/05/2013 - 20:15:58 | D ] G:\sitio
      [22/05/2013 - 20:17:18 | D ] G:\urDrive

      ################## | Vaccin |

      C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      G:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

      ################## | E.O.F | SosVirus |


      reporte de
      ComboFix

      ComboFix 13-05-23.02 - Geovanni 23/05/2013 19:23:38.1.2 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.52.3082.18.2815.1274 [GMT -5:00]
      Running from: c:\users\Geovanni\Desktop\ComboFix.exe
      AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
      FW: Firewall personal de ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
      SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_NEWDRIVER
      -------\Service_NEWDRIVER
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))
      .
      .
      2013-05-23 23:59 . 2013-05-24 00:13 -------- d-----w- C:\UsbFix
      2013-05-22 23:45 . 2013-05-23 00:05 -------- d-----w- c:\users\Geovanni\AppData\Roaming\uTorrent
      2013-05-15 15:47 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
      2013-05-15 15:47 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
      2013-05-15 15:47 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
      2013-05-15 15:47 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
      2013-05-15 15:47 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
      2013-05-15 15:47 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
      2013-05-15 15:47 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
      2013-05-15 15:47 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
      2013-05-15 15:47 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
      2013-05-15 15:46 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
      2013-05-15 15:46 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
      2013-05-15 15:46 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
      2013-05-14 00:17 . 2013-05-14 00:21 -------- d-----w- c:\users\Geovanni\AppData\Local\ABBYY
      2013-05-14 00:17 . 2013-05-14 00:17 -------- d-----w- c:\users\Geovanni\AppData\Roaming\ABBYY
      2013-05-14 00:16 . 2013-05-14 00:16 65536 ----a-r- c:\users\Geovanni\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe
      2013-05-14 00:16 . 2013-05-14 00:16 65536 ----a-r- c:\users\Geovanni\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe
      2013-05-14 00:16 . 2013-05-14 00:19 -------- d-----w- c:\program files (x86)\ABBYY FineReader 8.0 Professional Edition
      2013-05-14 00:11 . 2013-05-14 00:11 -------- d-----w- C:\temp
      2013-05-12 14:40 . 2013-05-12 14:43 -------- d-----w- c:\users\noki\AppData\Local\Google
      2013-05-10 18:38 . 2013-05-10 18:38 -------- d-----w- c:\users\Geovanni\AppData\Roaming\com.adobe.WidgetBrowser
      2013-05-08 03:29 . 2013-05-08 03:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
      2013-05-07 22:16 . 2013-05-08 02:14 -------- d-----w- c:\users\Geovanni\AppData\Local\NVIDIA
      2013-05-06 22:10 . 2013-05-06 22:10 -------- d-----w- c:\users\Geovanni\AppData\Local\GamersFirst
      2013-05-06 22:08 . 2013-05-23 00:18 -------- d-----w- c:\program files (x86)\Pando Networks
      2013-05-06 00:47 . 2013-05-06 00:48 -------- d-----w- c:\users\domi
      2013-04-26 04:20 . 2013-05-08 03:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-05-15 22:07 . 2011-05-22 16:25 75016696 ----a-w- c:\windows\system32\MRT.exe
      2013-05-15 02:54 . 2013-02-20 23:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-05-15 02:54 . 2011-06-06 22:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-05-02 07:06 . 2011-05-22 16:22 278800 ------w- c:\windows\system32\MpSigStub.exe
      2013-04-13 05:49 . 2013-05-15 15:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
      2013-04-13 05:49 . 2013-05-15 15:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
      2013-04-13 05:49 . 2013-05-15 15:47 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
      2013-04-13 05:49 . 2013-05-15 15:47 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
      2013-04-13 04:45 . 2013-05-15 15:47 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
      2013-04-13 04:45 . 2013-05-15 15:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
      2013-04-12 14:45 . 2013-04-23 22:25 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2013-04-08 04:05 . 2013-04-08 04:05 226304 ----a-w- c:\windows\system32\elshyph.dll
      2013-04-08 04:05 . 2013-04-08 04:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
      2013-04-08 04:05 . 2013-04-08 04:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll
      2013-04-08 04:05 . 2013-04-08 04:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2013-04-08 04:05 . 2013-04-08 04:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
      2013-04-08 04:05 . 2013-04-08 04:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
      2013-04-08 04:05 . 2013-04-08 04:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
      2013-04-08 04:05 . 2013-04-08 04:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
      2013-04-08 04:05 . 2013-04-08 04:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
      2013-04-08 04:05 . 2013-04-08 04:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
      2013-04-08 04:05 . 2013-04-08 04:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
      2013-04-08 04:05 . 2013-04-08 04:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
      2013-04-08 04:05 . 2013-04-08 04:05 361984 ----a-w- c:\windows\SysWow64\html.iec
      2013-04-08 04:05 . 2013-04-08 04:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
      2013-04-08 04:05 . 2013-04-08 04:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2013-04-08 04:05 . 2013-04-08 04:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2013-04-08 04:05 . 2013-04-08 04:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
      2013-04-08 04:05 . 2013-04-08 04:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
      2013-04-08 04:05 . 2013-04-08 04:05 97280 ----a-w- c:\windows\system32\mshtmled.dll
      2013-04-08 04:05 . 2013-04-08 04:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
      2013-04-08 04:05 . 2013-04-08 04:05 81408 ----a-w- c:\windows\system32\icardie.dll
      2013-04-08 04:05 . 2013-04-08 04:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll
      2013-04-08 04:05 . 2013-04-08 04:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll
      2013-04-08 04:05 . 2013-04-08 04:05 441856 ----a-w- c:\windows\system32\html.iec
      2013-04-08 04:05 . 2013-04-08 04:05 281600 ----a-w- c:\windows\system32\dxtrans.dll
      2013-04-08 04:05 . 2013-04-08 04:05 27648 ----a-w- c:\windows\system32\licmgr10.dll
      2013-04-08 04:05 . 2013-04-08 04:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll
      2013-04-08 04:05 . 2013-04-08 04:05 247296 ----a-w- c:\windows\system32\webcheck.dll
      2013-04-08 04:05 . 2013-04-08 04:05 235008 ----a-w- c:\windows\system32\url.dll
      2013-04-08 04:05 . 2013-04-08 04:05 216064 ----a-w- c:\windows\system32\msls31.dll
      2013-04-08 04:05 . 2013-04-08 04:05 197120 ----a-w- c:\windows\system32\msrating.dll
      2013-04-08 04:05 . 2013-04-08 04:05 167424 ----a-w- c:\windows\system32\iexpress.exe
      2013-04-08 04:05 . 2013-04-08 04:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
      2013-04-08 04:05 . 2013-04-08 04:05 144896 ----a-w- c:\windows\system32\wextract.exe
      2013-04-08 04:05 . 2013-04-08 04:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
      2013-04-08 04:05 . 2013-04-08 04:05 102912 ----a-w- c:\windows\system32\inseng.dll
      2013-04-08 04:05 . 2013-04-08 04:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
      2013-04-08 04:05 . 2013-04-08 04:05 62976 ----a-w- c:\windows\system32\pngfilt.dll
      2013-04-08 04:05 . 2013-04-08 04:05 599552 ----a-w- c:\windows\system32\vbscript.dll
      2013-04-08 04:05 . 2013-04-08 04:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
      2013-04-08 04:05 . 2013-04-08 04:05 51200 ----a-w- c:\windows\system32\imgutil.dll
      2013-04-08 04:05 . 2013-04-08 04:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe
      2013-04-08 04:05 . 2013-04-08 04:05 149504 ----a-w- c:\windows\system32\occache.dll
      2013-04-08 04:05 . 2013-04-08 04:05 13824 ----a-w- c:\windows\system32\mshta.exe
      2013-04-08 04:05 . 2013-04-08 04:05 136192 ----a-w- c:\windows\system32\iepeers.dll
      2013-04-08 04:05 . 2013-04-08 04:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
      2013-04-08 04:05 . 2013-04-08 04:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe
      2013-04-08 04:05 . 2013-04-08 04:05 77312 ----a-w- c:\windows\system32\tdc.ocx
      2013-04-08 04:05 . 2013-04-08 04:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
      2013-03-19 06:04 . 2013-04-09 23:20 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-03-19 05:46 . 2013-04-09 23:20 43520 ----a-w- c:\windows\system32\csrsrv.dll
      2013-03-19 05:04 . 2013-04-09 23:20 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2013-03-19 05:04 . 2013-04-09 23:20 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2013-03-19 04:47 . 2013-04-09 23:20 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
      2013-03-19 03:06 . 2013-04-09 23:20 112640 ----a-w- c:\windows\system32\smss.exe
      2013-02-28 13:37 . 2013-04-08 02:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll_old0
      2013-02-28 13:37 . 2013-04-08 02:56 1231872 ----a-w- c:\windows\SysWow64\urlmon.dll_old0
      2013-02-28 13:37 . 2013-04-08 02:56 2078208 ----a-w- c:\windows\SysWow64\iertutil.dll_old0
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
      @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
      [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
      2013-03-22 01:20 222808 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
      @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
      [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
      2013-03-22 01:20 222808 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
      @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
      [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
      2013-03-22 01:20 222808 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
      R3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2008-10-28 27136]
      R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-08-05 25216]
      R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
      R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
      R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-11-09 12800]
      R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-11-09 171008]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-04 250984]
      R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 127600]
      R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 19568]
      R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 161904]
      R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 141424]
      R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 34416]
      R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 137328]
      R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 158320]
      R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
      R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
      R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-11 1255736]
      S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
      S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
      S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
      S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
      S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
      S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-03-11 107576]
      S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
      S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
      S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
      S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
      S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
      S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
      S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-05-23 23:48 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 02:55]
      .
      2013-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404561175-2848816784-920254029-1000Core.job
      - c:\users\Geovanni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-20 05:37]
      .
      2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404561175-2848816784-920254029-1000UA.job
      - c:\users\Geovanni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-20 05:37]
      .
      2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce487166cfba8.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 03:37]
      .
      2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 03:37]
      .
      2013-05-13 c:\windows\Tasks\HPCeeScheduleForGeovanni.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 02:53]
      .
      2013-05-06 c:\windows\Tasks\HPCeeScheduleFornoki.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 02:53]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
      @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
      [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
      2013-03-22 01:20 261704 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
      @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
      [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
      2013-03-22 01:20 261704 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
      @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
      [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
      2013-03-22 01:20 261704 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
      "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
      "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
      FontCache
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = <local>;*.local
      uSearchAssistant = hxxp://www.google.com
      TCP: DhcpNameServer = 192.168.1.254
      FF - ProfilePath - c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\
      FF - prefs.js: browser.search.selectedEngine -
      FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.mx/
      FF - ExtSQL: 2013-04-11 10:54; [email protected]; c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\extensions\[email protected]
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
      AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
      AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
      AddRemove-Advanced Archive Password Recovery - f:\nueva carpeta\Advanced Archive Password Recovery\uninstall.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
      "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
      c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
      .
      **************************************************************************
      .
      Completion time: 2013-05-23 19:46:19 - machine was rebooted
      ComboFix-quarantined-files.txt 2013-05-24 00:46
      .
      Pre-Run: 156,299,481,088 bytes libres
      Post-Run: 156,073,693,184 bytes libres
      .
      - - End Of File - - 669A4CFD582D382F124E9CF60B9FA6C8

    5. #5
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.293

      Re: como eliminar el virus microsoft.vbs

      Hola banymosk:


      USBFix ha eliminado la infección por la cual abriste el tema y varias mas.

      Con mucha atención realizas lo siguiente:


      1.-Abrir el Notepad (Bloc de Notas)
      • Ir a INICIO >>> EJECUTAR >>>
      • Escribir notepad.exe presionas ACEPTAR

      2.-Ahora copia y pega estos archivos dentro del Notepad. (Se excluye la palabra código)

      Código:
      KillAll::
      
      ClearJavaCache:: 
      
      DDS:: 
      uInternet Settings,ProxyOverride = <local>;*.local
      
      FireFox::
      FF - ProfilePath - c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\
      FF - ExtSQL: 2013-04-11 10:54; [email protected]; c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\extensions\[email protected]
       .
      3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

      4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

      • Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente?



      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de banymosk
      Registrado
      may 2011
      Ubicación
      Mexico, df
      Mensajes
      7
      a ok lo are inmediatamente

      este es el nuevo reporte y bueno la maquina se siente un poco mas rápida y la navegación atreves de internet es muy buena tengo buena estabilidad y los juegos y diversos programas los corre de maravilla

      ComboFix 13-05-25.02 - Geovanni 26/05/2013 9:39.2.2 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.52.3082.18.2815.1545 [GMT -5:00]
      Running from: c:\users\Geovanni\Desktop\ComboFix.exe
      Command switches used :: c:\users\Geovanni\Desktop\CFScript.txt
      AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
      FW: Firewall personal de ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
      SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\extensions\[email protected]
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 )))))))))))))))))))))))))))))))
      .
      .
      2013-05-26 15:01 . 2013-05-26 15:01 -------- d-----w- c:\users\noki\AppData\Local\temp
      2013-05-26 15:01 . 2013-05-26 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
      2013-05-24 23:13 . 2013-05-24 23:13 45056 ----a-r- c:\users\Geovanni\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
      2013-05-24 23:13 . 2013-05-24 23:13 -------- d-----w- c:\program files (x86)\Opera
      2013-05-24 23:13 . 2013-05-24 23:13 45056 ----a-r- c:\users\Geovanni\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
      2013-05-23 23:59 . 2013-05-24 01:43 -------- d-----w- C:\UsbFix
      2013-05-22 23:45 . 2013-05-23 00:05 -------- d-----w- c:\users\Geovanni\AppData\Roaming\uTorrent
      2013-05-15 15:47 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
      2013-05-15 15:47 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
      2013-05-15 15:47 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
      2013-05-15 15:47 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
      2013-05-15 15:47 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
      2013-05-15 15:47 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
      2013-05-15 15:47 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
      2013-05-15 15:47 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
      2013-05-15 15:47 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
      2013-05-15 15:46 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
      2013-05-15 15:46 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
      2013-05-15 15:46 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
      2013-05-14 00:17 . 2013-05-14 00:21 -------- d-----w- c:\users\Geovanni\AppData\Local\ABBYY
      2013-05-14 00:17 . 2013-05-14 00:17 -------- d-----w- c:\users\Geovanni\AppData\Roaming\ABBYY
      2013-05-14 00:16 . 2013-05-14 00:16 65536 ----a-r- c:\users\Geovanni\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe
      2013-05-14 00:16 . 2013-05-14 00:16 65536 ----a-r- c:\users\Geovanni\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe
      2013-05-14 00:16 . 2013-05-14 00:19 -------- d-----w- c:\program files (x86)\ABBYY FineReader 8.0 Professional Edition
      2013-05-14 00:11 . 2013-05-14 00:11 -------- d-----w- C:\temp
      2013-05-12 14:40 . 2013-05-12 14:43 -------- d-----w- c:\users\noki\AppData\Local\Google
      2013-05-10 18:38 . 2013-05-10 18:38 -------- d-----w- c:\users\Geovanni\AppData\Roaming\com.adobe.WidgetBrowser
      2013-05-08 03:29 . 2013-05-08 03:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
      2013-05-07 22:16 . 2013-05-08 02:14 -------- d-----w- c:\users\Geovanni\AppData\Local\NVIDIA
      2013-05-06 22:10 . 2013-05-06 22:10 -------- d-----w- c:\users\Geovanni\AppData\Local\GamersFirst
      2013-05-06 22:08 . 2013-05-23 00:18 -------- d-----w- c:\program files (x86)\Pando Networks
      2013-05-06 00:47 . 2013-05-06 00:48 -------- d-----w- c:\users\domi
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-05-15 22:07 . 2011-05-22 16:25 75016696 ----a-w- c:\windows\system32\MRT.exe
      2013-05-15 02:54 . 2013-02-20 23:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-05-15 02:54 . 2011-06-06 22:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-05-13 06:37 . 2013-05-24 19:39 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1B92ED7-4FB2-43B9-8E1F-F033454F5053}\mpengine.dll
      2013-05-12 13:50 . 2012-07-17 20:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      2013-05-02 07:06 . 2011-05-22 16:22 278800 ------w- c:\windows\system32\MpSigStub.exe
      2013-04-13 05:49 . 2013-05-15 15:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
      2013-04-13 05:49 . 2013-05-15 15:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
      2013-04-13 05:49 . 2013-05-15 15:47 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
      2013-04-13 05:49 . 2013-05-15 15:47 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
      2013-04-13 04:45 . 2013-05-15 15:47 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
      2013-04-13 04:45 . 2013-05-15 15:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
      2013-04-12 14:45 . 2013-04-23 22:25 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2013-04-08 04:05 . 2013-04-08 04:05 226304 ----a-w- c:\windows\system32\elshyph.dll
      2013-04-08 04:05 . 2013-04-08 04:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
      2013-04-08 04:05 . 2013-04-08 04:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll
      2013-04-08 04:05 . 2013-04-08 04:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2013-04-08 04:05 . 2013-04-08 04:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
      2013-04-08 04:05 . 2013-04-08 04:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
      2013-04-08 04:05 . 2013-04-08 04:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
      2013-04-08 04:05 . 2013-04-08 04:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
      2013-04-08 04:05 . 2013-04-08 04:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
      2013-04-08 04:05 . 2013-04-08 04:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
      2013-04-08 04:05 . 2013-04-08 04:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
      2013-04-08 04:05 . 2013-04-08 04:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
      2013-04-08 04:05 . 2013-04-08 04:05 361984 ----a-w- c:\windows\SysWow64\html.iec
      2013-04-08 04:05 . 2013-04-08 04:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
      2013-04-08 04:05 . 2013-04-08 04:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2013-04-08 04:05 . 2013-04-08 04:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2013-04-08 04:05 . 2013-04-08 04:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
      2013-04-08 04:05 . 2013-04-08 04:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
      2013-04-08 04:05 . 2013-04-08 04:05 97280 ----a-w- c:\windows\system32\mshtmled.dll
      2013-04-08 04:05 . 2013-04-08 04:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
      2013-04-08 04:05 . 2013-04-08 04:05 81408 ----a-w- c:\windows\system32\icardie.dll
      2013-04-08 04:05 . 2013-04-08 04:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll
      2013-04-08 04:05 . 2013-04-08 04:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll
      2013-04-08 04:05 . 2013-04-08 04:05 441856 ----a-w- c:\windows\system32\html.iec
      2013-04-08 04:05 . 2013-04-08 04:05 281600 ----a-w- c:\windows\system32\dxtrans.dll
      2013-04-08 04:05 . 2013-04-08 04:05 27648 ----a-w- c:\windows\system32\licmgr10.dll
      2013-04-08 04:05 . 2013-04-08 04:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll
      2013-04-08 04:05 . 2013-04-08 04:05 247296 ----a-w- c:\windows\system32\webcheck.dll
      2013-04-08 04:05 . 2013-04-08 04:05 235008 ----a-w- c:\windows\system32\url.dll
      2013-04-08 04:05 . 2013-04-08 04:05 216064 ----a-w- c:\windows\system32\msls31.dll
      2013-04-08 04:05 . 2013-04-08 04:05 197120 ----a-w- c:\windows\system32\msrating.dll
      2013-04-08 04:05 . 2013-04-08 04:05 167424 ----a-w- c:\windows\system32\iexpress.exe
      2013-04-08 04:05 . 2013-04-08 04:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
      2013-04-08 04:05 . 2013-04-08 04:05 144896 ----a-w- c:\windows\system32\wextract.exe
      2013-04-08 04:05 . 2013-04-08 04:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
      2013-04-08 04:05 . 2013-04-08 04:05 102912 ----a-w- c:\windows\system32\inseng.dll
      2013-04-08 04:05 . 2013-04-08 04:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
      2013-04-08 04:05 . 2013-04-08 04:05 62976 ----a-w- c:\windows\system32\pngfilt.dll
      2013-04-08 04:05 . 2013-04-08 04:05 599552 ----a-w- c:\windows\system32\vbscript.dll
      2013-04-08 04:05 . 2013-04-08 04:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
      2013-04-08 04:05 . 2013-04-08 04:05 51200 ----a-w- c:\windows\system32\imgutil.dll
      2013-04-08 04:05 . 2013-04-08 04:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe
      2013-04-08 04:05 . 2013-04-08 04:05 149504 ----a-w- c:\windows\system32\occache.dll
      2013-04-08 04:05 . 2013-04-08 04:05 13824 ----a-w- c:\windows\system32\mshta.exe
      2013-04-08 04:05 . 2013-04-08 04:05 136192 ----a-w- c:\windows\system32\iepeers.dll
      2013-04-08 04:05 . 2013-04-08 04:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
      2013-04-08 04:05 . 2013-04-08 04:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe
      2013-04-08 04:05 . 2013-04-08 04:05 77312 ----a-w- c:\windows\system32\tdc.ocx
      2013-04-08 04:05 . 2013-04-08 04:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
      2013-03-19 23:54 . 2013-03-19 23:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
      2013-03-19 23:53 . 2013-03-19 23:53 504656 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
      2013-03-19 06:04 . 2013-04-09 23:20 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-03-19 05:46 . 2013-04-09 23:20 43520 ----a-w- c:\windows\system32\csrsrv.dll
      2013-03-19 05:04 . 2013-04-09 23:20 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2013-03-19 05:04 . 2013-04-09 23:20 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2013-03-19 04:47 . 2013-04-09 23:20 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
      2013-03-19 03:06 . 2013-04-09 23:20 112640 ----a-w- c:\windows\system32\smss.exe
      2013-03-11 02:22 . 2013-03-11 02:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
      2013-03-11 02:22 . 2013-03-11 02:22 504656 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
      2013-02-28 13:37 . 2013-04-08 02:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll_old0
      2013-02-28 13:37 . 2013-04-08 02:56 1231872 ----a-w- c:\windows\SysWow64\urlmon.dll_old0
      2013-02-28 13:37 . 2013-04-08 02:56 2078208 ----a-w- c:\windows\SysWow64\iertutil.dll_old0
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
      @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
      [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
      2013-03-22 01:20 222808 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
      @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
      [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
      2013-03-22 01:20 222808 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
      @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
      [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
      2013-03-22 01:20 222808 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
      R3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2008-10-28 27136]
      R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-08-05 25216]
      R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
      R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
      R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-11-09 12800]
      R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-11-09 171008]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-04 250984]
      R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 127600]
      R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 19568]
      R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 161904]
      R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 141424]
      R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 34416]
      R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 137328]
      R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 158320]
      R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
      R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-11 1255736]
      S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
      S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
      S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
      S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
      S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
      S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-03-11 107576]
      S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
      S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
      S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
      S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
      S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
      S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
      S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
      S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
      .
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-05-23 23:48 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 02:55]
      .
      2013-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404561175-2848816784-920254029-1000Core.job
      - c:\users\Geovanni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-20 05:37]
      .
      2013-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404561175-2848816784-920254029-1000UA.job
      - c:\users\Geovanni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-20 05:37]
      .
      2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce487166cfba8.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 03:37]
      .
      2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 03:37]
      .
      2013-05-13 c:\windows\Tasks\HPCeeScheduleForGeovanni.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 02:53]
      .
      2013-05-06 c:\windows\Tasks\HPCeeScheduleFornoki.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 02:53]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
      @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
      [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
      2013-03-22 01:20 261704 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
      @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
      [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
      2013-03-22 01:20 261704 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
      @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
      [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
      2013-03-22 01:20 261704 ----a-w- c:\users\Geovanni\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
      "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
      "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
      FontCache
      .
      ------- Supplementary Scan -------
      .
      uStart Page = https://www.google.com.mx/
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uSearchAssistant = hxxp://www.google.com
      TCP: DhcpNameServer = 192.168.1.254
      FF - ProfilePath - c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\
      FF - prefs.js: browser.search.selectedEngine -
      FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.mx/
      FF - ExtSQL: 2013-04-11 10:54; [email protected]; c:\users\Geovanni\AppData\Roaming\Mozilla\Firefox\Profiles\jv4jhy4c.default\extensions\[email protected]
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
      AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
      "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2013-05-26 10:06:57
      ComboFix-quarantined-files.txt 2013-05-26 15:06
      ComboFix2.txt 2013-05-24 00:46
      .
      Pre-Run: 149,360,357,376 bytes libres
      Post-Run: 149,329,829,888 bytes libres
      .
      - - End Of File - - 9D6210615F000518BA62970B5E61990C

      si me podrían explicar que problemas tenia mi maquina se los agradecería mucho

    7. #7
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.293

      Re: como eliminar el virus microsoft.vbs

      Hola


      Políticas del Foro de InfoSpyware

      5.2 Recuerden que: NO somos una empresa que le cobra por los servicios, NO somos un servicio técnico, NO atendemos las 24hrs, somos humanos, tenemos también nuestros trabajos, responsabilidades, problemas y familias que atender; somos voluntarios. En conclusión, sólo somos una COMUNIDAD (FORO) DE AYUDANTES VOLUNTARIOS que intentarán ayudarle sin fines de lucro, sin pedirle nada a cambio más que se respeten estas normas y políticas. Sobre todo respeto y camaradería a quienes voluntariamente dedican su tiempo en intentar ayudar a otros.

      Solo pedimos paciencia.



      ------------------------------------

      Ya no se ven mas problemas, tuviste una infección por Usb.

      Para terminar solo te quedaría desinstalar CF de la siguiente manera:

      • Ir a Inicio >>> Ejecutar
      • Escribes tal cual respetando el espacio: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")


      Nota: Si no funciona ese método de desinstalación descarga y ejecuta OTC.exe, pulsa en CleanUp!, luego en "Yes", y reinicia tu PC.


      Nos comentas si todo esta en orden para dar por resuelto el tema.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de banymosk
      Registrado
      may 2011
      Ubicación
      Mexico, df
      Mensajes
      7

      Re: como eliminar el virus microsoft.vbs

      ya eh desinstalado combofix y me borro también la aplicación mi maquina esta igual que antes no se tarda mas de lo normal al cargar el sistema operativo la conexión de red es muy estable y mi maquina de igual manera es estable y no eh visto nada inusual en el administrador de tareas todos los procesos que eh visto antes los veo sin ninguna modificación perdón si te enredo tanto pero solo quiero decir que mi maquina esta bien creo jejeje

    9. #9
      Moderadora Gral.
      Avatar de SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.293

      Re: como eliminar el virus microsoft.vbs

      Hola banymosk:


      Perfecto...los reportes así lo indican.




      Que bueno que hayamos podido resolver tu problema..!!

      Si por alguna razón necesitas reabrir este mensaje, le das clik a esta imagen abajo a la izquierda del post , comentando los motivos por los que necesitas reabrir el tema.


      ***Tema Solucionado***

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.
      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.