ComboFix 13-07-15.01 - 7 16/07/2013 18:44:36.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.3819.2292 [GMT -5:00] Running from: d:\programmi condivisi\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\7\x.exe c:\windows\SysWOW64mfc45.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DefaultTabSearch . . ((((((((((((((((((((((((( Files Created from 2013-06-16 to 2013-07-16 ))))))))))))))))))))))))))))))) . . 2013-07-16 23:54 . 2013-07-16 23:54 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-07-16 23:54 . 2013-07-16 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-15 16:32 . 2013-07-16 17:42 -------- d-----w- c:\program files\PeerBlock 2013-07-15 12:49 . 2013-07-15 12:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-15 12:49 . 2013-07-15 12:49 -------- d-----w- c:\windows\system32\Macromed 2013-07-15 03:50 . 2013-07-15 03:50 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-07-15 03:49 . 2013-07-10 22:28 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2013-07-15 03:49 . 2013-07-15 03:49 -------- d-----w- c:\program files\Soluto 2013-07-15 03:46 . 2013-07-16 00:02 -------- d-----w- c:\programdata\Soluto 2013-07-15 03:42 . 2013-07-15 03:59 -------- d-----w- c:\program files (x86)\OApps 2013-07-15 03:33 . 2013-07-15 03:33 -------- d-----w- c:\users\7\AppData\Local\SlimWare Utilities Inc 2013-07-15 03:32 . 2013-07-15 03:32 -------- d-----w- c:\program files (x86)\SlimDrivers 2013-07-15 01:06 . 2013-07-15 01:06 74703 ----a-w- c:\windows\SysWow64\mfc45.dat 2013-07-15 01:06 . 2013-07-15 23:53 -------- d-----w- c:\programdata\iolo 2013-07-15 01:06 . 2013-07-15 01:06 -------- d-----w- c:\users\7\AppData\Roaming\iolo 2013-07-12 01:29 . 2013-07-12 01:33 -------- d-----w- c:\windows\system32\MRT 2013-07-09 02:18 . 2013-07-15 17:30 -------- d-----w- c:\users\7\AppData\Local\NFS Underground 2 2013-07-09 02:12 . 2013-07-09 02:12 -------- d-----w- c:\program files (x86)\EA GAMES 2013-07-08 22:54 . 2013-07-15 23:56 -------- d-----w- c:\users\7\AppData\Roaming\Wise Care 365 2013-07-08 22:53 . 2013-07-08 22:53 -------- d-----w- c:\program files (x86)\Wise 2013-07-08 22:41 . 2013-07-08 22:41 -------- d-----w- c:\program files (x86)\ERUNT 2013-07-08 21:12 . 2013-07-08 21:12 -------- d-----w- c:\program files (x86)\Windows Resource Kits 2013-07-08 14:36 . 2013-05-29 16:12 2155688 ----a-w- c:\windows\system32\Incinerator64.dll 2013-07-08 14:36 . 2013-05-29 16:12 2097472 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2013-07-08 14:35 . 2013-05-29 16:28 57584 ----a-w- c:\windows\system32\iolobtdfg.exe 2013-07-08 14:35 . 2013-05-29 16:28 26184 ----a-w- c:\windows\system32\smrgdf.exe 2013-07-08 02:04 . 2013-05-29 16:06 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys 2013-07-07 19:00 . 2013-07-07 19:00 -------- d-----w- c:\users\7\AppData\Roaming\drivers 2013-07-07 19:00 . 2011-11-15 16:23 354176 ----a-w- c:\windows\SysWow64\drivers\supersafer.sys 2013-07-07 19:00 . 2011-11-15 16:23 238072 ----a-w- c:\windows\SysWow64\drivers\supersafer64.sys 2013-07-07 19:00 . 2011-11-15 16:24 380264 ----a-w- c:\windows\SysWow64\comm.ocx 2013-07-07 17:30 . 2013-07-07 17:30 -------- d-----w- c:\program files (x86)\AMD AVT 2013-07-07 17:29 . 2013-07-07 17:30 -------- d-----w- c:\programdata\AMD 2013-07-07 17:25 . 2013-07-07 17:25 -------- d-----w- c:\program files (x86)\ATI Technologies 2013-07-07 17:24 . 2013-07-07 17:25 -------- d-----w- c:\programdata\Package Cache 2013-07-07 16:55 . 2013-07-07 19:34 -------- d-----w- c:\program files (x86)\EndlessWarDefense_at 2013-07-07 15:27 . 2013-07-07 15:27 -------- d-----w- c:\users\7\AppData\Roaming\WinBatch 2013-07-07 00:51 . 2013-07-07 18:56 -------- d-----w- c:\users\7\AppData\Roaming\Systweak 2013-07-06 21:16 . 2013-07-06 21:36 -------- d-----w- c:\programdata\BlueStacksSetup 2013-07-04 02:06 . 2013-07-04 02:06 -------- d-----w- c:\users\7\AppData\Roaming\Malwarebytes 2013-07-04 02:06 . 2013-07-04 02:06 -------- d-----w- c:\programdata\Malwarebytes 2013-07-04 02:06 . 2013-07-04 02:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-07-04 02:06 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-03 19:55 . 2013-07-04 02:11 -------- d-----w- C:\CCE_Quarantine 2013-07-03 02:58 . 2013-06-10 02:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll 2013-07-03 02:49 . 2013-07-03 02:49 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-07-03 02:48 . 2013-07-03 02:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-03 02:48 . 2013-07-03 02:48 -------- d-----w- c:\program files (x86)\Java 2013-06-25 00:00 . 2013-06-25 00:00 -------- d-----w- c:\users\7\AppData\Roaming\IrfanView 2013-06-25 00:00 . 2013-06-25 00:00 -------- d-----w- c:\program files (x86)\IrfanView 2013-06-24 23:57 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll 2013-06-24 23:57 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll 2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\program files (x86)\Winamp Detect 2013-06-24 23:55 . 2013-06-24 23:55 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2013-06-24 23:39 . 2013-06-24 23:39 -------- d-----w- c:\users\7\AppData\Roaming\pdfforge 2013-06-24 23:39 . 2012-05-05 16:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-06-24 23:39 . 2012-05-05 16:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2013-06-24 23:39 . 2013-04-09 20:13 110264 ----a-w- c:\windows\system32\pdfcmon.dll 2013-06-24 23:39 . 2012-05-05 16:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-06-24 23:39 . 2013-06-25 00:18 -------- d-----w- c:\program files (x86)\PDFCreator 2013-06-24 23:34 . 2013-06-24 23:34 -------- d-----w- c:\program files\WinRAR . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-15 12:49 . 2012-11-24 02:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-07 15:24 . 2013-03-12 05:14 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2013-07-07 15:24 . 2013-03-12 05:14 6543392 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2013-07-07 15:24 . 2013-03-12 05:14 3659264 ----a-w- c:\windows\system32\bcmihvui64.dll 2013-07-06 22:31 . 2013-03-13 18:37 145127706 ----a-w- c:\users\7\AppData\Roaming\hkey_local_machine.reg 2013-07-03 02:48 . 2012-10-18 19:37 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-03 02:48 . 2012-10-18 19:37 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-24 05:57 . 2012-10-14 21:12 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-05-13 05:51 . 2013-06-12 00:17 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 00:17 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 00:17 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 00:17 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 00:17 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 00:17 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 00:17 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 00:17 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 00:17 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 00:17 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-12 00:17 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-12 00:17 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-12 00:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-04-26 05:51 . 2013-06-12 00:18 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-04-26 04:55 . 2013-06-12 00:18 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-04-25 23:30 . 2013-06-12 00:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-04-18 14:07 . 2013-04-18 14:07 564824 ----a-w- c:\windows\system32\drivers\sptd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R0 mjvhhu;mjvhhu; [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 CareMon;CareMon;c:\program files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe;c:\program files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\pmkbdfltr.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [x] R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] R4 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x] R4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 supersafer64;supersafer64;c:\windows\SysWOW64\drivers\supersafer64.sys;c:\windows\SysWOW64\drivers\supersafer64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-24 03:48 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 12:49] . 2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 18:30] . 2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 18:30] . 2013-07-15 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-07-10 13:58] . 2013-03-15 c:\windows\Tasks\Start Battery Optimizer for MARCO-PC@7.job - c:\program files\ReviverSoft\Battery Optimizer\BatteryOptimizer.exe [2012-09-20 09:56] . 2013-07-09 c:\windows\Tasks\Wise Care 365.job - c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-07-08 19:57] . 2013-07-09 c:\windows\Tasks\Wise Turbo Checker.job - c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-07-08 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-10 4030008] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2012-11-19 621440] . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-16 19:04:39 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-17 00:04 ComboFix2.txt 2013-01-29 00:19 . Pre-Run: 51.235.598.336 bytes libres Post-Run: 51.132.461.056 bytes libres . - - End Of File - - EC037BDB906271234120A4926141288F A36C5E4F47E84449FF07ED3517B43A31