Solucionado Eliminar troyano

edgecrusher · 15 Feb 2015

Hola a tod@s, desde hace unos días el antivirus me detecta esto "Win64/SvcMiner.A" y le doy a eliminar y lo quita. Pero cada vez que reinicio el PC vuelve a salir y voy a la carpeta que me dice donde esta pero no hay nada. No noto que el PC vaya raro lo unico que a veces recibo emails que dicen que me he registrado en un sitio y para confirmar el registro cosa que no he hecho. Si me pudierais echar un cable.....Gracias de antemano.

Kbite · 15 Feb 2015

Hola edgecrusher.

Sigue todos estos pasos previos y en tu respuesta nos dejs los informes que se solicitan:

1º Desactiva la Restauración del sistema, una vez terminemos la vuelves a activar.

2º Utiliza esta herramienta con todos los navegadores cerrados: AdwCleaner

3º Actualiza tu sistema Aquí (Utiliza el I. Explorer)

4º Borra todas las cookies y limpia el registro con CCleaner

5º Ves a Inicio- Panel de Control--> Java (si usas Java) y Elimina los temporales de Java.

6º Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.

7º Haz correr en su Modo completo el Malwarebytes Antimalware. (Actualizalo, y al acabar el escaneo elije la opción Eliminar, después guarda el report y lo pegas) Si tienes algúna duda aquí tienes un Manual de Malwarebytes Antimalware

8º Adems, haz un Scan Online: Antivirus Online

** Debes usar el Internet Explorer y aceptar los ActiveX

** Le indicas que elimine lo que te detecte.

Nos copias ese reporte, el del Malwarebytes Antimalware, el de AdwCleaner junto con un log de HijackThis. Nos comentas si se resolvió el posible problema.

Saludos, Kbite

edgecrusher · 16 Feb 2015

Hola, aquí te pongo todos los reportes menos el del eset que no se donde esta.

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 19:33:18
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : PAINKILLER - PAINKILLER-PC
# Running from : C:\Users\PAINKILLER\Desktop\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Google Chrome v39.0.2171.65

-\\ Comodo Dragon v

-\\ Opera v0.0.0.0

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [13992 bytes] - [03/07/2014 18:39:06]
AdwCleaner[R1].txt - [13334 bytes] - [24/09/2014 12:15:33]
AdwCleaner[R2].txt - [10429 bytes] - [24/09/2014 14:16:22]
AdwCleaner[R4].txt - [6537 bytes] - [19/12/2014 17:44:39]
AdwCleaner[R5].txt - [1782 bytes] - [12/01/2015 21:42:05]
AdwCleaner[R6].txt - [1964 bytes] - [14/02/2015 09:53:53]
AdwCleaner[R7].txt - [1055 bytes] - [15/02/2015 19:33:18]
AdwCleaner[S0].txt - [11788 bytes] - [03/07/2014 18:41:13]
AdwCleaner[S1].txt - [8188 bytes] - [24/09/2014 14:18:02]
AdwCleaner[S3].txt - [4796 bytes] - [19/12/2014 17:46:31]
AdwCleaner[S4].txt - [1899 bytes] - [12/01/2015 21:44:04]
AdwCleaner[S5].txt - [1926 bytes] - [14/02/2015 09:56:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1410 bytes] ##########

Protección Web: Activado
Autoprotección: Desactivado

SO: Windows 7 Service Pack 1
CPU: x64
Archivos del Sistema: NTFS
Usuario: PAINKILLER

Tipo de Análisis: Análisis Completo
Resultado: Completado
Objetos Analizados: 434957
Tiempo Transcurrido: 11 min, 2 seg

Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Advierten
PUM: Activado

Procesos: 0
(Sin elementos maliciosos detectados)

Modulos: 0
(Sin elementos maliciosos detectados)

Llaves del Registro: 5
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3530981056-630553771-538909516-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectIN4T, En cuarentena, [2a963ce2b0daee48bd7026ef778e9070],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-3530981056-630553771-538909516-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteproducts, En cuarentena, [249c25f9f49679bdd720d04627de03fd],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3530981056-630553771-538909516-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, En cuarentena, [a020f628e2a822147f227f19e2213dc3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3530981056-630553771-538909516-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, En cuarentena, [c5fb58c6bdcd74c21d97f90950b5de22],
PUP.Optional.GeForce.A, HKU\S-1-5-21-3530981056-630553771-538909516-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, En cuarentena, [edd3fe20a7e3c96d9ab22de2d82dbe42],

Valores del Registro: 0
(Sin elementos maliciosos detectados)

Datos del Registro: 0
(Sin elementos maliciosos detectados)

Carpetas: 0
(Sin elementos maliciosos detectados)

Archivo: 4
PUP.Optional.Sense.A, C:\Users\PAINKILLER\AppData\Roaming\OZAN.exe, En cuarentena, [b30dcd516e1cda5cea7fbfb38e736e92],
PUP.Optional.OpenCandy, C:\Users\PAINKILLER\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe, En cuarentena, [259b31ed5832fd39330de502f70ee020],
PUP.Optional.CrossRider.A, C:\Users\PAINKILLER\AppData\Local\Temp\Install_5210\ins_geforce.exe, En cuarentena, [03bd1a04355538fe84aa9058af52f40c],
PUP.Optional.CrossRider.A, C:\Users\PAINKILLER\AppData\Local\Temp\Install_5210\ins_sense.exe, En cuarentena, [dee25cc2098178be9995eff91ce5a15f],

Sectores físicos: 0
(Sin elementos maliciosos detectados)

(end)

Código:

Logfile of Trend Micro HijackThis v2.0.5
[SPOILER="CLIC para ver el Log de HijackThis"]Scan saved at 19:33:40, on 16/02/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\PAINKILLER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
I:\PROGRAMAS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\PAINKILLER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')
O4 - HKUS\S-1-5-21-3530981056-630553771-538909516-1004\..\Run: [Spotify] "C:\Users\SANDRA\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart (User 'SANDRA')
O4 - HKUS\S-1-5-21-3530981056-630553771-538909516-1004\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE (User 'SANDRA')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O4 - S-1-5-21-3530981056-630553771-538909516-1004 Startup: Dropbox.lnk = SANDRA\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'SANDRA')
O4 - S-1-5-21-3530981056-630553771-538909516-1004 Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'SANDRA')
O4 - S-1-5-21-3530981056-630553771-538909516-1004 User Startup: Dropbox.lnk = SANDRA\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'SANDRA')
O4 - S-1-5-21-3530981056-630553771-538909516-1004 User Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'SANDRA')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Mostrar u ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - [URL]http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab[/URL]
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - [URL]http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab[/URL]
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - [URL]http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab[/URL]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [URL]http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab[/URL]
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Sound Blaster Audio Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Servicio HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 27649 bytes[/SPOILER]

Kbite · 17 Feb 2015

Hola edgecrusher.

No comentas si se solucionó el problema, esto es importante para saber el punto donde nos encontramos y poder obrar en consecuencia, dinos como te van las cosas ahora.

El Log de HijackThis está limpio. El Malwarebytes detectó y envió a la Cuarentena algúnos archivos maliciosos. El informe de AdwCleaner está sin eliminaciones y nos dice que solo Escaneaste, primero debes Escanear y después Eliminar, no estaría de más que volvieses a utilizar la herramienta para asegurar la limpieza de los navegadores.

A continuación solo nos queda que nos digas si se resolvió el problema que comentabas., ya que no se visualiza una gran infección, afortunadamente.

Saludos, Kbite

edgecrusher · 17 Feb 2015

Hola, pues el problema persiste. Cada vez que reinicio el pc el antivirus lo detecta y lo envia a cuarentena. Otra cosa que me ocurre es que si no tengo ningún programa en ejecucion al cabo de 30 min entra en suspension pero ahora no, esta encendido todo el rato y no tengo nada abierto. En el informe del adwcleaner me sale que tengo 5 navegadores pero solo tengo el explorer y chrome, como es que me salen los otros? Gracias.

Kbite · 18 Feb 2015

Hola edgecrusher.

Si se reproduce el virus será debido a que se clona seguramente desde la carpeta de restauración ¿Desactivaste la "Restauración del sistema" tal como te indiqué? esto es muy importante para evitar que se replique la infección una vez el antivirus eliminó el virus.

Acude a Panel de control / Desinstalar un programa y desinstala, si aparecen, los siguientes navegadores: Comodo Dragon, Opera, Chrome Canary. Si es necesario lo haces desde Modo seguro.

Ahora ejecuta esta herramienta similar a AdwCleaner siguiendo su guía: Junkware Removal Tool

De ser necesario, por repetirse el problema, utiliza esta herramienta que no necesita instalación: Dr. WebCureIt!

Piensa si justo antes de detectar la infección instalaste algún software sospechoso o ilegal que pudiese ser el culpable de instalarte el troyano, si es así desinstala ese programa.

Saludos, Kbite

edgecrusher · 18 Feb 2015

Hola, pues restaurar sistema lo tengo deshabilitado, en desinstalar programas no me salen ni comodo ni opera ni chrome canary. Le he pasado el junkware y el webcureit y el problema sigue. No he instalado ningún programa raro. Aqui te pongo donde me dice el antivirus que sale el virus por si sirve de algo:

C:\Windows\Temp\svchost.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Temporary Internet Files\Content.IE5\svchost[1].exe

Saludos.

Kbite · 19 Feb 2015

Hola edgecrusher.

Pues si AdwCleaner detectó esos navegadores es raro que no te aparezcan en el listado de programas instalados, mira si en "Archivos de programa" te aparecen sus carpetas.

Vamos a eliminar manualmente esos archivos que son detectados por el antivirus:

Muestra los archivos ocultos del sistema. (Una vez terminemos los vuelves a Ocultar)
Reinicia en Modo seguro para que nada ajeno a Windows esté en ejecución.

Busca en su ruta los archivos en negrita y los eliminas manualmente ya que esa no es su ubicación natural.:

C:\Windows\Temp\svchost.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Temporary Internet Files\Content.IE5\svchost[1].exe

Descarga en el Escritorio el programa RogueKiller
Descarga en el Escrotorio el programa Trojan Remover

Ahora ejecuta Rogue Killer
Ejecútalo con clic derecho como Administrador siguiendo su manual.
Espera a que termine el análisis y eliminación.
El informe que te dará lo guardas para pegarlo en tu respuesta.

Ejecuta a continuación Trojan Remover.
Lo ejecutas con clic derecho como Administrador.
Espera a que termine el análisis y eliminación.
El informe que te dará lo guardas para pegarlo en tu respuesta.

Me dejas los informes y dinos como te van las cosas ahora.

Saludos, Kbite

edgecrusher · 19 Feb 2015

Hola, pues en modo seguro no salen esos dos archivos, en Temp no esta y en Content.IE5 esta vacio. Mostrando los archivos ocultos no sale ninguno de los navegadores. Aqui te dejo los informes.

RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software

correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado en : Modo Normal
Usuario : PAINKILLER [Administrador]
Modo : Escanear -- Fecha : 02/19/2015 20:58:19

¤¤¤ Procesos : 4 ¤¤¤
[Suspicious.Path] HiSuiteOuc64.exe(2156) -- C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe[7] -> Eliminado [TermProc]
[Suspicious.Path] HuaweiHiSuiteService64.exe(2200) -- C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe[7] -> Eliminado [TermProc]
[Suspicious.Path] SpotifyWebHelper.exe(4780) -- C:\Users\PAINKILLER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[7] -> Eliminado [TermProc]
[Suspicious.Path] uTorrent.exe(4116) -- C:\Users\PAINKILLER\AppData\Roaming\uTorrent\uTorrent.exe[7] -> Eliminado [TermProc]

¤¤¤ Registro : 32 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3530981056-630553771-538909516-1000\Software\Microsoft\Windows\CurrentVersion\Run | CTRegRun : C:\Windows\CTRegRun.EXE -> Econtrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3530981056-630553771-538909516-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\PAINKILLER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> Econtrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3530981056-630553771-538909516-1000\Software\Microsoft\Windows\CurrentVersion\Run | CTRegRun : C:\Windows\CTRegRun.EXE -> Econtrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3530981056-630553771-538909516-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\PAINKILLER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\?\C:\Windows\etdrv.sys) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\?\C:\Windows\GVTDrv64.sys) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HiSuiteOuc64.exe ("C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe" -/service) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\?\C:\Windows\etdrv.sys) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\?\C:\Windows\GVTDrv64.sys) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HiSuiteOuc64.exe ("C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe" -/service) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\?\C:\Windows\etdrv.sys) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\?\C:\Windows\GVTDrv64.sys) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HiSuiteOuc64.exe ("C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe" -/service) -> Econtrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Econtrado
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s...mepage/index.jsp?lg=es&pid=NIS&pvid=20.3.1.22 -> Econtrado
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s...mepage/index.jsp?lg=es&pid=NIS&pvid=20.3.1.22 -> Econtrado
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s...mepage/index.jsp?lg=es&pid=NIS&pvid=20.3.1.22 -> Econtrado
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s...mepage/index.jsp?lg=es&pid=NIS&pvid=20.3.1.22 -> Econtrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.29.254 62.81.16.213 [SPAIN (ES)][SPAIN (ES)] -> Econtrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.29.254 62.81.16.213 [SPAIN (ES)][SPAIN (ES)] -> Econtrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.81.29.254 62.81.16.213 [SPAIN (ES)][SPAIN (ES)] -> Econtrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CCAF996D-7A13-48BF-A3E4-F7A18BE8B08C} | DhcpNameServer : 62.81.29.254 62.81.16.213 [SPAIN (ES)][SPAIN (ES)] -> Econtrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CCAF996D-7A13-48BF-A3E4-F7A18BE8B08C} | DhcpNameServer : 62.81.29.254 62.81.16.213 [SPAIN (ES)][SPAIN (ES)] -> Econtrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CCAF996D-7A13-48BF-A3E4-F7A18BE8B08C} | DhcpNameServer : 62.81.29.254 62.81.16.213 [SPAIN (ES)][SPAIN (ES)] -> Econtrado
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3530981056-630553771-538909516-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Econtrado
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3530981056-630553771-538909516-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Econtrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Econtrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Econtrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Econtrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Econtrado

¤¤¤ Tareas : 2 ¤¤¤
[Suspicious.Path] SK.Enhancer-S-161304646.job -- c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe (/schedule /profile "c:\programdata\quickset\sk.enhancer\161304646.ini") -> Econtrado
[Suspicious.Path] \\Origin -- C:\Users\PAINKILLER\AppData\Roaming\Origin\update.vbe -> Econtrado

¤¤¤ Archivos : 1 ¤¤¤
[Suspicious.Path][Archivo] Dropbox.lnk -- C:\Users\SANDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [LNK@] C:\Users\SANDRA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup -> Econtrado

¤¤¤ Archivo de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 13 (Driver: Cargado) ¤¤¤
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ADVAPI32.dll) msvcrt.dll - memcpy : C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll @ 0x6d95a10
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenServiceW : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e46
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - CloseServiceHandle : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885dfe
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenSCManagerW : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e36
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - StartServiceW : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e56
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e2e
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x543f19ba
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenServiceW : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e46
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - CloseServiceHandle : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885dfe
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenSCManagerW : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e36
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - StartServiceW : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e56
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x54885e2e
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\chrome_child.dll @ 0x543f19ba

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00ZF5A0 +++++
--- User ---
[MBR] 689fb6e8f7d915718058450f5625dc37
[BSP] 28aeb976038a0f4a5c1c4faf206f78b5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK. +++++ PhysicalDrive1: OEM Ext Hard Disk USB Device +++++
Error reading User MBR! ([57] El parámetro no es correcto. )
Error reading LL1 MBR! ([79] Se agotó el tiempo de espera del semáforo. )
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive2: Seagate Expansion USB Device +++++
--- User ---
[MBR] 3d298b35bc4dcc665d4c22ecc177362b
[BSP] 20aca90d2a25a53f87a8708dc36a3468 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive3: Generic Storage Device USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive4: SEAGATE ST3250823A USB Device +++++
--- User ---
[MBR] 7e212324da03a4e06fd1dca51af1d1e4
[BSP] 6c2d0dbe838ed4dae33a346100684d6f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 238464 MB
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2932. For information, email support@simplysup.com

[Unregistered version]
Scan started at: 21:10:13 19 feb 2015
Using Database v8631
Operating System: Windows 7 x64 Ultimate (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\PAINKILLER\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\PAINKILLER\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
21:10:14: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
21:10:15: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
21:10:15: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])
2871808 bytes
Created: 28/04/2014 3:37
Modified: 28/04/2014 3:37
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])
30720 bytes
Created: 21/11/2010 4:24
Modified: 21/11/2010 4:24
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [USB3MON]
Value Data: ["C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (verified signer: [Intel Corporation])
-R- 291648 bytes
Created: 27/03/2013 23:06
Modified: 20/05/2012 17:26
Company: Intel Corporation
--------------------
Value Name: [IMSS]
Value Data: ["C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"]
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (verified signer: [Intel Corporation])
133440 bytes
Created: 27/03/2013 23:01
Modified: 19/07/2012 9:53
Company: Intel Corporation
--------------------
Value Name: [IAStorIcon]
Value Data: [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (verified signer: [Intel Corporation])
56088 bytes
Created: 27/03/2013 23:05
Modified: 29/02/2012 12:43
Company: Intel Corporation
--------------------
Value Name: [hpqSRMon]
Value Data: [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
150528 bytes
Created: 22/07/2008 17:33
Modified: 22/07/2008 17:33
Company: Hewlett-Packard
--------------------
Value Name: [CTxfiHlp]
Value Data: [CTXFIHLP.EXE]
C:\Windows\SysWoW64\CTXFIHLP.EXE (verified signer: [Creative Technology])
26112 bytes
Created: 01/03/2014 0:20
Modified: 01/03/2014 0:20
Company: Creative Technology Ltd
--------------------
Value Name: [UpdReg]
Value Data: [C:\Windows\UpdReg.EXE]
C:\Windows\UpdReg.EXE
90112 bytes
Created: 10/10/2014 19:25
Modified: 11/05/2000 0:00
Company: Creative Technology Ltd.
--------------------
Value Name: [Sound Blaster Z-Series Control Panel]
Value Data: ["C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r]
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
735744 bytes
Created: 27/02/2013 5:45
Modified: 27/02/2013 5:45
Company: Creative Technology Ltd
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])
1791856 bytes
Created: 19/02/2015 21:04
Modified: 19/02/2015 21:05
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [CCleaner Monitoring]
Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR]
C:\Program Files\CCleaner\CCleaner64.exe (verified signer: [Piriform Ltd])
6160152 bytes
Created: 20/05/2014 14:29
Modified: 20/05/2014 14:29
Company: Piriform Ltd
--------------------
Value Name: [CCleaner]
Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /AUTO]
C:\Program Files\CCleaner\CCleaner64.exe (verified signer: [Piriform Ltd])
6160152 bytes
Created: 20/05/2014 14:29
Modified: 20/05/2014 14:29
Company: Piriform Ltd
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
21:10:18: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [ShadowPlay]
Value Data: [C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart]
C:\Windows\System32\nvspcap64.dll
1514528 bytes
Created: 01/11/2013 19:59
Modified: 16/01/2015 7:41
Company: NVIDIA Corporation
--------------------
Value Name: [NvBackend]
Value Data: ["C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (verified signer: [NVIDIA Corporation])
2585928 bytes
Created: 02/12/2013 22:03
Modified: 16/01/2015 7:42
Company: NVIDIA Corporation
--------------------
Value Name: [MSC]
Value Data: ["C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey]
C:\Program Files\Microsoft Security Client\msseces.exe (verified signer: [Microsoft Corporation])
1332296 bytes
Created: 30/01/2015 3:09
Modified: 30/01/2015 3:09
Company: Microsoft Corporation
--------------------
Value Name: [EvtMgr6]
Value Data: [C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming]
C:\Program Files\Logitech\SetPointP\SetPoint.exe (verified signer: [Logitech])
3091224 bytes
Created: 31/07/2013 21:31
Modified: 31/07/2013 21:31
Company: Logitech, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
21:10:19: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
21:10:19: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
21:10:19: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
21:10:19: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {8A69D345-D564-463c-AFF1-A69D9E530F96}
Path: "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe (verified signer: [Google Inc])
1087304 bytes
Created: 18/11/2014 21:56
Modified: 18/11/2014 21:56
Company: Google Inc.
----------

************************************************************
21:10:19: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HPSLPSVC
Path: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
1037824 bytes
Created: 20/09/2009 10:55
Modified: 20/09/2009 10:55
Company: Hewlett-Packard Co.
----------

************************************************************
21:10:23: Scanning ----- SERVICES REGISTRY KEYS -----
----------
Key: AppleCharger
ImagePath: system32\DRIVERS\AppleCharger.sys
C:\Windows\System32\DRIVERS\AppleCharger.sys
22680 bytes
Created: 27/03/2013 23:06
Modified: 25/10/2012 9:01
Company: [no info]
----------
----------
Key: AppleChargerSrv
ImagePath: system32\AppleChargerSrv.exe
C:\Windows\System32\AppleChargerSrv.exe
31272 bytes
Created: 27/03/2013 23:06
Modified: 06/04/2010 16:30
Company: [no info]
----------
----------
Key: AxAutoMntSrv
ImagePath: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (verified signer: [Alcohol Soft])
75624 bytes
Created: 05/01/2012 16:42
Modified: 05/01/2012 16:42
Company: Alcohol Soft Development Team
----------
----------
Key: BstHdAndroidSvc
ImagePath: "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
C:\Program Files (x86)\BlueStacks\HD-Service.exe (verified signer: [Bluestack Systems, Inc.])
398096 bytes
Created: 18/11/2013 23:06
Modified: 18/11/2013 23:06
Company: BlueStack Systems, Inc.
----------
----------
Key: BstHdDrv
ImagePath: \?\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
77584 bytes
Created: 18/11/2013 23:06
Modified: 18/11/2013 23:06
Company: BlueStack Systems
----------
----------
Key: BstHdLogRotatorSvc
ImagePath: C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (verified signer: [Bluestack Systems, Inc.])
385808 bytes
Created: 18/11/2013 23:06
Modified: 18/11/2013 23:06
Company: BlueStack Systems, Inc.
----------
----------
Key: Creative ALchemy AL6 Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe"
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
79360 bytes
Created: 10/10/2014 19:24
Modified: 10/10/2014 19:24
Company: Creative Labs
----------
----------
Key: Creative Audio Engine Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe"
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
79360 bytes
Created: 01/06/2014 18:16
Modified: 01/06/2014 18:16
Company: Creative Labs
----------
----------
Key: CT20XUT
ImagePath: system32\drivers\CT20XUT.SYS
C:\Windows\System32\drivers\CT20XUT.SYS
205080 bytes
Created: 01/03/2014 2:54
Modified: 01/03/2014 2:54
Company: Creative Technology Ltd.
----------
----------
Key: CT20XUT.SYS
ImagePath: \SystemRoot\System32\drivers\CT20XUT.SYS
C:\Windows\System32\drivers\CT20XUT.SYS
205080 bytes
Created: 01/03/2014 2:54
Modified: 01/03/2014 2:54
Company: Creative Technology Ltd.
----------
----------
Key: ctac32k
ImagePath: system32\drivers\ctac32k.sys
C:\Windows\System32\drivers\ctac32k.sys
582936 bytes
Created: 01/03/2014 2:55
Modified: 01/03/2014 2:55
Company: Creative Technology Ltd
----------
----------
Key: ctaud2k
ImagePath: system32\drivers\ctaud2k.sys
C:\Windows\System32\drivers\ctaud2k.sys
689048 bytes
Created: 01/03/2014 2:55
Modified: 01/03/2014 2:55
Company: Creative Technology Ltd
----------
----------
Key: CTAudSvcService
ImagePath: C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
423424 bytes
Created: 08/10/2012 10:53
Modified: 08/10/2012 10:53
Company: Creative Technology Ltd
----------
----------
Key: CTEXFIFX
ImagePath: system32\drivers\CTEXFIFX.SYS
C:\Windows\System32\drivers\CTEXFIFX.SYS
1419544 bytes
Created: 01/03/2014 2:54
Modified: 01/03/2014 2:54
Company: Creative Technology Ltd.
----------
----------
Key: CTEXFIFX.SYS
ImagePath: \SystemRoot\System32\drivers\CTEXFIFX.SYS
C:\Windows\System32\drivers\CTEXFIFX.SYS
1419544 bytes
Created: 01/03/2014 2:54
Modified: 01/03/2014 2:54
Company: Creative Technology Ltd.
----------
----------
Key: cthda
ImagePath: system32\drivers\cthda.sys
C:\Windows\System32\drivers\cthda.sys
1060632 bytes
Created: 22/05/2013 7:48
Modified: 22/05/2013 7:48
Company: Creative Technology Ltd
----------
----------
Key: CtHdaSvc
ImagePath: %SystemRoot%\sysWow64\CtHdaSvc.exe
C:\Windows\sysWow64\CtHdaSvc.exe (verified signer: [Creative Technology])
112640 bytes
Created: 22/05/2013 7:40
Modified: 22/05/2013 7:40
Company: Creative Technology Ltd
----------
----------
Key: cthdb
ImagePath: system32\DRIVERS\cthdb.sys
C:\Windows\System32\DRIVERS\cthdb.sys
33560 bytes
Created: 22/05/2013 7:48
Modified: 22/05/2013 7:48
Company: Creative Technology Ltd
----------
----------
Key: CTHWIUT
ImagePath: system32\drivers\CTHWIUT.SYS
C:\Windows\System32\drivers\CTHWIUT.SYS
97048 bytes
Created: 01/03/2014 2:54
Modified: 01/03/2014 2:54
Company: Creative Technology Ltd.
----------
----------
Key: CTHWIUT.SYS
ImagePath: \SystemRoot\System32\drivers\CTHWIUT.SYS
C:\Windows\System32\drivers\CTHWIUT.SYS
97048 bytes
Created: 01/03/2014 2:54
Modified: 01/03/2014 2:54
Company: Creative Technology Ltd.
----------
----------
Key: ctprxy2k
ImagePath: system32\drivers\ctprxy2k.sys
C:\Windows\System32\drivers\ctprxy2k.sys
18200 bytes
Created: 01/03/2014 2:55
Modified: 01/03/2014 2:55
Company: Creative Technology Ltd
----------
----------
Key: ctsfm2k
ImagePath: system32\drivers\ctsfm2k.sys
C:\Windows\System32\drivers\ctsfm2k.sys
215320 bytes
Created: 01/03/2014 2:55
Modified: 01/03/2014 2:55
Company: Creative Technology Ltd
----------
----------
Key: emupia
ImagePath: system32\drivers\emupia2k.sys
C:\Windows\System32\drivers\emupia2k.sys
120600 bytes
Created: 01/03/2014 2:56
Modified: 01/03/2014 2:56
Company: Creative Technology Ltd
----------
----------
Key: etdrv
ImagePath: \?\C:\Windows\etdrv.sys
C:\Windows\etdrv.sys
25640 bytes
Created: 31/03/2013 22:14
Modified: 20/04/2013 17:50
Company: Windows (R) Server 2003 DDK provider
----------
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (verified signer: [Flexera Software, Inc. ])
1044816 bytes
Created: 31/05/2013 22:48
Modified: 31/05/2013 22:48
Company: Flexera Software, Inc.
----------
----------
Key: gdrv
ImagePath: \?\C:\Windows\gdrv.sys
C:\Windows\gdrv.sys
25640 bytes
Created: 27/03/2013 23:12
Modified: 22/09/2013 8:41
Company: Windows (R) Server 2003 DDK provider
----------
----------
Key: GfExperienceService
ImagePath: "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (verified signer: [NVIDIA Corporation])
1148744 bytes
Created: 21/09/2014 11:44
Modified: 16/01/2015 7:42
Company: NVIDIA Corporation
----------
----------
Key: GVTDrv64
ImagePath: \?\C:\Windows\GVTDrv64.sys
C:\Windows\GVTDrv64.sys
30528 bytes
Created: 27/03/2013 23:12
Modified: 22/09/2013 8:41
Company: [no info]
----------
----------
Key: ha20x2k
ImagePath: system32\drivers\ha20x2k.sys
C:\Windows\System32\drivers\ha20x2k.sys
1564440 bytes
Created: 01/03/2014 2:56
Modified: 01/03/2014 2:56
Company: Creative Technology Ltd
----------
----------
Key: HauppaugeTVServer
ImagePath: C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
442368 bytes
Created: 02/04/2013 17:01
Modified: 26/02/2009 15:15
Company: Hauppauge Computer Works
----------
----------
Key: HiSuiteOuc64.exe
ImagePath: "C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe" -/service
C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe (verified signer: [Huawei Technologies Co.,Ltd.])
138272 bytes
Created: 29/11/2014 12:20
Modified: 05/09/2014 8:40
Company:
----------
----------
Key: HPSupportSolutionsFrameworkService
ImagePath: "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (verified signer: [Hewlett-Packard Company])
89864 bytes
Created: 11/12/2014 11:36
Modified: 11/12/2014 11:36
Company: Hewlett-Packard Company
----------
----------
Key: HuaweiHiSuiteService64.exe
ImagePath: "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service
C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (verified signer: [Huawei Technologies Co.,Ltd.])
219680 bytes
Created: 29/11/2014 12:20
Modified: 05/09/2014 8:40
Company:
----------
----------
Key: IAStorDataMgrSvc
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (verified signer: [Intel Corporation])
13592 bytes
Created: 27/03/2013 23:05
Modified: 01/02/2012 16:29
Company: Intel Corporation
----------
----------
Key: ICCS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
160256 bytes
Created: 27/03/2013 23:08
Modified: 30/08/2011 15:55
Company: Intel Corporation
----------
----------
Key: Intel(R) Capability Licensing Service Interface
ImagePath: "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Program Files\Intel\iCLS Client\HeciServer.exe (verified signer: [Intel® Upgrade Service])
634632 bytes
Created: 19/06/2012 19:10
Modified: 19/06/2012 19:10
Company: Intel(R) Corporation
----------
----------
Key: Intel(R) ME Service
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (verified signer: [Intel Corporation])
129856 bytes
Created: 27/03/2013 23:02
Modified: 05/07/2012 13:23
Company: Intel Corporation
----------
----------
Key: iumsvc
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (verified signer: [Intel® Services Manager])
174368 bytes
Created: 28/02/2014 10:32
Modified: 28/02/2014 10:32
Company: [no info]
----------
----------
Key: jhi_service
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (verified signer: [Intel Corporation])
166720 bytes
Created: 27/03/2013 23:01
Modified: 05/07/2012 13:23
Company: Intel Corporation
----------
----------
Key: LBTServ
ImagePath: C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (verified signer: [Logitech])
357144 bytes
Created: 24/03/2014 23:50
Modified: 24/03/2014 23:50
Company: Logitech, Inc.
----------
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (verified signer: [Intel Corporation])
277824 bytes
Created: 27/03/2013 23:01
Modified: 19/07/2012 9:53
Company: Intel Corporation
----------
----------
Key: MBAMProtector
ImagePath: \?\C:\Windows\system32\drivers\mbam.sys
C:\Windows\System32\drivers\mbam.sys
25816 bytes
Created: 10/11/2013 9:40
Modified: 21/11/2014 6:14
Company: Malwarebytes Corporation
----------
----------
Key: MBAMScheduler
ImagePath: "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (verified signer: [Malwarebytes Corporation])
1871160 bytes
Created: 24/09/2014 16:26
Modified: 21/11/2014 6:12
Company: Malwarebytes Corporation
----------
----------
Key: MBAMService
ImagePath: "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (verified signer: [Malwarebytes Corporation])
969016 bytes
Created: 24/09/2014 16:26
Modified: 21/11/2014 6:12
Company: Malwarebytes Corporation
----------
----------
Key: MBAMWebAccessControl
ImagePath: \?\C:\Windows\system32\drivers\mwac.sys
C:\Windows\System32\drivers\mwac.sys
63704 bytes
Created: 24/09/2014 16:26
Modified: 21/11/2014 6:14
Company: Malwarebytes Corporation
----------
----------
Key: NvNetworkService
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (verified signer: [NVIDIA Corporation])
1706312 bytes
Created: 02/12/2013 22:03
Modified: 16/01/2015 7:42
Company: NVIDIA Corporation
----------
----------
Key: NvStreamKms
ImagePath: \?\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19784 bytes
Created: 01/06/2014 19:37
Modified: 16/01/2015 7:42
Company: NVIDIA Corporation
----------
----------
Key: NvStreamSvc
ImagePath: "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (verified signer: [NVIDIA Corporation])
21833544 bytes
Created: 01/11/2013 19:59
Modified: 16/01/2015 7:42
Company: NVIDIA Corporation
----------
----------
Key: ossrv
ImagePath: system32\drivers\ctoss2k.sys
C:\Windows\System32\drivers\ctoss2k.sys
181528 bytes
Created: 01/03/2014 2:55
Modified: 01/03/2014 2:55
Company: Creative Technology Ltd.
----------
----------
Key: PnkBstrA
ImagePath: C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\PnkBstrA.exe (verified signer: [Even Balance, Inc.])
76152 bytes
Created: 04/07/2014 18:36
Modified: 04/07/2014 18:36
Company: [no info]
----------
----------
Key: pwdrvio
ImagePath: system32\pwdrvio.sys
C:\Windows\System32\pwdrvio.sys
19152 bytes
Created: 24/01/2015 13:30
Modified: 30/09/2013 16:26
Company: [no info]
----------
----------
Key: pwdspio
ImagePath: \?\C:\Windows\system32\pwdspio.sys
C:\Windows\System32\pwdspio.sys
12504 bytes
Created: 24/01/2015 13:30
Modified: 30/09/2013 16:26
Company: [no info]
----------
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
370688 bytes
Created: 23/12/2009 22:34
Modified: 23/12/2009 22:34
Company: StarWind Software
----------
----------
Key: Steam Client Service
ImagePath: "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (verified signer: [Valve])
834752 bytes
Created: 31/03/2013 19:24
Modified: 19/01/2015 19:49
Company: Valve Corporation
----------
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (verified signer: [Intel Corporation])
365376 bytes
Created: 27/03/2013 23:01
Modified: 19/07/2012 9:53
Company: Intel Corporation
----------
----------
Key: VGPU
ImagePath: System32\drivers\rdvgkmd.sys
C:\Windows\System32\drivers\rdvgkmd.sys - [file not found to scan]
----------

************************************************************
21:10:43: Scanning -----VXD ENTRIES-----

************************************************************
21:10:43: Scanning ----- ContextMenuHandlers -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: C:\Program Files\7-Zip\7-zip32.dll
C:\Program Files\7-Zip\7-zip32.dll
56320 bytes
Created: 18/04/2011 23:34
Modified: 18/04/2011 23:34
Company: Igor Pavlov
----------
Key: AIMP
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path: C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll
C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll
286720 bytes
Created: 07/03/2014 19:58
Modified: 07/03/2014 19:58
Company: AIMP DevTeam
----------

************************************************************
21:10:43: Scanning ----- Folder\ColumnHandlers -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
401920 bytes
Created: 19/05/2010 14:37
Modified: 19/05/2010 14:37
Company: OpenOffice.org
----------

************************************************************
21:10:44: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: AIMP
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path: C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll
C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll
590848 bytes
Created: 07/03/2014 19:58
Modified: 07/03/2014 19:58
Company: AIMP DevTeam
----------
Key: EPP
CLSID: {09A47860-11B0-4DA5-AFA5-26D86198A780}
Path: C:\PROGRA~1\MICROS~3\shellext.dll
C:\PROGRA~1\MICROS~3\shellext.dll (verified signer: [Microsoft Corporation])
349336 bytes
Created: 30/01/2015 2:24
Modified: 30/01/2015 2:24
Company: Microsoft Corporation
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
C:\Program Files (x86)\PowerISO\PWRISOSH.DLL (verified signer: [Power Software Ltd])
233496 bytes
Created: 23/10/2013 15:11
Modified: 23/10/2013 15:11
Company: Power Software Ltd
----------

************************************************************
21:10:44: Scanning ----- 64-Bit Folder\ColumnHandlers -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll
830464 bytes
Created: 19/05/2010 14:41
Modified: 19/05/2010 14:41
Company: OpenOffice.org
----------

************************************************************
21:10:45: Scanning ----- Browser Helper Objects -----
Key: {0347C33E-8762-4905-BF09-768834316C61}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (verified signer: [Hewlett-Packard Company])
328248 bytes
Created: 20/09/2009 11:15
Modified: 20/09/2009 11:15
Company: Hewlett-Packard Co.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified signer: [Microsoft Corporation])
403840 bytes
Created: 18/08/2009 10:32
Modified: 18/08/2009 10:32
Company: Microsoft Corporation
----------
Key: {AF949550-9094-4807-95EC-D1C317803333}
BHO: C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (verified signer: [Logitech])
364824 bytes
Created: 19/05/2014 21:35
Modified: 19/05/2014 21:35
Company: Logitech, Inc.
----------
Key: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (verified signer: [Hewlett-Packard Company])
509496 bytes
Created: 20/09/2009 11:15
Modified: 20/09/2009 11:15
Company: Hewlett-Packard Co.
----------

************************************************************
21:10:45: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {AF949550-9094-4807-95EC-D1C317803333}
BHO: C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (verified signer: [Logitech])
433944 bytes
Created: 19/05/2014 21:35
Modified: 19/05/2014 21:35
Company: Logitech, Inc.
----------

************************************************************
21:10:46: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
21:10:46: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
21:10:46: Scanning ----- ShellServiceObjects -----

************************************************************
21:10:47: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
21:10:48: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
21:10:48: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
21:10:48: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check

************************************************************
21:10:48: Scanning ----- 64-Bit APPINIT_DLLS -----
No 64-Bit AppInit_DLLs value found to check

************************************************************
21:10:49: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
21:10:49: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
21:10:51: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14/07/2009 5:54
Modified: 14/07/2009 5:54
Company: [no info]
--------------------

************************************************************
21:10:51: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: PAINKILLER
[C:\Users\PAINKILLER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\PAINKILLER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 27/03/2013 22:18
Modified: 18/08/2014 14:28
Company: [no info]
----------
--------------------
Checking Startup Group for: SANDRA
[C:\Users\SANDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\SANDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 28/03/2013 11:31
Modified: 20/08/2014 17:41
Company: [no info]
----------
OpenOffice.org 3.2.lnk - links to [C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
1195008 bytes
Created: 20/05/2010 11:14
Modified: 20/05/2010 11:14
Company: [no info]
----------
--------------------

************************************************************
21:10:52: Scanning ----- SCHEDULED TASKS -----
Taskname: Adobe Acrobat Update Task
File: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified signer: [Adobe Systems, Incorporated])
1022152 bytes
Created: 19/12/2014 8:48
Modified: 19/12/2014 8:48
Company: Adobe Systems Incorporated
Schedule: At logon
Next Run Time:
Status: Queued
Creator: Adobe Systems Incorporated
Comments: This task keeps your Adobe Reader and Acrobat applications up to date with the latest enhancements and security fixes
----------
Taskname: Adobe Flash Player Updater
File: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (verified signer: [Adobe Systems Incorporated])
267440 bytes
Created: 11/04/2013 18:33
Modified: 04/02/2015 23:24
Company: Adobe Systems Incorporated
Schedule: At 1:24:00 every day
Next Run Time: 19/02/2015 21:24:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Esta tarea mantiene actualizada la instalación de Adobe Flash Player con las últimas mejoras y soluciones de seguridad. Si desactiva o elimina la tarea, Adobe Flash Player no podrá proteger automáticamente su equipo con las últimas soluciones de seguridad.
----------
Taskname: CCleanerSkipUAC
File: C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe (verified signer: [Piriform Ltd])
4529944 bytes
Created: 20/05/2014 14:29
Modified: 20/05/2014 14:29
Company: Piriform Ltd
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator: Piriform Ltd
Comments:
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created: 27/03/2013 22:56
Modified: 21/10/2014 2:47
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 20/02/2015 3:52:00
Status: Running
Creator: SYSTEM
Comments: Mantiene actualizado el software de Google. Si esta tarea se inhabilita o se detiene, el software de Google no se mantendrá actualizado, lo que significa que las vulnerabilidades de seguridad que puedan surgir no se podrán solucionar y es posible que el rendimiento del producto se vea afectado. Esta tarea se desinstala por sí sola cuando no la está utilizando ningún software de Google.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created: 27/03/2013 22:56
Modified: 21/10/2014 2:47
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 3:52:00 every day
Next Run Time: 19/02/2015 21:52:00
Status: Ready
Creator: SYSTEM
Comments: Mantiene actualizado el software de Google. Si esta tarea se inhabilita o se detiene, el software de Google no se mantendrá actualizado, lo que significa que las vulnerabilidades de seguridad que puedan surgir no se podrán solucionar y es posible que el rendimiento del producto se vea afectado. Esta tarea se desinstala por sí sola cuando no la está utilizando ningún software de Google.
----------
Taskname: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
File: C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (verified signer: [Intel® Services Manager])
174368 bytes
Created: 28/02/2014 10:32
Modified: 28/02/2014 10:32
Company: [no info]
Parameters: --automatic
Schedule: At 13:53:42 every day
Next Run Time: 20/02/2015 13:53:42
Status: Ready
Creator: SYSTEM
Comments: Intel(R) Update Manager helps you keep your system up-to-date. Keep this task running to be notified automatically when new updates become available.
----------
Taskname: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
File: C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (verified signer: [Intel® Services Manager])
174368 bytes
Created: 28/02/2014 10:32
Modified: 28/02/2014 10:32
Company: [no info]
Parameters: --automatic
Schedule: At logon
Next Run Time:
Status: Ready
Creator: SYSTEM
Comments: Intel(R) Update Manager helps you keep your system up-to-date. Keep this task running to be notified automatically when new updates become available.
----------

************************************************************
21:10:54: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
21:10:54: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File: lvcodec2.dll
C:\Windows\SysWoW64\lvcodec2.dll (verified signer: [Microsoft Windows Hardware Compatibility Publisher])
416280 bytes
Created: 26/07/2008 15:23
Modified: 26/07/2008 15:23
Company: Logitech Inc.
----------
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14/07/2009 1:07
Modified: 14/07/2009 2:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: msacm.vorbis
File: vorbis.acm
C:\Windows\SysWoW64\vorbis.acm
1554944 bytes
Created: 13/04/2013 21:12
Modified: 15/09/2009 10:14
Company: HMS http://hp.vector.co.jp/authors/VA012897/
----------
Value: VIDC.FMVC
File: fmcodec.dll
C:\Windows\SysWoW64\fmcodec.dll
77824 bytes
Created: 19/08/2008 1:18
Modified: 19/08/2008 1:18
Company: Fox Magic Software
----------
Value: VIDC.FPS1
File: frapsvid.dll
C:\Windows\SysWoW64\frapsvid.dll
65536 bytes
Created: 26/02/2013 7:31
Modified: 26/02/2013 7:31
Company: Beepa P/L
----------
Value: vidc.VP60
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\SysWoW64\vp6vfw.dll (verified signer: [Electronic Arts])
-R- 447752 bytes
Created: 04/09/2008 19:17
Modified: 04/09/2008 19:17
Company: On2.com
----------

************************************************************
21:10:55: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking autorun.inf in E:\
E:\autorun.inf
182 bytes
Created: 18/07/2014 6:54
Modified: 23/02/2012 10:07
Company: [no info]
E:\autorun.inf open entry: [Setup.exe]
E:\Setup.exe (verified signer: [Seagate Technology LLC])
156312 bytes
Created: 18/07/2014 6:54
Modified: 16/01/2009 8:14
Company: Seagate Technology LLC
----------
--------------------
Desktop Wallpaper: C:\Users\PAINKILLER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\PAINKILLER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
206743 bytes
Created: 01/06/2014 15:41
Modified: 28/09/2014 0:03
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
Additional checks completed

************************************************************
21:10:56: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created: 28/04/2014 4:24
Modified: 28/04/2014 4:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14/07/2009 0:19
Modified: 14/07/2009 2:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14/07/2009 0:52
Modified: 14/07/2009 2:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 14/07/2009 0:19
Modified: 14/07/2009 2:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created: 10/02/2015 22:02
Modified: 15/01/2015 9:09
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 21/11/2010 4:23
Modified: 21/11/2010 4:23
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created: 17/10/2014 0:00
Modified: 17/07/2014 3:07
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14/07/2009 0:31
Modified: 14/07/2009 2:39
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft Security Client\MsMpEng.exe
23784 bytes
Created: 30/01/2015 3:15
Modified: 30/01/2015 3:15
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1249424 bytes
Created: 01/06/2014 14:12
Modified: 05/02/2015 20:07
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created: 28/04/2014 3:46
Modified: 28/04/2014 3:46
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2291568 bytes
Created: 18/08/2009 11:48
Modified: 18/08/2009 11:48
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 28/04/2014 3:39
Modified: 28/04/2014 3:39
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft Security Client\NisSrv.exe
366512 bytes
Created: 30/01/2015 3:15
Modified: 30/01/2015 3:15
Company: Microsoft Corporation
--------------------
C:\Windows\System32\conhost.exe
338432 bytes
Created: 28/04/2014 4:24
Modified: 28/04/2014 4:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
221040 bytes
Created: 18/08/2009 11:48
Modified: 18/08/2009 11:48
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 28/04/2014 4:04
Modified: 28/04/2014 4:04
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created: 21/11/2010 4:24
Modified: 21/11/2010 4:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 14/07/2009 0:37
Modified: 14/07/2009 2:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\schtasks.exe
285696 bytes
Created: 21/11/2010 4:24
Modified: 21/11/2010 4:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
230680 bytes
Created: 13/06/2013 20:31
Modified: 13/06/2013 20:31
Company: Logitech, Inc.
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2448016 bytes
Created: 01/06/2014 14:12
Modified: 05/02/2015 20:07
Company: NVIDIA Corporation
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created: 21/11/2010 4:25
Modified: 21/11/2010 4:25
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
284440 bytes
Created: 27/03/2013 23:05
Modified: 01/02/2012 16:29
Company: Intel Corporation
--------------------
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
1844544 bytes
Created: 27/03/2013 23:01
Modified: 19/07/2012 9:53
Company: Intel Corporation
--------------------
C:\Program Files (x86)\HP\Common\HpDeviceDetection3.exe
217864 bytes
Created: 11/12/2014 11:34
Modified: 11/12/2014 11:34
Company: Hewlett-Packard Company
--------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
856904 bytes
Created: 18/11/2014 21:56
Modified: 14/11/2014 22:15
Company: Google Inc.
--------------------
C:\Windows\System32\notepad.exe
193536 bytes
Created: 14/07/2009 0:56
Modified: 14/07/2009 2:39
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize: 5484896
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 28/04/2014 3:39
Modified: 28/04/2014 3:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 28/04/2014 3:39
Modified: 28/04/2014 3:39
Company: Microsoft Corporation
--------------------

************************************************************
21:11:03: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
21:11:03: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 21:11:04 19 feb 2015
Total Scan time: 00:00:50
************************************************************

Bueno, tu diras si hay algo o no. Gracias y un saludo.

Kbite · 20 Feb 2015

Hola edgecrusher.

Dificil eliminar un virus que no se deja ver, normalmente el Malwarebytes, desde "Modo seguro", es muy eficaz para la eliminación de ese troyano. Y si añadimos que no ves los archivos que te señalé para su eliminación manual aún se nos pone peor.

Utiliza esta herramienta, muy potente, para ver si es capaz de detectar y eliminar al troyano:

Descarga ComboFix en tu Escritorio.
Desactiva durante el proceso el antivirus.
Cierra todas las aplicaciones y ventanas.
Ejecuta el ComboFix con clic derecho como Administrador.
Importante, no mover el ratón durante el análisis. Si desaparece el Escritorio eso es normal, al finalizar todo regresará a su lugar.
Es posible que el equipo se reinicie para proceder a la eliminación.
Al terminar el análisis ComboFix se cerrará y te aparecerá un informe que deberás Guardar para dejarlo en tu respuesta.

Cuando terminemos con el tema desinstalarás el Combofix siguiendo estos pasos: Cómo desinstalar ComboFix correctamente

Saludos, Kbite

edgecrusher · 20 Feb 2015

Bueno, aquí te dejo el log.

ComboFix 15-02-16.01 - PAINKILLER 20/02/2015 20:51:29.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.8138.4198 [GMT 1:00]
Running from: i:\programas\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\background.html
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\content.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\lsdb.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\manifest.json
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\NPG.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\background.html
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\content.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\lsdb.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\manifest.json
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\mc1CCUaC.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\background.html
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\content.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\ja6OW53WY.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\lsdb.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\manifest.json
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\background.html
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\content.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\lsdb.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\manifest.json
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\nAF9FGmZV.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\background.html
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\content.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\dOr.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\lsdb.js
c:\users\PAINKILLER\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\manifest.json
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\background.html
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\content.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\lsdb.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\manifest.json
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\NPG.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\background.html
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\content.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\lsdb.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\manifest.json
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\mc1CCUaC.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\background.html
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\content.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\ja6OW53WY.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\lsdb.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\manifest.json
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\background.html
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\content.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\lsdb.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\manifest.json
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\nAF9FGmZV.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\background.html
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\content.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\dOr.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\lsdb.js
c:\users\PAINKILLER\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\manifest.json
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\background.html
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\content.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\lsdb.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\manifest.json
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\NPG.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\background.html
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\content.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\lsdb.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\manifest.json
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\mc1CCUaC.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\background.html
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\content.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\ja6OW53WY.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\lsdb.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\manifest.json
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\background.html
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\content.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\lsdb.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\manifest.json
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\nAF9FGmZV.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\background.html
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\content.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\dOr.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\lsdb.js
c:\users\SANDRA\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\manifest.json
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\background.html
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\content.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\lsdb.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\manifest.json
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amgkilgdjlhhgmpjdpnfckoflnafllib\1.1\NPG.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\background.html
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\content.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\lsdb.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\manifest.json
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bjjempnldelkncdkgeildheinohjpimg\1.0\mc1CCUaC.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\background.html
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\content.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\ja6OW53WY.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\lsdb.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdbpdhcpcdodepjdiidkmelobempjncb\1.1\manifest.json
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\background.html
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\content.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\lsdb.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\manifest.json
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\191\nAF9FGmZV.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\background.html
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\content.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\dOr.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\lsdb.js
c:\users\SANDRA\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lemnjglcmcahiojehdibaohekdpekpae\1.0\manifest.json
c:\users\SANDRA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcgcnfakoclkjmfbmlnmagneckphckji_0.localstorage
c:\users\SANDRA\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\msdownld.tmp
c:\windows\SysWow64\tmp671B.tmp
c:\windows\SysWow64\tmp671C.tmp
c:\windows\wmsysprx.prx
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-01-20 to 2015-02-20 )))))))))))))))))))))))))))))))
.
.
2015-02-20 19:59 . 2015-02-20 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-20 19:07 . 2015-02-20 19:07 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F84E61C9-3F1B-4FEF-8401-B43C32C277ED}\offreg.dll
2015-02-20 19:06 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F84E61C9-3F1B-4FEF-8401-B43C32C277ED}\mpengine.dll
2015-02-19 20:04 . 2015-02-19 20:04 -------- d-----w- c:\users\PAINKILLER\AppData\Roaming\Simply Super Software
2015-02-19 20:04 . 2015-02-19 20:05 -------- d-----w- c:\program files (x86)\Trojan Remover
2015-02-19 20:04 . 2015-02-19 20:04 -------- d-----w- c:\programdata\Simply Super Software
2015-02-19 19:52 . 2015-02-19 19:52 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-19 19:52 . 2015-02-19 19:52 -------- d-----w- c:\programdata\RogueKiller
2015-02-19 19:13 . 2015-02-19 19:13 -------- d-----w- c:\users\PAINKILLER\AppData\Local\Hewlett-Packard
2015-02-19 19:11 . 2015-02-19 19:11 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2015-02-19 19:04 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-18 21:03 . 2015-02-18 21:03 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-02-18 20:56 . 2015-02-18 21:03 -------- d-----w- c:\users\PAINKILLER\AppData\Roaming\ZHP
2015-02-18 20:56 . 2015-02-18 20:56 -------- d-----w- c:\program files (x86)\ZHPDiag
2015-02-18 20:50 . 2015-02-18 20:50 -------- d-----w- c:\programdata\Doctor Web
2015-02-18 20:38 . 2015-02-18 20:53 -------- d-----w- c:\users\PAINKILLER\Doctor Web
2015-02-15 19:16 . 2015-02-15 19:16 -------- d-----w- c:\program files (x86)\ESET
2015-02-15 18:39 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-15 18:39 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-15 18:39 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-15 18:39 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-12 18:59 . 2014-09-16 21:05 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C66008EC-17F8-46F5-87D7-519728789F1A}\gapaengine.dll
2015-02-11 02:27 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 02:27 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 02:27 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-11 02:27 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-10 21:01 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-10 21:01 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-10 21:01 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-10 21:01 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-10 21:01 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-10 21:01 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-10 21:01 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-10 21:01 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-10 21:01 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-10 21:01 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-10 19:31 . 2015-02-05 17:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-07 10:22 . 2015-02-07 10:22 -------- d-----w- c:\users\PAINKILLER\AppData\Roaming\Ashampoo
2015-02-07 10:21 . 2015-02-07 10:22 -------- d-----w- c:\users\PAINKILLER\AppData\Local\ashampoo
2015-02-07 10:20 . 2015-02-07 10:21 -------- d-----w- c:\programdata\Ashampoo
2015-02-04 22:24 . 2015-02-04 22:24 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-01 11:23 . 2015-02-01 11:23 -------- d-----w- c:\users\PAINKILLER\AppData\Local\Creative
2015-01-24 12:30 . 2015-01-14 10:28 3066880 ----a-w- c:\windows\system32\pwNative.exe
2015-01-24 12:30 . 2013-09-30 15:26 19152 ------w- c:\windows\system32\pwdrvio.sys
2015-01-24 12:30 . 2013-09-30 15:26 12504 ------w- c:\windows\system32\pwdspio.sys
2015-01-24 12:29 . 2015-01-24 12:30 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Free 9.0
2015-01-23 18:32 . 2015-01-23 18:32 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-19 19:39 . 2014-09-24 15:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 21:01 . 2014-11-15 10:01 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2014-03-13 08:45 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2014-03-13 08:45 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2014-03-13 08:45 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2014-03-13 08:45 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2014-01-08 13:46 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-05 21:01 . 2013-03-27 22:10 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2013-03-27 22:10 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 19:07 . 2014-06-01 13:12 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2014-06-01 13:12 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2014-06-01 13:12 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2014-06-01 13:12 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2014-06-01 13:12 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2014-06-01 13:12 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 12:50 . 2014-06-01 13:12 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-04 22:24 . 2013-04-11 17:33 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 22:24 . 2013-03-30 09:59 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 18:31 . 2014-10-21 17:56 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-16 06:41 . 2014-06-06 19:05 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:41 . 2013-11-01 18:59 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:41 . 2014-06-06 19:05 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-01-16 06:41 . 2013-11-01 18:59 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-13 18:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 18:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 18:46 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-13 18:46 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 18:46 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 18:46 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-09-03 17:04 . 2014-09-11 07:57 226 ----a-w- c:\program files (x86)\update-Sims4-Origins.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-05-20 6160152]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-05-20 6160152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"CTxfiHlp"="CTXFIHLP.EXE" [2014-02-28 26112]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Sound Blaster Z-Series Control Panel"="c:\program files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" [2013-02-27 735744]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2015-02-19 1791856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2014-02-28 46592]
.
c:\users\SANDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe [x]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys;c:\windows\SYSNATIVE\drivers\hcw17bda.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 CtHdaSvc;Sound Blaster Audio Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 cthda;Sound Blaster Audio Driver;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 cthdb;Sound Blaster Audio Controller Driver;c:\windows\system32\DRIVERS\cthdb.sys;c:\windows\SYSNATIVE\DRIVERS\cthdb.sys [x]
S3 iusb3hub;Controlador del concentrador Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Controlador de la controladora de host Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - TRUESIGHT
*Deregistered* - kl1
*Deregistered* - KLIF
*Deregistered* - kltdi
*Deregistered* - kneps
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-18 20:56 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 22:24]
.
2015-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 01:47]
.
2015-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 62.81.29.254 62.81.16.213
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-Hauppauge Software MPEG-2 Decoder Installer - c:\windows\System32\HAUPPA~1\SMD06\UNWISE.EXE
AddRemove-Hauppauge Software MPEG-4 Decoder Installer - c:\windows\System32\HAUPPA~1\SMD08\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@denied: (A) (Users)
@denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@denied: (Full) (Everyone)
.
Completion time: 2015-02-20 21:02:11
ComboFix-quarantined-files.txt 2015-02-20 20:02
.
Pre-Run: 200.631.590.912 bytes libres
Post-Run: 201.022.566.400 bytes libres
.
- - End Of File - - 9F30B761671C0EBC4D046000ED75FC9E

Kbite · 21 Feb 2015

Hola edegecrusher.

No comentas si continúa el problema. Como habrás visto el ComboFix eliminó muchas entradas, entre ellas las referidas al navegador Comodo que no aparecía por ninguna parte.

Con la batería de programas que hemos pasado ya no debería existir el problema que comentabas, pero si aún no se resolvió solo me queda recomendarte que desinstales el antivirus que tienes ahora, el Microsoft Security Essentials, e instales la versión de prueba de Kaspersky para analizar el sistema en Modo seguro y en Modo completo, este antivirus es completamente funcional durante 30 días y es de los más capaces para desinfectar archivos rebeldes o difíciles de detectar. Una vez termines lo quitas, si quieres, e instalas de nuevo el de Microsoft.

Ya puedes desinstalar el ComboFix con las indicaciones que te dejé anteriormente ya que ya ha hecho su labor.

Ya nos dirás los resultados. Saludos, Kbite

edgecrusher · 21 Feb 2015

Pues parece que si se solucionó ya que cuando reinicio ya no aparece la alerta del virus. Con lo del antivirus ya lo había hecho y ya tengo instalado el Kas pero me falta hacer el análisis. Le volví a pasar el adwcleaner y sale limpio pero sigue diciendo que tengo 5 navegadores. En el PC hay dos cuentas, la mia y la de mi hija, puede ser que ella en su cuenta los tenga y por eso salen? En desinstalar programas siguen sin estar.

Kbite · 22 Feb 2015

Hola edgecrusher.

El "Panel de control / Desinstalar un programa" es único para todas las cuentas creadas en Windows, así que lo que te aparezca a tí le aparecerá a ella y viceversa.

Costó un poco deshacerse de la infección pero por fin se consiguió. Ahora solo queda recordarte lo siguiente:

Desinstala ComboFix tal como ya te indiqué.
Vuelve a ocultar los Archivos ocultos del sistema revirtiendo los pasos que diste.
Habilita de nuevo la Restauración del sistema para que se creen puntos nuevos y limpios.

Siendo dos usuarios en ese equipo te recomiendo un antivirus algo más fiable que el de Microsoft, este ya no es lo que fué en un principio, te recomiendo, de los gratuitos, el Avast, y de los de pago el Kaspersky o el ESET Nod 32, piensa que si tu hija tiene una edad en la que se mueve mucho por la red siempre puede ser un peligro lo que descargue o visite.

Te rogaría que nos confirmases si podemos dar el tema como solucionado para cerrarlo, cualquier aclaración la dejas en tu respuesta.

Saludos, Kbite

edgecrusher · 22 Feb 2015

Pues creo que si se puede dar por solucionado. Muchas gracias por toda la ayuda. Seguiré tus consejos sobre el antivirus. Saludos.

Solucionado Eliminar troyano

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro

Kbite

Aprender y compartir

edgecrusher

Miembro