Hello, I'm new.
Today has happened several things, maybe casualities, maybe not. One, my graphic card has dead. Yesterday I saw the temp and it was 80ºC, the pc crashed several times, and the card has 4 years. I shutdowned the pc, but today the card is not responding at all. ok, its likely my fault. Well, after that, I restarted with another old card. All running fine. But suddenly I see a file called Putty.rnd, with modification date about 2011, after google about it, it says it is some random file created by a program to remoting access servers, obviously I have never used that program . After that, I try to access my router and I cant, because my user and password doesnt work. ?! Maybe my girlfriend who is able to confuse the router with a radio has changed the password and hasnt told me, or maybe I have alzheimer, but the password was written down in a sheet, and it wasnt the default password at all. I have had to reset my router. So everything is working fine, but the videocard.
Then, I have passed ComboFix. I dont have idea what it says, but if someone can tell me if I have been hacked or something, Ill be eternally thankful, otherwise you can call me paranoid. (I have deleted putty.rnd without problem)
ComboFix 12-06-28.03 - f0kvs 01/07/2012 11:29:49.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.4095.2691 [GMT 2:00]
Running from: I:\ComboFix.exe
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\f0kvs\AppData\Local\assembly\tmp
c:\users\f0kvs\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
C:\Windows 7 Activador.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 09:39 . 2012-07-01 09:39--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 09:39 . 2012-07-01 09:39--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-01 09:39 . 2012-07-01 09:39--------d-----w-c:\users\Administrador\AppData\Local\temp
2012-07-01 07:50 . 2012-07-01 07:500----a-w-c:\windows\ativpsrm.bin
2012-06-30 21:47 . 2012-06-30 21:47--------d-----w-c:\program files (x86)\Linksys Wireless-G PCI Wireless Network Monitor
2012-06-28 16:10 . 2012-06-28 16:10--------d-----w-c:\users\f0kvs\AppData\Roaming\PCToolsFirewallPlus
2012-06-28 16:08 . 2010-03-29 09:06233488----a-w-c:\windows\system32\drivers\PCTCore64.sys
2012-06-28 16:08 . 2011-03-24 10:39140800----a-w-c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-28 16:08 . 2011-01-17 07:09334976----a-w-c:\windows\system32\drivers\pctgntdi64.sys
2012-06-28 16:06 . 2012-06-28 16:08--------d-----w-c:\program files (x86)\Common Files\PC Tools
2012-06-28 16:06 . 2011-01-12 08:35119688----a-w-c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-06-28 16:06 . 2010-07-08 06:4979000----a-w-c:\windows\system32\drivers\pctNdis64.sys
2012-06-28 16:06 . 2010-02-05 06:2642968----a-w-c:\windows\system32\drivers\pctNdis-DNS64.sys
2012-06-28 16:06 . 2011-01-17 06:11179976----a-w-c:\windows\system32\drivers\pctplfw64.sys
2012-06-28 16:06 . 2012-06-28 16:10--------d-----w-c:\program files (x86)\PC Tools Firewall Plus
2012-06-24 14:17 . 2012-06-24 14:17--------d-----w-c:\programdata\MySQL
2012-06-24 14:17 . 2012-06-24 14:17--------d-----w-c:\program files\MySQL
2012-06-23 21:04 . 2007-09-07 15:33135168----a-w-c:\windows\SysWow64\EEBAPI.dll
2012-06-23 21:04 . 2007-03-28 16:2665536----a-w-c:\windows\SysWow64\EEBUtil.dll
2012-06-23 21:04 . 2006-12-19 16:31110592----a-w-c:\windows\SysWow64\EEBDSCVR.dll
2012-06-23 21:04 . 2006-12-19 16:2077824----a-w-c:\windows\SysWow64\EBAPI.dll
2012-06-23 20:54 . 2007-04-10 19:0610752----a-w-c:\windows\system32\E_GCINST.DLL
2012-06-23 20:54 . 2008-11-12 21:00118784----a-w-c:\windows\system32\E_ILMHRE.DLL
2012-06-23 20:54 . 2009-10-01 21:0188064----a-w-c:\windows\system32\E_IBCBHRE.DLL
2012-06-23 20:54 . 2012-06-23 21:16--------d-----w-c:\programdata\EPSON
2012-06-23 20:53 . 2011-08-09 22:00464384----a-w-c:\windows\system32\esxw2ud.dll
2012-06-23 20:53 . 2012-06-23 20:53--------d-----w-c:\program files (x86)\epson
2012-06-23 13:11 . 2012-06-26 05:58--------d-----w-c:\users\f0kvs\AppData\Roaming\SanDisk
2012-06-23 13:09 . 2012-06-23 13:09--------d-----w-c:\users\f0kvs\AppData\Roaming\SanDisk SecureAccess
2012-06-23 13:08 . 2012-06-23 13:08--------d-----w-c:\users\f0kvs\AppData\Local\Proxure
2012-06-23 13:07 . 2012-06-23 13:07--------d-----w-c:\programdata\ClubSanDisk
2012-06-21 16:24 . 2012-06-29 06:11--------d-----w-c:\users\f0kvs\AppData\Roaming\Skype
2012-06-21 16:24 . 2012-06-21 16:25--------d-----r-c:\program files (x86)\Skype
2012-06-21 16:24 . 2012-06-21 16:24--------d-----w-c:\program files (x86)\Common Files\Skype
2012-06-21 16:24 . 2012-06-21 16:25--------d-----w-c:\programdata\Skype
2012-06-19 21:20 . 2012-06-19 21:20--------d-----w-c:\program files (x86)\Paradox Interactive
2012-06-19 19:30 . 2012-06-19 19:35--------d-----w-c:\program files (x86)\HOI2 Doomsday Armageddon
2012-06-19 17:59 . 2012-06-19 17:59--------d-----w-c:\program files (x86)\Alcohol Soft
2012-06-19 17:52 . 2012-06-19 22:12--------d-----w-c:\users\f0kvs\AppData\Roaming\Vso
2012-06-19 17:52 . 2012-06-19 17:5299384----a-w-c:\users\f0kvs\AppData\Roaming\inst.exe
2012-06-19 17:52 . 2012-06-19 17:52118400----a-w-c:\windows\system32\drivers\ezplay.sys
2012-06-19 17:52 . 2012-06-19 17:52118400----a-w-c:\users\f0kvs\AppData\Roaming\ezplay.sys
2012-06-19 17:52 . 2012-06-19 17:52--------d-----w-c:\program files (x86)\VSO
2012-06-19 17:17 . 2012-06-19 17:17871408----a-w-c:\windows\system32\drivers\sptd.sys
2012-06-19 17:03 . 2012-06-19 17:03--------d-----w-c:\users\f0kvs\AppData\Roaming\Canneverbe Limited
2012-06-19 17:03 . 2012-06-19 17:03--------d-----w-c:\programdata\Canneverbe Limited
2012-06-19 17:03 . 2012-06-19 17:03--------d-----w-c:\program files (x86)\CDBurnerXP
2012-06-19 16:44 . 1999-09-10 11:065600----a-w-c:\windows\system\winaspi.dll
2012-06-19 16:44 . 1999-09-10 11:064672----a-w-c:\windows\system\wowpost.exe
2012-06-19 16:44 . 1999-09-10 11:0645056----a-w-c:\windows\SysWow64\wnaspi32.dll
2012-06-19 16:07 . 2012-06-19 16:07--------d-----w-c:\programdata\SlySoft
2012-06-19 16:05 . 2012-06-19 17:54--------d-----w-c:\program files (x86)\SlySoft
2012-06-19 15:35 . 2012-06-19 15:354967624----a-w-c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 06:00 . 2012-06-19 06:00--------d-----w-c:\users\f0kvs\AppData\Local\Macromedia
2012-06-18 16:12 . 2012-06-18 16:13--------d-----w-c:\program files\iTunes
2012-06-18 16:12 . 2012-06-18 16:13--------d-----w-c:\program files (x86)\iTunes
2012-06-18 16:12 . 2012-06-18 16:12--------d-----w-c:\program files\iPod
2012-06-17 10:49 . 2012-06-17 10:49476936----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-06-10 14:09 . 2012-06-10 14:09770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 14:09 . 2012-06-10 14:09421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 19:45 . 2012-06-19 18:57--------d-----w-c:\users\f0kvs\AppData\Local\PokerStars.ES
2012-06-05 19:44 . 2012-06-05 19:45--------d-----w-c:\program files (x86)\PokerStars.ES
2012-06-03 15:26 . 2012-06-03 16:33--------d-----w-c:\program files (x86)\Ardamax Keylogger Removal Tool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 16:13 . 2012-04-01 12:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 16:13 . 2011-08-03 21:4770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 10:49 . 2011-02-22 15:45472840----a-w-c:\windows\SysWow64\deployJava1.dll
2012-05-05 14:36 . 2012-05-05 14:3651496----a-w-c:\windows\system32\drivers\stflt.sys
2012-04-18 18:56 . 2012-04-18 18:5694208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:5669632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2011-06-26 08:0224904----a-w-c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:41 . 488637971582135BB5A7C7313A4C151B . 848384 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
.
c:\windows\system32\qmgr.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RegistrarUsrDNIeCertStoreDLL"="c:\program files (x86)\DNIe\udcs.exe" [2009-03-02 39424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"FileServe Manager Task"="c:\program files (x86)\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\f0kvs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio de Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2009-06-02 438784]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [2008-12-12 95896]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-11-04 117040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-06-19 871408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-21 254528]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2011-01-17 334976]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-02-20 140672]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft Research KinectSDK\Service\KinectManagementService.exe [2011-07-20 125440]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-05-05 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-03-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2011-01-12 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2011-01-17 179976]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - pctESPInject
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:13]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 01:43]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 01:43]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660138542-3048796690-3408885898-1000Core.job
- c:\users\f0kvs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 18:51]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660138542-3048796690-3408885898-1000UA.job
- c:\users\f0kvs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://www.bigseekpro.com/video2down/{5108F26F-D9A8-42B6-9A62-638B5494074C}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CC0FC7CF-E588-4b33-B148-C657708AB9C4} - c:\program files (x86)\PokerStars.ES\PokerStarsUpdate.exe
TCP: Interfaces\{23689CC1-B044-4CD3-9CAB-C88E91900707}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{42B98BBB-5874-48CB-B1EC-DDCCEB9684F9}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{97EE9867-4FC1-4790-9271-0743B82E467B}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\f0kvs\AppData\Roaming\Mozilla\Firefox\Profiles\p056etsd.default\
FF - prefs.js: browser.startup.homepage - www.google.es
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Completion time: 2012-07-01 11:46:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 09:46
.
Pre-Run: 21.693.558.784 bytes libres
Post-Run: 22.319.104.000 bytes libres
.
- - End Of File - - 50F13C9EDF62EF7EDA868863CB3C5380
Today has happened several things, maybe casualities, maybe not. One, my graphic card has dead. Yesterday I saw the temp and it was 80ºC, the pc crashed several times, and the card has 4 years. I shutdowned the pc, but today the card is not responding at all. ok, its likely my fault. Well, after that, I restarted with another old card. All running fine. But suddenly I see a file called Putty.rnd, with modification date about 2011, after google about it, it says it is some random file created by a program to remoting access servers, obviously I have never used that program . After that, I try to access my router and I cant, because my user and password doesnt work. ?! Maybe my girlfriend who is able to confuse the router with a radio has changed the password and hasnt told me, or maybe I have alzheimer, but the password was written down in a sheet, and it wasnt the default password at all. I have had to reset my router. So everything is working fine, but the videocard.
Then, I have passed ComboFix. I dont have idea what it says, but if someone can tell me if I have been hacked or something, Ill be eternally thankful, otherwise you can call me paranoid. (I have deleted putty.rnd without problem)
ComboFix 12-06-28.03 - f0kvs 01/07/2012 11:29:49.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.4095.2691 [GMT 2:00]
Running from: I:\ComboFix.exe
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\f0kvs\AppData\Local\assembly\tmp
c:\users\f0kvs\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
C:\Windows 7 Activador.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 09:39 . 2012-07-01 09:39--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 09:39 . 2012-07-01 09:39--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-01 09:39 . 2012-07-01 09:39--------d-----w-c:\users\Administrador\AppData\Local\temp
2012-07-01 07:50 . 2012-07-01 07:500----a-w-c:\windows\ativpsrm.bin
2012-06-30 21:47 . 2012-06-30 21:47--------d-----w-c:\program files (x86)\Linksys Wireless-G PCI Wireless Network Monitor
2012-06-28 16:10 . 2012-06-28 16:10--------d-----w-c:\users\f0kvs\AppData\Roaming\PCToolsFirewallPlus
2012-06-28 16:08 . 2010-03-29 09:06233488----a-w-c:\windows\system32\drivers\PCTCore64.sys
2012-06-28 16:08 . 2011-03-24 10:39140800----a-w-c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-28 16:08 . 2011-01-17 07:09334976----a-w-c:\windows\system32\drivers\pctgntdi64.sys
2012-06-28 16:06 . 2012-06-28 16:08--------d-----w-c:\program files (x86)\Common Files\PC Tools
2012-06-28 16:06 . 2011-01-12 08:35119688----a-w-c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-06-28 16:06 . 2010-07-08 06:4979000----a-w-c:\windows\system32\drivers\pctNdis64.sys
2012-06-28 16:06 . 2010-02-05 06:2642968----a-w-c:\windows\system32\drivers\pctNdis-DNS64.sys
2012-06-28 16:06 . 2011-01-17 06:11179976----a-w-c:\windows\system32\drivers\pctplfw64.sys
2012-06-28 16:06 . 2012-06-28 16:10--------d-----w-c:\program files (x86)\PC Tools Firewall Plus
2012-06-24 14:17 . 2012-06-24 14:17--------d-----w-c:\programdata\MySQL
2012-06-24 14:17 . 2012-06-24 14:17--------d-----w-c:\program files\MySQL
2012-06-23 21:04 . 2007-09-07 15:33135168----a-w-c:\windows\SysWow64\EEBAPI.dll
2012-06-23 21:04 . 2007-03-28 16:2665536----a-w-c:\windows\SysWow64\EEBUtil.dll
2012-06-23 21:04 . 2006-12-19 16:31110592----a-w-c:\windows\SysWow64\EEBDSCVR.dll
2012-06-23 21:04 . 2006-12-19 16:2077824----a-w-c:\windows\SysWow64\EBAPI.dll
2012-06-23 20:54 . 2007-04-10 19:0610752----a-w-c:\windows\system32\E_GCINST.DLL
2012-06-23 20:54 . 2008-11-12 21:00118784----a-w-c:\windows\system32\E_ILMHRE.DLL
2012-06-23 20:54 . 2009-10-01 21:0188064----a-w-c:\windows\system32\E_IBCBHRE.DLL
2012-06-23 20:54 . 2012-06-23 21:16--------d-----w-c:\programdata\EPSON
2012-06-23 20:53 . 2011-08-09 22:00464384----a-w-c:\windows\system32\esxw2ud.dll
2012-06-23 20:53 . 2012-06-23 20:53--------d-----w-c:\program files (x86)\epson
2012-06-23 13:11 . 2012-06-26 05:58--------d-----w-c:\users\f0kvs\AppData\Roaming\SanDisk
2012-06-23 13:09 . 2012-06-23 13:09--------d-----w-c:\users\f0kvs\AppData\Roaming\SanDisk SecureAccess
2012-06-23 13:08 . 2012-06-23 13:08--------d-----w-c:\users\f0kvs\AppData\Local\Proxure
2012-06-23 13:07 . 2012-06-23 13:07--------d-----w-c:\programdata\ClubSanDisk
2012-06-21 16:24 . 2012-06-29 06:11--------d-----w-c:\users\f0kvs\AppData\Roaming\Skype
2012-06-21 16:24 . 2012-06-21 16:25--------d-----r-c:\program files (x86)\Skype
2012-06-21 16:24 . 2012-06-21 16:24--------d-----w-c:\program files (x86)\Common Files\Skype
2012-06-21 16:24 . 2012-06-21 16:25--------d-----w-c:\programdata\Skype
2012-06-19 21:20 . 2012-06-19 21:20--------d-----w-c:\program files (x86)\Paradox Interactive
2012-06-19 19:30 . 2012-06-19 19:35--------d-----w-c:\program files (x86)\HOI2 Doomsday Armageddon
2012-06-19 17:59 . 2012-06-19 17:59--------d-----w-c:\program files (x86)\Alcohol Soft
2012-06-19 17:52 . 2012-06-19 22:12--------d-----w-c:\users\f0kvs\AppData\Roaming\Vso
2012-06-19 17:52 . 2012-06-19 17:5299384----a-w-c:\users\f0kvs\AppData\Roaming\inst.exe
2012-06-19 17:52 . 2012-06-19 17:52118400----a-w-c:\windows\system32\drivers\ezplay.sys
2012-06-19 17:52 . 2012-06-19 17:52118400----a-w-c:\users\f0kvs\AppData\Roaming\ezplay.sys
2012-06-19 17:52 . 2012-06-19 17:52--------d-----w-c:\program files (x86)\VSO
2012-06-19 17:17 . 2012-06-19 17:17871408----a-w-c:\windows\system32\drivers\sptd.sys
2012-06-19 17:03 . 2012-06-19 17:03--------d-----w-c:\users\f0kvs\AppData\Roaming\Canneverbe Limited
2012-06-19 17:03 . 2012-06-19 17:03--------d-----w-c:\programdata\Canneverbe Limited
2012-06-19 17:03 . 2012-06-19 17:03--------d-----w-c:\program files (x86)\CDBurnerXP
2012-06-19 16:44 . 1999-09-10 11:065600----a-w-c:\windows\system\winaspi.dll
2012-06-19 16:44 . 1999-09-10 11:064672----a-w-c:\windows\system\wowpost.exe
2012-06-19 16:44 . 1999-09-10 11:0645056----a-w-c:\windows\SysWow64\wnaspi32.dll
2012-06-19 16:07 . 2012-06-19 16:07--------d-----w-c:\programdata\SlySoft
2012-06-19 16:05 . 2012-06-19 17:54--------d-----w-c:\program files (x86)\SlySoft
2012-06-19 15:35 . 2012-06-19 15:354967624----a-w-c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 06:00 . 2012-06-19 06:00--------d-----w-c:\users\f0kvs\AppData\Local\Macromedia
2012-06-18 16:12 . 2012-06-18 16:13--------d-----w-c:\program files\iTunes
2012-06-18 16:12 . 2012-06-18 16:13--------d-----w-c:\program files (x86)\iTunes
2012-06-18 16:12 . 2012-06-18 16:12--------d-----w-c:\program files\iPod
2012-06-17 10:49 . 2012-06-17 10:49476936----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-06-10 14:09 . 2012-06-10 14:09770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 14:09 . 2012-06-10 14:09421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 19:45 . 2012-06-19 18:57--------d-----w-c:\users\f0kvs\AppData\Local\PokerStars.ES
2012-06-05 19:44 . 2012-06-05 19:45--------d-----w-c:\program files (x86)\PokerStars.ES
2012-06-03 15:26 . 2012-06-03 16:33--------d-----w-c:\program files (x86)\Ardamax Keylogger Removal Tool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 16:13 . 2012-04-01 12:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 16:13 . 2011-08-03 21:4770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 10:49 . 2011-02-22 15:45472840----a-w-c:\windows\SysWow64\deployJava1.dll
2012-05-05 14:36 . 2012-05-05 14:3651496----a-w-c:\windows\system32\drivers\stflt.sys
2012-04-18 18:56 . 2012-04-18 18:5694208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:5669632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2011-06-26 08:0224904----a-w-c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:41 . 488637971582135BB5A7C7313A4C151B . 848384 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
.
c:\windows\system32\qmgr.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RegistrarUsrDNIeCertStoreDLL"="c:\program files (x86)\DNIe\udcs.exe" [2009-03-02 39424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"FileServe Manager Task"="c:\program files (x86)\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\f0kvs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio de Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2009-06-02 438784]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [2008-12-12 95896]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-11-04 117040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-06-19 871408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-21 254528]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2011-01-17 334976]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-02-20 140672]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft Research KinectSDK\Service\KinectManagementService.exe [2011-07-20 125440]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-05-05 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-03-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2011-01-12 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2011-01-17 179976]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - pctESPInject
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:13]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 01:43]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 01:43]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660138542-3048796690-3408885898-1000Core.job
- c:\users\f0kvs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 18:51]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660138542-3048796690-3408885898-1000UA.job
- c:\users\f0kvs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://www.bigseekpro.com/video2down/{5108F26F-D9A8-42B6-9A62-638B5494074C}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CC0FC7CF-E588-4b33-B148-C657708AB9C4} - c:\program files (x86)\PokerStars.ES\PokerStarsUpdate.exe
TCP: Interfaces\{23689CC1-B044-4CD3-9CAB-C88E91900707}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{42B98BBB-5874-48CB-B1EC-DDCCEB9684F9}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{97EE9867-4FC1-4790-9271-0743B82E467B}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\f0kvs\AppData\Roaming\Mozilla\Firefox\Profiles\p056etsd.default\
FF - prefs.js: browser.startup.homepage - www.google.es
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Completion time: 2012-07-01 11:46:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 09:46
.
Pre-Run: 21.693.558.784 bytes libres
Post-Run: 22.319.104.000 bytes libres
.
- - End Of File - - 50F13C9EDF62EF7EDA868863CB3C5380