Caracas3030.txt
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Caracas3030.txt as PDF for free.
More details
- Words: 810
- Pages: 5
ComboFix 18-08-08.01 - JAIME-SSD 15/02/2019 10:53:27.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.58.3082.18.3197.2155 [GMT -4,5:30] Running from: c:\users\JAIME~1\AppData\Local\Temp\scoped_dir3136_28864\ComboFix.exe SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . [i] ADS - drivers: deleted 212 bytes in 1 streams. [/i] . ((((((((((((((((((((((((( Files Created from 2019-01-15 to 2019-0215 ))))))))))))))))))))))))))))))) . . 2019-02-15 15:29 . 2019-02-15 15:29 -------d-----wc:\users\Default\AppData\Local\temp 2019-02-15 15:29 . 2019-02-15 15:29 -------d-----wc:\users\Administrador\AppData\Local\temp 2019-02-13 13:27 . 2019-02-14 15:28 62576 ----a-wc:\programdata\Microsoft\Windows Defender\Definition Updates\{E14B3995-1F5A454A-AB28-90D7DBA5E0AD}\offreg.dll 2019-02-12 16:10 . 2019-02-12 16:10 -------d-----wC:\AdwCleaner 2019-02-12 15:57 . 2019-02-12 15:57 153784 ----a-wc:\windows\system32\drivers\9D84CE0C6.sys 2019-02-12 15:55 . 2019-02-12 15:55 -------d-----wc:\programdata\GlarySoft 2019-02-12 15:54 . 2019-02-12 15:54 17472 ----a-wc:\windows\system32\drivers\GUBootStartup.sys 2019-02-12 15:54 . 2019-02-12 15:54 -------d-----wc:\users\JAIMESSD\AppData\Roaming\DiskDefrag 2019-02-12 15:54 . 2019-02-12 16:09 -------d-----wc:\program files\Glary Utilities 5 2019-02-06 14:42 . 2019-02-15 15:29 -------d-----wc:\users\JAIMESSD\AppData\Local\temp 2019-02-05 16:41 . 2019-02-06 14:06 -------d--h--wc:\users\JAIMESSD\AppData\Roaming\fexblkyrk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2019-01-08 14:10 . 2013-10-15 14:42 842240 ----a-wc:\windows\system32\FlashPlayerApp.exe 2019-01-08 14:10 . 2013-10-15 14:42 175104 ----a-wc:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CEE2E7EF20C814}] 2015-11-12 15:09 752416 ----a-wc:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll .
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8444553540026}] 2014-06-17 14:52 1552544 ----a-wc:\program files\GbPlugin\gbiehbdv.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2019-01-10 14679256] "CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner.exe" [2019-01-10 14679256] "GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-1201 44024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-24 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-24 171288] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504] "egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-04-19 170128] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2018-06-28 432776] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecute Hooks] "{E37CB5F0-51F5-4395-A808-5FA49E399026}"= "c:\program files\GbPlugin\gbiehbdv.dll" [2014-06-17 1552544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBdv] 2014-06-17 14:52 1552544 ----a-wc:\program files\GbPlugin\gbiehbdv.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9D84CE0C.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9D84CE0C6.sys ] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk backup=c:\windows\pss\Start.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^JAIME-SSD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk] path=c:\users\JAIME-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk backup=c:\windows\pss\Start.lnk.Startup
backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^JAIME-SSD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^user.lnk] path=c:\users\JAIME-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk backup=c:\windows\pss\user.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-wc:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-01-21 21:52 91520 ----a-wc:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-03-13 17:28 75048 ----a-wc:\program files\CyberLink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-01-16 14:24 717696 ----a-wc:\program files\Microsoft Office\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raea] 2013-10-12 01:15 141824 ----a-wc:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:14 248552 ----a-wc:\program files\Common Files\Java\Java Update\jusched.exe . R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6.sys [2014-09-08 22016] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2015-03-19 14848] R3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 WatAdminSvc;Servicio de tecnolog�as de activaci�n de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-23 1343400] R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952] R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 106752] R4 9D84CE0C;9D84CE0C;c:\windows\system32\drivers\9D84CE0C.sys [2018-06-08 153784] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program
files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S0 9D84CE0C6;9D84CE0C6;c:\windows\system32\drivers\9D84CE0C6.sys [2019-02-12 153784] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-05-08 47192] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2018-04-12 120728] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2018-04-12 150784] S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2018-04-12 93688] S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [201902-12 17472] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-09-22 23840] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2014-08-14 37408] S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe [2018-04-19 1748896] S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2015-09-23 593120] S2 PDF24;PDF24;c:\program files\PDF24\pdf24.exe [2018-06-28 432776] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2017-0327 75416] S3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET Security\ekrn.exe [2018-04-19 1748896] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2019-02-12 c:\windows\Tasks\GlaryInitialize 5.job - c:\program files\Glary Utilities 5\Initialize.exe [2017-12-01 08:33] . 2019-02-12 c:\windows\Tasks\GlaryOneClickOptimizer 5.job - c:\program files\Glary Utilities 5\OneClickMaintenance.exe [2017-12-01 08:33] . 2019-02-12 c:\windows\Tasks\GU5SkipUAC.job - c:\program files\Glary Utilities 5\Integrator.exe [2017-12-01 08:33] . . ------- Supplementary Scan ------. uStart Page = hxxp://mail.ru/cnt/10445?gp=834423 mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: bancodevenezuela.com\www Trusted Zone: banvenez.com\e-bdv Trusted Zone: banvenez.com\e-bdvcpx Trusted Zone: banvenez.corp\e-bdvscn Trusted Zone: banvenez.corp\e-bdvscw Trusted Zone: eset.com\help TCP: DhcpNameServer = 89.207.131.8 8.8.8.8 TCP: Interfaces\{745B8530-5136-4BCC-B9E1-E16631A14893}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\JAIMESSD\AppData\Roaming\Mozilla\Firefox\Profiles\t49r369v.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://inline.go.mail.ru/homepage? inline_comp=ffhp15.1.11.102&inline_hp_cnt=11956636 FF - prefs.js: keyword.URL - hxxp://int.search.tb.ask.com/search/GGmain.jhtml?
st=kwd&ptb=04650696-323D-4091-BF40954F9EADBD3D&n=782a0a0c&ind=2016021004&p2=^BXM^xdm104^YYA^ve&searchfor= FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2019-02-15 11:01:23 ComboFix-quarantined-files.txt 2019-02-15 15:31 ComboFix2.txt 2019-02-06 14:42 . Pre-Run: 357.780.209.664 bytes libres Post-Run: 357.897.326.592 bytes libres . - - End Of File - - 952CC6A2C28F9048631E86FEBE21B8D8 A36C5E4F47E84449FF07ED3517B43A31
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8444553540026}] 2014-06-17 14:52 1552544 ----a-wc:\program files\GbPlugin\gbiehbdv.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2019-01-10 14679256] "CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner.exe" [2019-01-10 14679256] "GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-1201 44024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-24 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-24 171288] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504] "egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-04-19 170128] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2018-06-28 432776] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecute Hooks] "{E37CB5F0-51F5-4395-A808-5FA49E399026}"= "c:\program files\GbPlugin\gbiehbdv.dll" [2014-06-17 1552544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBdv] 2014-06-17 14:52 1552544 ----a-wc:\program files\GbPlugin\gbiehbdv.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9D84CE0C.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9D84CE0C6.sys ] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk backup=c:\windows\pss\Start.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^JAIME-SSD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk] path=c:\users\JAIME-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk backup=c:\windows\pss\Start.lnk.Startup
backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^JAIME-SSD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^user.lnk] path=c:\users\JAIME-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk backup=c:\windows\pss\user.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-wc:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-01-21 21:52 91520 ----a-wc:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-03-13 17:28 75048 ----a-wc:\program files\CyberLink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-01-16 14:24 717696 ----a-wc:\program files\Microsoft Office\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raea] 2013-10-12 01:15 141824 ----a-wc:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:14 248552 ----a-wc:\program files\Common Files\Java\Java Update\jusched.exe . R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6.sys [2014-09-08 22016] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2015-03-19 14848] R3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 WatAdminSvc;Servicio de tecnolog�as de activaci�n de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-23 1343400] R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952] R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 106752] R4 9D84CE0C;9D84CE0C;c:\windows\system32\drivers\9D84CE0C.sys [2018-06-08 153784] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program
files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S0 9D84CE0C6;9D84CE0C6;c:\windows\system32\drivers\9D84CE0C6.sys [2019-02-12 153784] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-05-08 47192] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2018-04-12 120728] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2018-04-12 150784] S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2018-04-12 93688] S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [201902-12 17472] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-09-22 23840] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2014-08-14 37408] S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe [2018-04-19 1748896] S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2015-09-23 593120] S2 PDF24;PDF24;c:\program files\PDF24\pdf24.exe [2018-06-28 432776] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2017-0327 75416] S3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET Security\ekrn.exe [2018-04-19 1748896] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2019-02-12 c:\windows\Tasks\GlaryInitialize 5.job - c:\program files\Glary Utilities 5\Initialize.exe [2017-12-01 08:33] . 2019-02-12 c:\windows\Tasks\GlaryOneClickOptimizer 5.job - c:\program files\Glary Utilities 5\OneClickMaintenance.exe [2017-12-01 08:33] . 2019-02-12 c:\windows\Tasks\GU5SkipUAC.job - c:\program files\Glary Utilities 5\Integrator.exe [2017-12-01 08:33] . . ------- Supplementary Scan ------. uStart Page = hxxp://mail.ru/cnt/10445?gp=834423 mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: bancodevenezuela.com\www Trusted Zone: banvenez.com\e-bdv Trusted Zone: banvenez.com\e-bdvcpx Trusted Zone: banvenez.corp\e-bdvscn Trusted Zone: banvenez.corp\e-bdvscw Trusted Zone: eset.com\help TCP: DhcpNameServer = 89.207.131.8 8.8.8.8 TCP: Interfaces\{745B8530-5136-4BCC-B9E1-E16631A14893}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\JAIMESSD\AppData\Roaming\Mozilla\Firefox\Profiles\t49r369v.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://inline.go.mail.ru/homepage? inline_comp=ffhp15.1.11.102&inline_hp_cnt=11956636 FF - prefs.js: keyword.URL - hxxp://int.search.tb.ask.com/search/GGmain.jhtml?
st=kwd&ptb=04650696-323D-4091-BF40954F9EADBD3D&n=782a0a0c&ind=2016021004&p2=^BXM^xdm104^YYA^ve&searchfor= FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2019-02-15 11:01:23 ComboFix-quarantined-files.txt 2019-02-15 15:31 ComboFix2.txt 2019-02-06 14:42 . Pre-Run: 357.780.209.664 bytes libres Post-Run: 357.897.326.592 bytes libres . - - End Of File - - 952CC6A2C28F9048631E86FEBE21B8D8 A36C5E4F47E84449FF07ED3517B43A31
More Documents from "cultura2107"
Licencia Funcionando Para Nod8_mayo2017.txt
October 2019 18