Scribd Logo
Upload

Welcome to Scribd!

  • Caracas 3030

    Uploaded by

    cultura2107
    45 views5 pages

    Original Title

    caracas3030.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    45 views5 pages

    Caracas 3030

    Uploaded by

    cultura2107

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ComboFix 18-08-08.01 - JAIME-SSD 15/02/2019 10:53:27.2.

    2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.58.3082.18.3197.2155 [GMT -4,5:30]
    Running from: c:\users\JAIME-
    ~1\AppData\Local\Temp\scoped_dir3136_28864\ComboFix.exe
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    [i] ADS - drivers: deleted 212 bytes in 1 streams. [/i]
    .
    ((((((((((((((((((((((((( Files Created from 2019-01-15 to 2019-02-
    15 )))))))))))))))))))))))))))))))
    .
    .
    2019-02-15 15:29 . 2019-02-15 15:29 -------- d-----w-
    c:\users\Default\AppData\Local\temp
    2019-02-15 15:29 . 2019-02-15 15:29 -------- d-----w-
    c:\users\Administrador\AppData\Local\temp
    2019-02-13 13:27 . 2019-02-14 15:28 62576 ----a-w-
    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E14B3995-1F5A-
    454A-AB28-90D7DBA5E0AD}\offreg.dll
    2019-02-12 16:10 . 2019-02-12 16:10 -------- d-----w- C:\AdwCleaner
    2019-02-12 15:57 . 2019-02-12 15:57 153784 ----a-w-
    c:\windows\system32\drivers\9D84CE0C6.sys
    2019-02-12 15:55 . 2019-02-12 15:55 -------- d-----w- c:\programdata\GlarySoft
    2019-02-12 15:54 . 2019-02-12 15:54 17472 ----a-w-
    c:\windows\system32\drivers\GUBootStartup.sys
    2019-02-12 15:54 . 2019-02-12 15:54 -------- d-----w- c:\users\JAIME-
    SSD\AppData\Roaming\DiskDefrag
    2019-02-12 15:54 . 2019-02-12 16:09 -------- d-----w- c:\program files\Glary
    Utilities 5
    2019-02-06 14:42 . 2019-02-15 15:29 -------- d-----w- c:\users\JAIME-
    SSD\AppData\Local\temp
    2019-02-05 16:41 . 2019-02-06 14:06 -------- d--h--w- c:\users\JAIME-
    SSD\AppData\Roaming\fexblkyrk
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M
    Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2019-01-08 14:10 . 2013-10-15 14:42 842240 ----a-w-
    c:\windows\system32\FlashPlayerApp.exe
    2019-01-08 14:10 . 2013-10-15 14:42 175104 ----a-w-
    c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading
    Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-
    E2E7EF20C814}]
    2015-11-12 15:09 752416 ----a-w- c:\program files\IObit\IObit
    Uninstaller\UninstallExplorer.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-
    444553540026}]
    2014-06-17 14:52 1552544 ----a-w- c:\program files\GbPlugin\gbiehbdv.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2019-01-10 14679256]
    "CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner.exe" [2019-01-10
    14679256]
    "GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-12-
    01 44024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-24 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-24 171288]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
    "egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-04-19 170128]
    "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2018-06-28 432776]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04
    17408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecute
    Hooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399026}"= "c:\program files\GbPlugin\gbiehbdv.dll"
    [2014-06-17 1552544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\
    GbPluginBdv]
    2014-06-17 14:52 1552544 ----a-w- c:\program files\GbPlugin\gbiehbdv.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9D84CE0C.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9D84CE0C6.sys
    ]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start
    Menu^Programs^Startup^Start.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk
    backup=c:\windows\pss\Start.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^JAIME-SSD^AppData^Roaming^Microsoft^Windows^Start
    Menu^Programs^Startup^Start.lnk]
    path=c:\users\JAIME-SSD\AppData\Roaming\Microsoft\Windows\Start
    Menu\Programs\Startup\Start.lnk
    backup=c:\windows\pss\Start.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^JAIME-SSD^AppData^Roaming^Microsoft^Windows^Start
    Menu^Programs^Startup^user.lnk]
    path=c:\users\JAIME-SSD\AppData\Roaming\Microsoft\Windows\Start
    Menu\Programs\Startup\user.lnk
    backup=c:\windows\pss\user.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57 959904 ----a-w- c:\program files\Common
    Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-21 21:52 91520 ----a-w- c:\program files\Microsoft
    Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-03-13 17:28 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\OfficeSyncProcess]
    2010-01-16 14:24 717696 ----a-w- c:\program files\Microsoft
    Office\Office14\MSOSYNC.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raea]
    2013-10-12 01:15 141824 ----a-w- c:\windows\System32\wscript.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:14 248552 ----a-w- c:\program files\Common Files\Java\Java
    Update\jusched.exe
    .
    R3 blackberryncm;BlackBerryNCM
    Service;c:\windows\system32\DRIVERS\blackberryncm6.sys [2014-09-08 22016]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector
    Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport
    Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 rimvndis;BlackBerry Virtual Private
    Network;c:\windows\system32\Drivers\rimvndis6.sys [2015-03-19 14848]
    R3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt86win7.sys
    [2009-07-13 139776]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20
    77184]
    R3 terminpt;Microsoft Remote Desktop Input
    Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB
    Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 WatAdminSvc;Servicio de tecnolog�as de activaci�n de
    Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-23 1343400]
    R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952]
    R3 zghsdiag;ZTE General Handset Diagnostic
    Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 106752]
    R4 9D84CE0C;9D84CE0C;c:\windows\system32\drivers\9D84CE0C.sys [2018-06-08 153784]
    R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program
    files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
    S0 9D84CE0C6;9D84CE0C6;c:\windows\system32\drivers\9D84CE0C6.sys [2019-02-12
    153784]
    S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-05-08 47192]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2018-04-12 120728]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2018-04-12 150784]
    S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2018-04-12 93688]
    S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2019-
    02-12 17472]
    S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS
    [2015-09-22 23840]
    S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys
    [2014-08-14 37408]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe [2018-04-19
    1748896]
    S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2015-09-23 593120]
    S2 PDF24;PDF24;c:\program files\PDF24\pdf24.exe [2018-06-28 432776]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2017-03-
    27 75416]
    S3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET Security\ekrn.exe
    [2018-04-19 1748896]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2019-02-12 c:\windows\Tasks\GlaryInitialize 5.job
    - c:\program files\Glary Utilities 5\Initialize.exe [2017-12-01 08:33]
    .
    2019-02-12 c:\windows\Tasks\GlaryOneClickOptimizer 5.job
    - c:\program files\Glary Utilities 5\OneClickMaintenance.exe [2017-12-01 08:33]
    .
    2019-02-12 c:\windows\Tasks\GU5SkipUAC.job
    - c:\program files\Glary Utilities 5\Integrator.exe [2017-12-01 08:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.ru/cnt/10445?gp=834423
    mStart Page = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: bancodevenezuela.com\www
    Trusted Zone: banvenez.com\e-bdv
    Trusted Zone: banvenez.com\e-bdvcpx
    Trusted Zone: banvenez.corp\e-bdvscn
    Trusted Zone: banvenez.corp\e-bdvscw
    Trusted Zone: eset.com\help
    TCP: DhcpNameServer = 89.207.131.8 8.8.8.8
    TCP: Interfaces\{745B8530-5136-4BCC-B9E1-E16631A14893}: NameServer =
    8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\JAIME-
    SSD\AppData\Roaming\Mozilla\Firefox\Profiles\t49r369v.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://inline.go.mail.ru/homepage?
    inline_comp=ffhp15.1.11.102&inline_hp_cnt=11956636
    FF - prefs.js: keyword.URL - hxxp://int.search.tb.ask.com/search/GGmain.jhtml?
    st=kwd&ptb=04650696-323D-4091-BF40-
    954F9EADBD3D&n=782a0a0c&ind=2016021004&p2=^BXM^xdm104^YYA^ve&searchfor=
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2019-02-15 11:01:23
    ComboFix-quarantined-files.txt 2019-02-15 15:31
    ComboFix2.txt 2019-02-06 14:42
    .
    Pre-Run: 357.780.209.664 bytes libres
    Post-Run: 357.897.326.592 bytes libres
    .
    - - End Of File - - 952CC6A2C28F9048631E86FEBE21B8D8
    A36C5E4F47E84449FF07ED3517B43A31

    You might also like