ComboFix 19-11-04.01 - Administrador 09/12/2019 10:49:21.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.54.3082.18.8169.6846 [GMT -3:00] Running from: d:\ingenieria\ESCRITORIO\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Service KMSELDI -------\Service_uvnc_service . . ((((((((((((((((((((((((( Files Created from 2019-11-09 to 2019-12-09 ))))))))))))))))))))))))))))))) . . 2019-12-09 13:52 . 2019-12-09 14:07 -------- d-----w- c:\users\Administrador\AppData\Local\temp 2019-12-09 13:52 . 2019-12-09 13:52 -------- d-----w- c:\users\VICARIO\AppData\Local\temp 2019-12-09 13:52 . 2019-12-09 13:52 -------- d-----w- c:\users\TURNO NOCHE\AppData\Local\temp 2019-12-09 13:52 . 2019-12-09 13:52 -------- d-----w- c:\users\OPERADOR\AppData\Local\temp 2019-12-09 13:52 . 2019-12-09 13:52 -------- d-----w- c:\users\INDICADORES\AppData\Local\temp 2019-12-03 11:58 . 2019-12-03 11:58 -------- d-----w- C:\KVRT_Data 2019-12-03 10:34 . 2019-12-03 10:34 -------- d-----w- c:\users\Administrador\AppData\Local\ESET 2019-11-28 11:55 . 2019-11-28 11:55 -------- d-----w- c:\users\CESAR\AppData\Local\TeamViewer 2019-11-27 11:16 . 2019-11-27 11:16 -------- d-----w- c:\windows\ERUNT 2019-11-27 11:00 . 2019-11-27 11:00 -------- d-----w- c:\program files\CCleaner 2019-11-25 12:26 . 2019-12-09 13:41 -------- d-----w- C:\FRST 2019-11-25 11:22 . 2019-11-25 11:22 -------- d-----w- c:\programdata\Malwarebytes 2019-11-25 11:22 . 2019-11-25 11:22 255928 ----a-w- c:\windows\system32\drivers\63327507.sys 2019-11-25 11:16 . 2019-11-25 11:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2019-11-25 11:16 . 2019-11-25 11:16 192952 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2019-11-12 21:03 . 2010-11-21 03:27 748816 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] . c:\users\INDICADORES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Sincronizacion.bat [2017-6-1 27] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Sincronizacion.bat [2017-6-1 27] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "MaxGPOScriptWait"= 600 (0x258) "SoftwareSASGeneration"= 1 (0x1) "HideShutdownScripts"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ms64B4101AAppA] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Ms64B4101AAppA;Ms64B4101AAppA;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\78.0.3904.108\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\78.0.3904.108\elevation_service.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x] R3 PSEXESVC;PSEXESVC;c:\windows\PSEXESVC.exe;c:\windows\PSEXESVC.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] . . . --------- X64 Entries ----------- . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Ms64B4101AAppC . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: Interfaces\{1130A64F-362D-4CBE-86F9-5126AA29E8BE}: NameServer = 8.8.8.8,8.8.4.4 . - - - - ORPHANS REMOVED - - - - . SafeBoot-25992868.sys SafeBoot-dump_64B4101A.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IGS\UserChoice] @Denied: (2) (Administrator) "Progid"="IGS_auto_file" . [HKEY_USERS\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files (x86)\TeamViewer\TeamViewer_Service.exe . ************************************************************************** . Completion time: 2019-12-09 11:09:27 - machine was rebooted ComboFix-quarantined-files.txt 2019-12-09 14:09 . Pre-Run: 5,808,357,376 bytes libres Post-Run: 4,774,043,648 bytes libres . - - End Of File - - 665DE0E9004D0E8F16430B6AD56BFB21 A36C5E4F47E84449FF07ED3517B43A31