ComboFix 18-08-08.01 - Cesar 14/07/2019 8:40.11.

2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.51.3082.18.8137.6058 [GMT -5:00]
Running from: c:\users\Cesar\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World1\Desktop_1.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World1\Desktop_2.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World3\Desktop_1.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World3\Desktop_2.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World4\Desktop_1.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World4\Desktop_2.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World9\Desktop_1.ini
c:\program files (x86)\Mu Peruano 2019\Data\Sky\World9\Desktop_2.ini
.
.
((((((((((((((((((((((((( Files Created from 2019-06-14 to 2019-07-
14 )))))))))))))))))))))))))))))))
.
.
2019-07-14 13:46 . 2019-07-14 13:46 -------- d-----w-
c:\users\Public\AppData\Local\temp
2019-07-14 13:46 . 2019-07-14 13:46 -------- d-----w-
c:\users\Default\AppData\Local\temp
2019-07-12 14:59 . 2019-07-12 14:59 122960 ----a-w-
c:\windows\system32\RtNicProp64.dll
2019-07-12 14:59 . 2019-07-12 14:59 1121288 ----a-w-
c:\windows\system32\drivers\Rt64win7.sys
2019-07-12 14:48 . 2019-07-12 14:48 206128 ----a-w-
c:\windows\system32\drivers\nvhda64v.sys
2019-07-12 14:48 . 2019-07-12 14:48 40240 ----a-w-
c:\windows\system32\nvhdap64.dll
2019-07-12 14:48 . 2019-07-12 14:48 1524016 ----a-w-
c:\windows\system32\nvhdagenco6420103.dll
2019-07-12 14:47 . 2016-11-14 09:45 615992 ----a-w-
c:\windows\SysWow64\nvStreaming.exe
2019-06-15 16:00 . 2019-06-15 16:00 -------- d-----w- c:\program files
(x86)\Filtrar
2019-06-15 02:31 . 2019-07-12 12:18 -------- d-----w- c:\programdata\KMSAutoS
2019-06-15 02:31 . 2019-06-15 02:31 -------- d-----w-
c:\users\Cesar\AppData\Local\MSfree Inc
2019-06-15 02:29 . 2019-06-15 02:29 -------- d-----w- c:\program
files\Microsoft.NET
2019-06-15 02:28 . 2019-06-15 02:28 -------- d-----w-
c:\programdata\regid.1991-06.com.microsoft
2019-06-15 02:28 . 2019-06-15 02:28 -------- d-----w- c:\program files\Common
Files\DESIGNER
2019-06-15 02:28 . 2019-06-15 02:28 -------- d-----w- c:\program files
(x86)\Microsoft SQL Server
2019-06-15 02:28 . 2019-06-15 02:28 -------- d-----w- c:\program
files\Microsoft SQL Server
2019-06-15 02:28 . 2019-06-15 02:28 -------- d-----w- c:\windows\PCHEALTH
2019-06-15 02:25 . 2019-06-15 02:25 -------- d-----w- c:\program
files\Microsoft Analysis Services
2019-06-15 02:25 . 2019-06-15 02:25 -------- d-----w- c:\program files
(x86)\Microsoft Analysis Services
2019-06-15 02:25 . 2019-06-15 02:28 -------- d-----w- c:\program
files\Microsoft Office
2019-06-15 02:24 . 2019-06-15 02:24 -------- d-----r- C:\MSOCache
2019-06-15 00:33 . 2019-06-15 00:33 466456 ----a-w-
c:\windows\system32\wrap_oal.dll
2019-06-15 00:33 . 2019-06-15 00:33 444952 ----a-w-
c:\windows\SysWow64\wrap_oal.dll
2019-06-15 00:33 . 2019-06-15 00:33 122904 ----a-w-
c:\windows\system32\OpenAL32.dll
2019-06-15 00:33 . 2019-06-15 00:33 109080 ----a-w-
c:\windows\SysWow64\OpenAL32.dll
2019-06-15 00:33 . 2019-06-15 00:33 -------- d-----w- c:\program files
(x86)\OpenAL
2019-06-15 00:30 . 2019-06-15 00:30 -------- d-----w-
c:\windows\SysWow64\xlive
2019-06-15 00:30 . 2019-06-15 00:30 -------- d-----w- c:\program files
(x86)\Microsoft Games for Windows - LIVE
2019-06-15 00:29 . 2019-06-15 00:29 -------- d-----w- c:\program
files\Microsoft Silverlight
2019-06-15 00:29 . 2019-06-15 00:29 -------- d-----w- c:\program files
(x86)\Microsoft Silverlight
2019-06-15 00:27 . 2019-06-15 00:27 -------- d-----w- c:\program files
(x86)\Microsoft XNA
2019-06-15 00:25 . 2019-06-15 00:25 32221576 ----a-w-
c:\windows\SysWow64\atioglxx.dll
2019-06-15 00:25 . 2019-06-15 00:25 1579400 ----a-w-
c:\windows\system32\coinst_19.10.dll
2019-06-15 00:25 . 2019-06-15 00:25 39051656 ----a-w-
c:\windows\system32\atio6axx.dll
2019-06-15 00:23 . 2019-06-15 00:23 117744 ----a-w-
c:\windows\system32\drivers\amdhub30.sys
2019-06-15 00:21 . 2019-06-15 00:21 72520816 ----a-w-
c:\windows\system32\RCoRes64.dat
2019-06-15 00:21 . 2019-06-15 00:21 3677264 ----a-w-
c:\windows\system32\RTSnMg64.cpl
2019-06-15 00:04 . 2019-07-12 12:24 65536 ----a-w-
c:\windows\system32\spu_storage.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-07-12 14:59 . 2016-12-07 23:32 118928 ----a-w-
c:\windows\system32\RTNUninst64.dll
2019-06-20 13:52 . 2016-12-08 00:43 168104 ----a-w-
c:\windows\system32\drivers\aswMonFlt.sys
2019-06-18 12:45 . 2016-12-08 00:43 225600 ----a-w-
c:\windows\system32\drivers\aswStm.sys
2019-06-15 00:31 . 2016-12-10 02:28 842296 ----a-w-
c:\windows\SysWow64\FlashPlayerApp.exe
2019-06-15 00:31 . 2016-12-10 02:28 175160 ----a-w-
c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2019-06-15 00:24 . 2016-12-10 12:08 750984 ----a-w-
c:\windows\system32\atieclxx.exe
2019-06-15 00:24 . 2016-12-10 12:08 498056 ----a-w-
 c:\windows\system32\atiesrxx.exe
2019-06-15 00:24 . 2016-12-07 23:38 207688 ----a-w-
c:\windows\system32\atiuxp64.dll
2019-06-15 00:24 . 2016-12-10 12:08 13465888 ----a-w-
c:\windows\system32\atiumd6a.dll
2019-06-15 00:24 . 2016-12-10 12:08 229256 ----a-w-
c:\windows\system32\atig6txx.dll
2019-06-15 00:24 . 2016-12-07 23:38 26988752 ----a-w-
c:\windows\system32\atidxx64.dll
2019-06-15 00:24 . 2016-12-10 12:08 1695624 ----a-w-
c:\windows\system32\atiadlxx.dll
2019-06-15 00:24 . 2016-12-07 23:38 1946592 ----a-w-
c:\windows\system32\aticfx64.dll
2019-06-15 00:24 . 2016-12-10 12:08 57451912 ----a-w-
c:\windows\system32\amdocl64.dll
2019-06-15 00:24 . 2016-12-10 12:08 27344264 ----a-w-
c:\windows\system32\amdocl12cl64.dll
2019-05-31 13:01 . 2016-12-08 00:43 385880 ----a-w-
c:\windows\system32\drivers\aswVmm.sys
2019-05-23 12:56 . 2016-12-08 00:43 477584 ----a-w-
c:\windows\system32\drivers\aswSP.sys
2019-05-23 12:56 . 2016-12-08 00:43 87944 ----a-w-
c:\windows\system32\drivers\aswRvrt.sys
2019-05-23 12:56 . 2016-12-08 00:43 112312 ----a-w-
c:\windows\system32\drivers\aswRdr2.sys
2019-05-23 12:56 . 2018-10-15 12:16 42288 ----a-w-
c:\windows\system32\drivers\aswKbd.sys
2019-05-23 12:56 . 2019-02-13 12:11 279120 ----a-w-
c:\windows\system32\drivers\aswHdsKe.sys
2019-05-23 12:55 . 2019-05-23 12:57 363400 ----a-w-
c:\windows\system32\aswBoot.exe
2019-05-23 12:55 . 2019-01-15 14:41 37104 ----a-w-
c:\windows\system32\drivers\aswArDisk.sys
2019-05-23 12:55 . 2017-11-11 11:36 207448 ----a-w-
c:\windows\system32\drivers\aswArPot.sys
2019-05-23 12:55 . 2016-12-08 00:43 1030784 ----a-w-
c:\windows\system32\drivers\aswSnx.sys
2019-05-23 12:55 . 2019-01-15 14:41 61472 ----a-w-
c:\windows\system32\drivers\aswbuniv.sys
2019-05-23 12:55 . 2019-01-15 14:51 262496 ----a-w-
c:\windows\system32\drivers\aswbidsdriver.sys
2019-05-23 12:55 . 2019-01-15 14:41 205848 ----a-w-
c:\windows\system32\drivers\aswbidsh.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-31 15:01 1512152 ----a-w-
c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-31 15:01 1512152 ----a-w-
c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\
shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-31 15:01 1512152 ----a-w-
c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
c:\users\Cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Filtrar.lnk - c:\program files (x86)\Filtrar\Regpsvc.exe [2019-6-15 290816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe [2018-2-12 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D /k:E *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
R2
aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\a
swStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\wind
ows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST
Software\Avast\aswidsagent.exe;c:\program files\AVAST
Software\Avast\aswidsagent.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio
Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\Atihd
W76.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common
Files\BattlEye\BEService.exe;c:\program files (x86)\Common
Files\BattlEye\BEService.exe [x]
R3 BlueStacksDrv;BlueStacks Hypervisor;c:\program
files\BlueStacks\BstkDrv.sys;c:\program files\BlueStacks\BstkDrv.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files
(x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files
(x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files
(x86)\Google\Chrome\Application\75.0.3770.100\elevation_service.exe;c:\program
files (x86)\Google\Chrome\Application\75.0.3770.100\elevation_service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.
exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft
Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\driver
s\rdpvideominiport.sys [x]
R3
Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATI
VE\drivers\synth3dvsc.sys [x]
R3
TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\dri
vers\tsusbflt.sys [x]
R3
tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\dri
vers\tsusbhub.sys [x]
R3
VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvg
kmd.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys;c:\windows\xspirit.sys [x]
R4 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by
arvato;c:\program files\Common Files\Protexis\License
Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License
Service\PsiService_2.exe [x]
S0
amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRI
VERS\amdide64.sys [x]
S0
aswArDisk;aswArDisk;c:\windows\system32\drivers\aswArDisk.sys;c:\windows\SYSNATIVE\
drivers\aswArDisk.sys [x]
S0
aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys;c:\windows\SYSNATIVE\dri
vers\aswbidsh.sys [x]
S0
aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys;c:\windows\SYSNATIVE\dri
vers\aswbuniv.sys [x]
S0
aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\driver
s\aswRvrt.sys [x]
S0
aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\a
swVmm.sys [x]
S0 DeepFrz;DeepFrz; [x]
S1
aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\dri
vers\aswArPot.sys [x]
S1
aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys;c:\window
s\SYSNATIVE\drivers\aswbidsdriver.sys [x]
S1
aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\dri
vers\aswHdsKe.sys [x]
S1
aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\a
swKbd.sys [x]
S1
aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\a
swSnx.sys [x]
S1
aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswS
P.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel
Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO
64A.SYS [x]
S2 AMD External Events Utility;AMD External Events
Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program
files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program
files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program
files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program
files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2
aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\
drivers\aswMonFlt.sys [x]
S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-
0\DFServ.exe;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA
Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program
files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA
Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA
Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA
Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA
Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files
(x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA
Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdhub30;AMD USB 3.0 Hub
Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub
30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller
Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.s
ys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA
Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA
Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA
Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA
Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible)
(WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64
v.sys [x]
S3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64wi
n7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-05-23 12:55 1614216 ----a-w- c:\program files\AVAST
Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-05-23 12:55 1614216 ----a-w- c:\program files\AVAST
Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-05-23
262024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office16\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office16\EXCEL.EXE/3000
TCP: Interfaces\{F250A6E3-584F-424B-8D5F-C447EF35C6F2}: NameServer =
200.48.225.130,200.48.225.146
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files
(x86)\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files
(x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files
(x86)\Microsoft Office\Office16\MSOSB.DLL
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h
tm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h
tml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s
html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x
ht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x
html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_207_
ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_207_
ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.32"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\
{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft
Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2019-07-14 08:48:57
ComboFix-quarantined-files.txt 2019-07-14 13:48
ComboFix2.txt 2019-07-14 13:37
ComboFix3.txt 2019-03-22 15:59
ComboFix4.txt 2019-03-22 15:36
ComboFix5.txt 2019-07-14 13:39
.
Pre-Run: 85,324,521,472 bytes libres
Post-Run: 85,247,508,480 bytes libres
.
- - End Of File - - 2CC2C9D3D63E26EA22727EDFF536A710
A36C5E4F47E84449FF07ED3517B43A31