• Registrarse
  • Iniciar sesión


  • Resultados 1 al 3 de 3

    W7 y W10 no permite la ejecucion .exe

    (1/2) Estimados, le describo mi problema que me sucede con 2 equipos uno con W7 y el otro W10 (disculpen lo extenso, pero adjunto todos los logs) Desde la sesion normal no puedo ejecutar ningun ...

    1. #1
      Usuario Avatar de calvarez83
      Registrado
      may 2017
      Ubicación
      Ecuador
      Mensajes
      2

      Malware W7 y W10 no permite la ejecucion .exe

      (1/2)
      Estimados, le describo mi problema que me sucede con 2 equipos uno con W7 y el otro W10 (disculpen lo extenso, pero adjunto todos los logs)

      Desde la sesion normal no puedo ejecutar ningun .exe o aplicativo de office, pdf, etc
      De los navegadores solo me permite usar el chrome y abrir el notepad.

      Solo puedo correr las herramientas abajo mencionadas desde Safe Mode, cabe mencionar que MalwareByte no me deja activar la proteccion en tiempo real y el Windows Defender esta inhabilitado

      Siguiendo las reglas del foro procedi con la ejecucion de los siguientes programas que recomiendan a los cuales adjunto los Logs
      -Rkill
      -Jrt
      -AdwCleaner
      -Combofix
      -Elistara
      -Eset Scaner
      -Malwarebyte
      -Ccleaner

      Los eh ejecutado por 2 ocasiones en Safe Mode como Administrador, pero al volver al inicio normal de Windows el problema persiste. Eh ejecutado unas herramientas para corregir la asociación de los .exe en el Registro, pero el problema persiste.

      Quedo pendiente y muy agradecido de la ayuda de una mano experta.


      Logs:
      *****

      Rkill
      Rkill 2.8.4 by Lawrence Abrams (Grinler)
      http://www.bleepingcomputer.com/
      Copyright 2008-2017 BleepingComputer.com
      More Information about Rkill can be found at this link:
      http://www.bleepingcomputer.com/forums/topic308364.html

      Program started at: 05/20/2017 10:27:58 AM in x64 mode. (Safe Mode)
      Windows Version: Windows 7 Home Premium Service Pack 1

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * No malware processes found to kill.

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * No issues found.

      Checking Windows Service Integrity:

      * COM+ Event System (EventSystem) is not Running.
      Startup Type set to: Automatic

      * Security Center (wscsvc) is not Running.
      Startup Type set to: Automatic (Delayed Start)

      * Windows Update (wuauserv) is not Running.
      Startup Type set to: Automatic (Delayed Start)

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * HOSTS file entries found:

      127.0.0.1 localhost

      Program finished at: 05/20/2017 10:31:03 AM
      Execution time: 0 hours(s), 3 minute(s), and 4 seconds(s)

      ComboFix

      ComboFix 17-05-16.01 - leo 05/19/2017 19:36:47.2.2 - x64 MINIMAL
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2766.1866 [GMT -5:00]
      Running from: c:\users\leo\Downloads\App Remove Virus\ComboFix.exe
      AV: Baidu Antivirus *Enabled/Updated* {0B023102-4312-4570-585A-1BAAA3570E16}
      AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
      SP: Baidu Antivirus *Disabled/Updated* {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}
      SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\InfoSat.txt
      .
      .
      ((((((((((((((((((((((((( Files Created from 2017-04-20 to 2017-05-20 )))))))))))))))))))))))))))))))
      .
      .
      2017-05-20 00:50 . 2017-05-20 00:50 -------- d-----w- c:\users\Marjorie\AppData\Local\temp
      2017-05-20 00:50 . 2017-05-20 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
      2017-05-18 16:09 . 2017-05-18 16:10 156335152 -c--a-w- c:\windows\system32\MRT.exe
      2017-05-18 15:15 . 2016-08-21 21:31 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08098ECE-6A9E-45EE-A5AE-3C0D447CCE04}\gapaengine.dll
      2017-05-18 15:12 . 2017-05-06 16:40 12994104 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E87077A1-1447-4C17-B948-ADE849237AC3}\mpengine.dll
      2017-05-18 15:06 . 2014-09-19 02:26 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
      2017-05-18 15:06 . 2014-09-19 01:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
      2017-05-18 15:06 . 2014-09-19 01:01 195584 ----a-w- c:\windows\system32\msrating.dll
      2017-05-18 15:06 . 2014-09-19 00:33 2309632 ----a-w- c:\windows\system32\wininet.dll
      2017-05-18 15:06 . 2014-09-19 00:04 360448 ----a-w- c:\program files\Internet Explorer\IEShims.dll
      2017-05-18 15:06 . 2014-09-18 23:59 775168 ----a-w- c:\windows\system32\ieapfltr.dll
      2017-05-18 15:06 . 2014-10-07 02:54 293040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
      2017-05-18 15:06 . 2014-09-19 02:25 23631360 ----a-w- c:\windows\system32\mshtml.dll
      2017-05-18 15:06 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2017-05-18 15:06 . 2014-09-19 01:00 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
      2017-05-18 03:07 . 2016-01-22 06:27 5573056 ----a-w- c:\windows\system32\ntoskrnl.exe
      2017-05-18 03:06 . 2016-01-22 06:13 43520 ----a-w- c:\windows\system32\csrsrv.dll
      2017-05-18 03:05 . 2016-06-26 00:27 756736 ----a-w- c:\windows\system32\win32spl.dll
      2017-05-18 03:05 . 2016-06-26 00:27 344576 ----a-w- c:\windows\system32\ntprint.dll
      2017-05-18 03:05 . 2016-06-26 00:27 970240 ----a-w- c:\windows\system32\localspl.dll
      2017-05-18 03:05 . 2016-06-26 00:27 166400 ----a-w- c:\windows\system32\inetpp.dll
      2017-05-18 03:05 . 2016-06-25 19:54 497152 ----a-w- c:\windows\SysWow64\win32spl.dll
      2017-05-18 03:05 . 2016-06-26 00:27 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
      2017-05-18 03:05 . 2016-06-26 00:27 22528 ----a-w- c:\windows\system32\inetppui.dll
      2017-05-18 03:05 . 2016-06-25 19:53 297472 ----a-w- c:\windows\SysWow64\ntprint.dll
      2017-05-18 03:05 . 2016-06-25 19:53 48640 ----a-w- c:\windows\system32\wpnpinst.exe
      2017-05-18 03:05 . 2016-06-25 19:53 61952 ----a-w- c:\windows\system32\ntprint.exe
      2017-05-18 03:05 . 2016-06-25 19:41 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
      2017-05-18 02:52 . 2015-12-08 21:54 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
      2017-05-18 02:51 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
      2017-05-18 02:50 . 2015-11-13 23:09 91648 ----a-w- c:\windows\system32\mapi32.dll
      2017-05-18 02:37 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
      2017-05-18 02:37 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
      2017-05-17 20:34 . 2017-05-17 20:36 -------- d-----w- C:\f99e8b0e39135533217e
      2017-05-17 18:28 . 2017-05-17 18:35 -------- d-----w- C:\03c422335a3fdf38fbf9d69d
      2017-05-17 18:13 . 2014-07-17 02:07 1118720 ----a-w- c:\windows\system32\mstsc.exe
      2017-05-17 18:13 . 2014-07-17 01:39 1051136 ----a-w- c:\windows\SysWow64\mstsc.exe
      2017-05-17 18:13 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
      2017-05-17 18:13 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
      2017-05-17 18:13 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
      2017-05-17 18:13 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
      2017-05-17 18:13 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
      2017-05-17 18:13 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
      2017-05-17 18:10 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
      2017-05-17 18:10 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
      2017-05-17 18:10 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
      2017-05-17 18:10 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
      2017-05-17 18:08 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
      2017-05-17 18:07 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
      2017-05-17 18:07 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
      2017-05-17 18:06 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
      2017-05-17 18:06 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
      2017-05-17 18:06 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
      2017-05-17 18:06 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
      2017-05-17 18:06 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
      2017-05-17 18:06 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
      2017-05-17 18:06 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
      2017-05-17 18:06 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
      2017-05-17 18:06 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
      2017-05-17 18:06 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
      2017-05-17 18:06 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
      2017-05-17 18:06 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
      2017-05-17 18:05 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
      2017-05-17 18:05 . 2015-02-03 03:12 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
      2017-05-17 18:03 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
      2017-05-17 18:03 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
      2017-05-17 18:03 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
      2017-05-17 18:03 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
      2017-05-17 18:03 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
      2017-05-17 18:03 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
      2017-05-17 18:03 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
      2017-05-17 18:03 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
      2017-05-17 18:03 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
      2017-05-17 18:03 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
      2017-05-17 17:35 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
      2017-05-17 17:35 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
      2017-05-17 14:42 . 2017-05-06 16:40 12994104 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2017-04-07 22:06 . 2010-11-21 03:27 532136 ------w- c:\windows\system32\MpSigStub.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Pending)]
      @="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
      [HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
      2016-11-11 12:31 564736 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Synced)]
      @="{05B38830-F4E9-4329-978B-1DD28605D202}"
      [HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
      2016-11-11 12:31 564736 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Syncing)]
      @="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
      [HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
      2016-11-11 12:31 564736 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
      @="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
      [HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
      2010-07-07 17:57 153064 ----a-w- c:\windows\SysWOW64\pfmshx_463.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-08-05 8894680]
      "XperiaCompanionAgent"="c:\program files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe" [2016-12-22 2088832]
      "CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2016-08-05 8894680]
      "GoogleChromeAutoLaunch_DFC5638A049BE14278129BFBF4CF825C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2017-05-09 1143640]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Baidu Antivirus"="c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe" [2016-08-21 1998832]
      "KillWC"="c:\windows\KillWC.exe" [2017-05-15 75376]
      .
      c:\users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      MEGAsync.lnk - c:\programdata\MEGAsync\MEGAsync.exe [2016-8-18 5124560]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"
      .
      R0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys;c:\windows\SYSNATIVE\drivers\Bhbase.sys [x]
      R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
      R1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
      R1 Bnbase;Bnbase;c:\windows\system32\drivers\bnbasex64.sys;c:\windows\SYSNATIVE\drivers\bnbasex64.sys [x]
      R1 Bndef;Baidu NetDefense;c:\windows\System32\drivers\bndef64.sys;c:\windows\SYSNATIVE\drivers\bndef64.sys [x]
      R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
      R2 BHipsSvc;Baidu Hips Service;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe [x]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
      R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
      R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
      R2 KVPNCSvc;Kerio VPN Client Service;c:\program files (x86)\Kerio\VPN Client\kvpncsvc.exe;c:\program files (x86)\Kerio\VPN Client\kvpncsvc.exe [x]
      R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
      R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
      R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
      R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
      R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
      R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
      R2 XperiaCompanionService;Xperia Companion Service;c:\program files\Sony\Xperia Companion\Service\XperiaCompanionService.exe;c:\program files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [x]
      R3 AFTrafMgr1.1;AFTrafMgr1.1;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [x]
      R3 BdApiUtil;BdApiUtil;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdApiUtil64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdApiUtil64.sys [x]
      R3 bdark64;bdark64;c:\windows\system32\drivers\bdark64.sys;c:\windows\SYSNATIVE\drivers\bdark64.sys [x]
      R3 BdCameraProtect;BdCameraProtect;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdCameraProtect64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdCameraProtect64.sys [x]
      R3 BdSandbox;Baidu BdSandbox Driver;c:\windows\System32\drivers\BdSandbox.sys;c:\windows\SYSNATIVE\drivers\BdSandbox.sys [x]
      R3 BdSandboxSrv;Baidu BdSandbox Virtual Service;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxSrv64.exe;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxSrv64.exe [x]
      R3 Bnmon;(Bnmon);c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Bnmon64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Bnmon64.sys [x]
      R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
      R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys;c:\windows\SYSNATIVE\DRIVERS\kvnet.sys [x]
      R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
      R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
      R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
      R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
      R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
      R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
      R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
      R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
      S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
      S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
      S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
      S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys;c:\windows\SYSNATIVE\Drivers\pfmfs_463.sys [x]
      S2 BavSvc;Baidu Antivirus Service;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe;c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe [x]
      S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
      .
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Pending)]
      @="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
      [HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
      2016-11-11 12:31 592384 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Synced)]
      @="{05B38830-F4E9-4329-978B-1DD28605D202}"
      [HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
      2016-11-11 12:31 592384 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Syncing)]
      @="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
      [HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
      2016-11-11 12:31 592384 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
      @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
      [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
      2012-10-02 01:47 2322576 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
      @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
      [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
      2012-10-02 01:47 2322576 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
      @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
      [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
      2012-10-02 01:47 2322576 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BaiduAntivirusIconLock]
      @="{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}"
      [HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}]
      2016-08-21 18:33 310768 ----a-w- c:\program files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
      @="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
      [HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
      2010-07-07 17:57 173544 ----a-w- c:\windows\System32\pfmshx_463.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
      "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
      "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
      "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
      "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680]
      .
      ------- Supplementary Scan -------
      .
      uStart Page = about:blank
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = <local>;*.local
      IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~4\Office15\EXCEL.EXE/3000
      TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
      FF - ProfilePath - c:\users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\u3ytf8cg.default\
      FF - prefs.js: browser.startup.homepage - hxxps://www.gestiondocumental.gob.ec/#|https://owasenae.aduana.gob.ec/owa/|http://aulavirtual.aduana.gob.ec/capacitacion/my/|https://snap.formax.edu.ec/dashboard|http://www.socioempleo.gob.ec/socioEmpleo-war/paginas/index.jsf
      .
      .
      ------- File Associations -------
      .
      inifile=Notepad.exe "%1"
      txtfile=Notepad.exe "%1"
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      .
      .
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
      "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.22"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2017-05-19 19:52:24
      ComboFix-quarantined-files.txt 2017-05-20 00:52
      ComboFix2.txt 2017-05-18 16:37
      .
      Pre-Run: 67,292,856,320 bytes free
      Post-Run: 67,226,865,664 bytes free
      .
      - - End Of File - - 1CA8DB8E38010EA89C918FEE4FEC3B8E
      5B5E648D12FCADC244C1EC30318E1EB9


      Elistara

      (20-5-2017 01:07:34 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: leo
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1000
      Cadenas Víricas: 31836

      Lista de Acciones (por Acción Directa):
      Eliminadas las Paginas de Inicio y de Busqueda del IE
      Eliminados Ficheros Temporales del IE

      (20-5-2017 01:07:36 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: leo
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1000
      Cadenas Víricas: 31836

      Lista de Acciones (por Acción Directa):
      Eliminadas las Paginas de Inicio y de Busqueda del IE
      Eliminados Ficheros Temporales del IE

      (20-5-2017 01:07:37 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: Marjorie
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1001
      Cadenas Víricas: 31836

      Lista de Acciones (por Acción Directa):
      Eliminadas las Paginas de Inicio y de Busqueda del IE
      Eliminados Ficheros Temporales del IE

      (20-5-2017 01:07:49 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: Marjorie
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1001
      Cadenas Víricas: 31836

      Lista de Acciones (por Acción Directa):
      Restaurado Acceso a [HKUS\...\Policies\Explorer\Run]
      Restaurado Acceso a [HKUS\...\Run]
      Restaurado Acceso a [HKUS\...\RunOnce]
      Restaurado Acceso a [HKUS\...\Windows]
      Restaurado Acceso a [HKUS\...\Winlogon]
      Eliminadas las Paginas de Inicio y de Busqueda del IE
      Eliminados Ficheros Temporales del IE

      (20-5-2017 01:27:38 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: Marjorie
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1001
      Cadenas Víricas: 31836

      Lista de Acciones (por Exploración):
      Explorando "C:\"

      Nº Total de Directorios: 57242
      Nº Total de Ficheros: 748548
      Nº de Ficheros Analizados: 57710
      Nº de Ficheros Infectados: 0
      Nº de Ficheros Eliminados: 0

      (20-5-2017 01:30:40 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: Marjorie
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1001
      Cadenas Víricas: 31836

      Lista de Acciones (por Cierre):

      RELACIÓN DE CLAVES SOSPECHOSAS DE LANZAR FICHEROS CON EL CRYPTOLOCKER
      ---------------------------------------------------------------------
      O4 - HKLM\..\Wow6432Node\..\Run: [KillWC] "C:\windows\KillWC.exe" -mutex

      (20-5-2017 01:30:57 (GMT))
      EliStartPage v36.87 (c)2017 S.G.H. / Satinfo S.L. (Actualizado el 19 de Mayo del 2017)
      --------------------------------------------------
      Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)
      Usuario: Marjorie
      ID de Usuario: S-1-5-21-1730062414-2804216178-269108779-1001
      Cadenas Víricas: 31836

      Lista de Acciones (por Cierre):

      RELACIÓN DE CLAVES SOSPECHOSAS DE LANZAR FICHEROS CON EL CRYPTOLOCKER
      ---------------------------------------------------------------------
      O4 - HKLM\..\Wow6432Node\..\Run: [KillWC] "C:\windows\KillWC.exe" -mutex

    2. #2
      Usuario Avatar de calvarez83
      Registrado
      may 2017
      Ubicación
      Ecuador
      Mensajes
      2

      Re: W7 y W10 no permite la ejecucion .exe

      (2/2)

      JRT

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.3 (04.10.2017)
      Operating System: Windows 7 Home Premium x64
      Ran by leo (Limited) on Sat 05/20/2017 at 10:14:12.19
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 130

      Successfully deleted: C:\Users\leo\AppData\Local\{01BDC8C9-CBAC-4862-AF7C-35538A239B1D} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{048A13D8-5B57-4D4F-8E5E-31D19E6EF6A6} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{0741EA65-AA0D-4A7C-AC82-2F66276D828B} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{08429D96-992B-4363-941B-B5A37F1B3D3B} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{0CD453E7-E4D8-4E2C-AEB2-30B6533432E1} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{13155C8A-231E-4F1A-B17C-A70A70848C7C} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{158778AB-4A4E-430B-97BF-544130FB3D09} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{166EFFEA-A0A3-46DC-A621-03292A151D45} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{16E3EFCE-7CC7-4736-8468-8EA75C636F0A} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{1A101B43-F723-4A26-8B30-D7AB36B510EF} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{1CE9577F-995B-41A1-81FD-330F5DD5C4F9} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{1DFAD3A2-B841-44E4-8CDD-38828366D052} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{2099C78C-0C8C-4089-9060-7BE269C527E1} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{20F687AC-9264-4442-AB07-038B6DA1C803} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{2415F624-3D1C-4CC9-9487-61F10A01A693} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{24C78020-36F3-4C7A-8A15-E2B96F883C41} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{26E17ACF-44F9-476E-98C4-979EDBF70756} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{2A9828FF-1654-4E95-BCA7-A6F0BCD6E9C3} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{33476506-90E8-4C8E-830E-9140CEE1C9DE} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{342EE3C6-7483-45EA-8F44-E59EAD3CD1B6} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{3587633A-C8B4-42B1-A964-18416A8A3D04} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{36DA5FF9-B816-436C-AE4B-E70A724C4E26} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{387737CE-4C7E-4F24-935E-D29A2475F144} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{3A5326CA-76FA-448B-8DF6-205E5E50E9B4} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{3EC80209-9635-43BA-ADB7-03DC00A3E693} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{4018CFE5-3707-4F0B-A78B-4D1025AA6DBD} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{420D2237-E3E2-48A8-B97C-7B2732214338} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{4AA37603-6BC9-4B89-A535-5350A9B90CE3} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{4CE00B05-869A-44D0-8A3A-3F7D15C9854E} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{514D564E-B44E-4882-B5C4-82F732B14667} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{5253CA80-D8AA-47D4-847B-0A0D10B47532} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{56EA2DF7-962D-4BD6-8DC8-19AEA507E000} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{578CF2D6-AC69-4711-9CEB-BF439DA6CE92} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{61343C55-0B5F-445C-9409-85C186FD2C0E} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{62D7A5A3-9E51-4E54-9CEA-4ECB565930DC} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{6432F394-2B41-44FF-A6FC-D5B3988879B3} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{6AD49EA6-DE34-4638-AE68-8B34C4EE7F1C} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{6D6B73A6-DBA0-48E1-9F6C-00CB0F331311} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{700655D4-2CB1-40CC-89C4-B7FBC531F936} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{75233A3B-4F80-4623-BCE7-BB08C9BAC4FB} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{758A9017-9E56-4B30-88CF-FDB8BD63D7A2} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{7653496C-5C93-4A7D-A629-66E1DAD0982F} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{76CDF2DA-230B-4379-9C3E-66350150EFAB} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{7CC31160-F659-45C6-8EAB-97FBE350AC2B} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{7DD5D97F-72E3-4EA7-964A-971F6DD4A4F8} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{7E4EC65D-4537-4A7E-B6A3-5BDA09A2FC1C} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{7EF3021A-B68C-4910-A74A-5EFF1B68A53A} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{80465200-429D-4EC1-AED8-0FC2D05B9CBF} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{806C6991-6545-478B-999E-D80016FF744D} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{8123DF2C-1F2D-4F98-870B-44B58F4871AE} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{82C73B46-B851-447D-8694-33D4D4BB4CB6} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{85567171-5055-4A48-B5C3-93597F2B7559} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{881BB90D-9FB7-4666-96AB-C6EE5CAF7C52} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{8ABFD678-96F2-4D41-A065-41541751192B} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{8B3BC9EB-DB41-457F-965C-29FEE9E537E4} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{8B54B310-633A-4909-99F2-9AEA5894C4B5} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{8D8BE8C5-B5F1-43C4-AD70-C034A2137F0E} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{9093D3FD-FF4C-4B5D-8AFB-BB5F8A568518} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{96A2B16F-9D45-4904-B052-77FC02E24426} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{96FB6BE9-83E0-4F3F-BBF9-37D17039700B} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{975F159E-C90F-4117-AA23-E713052138EA} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{9B858141-5262-4148-858B-95E4C8771F58} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{9CDB80A6-D826-4638-96E0-9B3772216410} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{9DCEE64D-7FE1-428E-A871-EC56BFE46AEF} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{9F1253F4-BC69-4F90-9246-730AE218CB96} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{9FF6E075-977C-443D-BE4B-B3808E0DD613} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{A0D473D1-D222-4260-9CC3-34A8208514C2} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{A7B3F09C-A60C-4A58-83CC-1925ACFF8B71} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{AA43CB69-2D42-4129-B2A3-DD65FFD27DB5} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{AAA8768C-5D85-4807-9035-6A2A90B7B0DC} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{B0608600-795F-4F10-9EA0-3F31A2F002D2} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{B0A56017-F708-4D00-BC63-2B8DC43C544D} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{B5B490D3-D71A-4E95-B8A9-14B7A627AB0D} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{B6786901-F818-494D-9BC9-3E7BBAE6A751} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{B8A73B62-3A32-4BE0-A18A-2CFB74D5B022} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{B9382159-6317-4294-BA53-62894932A896} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{BA85AB71-B159-426E-905D-B024E7EA7AFD} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{BAA7A17A-F2FF-4834-8779-9A07E0470424} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{BDCB4818-DFC6-486C-8C86-DE2680E7D4EC} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{C021E810-9476-42F2-AB92-E9083AD4BF80} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{C6100C18-7492-4BB4-A38B-9366282DDD05} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{C76719CF-CFFE-474E-9BDF-FD602FD01049} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{CE682386-AE26-4A1E-B465-602344C57413} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{D1232B20-A5CE-469E-8A3F-71AA59D556ED} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{D2AFDAA9-4462-4AFA-9057-ACE0FA1BE8DA} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{D4328357-9EE3-49EC-9EFD-01A9A67262A0} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{D93D1077-6AF3-4A9F-8B4D-DFE64E213252} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{DA82F03D-05AE-4221-A6E7-F3C8160A03D4} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{DBF417F4-82B4-469D-95E2-3CF78F77C833} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{E541B112-4C39-4862-AB98-310322F13FA1} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{E6458D8A-ABEC-4048-B791-281B3F21DA2C} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{E72F1637-FD1A-4E60-9404-F17E09C272E6} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{E76CED4E-5281-436D-86E3-A57F2E702A3C} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{EA4E53E6-48CA-4F23-BBE2-76B3EEF6547A} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{EB5C19D7-3337-4C9D-BB40-6B0F5E84D1CB} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{EF0823CF-0EB0-4308-8326-6E7EA8C16115} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{EFAD85C9-05DB-46E6-9261-9D9CBE7AB157} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{EFFCD051-A30D-4663-BDD8-F6915F6BC291} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{F0CB5C13-5B25-45F8-8626-150AC1C61B3E} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{F1AC9B34-C591-49E2-8F03-535CE8418534} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{F1D95833-E11E-47D7-A7A9-6541CEB1EA2D} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{F47DA226-4C8A-4C02-B469-430178E43075} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{F5687CD0-1B50-4AB0-A3A4-E57F450C6D7B} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{FCFFE49D-1148-4859-AD35-1D872300A3B7} (Empty Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\{FFFE5F83-8111-49FA-AF65-47CCC2AC29C1} (Empty Folder)
      Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MOPA44Y (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\489OK1OR (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CXPN3FA (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3V9666U (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6GL22G1 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPYK0PLQ (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJCER06D (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN3OHWE4 (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MOPA44Y (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\489OK1OR (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CXPN3FA (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3V9666U (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6GL22G1 (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPYK0PLQ (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJCER06D (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN3OHWE4 (Temporary Internet Files Folder)



      Registry: 3

      Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DFC5638A049BE14278129BFBF4CF825C (Registry Value)
      Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
      Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Sat 05/20/2017 at 10:23:50.50
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      MalwareBytes

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 20/5/17
      Hora del análisis: 9:30
      Archivo de registro: Log_MalwareBytes.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.1.2.1733
      Versión de los componentes: 1.0.122
      Versión del paquete de actualización: 1.0.1906
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: leo-PC\leo

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 388855
      Amenazas detectadas: 0
      (No hay elementos maliciosos detectados)
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 11 min, 58 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 0
      (No hay elementos maliciosos detectados)

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)


      ESET scaner

      00:27:30 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.16.0
      # EOSSerial=fe0fdacfc8a8574a95ff697977a5ef89
      # end=init
      # utc_time=2017-05-20 05:27:29
      # local_time=2017-05-20 00:27:29 (-0500, SA Pacific Standard Time)
      # country="United States"
      # osver=6.1.7601 NT Service Pack 1
      00:28:10 Updating
      00:28:10 Update Init
      00:28:13 Update Download
      00:31:58 esets_scanner_reload returned 0
      00:31:58 g_uiModuleBuild: 33445
      00:31:58 Update Finalize
      00:31:58 Call m_esets_charon_send
      00:31:58 Call m_esets_charon_destroy
      00:31:58 Updated modules version: 33445
      00:32:11 Call m_esets_charon_setup_create
      00:32:11 Call m_esets_charon_create
      00:32:11 m_esets_charon_create OK
      00:32:11 Call m_esets_charon_start_send_thread
      00:32:11 Call m_esets_charon_setup_set
      00:32:11 m_esets_charon_setup_set OK
      00:32:11 Scanner engine: 33445
      04:19:14 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.16.0
      # EOSSerial=fe0fdacfc8a8574a95ff697977a5ef89
      # engine=33445
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # sfx_checked=true
      # utc_time=2017-05-20 09:19:13
      # local_time=2017-05-20 04:19:13 (-0500, SA Pacific Standard Time)
      # country="United States"
      # lang=1033
      # osver=6.1.7601 NT Service Pack 1
      # compatibility_mode_1='Microsoft Security Essentials'
      # compatibility_mode=5895 16777214 100 100 132146 118147947 0 0
      # compatibility_mode_1='Baidu Antivirus'
      # compatibility_mode=15106 16777213 100 100 0 65863739 0 0
      # scanned=2
      # found=10
      # cleaned=10
      # scan_time=13633
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/InstallMonstr.QJ aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Rosetta Stone TOTALe 5 Crack _All Language Packs_.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Generik.MYMXAEP troyano (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\App Remove Virus\WannaCry Fix tool\panda-wannacryfix.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/FusionCore.K aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\Apps\any-audio-converter.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\Apps\atubecatcher.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\Apps\aTube_Catcher_ATU3_9029.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\Apps\ccsetup521.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\Apps\CCleaner\ccsetup527.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de MSIL/HackKMS.G aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\leo\Downloads\Apps\W10\Windows 10 Activator.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\leo\Downloads\Recovery Program\Recuva_1.53.1087.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de MSIL/HackKMS.H aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Windows\AutoKMS\AutoKMS.exe"
      08:21:47 Call m_esets_charon_send
      08:21:47 Call m_esets_charon_destroy

      Log_AdwCleaner[S1]

      # AdwCleaner v6.047 - Logfile created 20/05/2017 at 10:35:06
      # Updated on 19/05/2017 by Malwarebytes
      # Database : 2017-05-19.1 [Server]
      # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
      # Username : leo - LEO-PC
      # Running from : C:\Users\leo\Downloads\App Remove Virus\adwcleaner_6.047.exe
      # Mode: Scan
      # Support : https://www.malwarebytes.com/support



      ***** [ Services ] *****

      No malicious services found.


      ***** [ Folders ] *****

      No malicious folders found.


      ***** [ Files ] *****

      No malicious files found.


      ***** [ DLL ] *****

      No malicious DLLs found.


      ***** [ WMI ] *****

      No malicious keys found.


      ***** [ Shortcuts ] *****

      No infected shortcut found.


      ***** [ Scheduled Tasks ] *****

      No malicious task found.


      ***** [ Registry ] *****

      No malicious registry entries found.


      ***** [ Web browsers ] *****

      No malicious Firefox based browser items found.
      Chrome pref Found: [C:\Users\leo\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - glkdifongmamddfegpjkmghbmoikkjai
      Chrome pref Found: [C:\Users\Marjorie\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
      Chrome pref Found: [C:\Users\Marjorie\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

      [!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]


      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [3617 Bytes] - [11/04/2017 10:19:40]
      C:\AdwCleaner\AdwCleaner[S0].txt - [3804 Bytes] - [11/04/2017 10:09:44]
      C:\AdwCleaner\AdwCleaner[S1].txt - [1700 Bytes] - [20/05/2017 10:35:06]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1773 Bytes] ##########



      Log_AdwCleaner[C2]

      # AdwCleaner v6.047 - Logfile created 20/05/2017 at 10:44:55
      # Updated on 19/05/2017 by Malwarebytes
      # Database : 2017-05-19.1 [Server]
      # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
      # Username : leo - LEO-PC
      # Running from : C:\Users\leo\Downloads\App Remove Virus\adwcleaner_6.047.exe
      # Mode: Clean
      # Support : https://www.malwarebytes.com/support



      ***** [ Services ] *****



      ***** [ Folders ] *****



      ***** [ Files ] *****



      ***** [ DLL ] *****



      ***** [ WMI ] *****



      ***** [ Shortcuts ] *****



      ***** [ Scheduled Tasks ] *****



      ***** [ Registry ] *****



      ***** [ Web browsers ] *****

      [-] [C:\Users\leo\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: glkdifongmamddfegpjkmghbmoikkjai
      [-] [C:\Users\Marjorie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
      [-] [C:\Users\Marjorie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


      *************************

      :: "Tracing" keys deleted
      :: Winsock settings cleared

      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [3617 Bytes] - [11/04/2017 10:19:40]
      C:\AdwCleaner\AdwCleaner[C2].txt - [1209 Bytes] - [20/05/2017 10:44:55]
      C:\AdwCleaner\AdwCleaner[S0].txt - [3804 Bytes] - [11/04/2017 10:09:44]
      C:\AdwCleaner\AdwCleaner[S1].txt - [1852 Bytes] - [20/05/2017 10:35:06]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1428 Bytes] ##########

    3. #3
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: W7 y W10 no permite la ejecucion .exe

      Hola

      Por el momento desinstala " Baidu Antivirus" , luego en ambos equipos haz un analisis con Kaspersky rescue DISK y pega el reporte, una vez acabado trae otros dos reportes de cada maquina, recuerda NO conectes ningún USB para evitar volver a infectarte.


      Haz una limpieza con Ccleaner tanto de archivos como de registro.

      Luego descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • La guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas /ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.

      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.