• Registrarse
  • Iniciar sesión


  • Página 2 de 2 PrimeroPrimero 12
    Resultados 11 al 14 de 14

    Mi notebook está poseída

    Hola, tanto tiempo te dejo el reporte y te comento que esta un poco mejor pero noto en el navegador (Chrome) unas publicidades que no había antes. OTL logfile created on: 20/10/2017 08:56:56 p.m. - ...

    1. #11
      Usuario Avatar de inesita724
      Registrado
      sep 2005
      Ubicación
      argentina
      Mensajes
      137

      Re: Mi notebook está poseída

      Hola, tanto tiempo te dejo el reporte y te comento que esta un poco mejor pero noto en el navegador (Chrome) unas publicidades que no había antes.

      OTL logfile created on: 20/10/2017 08:56:56 p.m. - Run 6
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maru\Desktop
      Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7601.17514)
      Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      1,91 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 63,74% Memory free
      3,82 Gb Paging File | 3,14 Gb Available in Paging File | 82,30% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 102,00 Gb Total Space | 67,02 Gb Free Space | 65,70% Space Free | Partition Type: NTFS
      Drive D: | 341,79 Gb Total Space | 180,69 Gb Free Space | 52,87% Space Free | Partition Type: NTFS
      Drive E: | 21,87 Gb Total Space | 21,71 Gb Free Space | 99,28% Space Free | Partition Type: NTFS

      Computer Name: MARU-PC | User Name: maru | Logged in as Administrator.
      Boot Mode: SafeMode | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\maru\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Archivos de programa\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Systems Inc.)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Archivos de programa\Adobe\Acrobat DC\Acrobat\Locale\es_ES\AcroTray.ESP ()


      ========== Services (SafeList) ==========

      SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AGSService) -- C:\Archivos de programa\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated)
      SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
      SRV - (AdobeARMservice) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET Security\ekrn.exe (ESET)
      SRV - (TeamViewer) -- C:\Archivos de programa\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (ZeroConfigService) -- C:\Archivos de programa\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
      SRV - (MyWiFiDHCPDNS) -- C:\Archivos de programa\Intel\WiFi\bin\PanDhcpDns.exe ()
      SRV - (EvtEng) -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
      SRV - (RegSrvc) -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
      SRV - (AMPPALR3) -- C:\Archivos de programa\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
      SRV - (BTHSSecurityMgr) -- C:\Archivos de programa\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
      SRV - (UNS) -- C:\Archivos de programa\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Archivos de programa\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (IAStorDataMgrSvc) -- C:\Archivos de programa\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (Microsoft Office Groove Audit Service) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
      SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
      DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
      DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
      DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
      DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
      DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
      DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
      DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
      DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
      DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Outlook, Skype, noticias y videos en MSN Argentina
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 0D C3 AA A2 47 D3 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.countryCode: "AR"
      FF - prefs.js..browser.search.region: "AR"
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
      FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017/04/28 22:11:17 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 55.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 55.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2017/09/04 21:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\Extensions
      [2017/09/04 22:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\Firefox\Profiles\5vg2mnd6.default\extensions
      [2017/09/04 22:00:48 | 000,009,993 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{93834599-f250-4475-9f98-db54ec579d07}\[email protected]
      [2017/09/04 22:00:48 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{93834599-f250-4475-9f98-db54ec579d07}\[email protected]
      [2017/09/04 21:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\browser\extensions

      ========== Chrome ==========

      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\2.1.2_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6117.717.0.4_0\

      O1 HOSTS File: ([2017/04/24 21:48:48 | 000,001,664 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
      O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 activate.adobe.com
      O1 - Hosts: 127.0.0.1 practivate.adobe.com
      O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
      O1 - Hosts: 127.0.0.1 ereg.adobe.com
      O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
      O1 - Hosts: 127.0.0.1 wip3.adobe.com
      O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
      O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
      O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
      O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
      O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
      O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
      O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
      O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 na2m-pr.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 na4r.services.adobe.com
      O1 - Hosts: 127.0.0.1 ims-na1-prprod.adobelogin.com
      O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
      O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe (Adobe Systems Inc.)
      O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [ETDCtrl] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
      O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
      O4 - HKCU..\Run: [iCloudServices] C:\Archivos de programa\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
      O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O8 - Extra context menu item: &Anexar destino de vínculo a PDF existente - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Agregar página web a PDF existente - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Convertir &página web a PDF de Adobe - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E6F69E-906B-4A3A-A842-680951D4B4A9}: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      [CREATERESTOREPOINT]
      Unable to start System Restore Service. Error code 1084

      ========== Files/Folders - Created Within 30 Days ==========

      [2017/10/15 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
      [2017/09/28 15:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      [2017/09/28 15:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2017/09/28 15:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2017/09/28 13:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

      ========== Files - Modified Within 30 Days ==========

      [2017/10/20 20:55:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2017/10/20 20:54:59 | 1537,904,640 | -HS- | M] () -- C:\hiberfil.sys
      [2017/10/20 20:49:44 | 000,781,312 | ---- | M] () -- C:\Users\maru\Desktop\DelFix (2).exe
      [2017/10/15 20:21:30 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2017/10/15 20:21:30 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2017/10/09 20:03:17 | 000,697,984 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2017/10/09 20:03:17 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2017/10/09 20:03:17 | 000,135,616 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2017/10/09 20:03:17 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2017/09/28 15:31:13 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2017/09/21 19:38:04 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

      ========== Files Created - No Company Name ==========

      [2017/10/20 20:49:18 | 000,781,312 | ---- | C] () -- C:\Users\maru\Desktop\DelFix (2).exe
      [2017/09/28 15:31:13 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2017/09/10 22:27:50 | 000,059,904 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
      [2017/04/24 22:06:55 | 000,043,343 | ---- | C] () -- C:\Windows\System32\RCEPAM.DLL
      [2017/04/24 21:08:59 | 000,963,884 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
      [2017/04/24 21:08:57 | 000,221,264 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
      [2017/04/24 21:08:57 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
      [2017/04/24 21:08:55 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
      [2017/04/24 21:08:54 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
      [2017/04/24 21:08:53 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
      [2017/04/24 21:08:53 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
      [2017/04/24 21:08:53 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
      [2017/04/24 21:06:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 18:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2017/04/24 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\maru\AppData\Roaming\Innovative Solutions
      [2017/04/27 19:51:51 | 000,000,000 | ---D | M] -- C:\Users\maru\AppData\Roaming\SolidDocuments
      [2017/09/10 22:49:33 | 000,000,000 | ---D | M] -- C:\Users\maru\AppData\Roaming\TeamViewer

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < :OTL >
      [2009/07/14 01:53:46 | 000,030,192 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
      [2009/07/14 01:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

      < O4 - HKLM..\Run: [] File not found >

      < O13 - gopher Prefix: missing >

      < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >

      < MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found >

      < MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found >

      < MsConfig - StartUpReg: Persistence - hkey= - key= - File not found >

      < MsConfig - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - File not found >

      < >

      < :Files >

      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.

      < ipconfig /registerdns /c >
      Configuraci¢n IP de Windows
      Error al registrar los registros DNS: El servidor RPC no est* disponible.

      < ipconfig /release /c >
      Configuraci¢n IP de Windows

      < ipconfig /renew /c >
      Configuraci¢n IP de Windows

      < >

      < :Commands >

      < [purity] >

      < [resethosts] >

      < [emptyflash] >

      < [emptytemp] >

      < [emptyjava] >

      < [Reboot] >

      < End of report >

    2. #12
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      11.917

      Re: Mi notebook está poseída

      No haces los pasos que te indico por favor, fíjate bien en las instrucciones, síguelas al pie de la letra. Te las vuelvo a dejar:

      Ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro:

      • Para hacerlo descarga >> DelFix.exe en tu escritorio.

        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

        • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      Ahora ejecuta de nuevo OTL.exe pero en Modo Seguro.



      1.- Copiar el siguiente texto (excluyendo la palabra Código):

      Código:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O13 - gopher Prefix: missing
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
      MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
      MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
      MsConfig - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - File not found
      
      :Files
      ipconfig /flushdns /c
      ipconfig /registerdns /c
      ipconfig /release /c
      ipconfig /renew /c
      
      :Commands
      [purity]
      [resethosts]
      [emptyflash]
      [emptytemp]
      [emptyjava]
      [createrestorepoint]
      [Reboot]

      2.- Pegar el contenido sobre el apartado: Análisis Personalizados /Código de Reparación.


      3.- Presionar el botón Reparar para comenzar el procedimiento. Presionar OK.


      OTL va a reiniciar el ordenador para completar el procedimiento.

      Guardar el nuevo reporte generado. Copiar y pegarlo en su próxima respuesta, comentando como funciona el Sistema.

      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de inesita724
      Registrado
      sep 2005
      Ubicación
      argentina
      Mensajes
      137

      Re: Mi notebook está poseída

      Hola seguí las instrucciones espero que esté bien

      OTL logfile created on: 12/11/2017 08:27:56 p.m. - Run 7
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maru\Desktop
      Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7601.17514)
      Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      1,91 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 59,79% Memory free
      3,82 Gb Paging File | 3,03 Gb Available in Paging File | 79,21% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 102,00 Gb Total Space | 65,36 Gb Free Space | 64,07% Space Free | Partition Type: NTFS
      Drive D: | 341,79 Gb Total Space | 180,69 Gb Free Space | 52,87% Space Free | Partition Type: NTFS
      Drive E: | 21,87 Gb Total Space | 21,69 Gb Free Space | 99,18% Space Free | Partition Type: NTFS

      Computer Name: MARU-PC | User Name: maru | Logged in as Administrator.
      Boot Mode: SafeMode with Networking | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\maru\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========


      ========== Services (SafeList) ==========

      SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AGSService) -- C:\Archivos de programa\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated)
      SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
      SRV - (AdobeARMservice) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET Security\ekrn.exe (ESET)
      SRV - (TeamViewer) -- C:\Archivos de programa\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (ZeroConfigService) -- C:\Archivos de programa\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
      SRV - (MyWiFiDHCPDNS) -- C:\Archivos de programa\Intel\WiFi\bin\PanDhcpDns.exe ()
      SRV - (EvtEng) -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
      SRV - (RegSrvc) -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
      SRV - (AMPPALR3) -- C:\Archivos de programa\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
      SRV - (BTHSSecurityMgr) -- C:\Archivos de programa\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
      SRV - (UNS) -- C:\Archivos de programa\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Archivos de programa\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (IAStorDataMgrSvc) -- C:\Archivos de programa\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (Microsoft Office Groove Audit Service) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
      SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
      DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
      DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
      DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
      DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
      DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
      DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
      DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
      DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
      DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Outlook, Skype, noticias y videos en MSN Argentina
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 0D C3 AA A2 47 D3 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
      FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017/04/28 22:11:17 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 55.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 55.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2017/09/04 21:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\Extensions
      [2017/09/04 22:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\Firefox\Profiles\5vg2mnd6.default\extensions
      [2017/11/12 19:38:06 | 000,006,642 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{5d1530e4-712d-4743-80d1-2bc3e6c4ecd6}\[email protected]
      [2017/11/12 19:38:06 | 000,008,940 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{5d1530e4-712d-4743-80d1-2bc3e6c4ecd6}\[email protected]
      [2017/11/12 19:38:06 | 000,011,739 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{5d1530e4-712d-4743-80d1-2bc3e6c4ecd6}\[email protected]
      [2017/11/12 19:38:06 | 000,196,112 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{5d1530e4-712d-4743-80d1-2bc3e6c4ecd6}\[email protected]
      [2017/11/12 19:38:06 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{5d1530e4-712d-4743-80d1-2bc3e6c4ecd6}\[email protected]
      [2017/11/12 19:38:06 | 000,005,129 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{5d1530e4-712d-4743-80d1-2bc3e6c4ecd6}\[email protected]
      [2017/09/04 22:00:48 | 000,009,993 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{93834599-f250-4475-9f98-db54ec579d07}\[email protected]
      [2017/09/04 22:00:48 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\maru\AppData\Roaming\mozilla\firefox\profiles\5vg2mnd6.default\features\{93834599-f250-4475-9f98-db54ec579d07}\[email protected]
      [2017/09/04 21:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\browser\extensions

      ========== Chrome ==========

      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\2.1.2_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
      CHR - Extension: No name found = C:\Users\maru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6117.717.0.4_0\

      O1 HOSTS File: ([2017/04/24 21:48:48 | 000,001,664 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
      O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 activate.adobe.com
      O1 - Hosts: 127.0.0.1 practivate.adobe.com
      O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
      O1 - Hosts: 127.0.0.1 ereg.adobe.com
      O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
      O1 - Hosts: 127.0.0.1 wip3.adobe.com
      O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
      O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
      O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
      O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
      O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
      O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
      O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
      O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 na2m-pr.licenses.adobe.com
      O1 - Hosts: 127.0.0.1 na4r.services.adobe.com
      O1 - Hosts: 127.0.0.1 ims-na1-prprod.adobelogin.com
      O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
      O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [ETDCtrl] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
      O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O8 - Extra context menu item: &Anexar destino de vínculo a PDF existente - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Agregar página web a PDF existente - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Convertir &página web a PDF de Adobe - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E6F69E-906B-4A3A-A842-680951D4B4A9}: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      [CREATERESTOREPOINT]
      Unable to start System Restore Service. Error code 1084

      ========== Files/Folders - Created Within 30 Days ==========

      [2017/11/12 19:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
      [2017/11/12 19:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
      [2017/11/10 21:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
      [2017/11/10 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\maru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
      [2017/11/10 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
      [2017/11/10 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
      [2017/11/10 21:12:23 | 000,286,720 | ---- | C] (Software 2000 Limited) -- C:\Windows\System32\HP1006LM.DLL
      [2017/11/10 21:12:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Avago-HP
      [2017/11/10 21:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
      [2017/11/10 21:11:12 | 000,000,000 | -HSD | C] -- C:\Users\maru\AppData\Roaming\.#
      [2017/10/24 2105 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
      [2017/10/15 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
      [1 C:\Users\maru\Desktop\*.tmp files -> C:\Users\maru\Desktop\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2017/11/12 20:24:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2017/11/12 20:24:35 | 1537,904,640 | -HS- | M] () -- C:\hiberfil.sys
      [2017/11/10 21:13:19 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
      [2017/11/08 19:02:10 | 000,551,746 | ---- | M] () -- C:\Users\maru\Desktop\el-dictamen-juridico.pdf
      [2017/11/06 19:21:08 | 001,027,970 | ---- | M] () -- C:\Users\maru\Desktop\minuta N-54943.pdf
      [2017/10/20 20:49:44 | 000,781,312 | ---- | M] () -- C:\Users\maru\Desktop\DelFix (2).exe
      [2017/10/15 20:21:30 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2017/10/15 20:21:30 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [1 C:\Users\maru\Desktop\*.tmp files -> C:\Users\maru\Desktop\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2017/11/10 21:13:19 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
      [2017/11/10 21:12:23 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
      [2017/11/08 19:02:09 | 000,551,746 | ---- | C] () -- C:\Users\maru\Desktop\el-dictamen-juridico.pdf
      [2017/11/06 18:49:49 | 001,027,970 | ---- | C] () -- C:\Users\maru\Desktop\minuta N-54943.pdf
      [2017/10/20 20:49:18 | 000,781,312 | ---- | C] () -- C:\Users\maru\Desktop\DelFix (2).exe
      [2017/09/10 22:27:50 | 000,059,904 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
      [2017/04/24 22:06:55 | 000,043,343 | ---- | C] () -- C:\Windows\System32\RCEPAM.DLL
      [2017/04/24 21:08:59 | 000,963,884 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
      [2017/04/24 21:08:57 | 000,221,264 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
      [2017/04/24 21:08:57 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
      [2017/04/24 21:08:55 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
      [2017/04/24 21:08:54 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
      [2017/04/24 21:08:53 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
      [2017/04/24 21:08:53 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
      [2017/04/24 21:08:53 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
      [2017/04/24 21:06:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 18:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== Custom Scans ==========

      < :OTL >

      < O4 - HKLM..\Run: [] File not found >

      < O13 - gopher Prefix: missing >

      < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >

      < MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found >

      < MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found >

      < MsConfig - StartUpReg: Persistence - hkey= - key= - File not found >

      < MsConfig - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - File not found >

      < >

      < :Files >

      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      < ipconfig /registerdns /c >
      Configuraci¢n IP de Windows
      Se inici¢ el registro de los registros de recursos DNS para todos
      los adaptadores de este equipo. Cualquier error se notificar* en
      el Visor de eventos en 15 minutos.

      < ipconfig /release /c >
      Configuraci¢n IP de Windows
      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica 3 mientras los medios
      est‚n desconectados.
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica 3:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:
      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::8d0f:d6fa:5440:6c5b%13
      Puerta de enlace predeterminada . . . . . :
      Adaptador de t£nel isatap.Home:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel isatap.{B16E0835-27A5-49F2-9D6E-BE38B6A5E450}:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      < ipconfig /renew /c >
      Configuraci¢n IP de Windows
      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica 3 mientras los medios
      est‚n desconectados.
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica 3:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:
      Sufijo DNS espec¡fico para la conexi¢n. . : Home
      V¡nculo: direcci¢n IPv6 local. . . : fe80::8d0f:d6fa:5440:6c5b%13
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.8
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1
      Adaptador de t£nel isatap.Home:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel isatap.{B16E0835-27A5-49F2-9D6E-BE38B6A5E450}:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :
      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      < >

      < :Commands >

      < [purity] >

      < [resethosts] >

      < [emptyflash] >

      < [emptytemp] >

      < [emptyjava] >

      < [Reboot] >

      < End of report >

    4. #14
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      11.917

      Re: Mi notebook está poseída

      no has hecho los pasos de forma correcta. Por favor, fíjate bien en las instrucciones dadas e intenta seguirlas tal y como están explicadas.
      Saludos.
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 2 de 2 PrimeroPrimero 12