• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 22

    Ayuda! Virus chino en mi escritorio

    ...

    1. #11
      Usuario Avatar de margabros
      Registrado
      feb 2012
      Ubicación
      Com Riv
      Mensajes
      35

      Re: Ayuda! Virus chino en mi escritorio

      2016-09-24 12:42 - 2016-09-24 12:42 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
      2017-03-14 21:24 - 2017-03-04 03:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
      2017-03-14 21:24 - 2017-03-04 03:30 - 000693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
      2017-03-14 21:21 - 2017-03-04 03:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
      2017-03-14 21:21 - 2017-03-04 03:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2017-03-14 21:21 - 2017-03-04 03:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
      2017-07-12 12:49 - 2017-06-21 03:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
      2017-07-12 12:49 - 2017-06-21 03:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
      2013-06-07 05:16 - 2013-06-07 05:16 - 004073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
      2015-06-01 21:00 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
      2014-01-27 15:36 - 2015-06-10 10:13 - 000113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
      2017-07-17 16:41 - 2017-07-17 16:52 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      2017-07-17 16:41 - 2017-07-17 16:52 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2017-07-17 16:41 - 2017-07-17 16:59 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
      2017-07-17 16:41 - 2017-07-17 16:52 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
      2013-06-14 10:25 - 2013-06-14 10:24 - 000158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
      2017-05-23 15:27 - 2017-05-23 15:27 - 003918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
      2013-09-13 19:51 - 2013-09-13 19:51 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
      2013-09-13 19:51 - 2013-09-13 19:51 - 001242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
      2014-01-27 15:36 - 2012-04-30 10:57 - 000039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
      2014-01-27 15:36 - 2015-10-20 17:44 - 000242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
      2011-07-07 14:54 - 2011-07-07 14:54 - 000233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
      2014-01-27 15:36 - 2015-04-21 12:22 - 000053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
      2015-02-10 16:19 - 2015-02-10 16:19 - 000667648 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
      2017-08-24 09:23 - 2017-08-22 13:55 - 000757568 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
      2017-08-24 09:23 - 2017-08-22 13:55 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
      2017-08-24 09:23 - 2017-08-22 13:53 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
      2017-08-24 09:23 - 2017-08-22 13:56 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
      2017-08-24 09:23 - 2017-08-22 13:56 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
      2017-08-24 09:23 - 2017-08-22 13:56 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
      2017-08-24 09:23 - 2017-08-22 13:55 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
      2017-08-24 09:23 - 2017-08-22 13:53 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
      2017-08-24 09:23 - 2017-08-22 13:55 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
      2017-08-24 09:23 - 2017-08-22 13:57 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
      2017-08-24 09:23 - 2017-08-22 13:56 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
      2017-08-24 09:23 - 2017-08-22 13:56 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
      2017-08-24 09:23 - 2017-08-22 13:53 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
      2017-08-24 09:23 - 2017-08-22 13:58 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
      2017-08-24 09:23 - 2017-08-22 13:55 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
      2017-08-24 09:23 - 2017-08-22 13:57 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
      2017-08-24 09:23 - 2017-08-22 13:55 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
      2017-08-24 09:23 - 2017-08-22 13:56 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
      2017-08-24 09:23 - 2017-08-22 13:57 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
      2017-08-24 09:23 - 2017-08-22 13:57 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
      2017-08-24 09:23 - 2017-08-22 13:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
      2017-08-24 09:23 - 2017-08-22 13:57 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
      2012-09-25 20:08 - 2011-12-16 15:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
      2013-06-07 05:16 - 2013-06-07 05:16 - 000019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\Reprise:voebzdwhuxbrvbdifnofh [0]
      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
      AlternateDataStreams: C:\Users\Owner\Desktop\CHECK IN 13-10-16.jpg:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\Owner\Documents\MOVISTAR-JUNIO.pdf:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\Owner\Documents\resumen_cuenta_visa_Dec_2014.pdf:com.dropbox.attributes [168]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\...\pan-energy.com -> hxxps://km.pan-energy.com
      IE restricted site: HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\...\searchiu.com -> hxxp://searchiu.com
      IE trusted site: HKU\S-1-5-21-4181600625-2044144912-1258088631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214353299\...\pan-energy.com -> hxxps://km.pan-energy.com
      IE restricted site: HKU\S-1-5-21-4181600625-2044144912-1258088631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214353299\...\searchiu.com -> hxxp://searchiu.com

      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:34 - 2016-02-19 22:28 - 000000088 _____ C:\WINDOWS\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214351882\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
      HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214352162\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1000\Control Panel\Desktop\\Wallpaper ->
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214352570\Control Panel\Desktop\\Wallpaper ->
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\Febrero 2017\santito.JPG
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214353299\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\Febrero 2017\santito.JPG
      HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214354755\Control Panel\Desktop\\Wallpaper ->
      DNS Servers: 186.56.4.10 - 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [UDP Query User{8FB9E25D-16DD-48E1-8D7C-1171E24E2BD4}C:\users\owner\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\owner\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [TCP Query User{092885C4-DA96-45B7-A756-8DC092A3E81D}C:\users\owner\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\owner\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [UDP Query User{A6A31D52-D522-47CA-A194-484247A16405}C:\users\owner\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\owner\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [TCP Query User{433CD0E6-C4F2-4D9B-9DE0-DAE73321B6A7}C:\users\owner\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\owner\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [{B4076ABB-960B-44BC-8B53-C9289929425F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [{C7F6785F-5B0C-4C5E-BB91-810773C823C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{F0B42DB3-348E-43A6-8F8A-2B986BB2CA48}] => (Allow) LPort=2869
      FirewallRules: [{FDC28C94-3189-462B-BC80-FF88C81D1B1E}] => (Allow) LPort=1900
      FirewallRules: [{0210424F-7C49-4407-9105-EC3FC42ABACD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
      FirewallRules: [{22F890B0-2DD9-46EE-A1E7-FFBA78918084}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      FirewallRules: [{8A037BF6-ABE3-4F39-A9D1-ABEB2F62DEA3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      FirewallRules: [{6CDB2DDD-E05D-4346-9C0F-E688A3355155}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
      FirewallRules: [{000F9C56-3F16-4D92-81C3-65EC83C0FEFF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
      FirewallRules: [{A6722E8B-E522-44E8-89E6-AE150EA04ED8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
      FirewallRules: [{E9EB6BEC-CD80-4CA7-B953-7607850867B4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
      FirewallRules: [{E3101646-BD38-45B3-BBB6-F9B8D116A399}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
      FirewallRules: [{A9CB1C66-F55C-458C-B3EF-A1BCAFED7758}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
      FirewallRules: [{50448974-94F1-4247-A1D1-4382C3885D91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
      FirewallRules: [{F6BE4588-C5AB-4BF4-B080-6FBE8292E133}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
      FirewallRules: [{973F5DE6-F4C3-43E6-991F-C30D18BB84B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
      FirewallRules: [{F2355326-EAD1-4114-8AE3-614BE98C2DE6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
      FirewallRules: [{9C9E741F-FAEB-497E-9E2F-4C424957ED62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{5DB5C84D-78BD-4031-97E7-340A4F982961}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{DC4E1DBB-1C74-4663-8C8F-0F4A89935C84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{B9E31F6E-5741-4299-BA56-9D86431DF501}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{DA5ECEA7-59F7-4011-814F-DBAC177B2940}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
      FirewallRules: [{D229E685-50AC-455E-B2A9-88DE432FBF8C}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe
      FirewallRules: [{10FAB9D4-B950-4064-945D-2608B56D624E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{B549A497-2060-40B4-B646-51B1585EFC64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{48A1E3EF-7C63-4138-BF2D-587022330E10}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
      FirewallRules: [{FA938C87-E4F4-41F0-A266-7782ABC48C14}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
      FirewallRules: [{B1D5386E-70F5-4B92-AB89-EF8492C61212}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{BE0001E6-5D0C-4579-AC1B-5279BBAA8074}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{B251CB38-772D-4FC1-9C09-B826367884AB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [UDP Query User{2954B3EE-8445-4701-BEE5-FC6E30E9753C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [{F06A8D02-BDB7-4369-A9DC-7789EDA183D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      FirewallRules: [{1BEFE199-DB40-4CCE-A04C-F68041D1899C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================


      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (09/03/2017 04:44:37 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: nvtray.exe, versión: 7.17.13.7682, marca de tiempo: 0x589853fc
      Nombre del módulo con errores: NvUI.dll, versión: 8.17.13.7682, marca de tiempo: 0x58985399
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00000000001e135a
      Identificador del proceso con errores: 0x2530
      Hora de inicio de la aplicación con errores: 0x01d324676a9cd9f2
      Ruta de acceso de la aplicación con errores: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      Ruta de acceso del módulo con errores: C:\Program Files\NVIDIA Corporation\Display\NvUI.dll
      Identificador del informe: ea575901-45e6-49d7-98d5-fde61021e00b
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (09/03/2017 12:29:08 PM) (Source: COM) (EventID: 10031) (User: )
      Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {2CD39202-3A2F-4935-9A86-65B919919A7F}

      Error: (09/03/2017 09:56:32 AM) (Source: COM) (EventID: 10031) (User: )
      Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {2CD39202-3A2F-4935-9A86-65B919919A7F}

      Error: (09/03/2017 09:51:16 AM) (Source: COM) (EventID: 10031) (User: )
      Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {2CD39202-3A2F-4935-9A86-65B919919A7F}

      Error: (09/03/2017 09:38:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Owner-HP)
      Description: No se pudo activar la aplicación Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (09/03/2017 09:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 30676625

      Error: (09/03/2017 09:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 30676625

      Error: (09/03/2017 09:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (09/03/2017 09:19:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 30675406

      Error: (09/03/2017 09:19:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 30675406


      System errors:
      =============
      Error: (09/02/2017 09:54:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 8 0x0 0x0

      Error: (09/02/2017 09:54:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 2 0xdeaddeed 0xeeec

      Error: (09/02/2017 09:54:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 1 0xc 0x4

      Error: (09/02/2017 09:39:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 8 0x0 0x0

      Error: (09/02/2017 09:39:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 2 0xdeaddeed 0xeeec

      Error: (09/02/2017 09:39:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 1 0xc 0x4

      Error: (09/02/2017 07:52:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 8 0x0 0x0

      Error: (09/02/2017 07:52:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 2 0xdeaddeed 0xeeec

      Error: (09/02/2017 07:52:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 1 0xc 0x4

      Error: (09/02/2017 06:07:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
      Description: La configuración automática de WLAN detectó un límite de conectividad, realizando restablecer/recuperar el adaptador.

      Código: 8 0x0 0x0


      CodeIntegrity:
      ===================================
      Date: 2017-07-13 23:41:26.709
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-07-13 23:41:26.598
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-07-13 23:37:31.734
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-07-13 23:37:31.603
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-06-23 20:28:52.866
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-06-23 20:28:52.590
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-06-23 20:25:26.868
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-06-23 20:25:26.483
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-06-19 21:38:16.820
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-06-19 21:38:16.539
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
      Percentage of memory in use: 47%
      Total physical RAM: 8085.31 MB
      Available physical RAM: 4280.19 MB
      Total Virtual: 16277.31 MB
      Available Virtual: 11783.26 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:678.34 GB) (Free:77.11 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive d: (DATA) (Fixed) (Total:29.82 GB) (Free:29.72 GB) NTFS
      Drive e: (Recovery) (Fixed) (Total:20 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive h: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E4EB7F33)
      Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=678.3 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: B4149AF3)
      Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    2. #12
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.336

      Re: Ayuda! Virus chino en mi escritorio

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NS2250424-SHPD-FSD51083}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\Owner\AppData\Local\Temp\{03C1A93D-4A94-407C-BF71-F40EA2495354}\Upgrade.exe" <==== ATTENTION
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214353299\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NS2250424-SHPD-FSD51083}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\Owner\AppData\Local\Temp\{03C1A93D-4A94-407C-BF71-F40EA2495354}\Upgrade.exe" <==== ATTENTION
      FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
      FF Extension: (No Name) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g5vs9o6l.default\extensions\{eb78c871-3d9d-433f-b49b-12468119be89}.xpi [not found]
      CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-12]
      CHR Extension: (Avira Navegación segura) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-07-12]
      CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2017-07-12]
      CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-12]
      CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      Task: {08DDC84F-5D12-40B9-A93D-DCD76FD3B34B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {0CAE61BD-F511-4FB6-BCEE-FCF22D92FAC6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {1C94E204-DA00-4FC9-987C-4A247E9E82B5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
      Task: {2A26304B-D101-4874-9870-A3F560246066} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
      Task: {35001C4C-237A-4DCD-90DD-DF97808FDD4A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {4CFBD015-1ED4-420C-AB6A-5712A9E33D99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {58282883-BBF7-4225-BEE4-BFEF21A183F5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
      Task: {6DD6B7D1-82D5-431B-AB2E-36934FECBB70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {73EC56A3-5C89-4FEA-BAE4-72C7C57D1682} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {78716275-412A-46BF-AB75-3E756A7CE54A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
      Task: {8DB479DE-D65F-467E-95BB-082B436847FD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {927E155F-F01F-45F6-AB27-296726E14B3A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {AA2A63A9-947C-4B89-AE0F-07F7A5098ABC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {F019AB18-29EC-42DE-9031-68A5328B8083} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {F7CD384D-1C02-4FB8-9417-7DCA030B5277} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\Reprise:voebzdwhuxbrvbdifnofh [0]
      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
      AlternateDataStreams: C:\Users\Owner\Desktop\CHECK IN 13-10-16.jpg:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\Owner\Documents\MOVISTAR-JUNIO.pdf:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\Owner\Documents\resumen_cuenta_visa_Dec_2014.pdf:com.dropbox.attributes [168] 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de margabros
      Registrado
      feb 2012
      Ubicación
      Com Riv
      Mensajes
      35

      Re: Ayuda! Virus chino en mi escritorio

      Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
      Ran by Owner (05-09-2017 11:16:09) Run:1
      Running from C:\Users\Owner\Desktop
      Loaded Profiles: Owner (Available Profiles: UpdatusUser & Owner)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NS2250424-SHPD-FSD51083}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\Owner\AppData\Local\Temp\{03C1A93D-4A94-407C-BF71-F40EA2495354}\Upgrade.exe" <==== ATTENTION
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214353299\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NS2250424-SHPD-FSD51083}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\Owner\AppData\Local\Temp\{03C1A93D-4A94-407C-BF71-F40EA2495354}\Upgrade.exe" <==== ATTENTION
      FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
      FF Extension: (No Name) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g5vs9o6l.default\extensions\{eb78c871-3d9d-433f-b49b-12468119be89}.xpi [not found]
      CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-12]
      CHR Extension: (Avira Navegaci�n segura) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-07-12]
      CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2017-07-12]
      CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-12]
      CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      Task: {08DDC84F-5D12-40B9-A93D-DCD76FD3B34B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {0CAE61BD-F511-4FB6-BCEE-FCF22D92FAC6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {1C94E204-DA00-4FC9-987C-4A247E9E82B5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
      Task: {2A26304B-D101-4874-9870-A3F560246066} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
      Task: {35001C4C-237A-4DCD-90DD-DF97808FDD4A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {4CFBD015-1ED4-420C-AB6A-5712A9E33D99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {58282883-BBF7-4225-BEE4-BFEF21A183F5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
      Task: {6DD6B7D1-82D5-431B-AB2E-36934FECBB70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {73EC56A3-5C89-4FEA-BAE4-72C7C57D1682} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {78716275-412A-46BF-AB75-3E756A7CE54A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
      Task: {8DB479DE-D65F-467E-95BB-082B436847FD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {927E155F-F01F-45F6-AB27-296726E14B3A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {AA2A63A9-947C-4B89-AE0F-07F7A5098ABC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {F019AB18-29EC-42DE-9031-68A5328B8083} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {F7CD384D-1C02-4FB8-9417-7DCA030B5277} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\Reprise:voebzdwhuxbrvbdifnofh [0]
      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
      AlternateDataStreams: C:\Users\Owner\Desktop\CHECK IN 13-10-16.jpg:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\Owner\Documents\MOVISTAR-JUNIO.pdf:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\Owner\Documents\resumen_cuenta_visa_Dec_2014.pdf:com.dropbox.attributes [168]

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download Manager{NS2250424-SHPD-FSD51083} => value removed successfully
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09012017214353299\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NS2250424-SHPD-FSD51083}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\Owner\AppData\Local\Temp\{03C1A93D-4A94-407C-BF71-F40EA2495354}\Upgrade.exe" <==== ATTENTION => Error: No automatic fix found for this entry.
      C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => path removed successfully
      C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g5vs9o6l.default\extensions\{eb78c871-3d9d-433f-b49b-12468119be89}.xpi => path removed successfully
      CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-12] => Error: No automatic fix found for this entry.
      CHR Extension: (Avira Navegación segura) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-07-12] => Error: No automatic fix found for this entry.
      CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2017-07-12] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-12] => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kanflfepiobnpjbljmngfgegijhdpljm => key removed successfully
      C:\Program Files (x86)\HP SimplePass\tschrome.crx => moved successfully
      HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
      HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08DDC84F-5D12-40B9-A93D-DCD76FD3B34B} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08DDC84F-5D12-40B9-A93D-DCD76FD3B34B} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CAE61BD-F511-4FB6-BCEE-FCF22D92FAC6} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CAE61BD-F511-4FB6-BCEE-FCF22D92FAC6} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C94E204-DA00-4FC9-987C-4A247E9E82B5} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C94E204-DA00-4FC9-987C-4A247E9E82B5} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A26304B-D101-4874-9870-A3F560246066} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A26304B-D101-4874-9870-A3F560246066} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35001C4C-237A-4DCD-90DD-DF97808FDD4A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35001C4C-237A-4DCD-90DD-DF97808FDD4A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CFBD015-1ED4-420C-AB6A-5712A9E33D99} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CFBD015-1ED4-420C-AB6A-5712A9E33D99} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58282883-BBF7-4225-BEE4-BFEF21A183F5} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58282883-BBF7-4225-BEE4-BFEF21A183F5} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DD6B7D1-82D5-431B-AB2E-36934FECBB70} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD6B7D1-82D5-431B-AB2E-36934FECBB70} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73EC56A3-5C89-4FEA-BAE4-72C7C57D1682} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73EC56A3-5C89-4FEA-BAE4-72C7C57D1682} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78716275-412A-46BF-AB75-3E756A7CE54A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78716275-412A-46BF-AB75-3E756A7CE54A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DB479DE-D65F-467E-95BB-082B436847FD} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DB479DE-D65F-467E-95BB-082B436847FD} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{927E155F-F01F-45F6-AB27-296726E14B3A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{927E155F-F01F-45F6-AB27-296726E14B3A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA2A63A9-947C-4B89-AE0F-07F7A5098ABC} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2A63A9-947C-4B89-AE0F-07F7A5098ABC} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F019AB18-29EC-42DE-9031-68A5328B8083} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F019AB18-29EC-42DE-9031-68A5328B8083} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7CD384D-1C02-4FB8-9417-7DCA030B5277} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7CD384D-1C02-4FB8-9417-7DCA030B5277} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
      C:\ProgramData\Reprise => ":voebzdwhuxbrvbdifnofh" ADS removed successfully.
      C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
      C:\Users\Owner\Desktop\CHECK IN 13-10-16.jpg => ":com.dropbox.attributes" ADS removed successfully.
      C:\Users\Owner\Documents\MOVISTAR-JUNIO.pdf => ":com.dropbox.attributes" ADS removed successfully.
      C:\Users\Owner\Documents\resumen_cuenta_visa_Dec_2014.pdf => ":com.dropbox.attributes" ADS removed successfully.

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Local Area Connection mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Wireless Network Connection mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 3 mientras los medios
      est‚n desconectados.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c
      El servicio no puede iniciarse en modo a prueba de errores



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-4181600625-2044144912-1258088631-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19275150 B
      Java, Flash, Steam htmlcache => 492 B
      Windows/system/drivers => 85360 B
      Edge => 1390 B
      Chrome => 144384 B
      Firefox => 396388681 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      systemprofile32 => 128 B
      LocalService => 16384 B
      NetworkService => 0 B
      UpdatusUser => 0 B
      Owner => 102388118 B
      DefaultAppPool => 0 B

      RecycleBin => 0 B
      EmptyTemp: => 494.3 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 11:18:53 ====

      en breve te comento como sigue el problema.
      Saludos

    4. #14
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.336

      Re: Ayuda! Virus chino en mi escritorio

      Hola

      De acuerdo, por aquí estaremos esperando resultados

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #15
      Usuario Avatar de margabros
      Registrado
      feb 2012
      Ubicación
      Com Riv
      Mensajes
      35

      Re: Ayuda! Virus chino en mi escritorio

      Hola, buen día
      continúa el mismo problema y pareciera que se hubiese agravado, ya que figuran en Archivos Recientes que se abrieron muchísimos archivos chinos y con la misma ruta de acceso, Escriorio.
      Habrá algo más que se pueda hacer?
      gracias desde ya,
      Marcos.

    6. #16
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.336

      Re: Ayuda! Virus chino en mi escritorio

      Hola

      1) Descarga HitmanPRO su manual de uso

      • Ejecuta HitmanPRO, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona el botón: "Siguiente" en las dos pantallas para comenzar.
      • Una vez finalizado el escaneo HitmanPRO incluye 30 días gratuitos para la eliminación de los posibles malwares detectados.
      • En todo caso se puede con su reporte encontrar la ruta especifica de lo detectado y eliminar manualmente.
      • El reporte se genera presionando "Guardar Registro" en donde queramos, para luego abrirlo y copiarnos el contenido en este mismo tema.


      2) Realiza un escaneo en linea ESET Online Scanner

      • Desactiva el Antivirus
      • Después de realizar el escaneo, vuelves a activar el Antivirus
      • Descarga y ejecuta ESET Online (Ver Manual)
      • Marca las casillas de Eliminar las amenazas detectadas y analizar archivos.
      • Haz clic en Configuración adicional y tilda las casillas:
        - Analizar en busca de aplicaciones potencialmente indeseables,
        - Analizar en busca de aplicaciones potencialmente peligrosas
        - Activar la tecnología Anti-Stealth.
      • Pulsa en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      • Cuando acabe haz clic en Finalizar
      • Localiza el reporte en C:\Archivos de programa\ESET\ESET Online Scanner\log y nos lo adjuntas en tu próxima respuesta.


      Para el reporte de la nueva versión de Eset Online
      • La ruta por defecto es: C:\users\%userprofile%\appdata\local\temp\log.txt
      • Así que primero tendras que mostrar Archivos y Carpetas Ocultos
      • Cuando lo hayas hecho podras acceder a la carpeta AppData de tu cuenta de usuario, abrela
      • Entras a la carpeta local y ahí encontraras la carpeta Temp
      • Dentro de este directorio debes encontrar el archivo log.txt
      • Ya sabes, abrelo con el bloc de notas, seleccionalo todo, copialo y pegalo en tu próxima respuesta


      Pega los reportes y comenta como sigue.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #17
      Usuario Avatar de margabros
      Registrado
      feb 2012
      Ubicación
      Com Riv
      Mensajes
      35

      Re: Ayuda! Virus chino en mi escritorio

      Hola, me está costando el punto 2, el escaneo en línea ESET, no termina de descargar la base firmas de virus, me dice que es por problemas en internet o bien porque uso proxy y que verifique la confiuración del mismo?
      Tengo poca señal de internet y por momentos se corta, será por eso? ya lo intenté varias veces
      gracias y saludos

    8. #18
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.336

      Re: Ayuda! Virus chino en mi escritorio

      Hola

      Cita Originalmente publicado por margabros Ver Mensaje
      Hola, me está costando el punto 2, el escaneo en línea ESET, no termina de descargar la base firmas de virus, me dice que es por problemas en internet o bien porque uso proxy y que verifique la confiuración del mismo?
      Tengo poca señal de internet y por momentos se corta, será por eso? ya lo intenté varias veces
      gracias y saludos
      Si se corta el internet, no se termina de descargar y cada vez que vuelves a tener conexión inicia de nuevo, asi no conseguiremos que analice.

      Pon el reporte de HitmanPro y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #19
      Usuario Avatar de margabros
      Registrado
      feb 2012
      Ubicación
      Com Riv
      Mensajes
      35

      Re: Ayuda! Virus chino en mi escritorio

      Hola! aquí pego ambos reportes. El virus sigue activándose diariamente y me genera multiples complicaciones, se cuelga windows y debo reiniciar, o lo mismo con el buscador.

      Código:
      HitmanPro 3.7.20.286
      www.hitmanpro.com
      
         Computer name . . . . : OWNER-HP
         Windows . . . . . . . : 10.0.0.14393.X64/4
         User name . . . . . . : Owner-HP\Owner
         UAC . . . . . . . . . : Enabled
         License . . . . . . . : Trial (31 days left)
      
         Scan date . . . . . . : 2017-09-08 08:55:36
         Scan mode . . . . . . : Normal
         Scan duration . . . . : 1h 19m 15s
         Disk access mode  . . : Direct disk access (SRB)
         Cloud . . . . . . . . : Internet
         Reboot  . . . . . . . : No
      
         Threats . . . . . . . : 0
         Traces  . . . . . . . : 21
      
         Objects scanned . . . : 3.499.904
         Files scanned . . . . : 138.508
         Remnants scanned  . . : 855.373 files / 2.506.023 keys
      
      Suspicious files ____________________________________________________________
      
         C:\Users\Owner\Desktop\FRST64.exe
            Size . . . . . . . : 2.395.648 bytes
            Age  . . . . . . . : 4.5 days (2017-09-03 21:05:00)
            Entropy  . . . . . : 7.6
            SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
            Needs elevation  . : Yes
            Fuzzy  . . . . . . : 24.0
               Program has no publisher information but prompts the user for permission elevation.
               Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
               Authors name is missing in version info. This is not common to most programs.
               Version control is missing. This file is probably created by an individual. This is not typical for most programs.
               Time indicates that the file appeared recently on this computer.
      
      
      Potential Unwanted Programs _________________________________________________
      
         HKU\S-1-5-21-4181600625-2044144912-1258088631-1000\SOFTWARE\StartSearch\ (StartSearch) -> Deleted
      
      Cookies _____________________________________________________________________
      
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:addthis.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:adnxs.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:ads.linkedin.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:agkn.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:atdmt.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:bidswitch.net
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:bluekai.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:c.appier.net
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:casalemedia.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:crwdcntrl.net
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:cxense.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:doubleclick.net
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:everesttech.net
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:mathtag.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:outbrain.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:owneriq.net
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:rlcdn.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:scorecardresearch.com
         C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nu07hxdo.Marcos-Mariana\cookies.sqlite:skimresources.com
      17:49:56 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=7ee526a5058af846bdfed16a29a0c48a
      # end=init
      # utc_time=2017-09-08 20:49:52
      # local_time=2017-09-08 17:49:52 (-0300, Hora estándar de Argentina)
      # country="Spain"
      # osver=10.0.14393 NT
      17:55:44 Call m_esets_charon_setup_create
      17:55:44 Call m_esets_charon_create
      17:55:44 m_esets_charon_create OK
      17:55:44 Call m_esets_charon_start_send_thread
      17:55:44 Call m_esets_charon_setup_set
      17:55:44 m_esets_charon_setup_set OK
      17:55:48 Updating
      17:55:48 Update Init
      17:55:59 Call m_esets_charon_setup_create
      17:55:59 Call m_esets_charon_create
      17:55:59 m_esets_charon_setup_set ERROR
      17:55:59 Update Download
      18:04:07 esets_scanner_update returned -1 esets_gle=12
      18:04:07 g_uiModuleBuild: 31343
      18:04:07 Update Finalize
      18:04:07 Call m_esets_charon_send
      18:04:07 Call m_esets_charon_destroy
      18:04:07 Retrying Update
      18:04:07 Updating
      18:04:07 Update Init
      18:04:20 Call m_esets_charon_setup_create
      18:04:20 Call m_esets_charon_create
      18:04:20 m_esets_charon_setup_set ERROR
      18:04:20 Update Download
      18:42:49 esets_scanner_update returned -1 esets_gle=12
      18:42:49 g_uiModuleBuild: 31343
      18:42:49 Update Finalize
      18:42:49 Call m_esets_charon_send
      18:42:49 Call m_esets_charon_destroy
      18:42:49 Retrying Update
      18:42:49 Updating
      18:42:49 Update Init
      18:42:59 Call m_esets_charon_setup_create
      18:42:59 Call m_esets_charon_create
      18:42:59 m_esets_charon_setup_set ERROR
      18:42:59 Update Download
      18:51:57 esets_scanner_update returned -1 esets_gle=12
      18:51:58 g_uiModuleBuild: 31343
      18:51:58 Update Finalize
      18:51:59 Call m_esets_charon_send
      18:52:00 Call m_esets_charon_destroy
      18:52:16 Call m_esets_charon_setup_create
      18:52:17 Call m_esets_charon_create
      18:52:17 m_esets_charon_setup_set ERROR
      18:53:55 Call m_esets_charon_setup_create
      18:53:55 Call m_esets_charon_create
      18:53:55 m_esets_charon_setup_set ERROR
      18:53:56 Updating
      18:53:56 Update Init
      18:54:05 Call m_esets_charon_setup_create
      18:54:05 Call m_esets_charon_create
      18:54:05 m_esets_charon_setup_set ERROR
      18:54:05 Update Download
      1901 esets_scanner_update returned -1 esets_gle=12
      1901 g_uiModuleBuild: 31343
      1901 Update Finalize
      1901 Call m_esets_charon_send
      1901 Call m_esets_charon_destroy
      1901 Retrying Update
      1901 Updating
      1901 Update Init
      1911 Call m_esets_charon_setup_create
      1911 Call m_esets_charon_create
      1911 m_esets_charon_setup_set ERROR
      1911 Update Download
      19:23:15 esets_scanner_update returned -1 esets_gle=12
      19:23:15 g_uiModuleBuild: 31343
      19:23:15 Update Finalize
      19:23:15 Call m_esets_charon_send
      19:23:15 Call m_esets_charon_destroy
      19:23:16 Retrying Update
      19:23:16 Updating
      19:23:16 Update Init
      19:23:25 Call m_esets_charon_setup_create
      19:23:25 Call m_esets_charon_create
      19:23:25 m_esets_charon_setup_set ERROR
      19:23:25 Update Download
      19:32:25 esets_scanner_update returned -1 esets_gle=12
      19:32:25 g_uiModuleBuild: 31343
      19:32:25 Update Finalize
      19:32:25 Call m_esets_charon_send
      19:32:25 Call m_esets_charon_destroy
      19:32:36 Call m_esets_charon_setup_create
      19:32:36 Call m_esets_charon_create
      19:32:36 m_esets_charon_setup_set ERROR
      19:46:07 Call m_esets_charon_setup_create
      19:46:08 Call m_esets_charon_create
      19:46:08 m_esets_charon_setup_set ERROR
      19:46:09 Updating
      19:46:09 Update Init
      19:46:21 Call m_esets_charon_setup_create
      19:46:21 Call m_esets_charon_create
      19:46:21 m_esets_charon_setup_set ERROR
      19:46:21 Update Download
      19:46:22 esets_scanner_update returned -1 esets_gle=12
      19:46:22 g_uiModuleBuild: 31343
      19:46:22 Update Finalize
      19:46:22 Call m_esets_charon_send
      19:46:22 Call m_esets_charon_destroy
      19:46:22 Retrying Update
      19:46:22 Updating
      19:46:22 Update Init
      19:46:32 Call m_esets_charon_setup_create
      19:46:32 Call m_esets_charon_create
      19:46:32 m_esets_charon_setup_set ERROR
      19:46:32 Update Download
      19:46:32 esets_scanner_update returned -1 esets_gle=12
      19:46:32 g_uiModuleBuild: 31343
      19:46:32 Update Finalize
      19:46:32 Call m_esets_charon_send
      19:46:32 Call m_esets_charon_destroy
      19:46:32 Retrying Update
      19:46:32 Updating
      19:46:32 Update Init
      19:46:42 Call m_esets_charon_setup_create
      19:46:42 Call m_esets_charon_create
      19:46:42 m_esets_charon_setup_set ERROR
      19:46:42 Update Download
      19:46:42 esets_scanner_update returned -1 esets_gle=12
      19:46:42 g_uiModuleBuild: 31343
      19:46:42 Update Finalize
      19:46:42 Call m_esets_charon_send
      19:46:42 Call m_esets_charon_destroy
      19:46:55 Call m_esets_charon_setup_create
      19:46:55 Call m_esets_charon_create
      19:46:55 m_esets_charon_setup_set ERROR
      22:15:42 Call m_esets_charon_send
      22:15:42 Call m_esets_charon_destroy
      22:15:43 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Owner\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
      22:16:08 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=7ee526a5058af846bdfed16a29a0c48a
      # end=init
      # utc_time=2017-09-09 01:16:06
      # local_time=2017-09-08 22:16:06 (-0300, Hora estándar de Argentina)
      # country="Spain"
      # osver=10.0.14393 NT
      22:16:38 Call m_esets_charon_setup_create
      22:16:38 Call m_esets_charon_create
      22:16:38 m_esets_charon_create OK
      22:16:38 Call m_esets_charon_start_send_thread
      22:16:38 Call m_esets_charon_setup_set
      22:16:38 m_esets_charon_setup_set OK
      22:16:39 Updating
      22:16:39 Update Init
      22:16:48 Call m_esets_charon_setup_create
      22:16:48 Call m_esets_charon_create
      22:16:48 m_esets_charon_setup_set ERROR
      22:16:48 Update Download
      22:24:04 esets_scanner_update returned -1 esets_gle=12
      22:24:04 g_uiModuleBuild: 31343
      22:24:04 Update Finalize
      22:24:04 Call m_esets_charon_send
      22:24:04 Call m_esets_charon_destroy
      22:24:04 Retrying Update
      22:24:04 Updating
      22:24:04 Update Init
      22:24:13 Call m_esets_charon_setup_create
      22:24:13 Call m_esets_charon_create
      22:24:13 m_esets_charon_setup_set ERROR
      22:24:13 Update Download
      22:29:55 esets_scanner_update returned -1 esets_gle=12
      22:29:55 g_uiModuleBuild: 31343
      22:29:55 Update Finalize
      22:29:55 Call m_esets_charon_send
      22:29:55 Call m_esets_charon_destroy
      22:29:55 Retrying Update
      22:29:55 Updating
      22:29:55 Update Init
      22:30:04 Call m_esets_charon_setup_create
      22:30:04 Call m_esets_charon_create
      22:30:04 m_esets_charon_setup_set ERROR
      22:30:04 Update Download
      22:31:27 esets_scanner_update returned -1 esets_gle=12
      22:31:27 g_uiModuleBuild: 31343
      22:31:27 Update Finalize
      22:31:27 Call m_esets_charon_send
      22:31:28 Call m_esets_charon_destroy
      22:31:38 Call m_esets_charon_setup_create
      22:31:38 Call m_esets_charon_create
      22:31:38 m_esets_charon_setup_set ERROR
      22:59:37 Call m_esets_charon_send
      22:59:37 Call m_esets_charon_destroy
      22:59:38 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Owner\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
      11:22:43 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=7ee526a5058af846bdfed16a29a0c48a
      # end=init
      # utc_time=2017-09-09 14:22:38
      # local_time=2017-09-09 11:22:38 (-0300, Hora estándar de Argentina)
      # country="Spain"
      # osver=10.0.14393 NT
      11:23:04 Call m_esets_charon_setup_create
      11:23:04 Call m_esets_charon_create
      11:23:04 m_esets_charon_create OK
      11:23:04 Call m_esets_charon_start_send_thread
      11:23:04 Call m_esets_charon_setup_set
      11:23:04 m_esets_charon_setup_set OK
      11:23:05 Updating
      11:23:06 Update Init
      11:23:17 Call m_esets_charon_setup_create
      11:23:17 Call m_esets_charon_create
      11:23:17 m_esets_charon_setup_set ERROR
      11:23:17 Update Download
      11:28:01 esets_scanner_update returned -1 esets_gle=12
      11:28:01 g_uiModuleBuild: 31343
      11:28:01 Update Finalize
      11:28:01 Call m_esets_charon_send
      11:28:01 Call m_esets_charon_destroy
      11:28:01 Retrying Update
      11:28:01 Updating
      11:28:01 Update Init
      11:29:31 Update timeout and progress <3, Retry update
      11:29:31 Update Init
      11:29:39 Call m_esets_charon_setup_create
      11:29:39 Call m_esets_charon_create
      11:29:39 m_esets_charon_setup_set ERROR
      11:29:39 Update Download
      11:36:30 esets_scanner_update returned -1 esets_gle=12
      11:36:30 g_uiModuleBuild: 31343
      11:36:30 Update Finalize
      11:36:30 Call m_esets_charon_send
      11:36:30 Call m_esets_charon_destroy
      11:36:30 Retrying Update
      11:36:30 Updating
      11:36:30 Update Init
      11:36:40 Call m_esets_charon_setup_create
      11:36:40 Call m_esets_charon_create
      11:36:40 m_esets_charon_setup_set ERROR
      11:36:40 Update Download
      11:39:28 esets_scanner_update returned -1 esets_gle=12
      11:39:29 g_uiModuleBuild: 31343
      11:39:29 Update Finalize
      11:39:29 Call m_esets_charon_send
      11:39:29 Call m_esets_charon_destroy
      11:39:38 Call m_esets_charon_setup_create
      11:39:38 Call m_esets_charon_create
      11:39:38 m_esets_charon_setup_set ERROR
      12:18:54 Call m_esets_charon_setup_create
      12:18:54 Call m_esets_charon_create
      12:18:54 m_esets_charon_setup_set ERROR
      12:18:54 Updating
      12:18:55 Update Init
      12:19:05 Call m_esets_charon_setup_create
      12:19:05 Call m_esets_charon_create
      12:19:05 m_esets_charon_setup_set ERROR
      12:19:05 Update Download
      12:22:34 esets_scanner_update returned -1 esets_gle=12
      12:22:34 g_uiModuleBuild: 31343
      12:22:34 Update Finalize
      12:22:34 Call m_esets_charon_send
      12:22:34 Call m_esets_charon_destroy
      12:22:35 Retrying Update
      12:22:35 Updating
      12:22:35 Update Init
      12:22:44 Call m_esets_charon_setup_create
      12:22:44 Call m_esets_charon_create
      12:22:44 m_esets_charon_setup_set ERROR
      12:22:44 Update Download
      12:30:34 esets_scanner_update returned -1 esets_gle=12
      12:30:34 g_uiModuleBuild: 31343
      12:30:34 Update Finalize
      12:30:34 Call m_esets_charon_send
      12:30:34 Call m_esets_charon_destroy
      12:30:35 Retrying Update
      12:30:35 Updating
      12:30:35 Update Init
      12:30:44 Call m_esets_charon_setup_create
      12:30:44 Call m_esets_charon_create
      12:30:44 m_esets_charon_setup_set ERROR
      12:30:44 Update Download
      12:37:14 esets_scanner_update returned -1 esets_gle=12
      12:37:14 g_uiModuleBuild: 31343
      12:37:14 Update Finalize
      12:37:14 Call m_esets_charon_send
      12:37:14 Call m_esets_charon_destroy
      12:37:24 Call m_esets_charon_setup_create
      12:37:24 Call m_esets_charon_create
      12:37:24 m_esets_charon_setup_set ERROR
      12:40:06 Call m_esets_charon_setup_create
      12:40:06 Call m_esets_charon_create
      12:40:06 m_esets_charon_setup_set ERROR
      12:40:06 Updating
      12:40:06 Update Init
      12:40:15 Call m_esets_charon_setup_create
      12:40:15 Call m_esets_charon_create
      12:40:16 m_esets_charon_setup_set ERROR
      12:40:16 Update Download
      12:44:41 esets_scanner_update returned -1 esets_gle=12
      12:44:41 g_uiModuleBuild: 31343
      12:44:41 Update Finalize
      12:44:41 Call m_esets_charon_send
      12:44:41 Call m_esets_charon_destroy
      12:44:42 Retrying Update
      12:44:42 Updating
      12:44:42 Update Init
      12:44:51 Call m_esets_charon_setup_create
      12:44:51 Call m_esets_charon_create
      12:44:51 m_esets_charon_setup_set ERROR
      12:44:51 Update Download
      12:55:46 esets_scanner_update returned -1 esets_gle=12
      12:55:46 g_uiModuleBuild: 31343
      12:55:46 Update Finalize
      12:55:46 Call m_esets_charon_send
      12:55:46 Call m_esets_charon_destroy
      12:55:46 Retrying Update
      12:55:46 Updating
      12:55:46 Update Init
      12:55:56 Call m_esets_charon_setup_create
      12:55:56 Call m_esets_charon_create
      12:55:56 m_esets_charon_setup_set ERROR
      12:55:56 Update Download
      13:06:15 esets_scanner_update returned -1 esets_gle=12
      13:06:15 g_uiModuleBuild: 31343
      13:06:15 Update Finalize
      13:06:15 Call m_esets_charon_send
      13:06:15 Call m_esets_charon_destroy
      13:06:28 Call m_esets_charon_setup_create
      13:06:28 Call m_esets_charon_create
      13:06:28 m_esets_charon_setup_set ERROR
      13:23:44 Call m_esets_charon_send
      13:23:44 Call m_esets_charon_destroy
      13:23:45 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Owner\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
      13:23:59 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=7ee526a5058af846bdfed16a29a0c48a
      # end=init
      # utc_time=2017-09-09 16:23:52
      # local_time=2017-09-09 13:23:52 (-0300, Hora estándar de Argentina)
      # country="Spain"
      # osver=10.0.14393 NT
      13:24:40 Call m_esets_charon_setup_create
      13:24:40 Call m_esets_charon_create
      13:24:40 m_esets_charon_create OK
      13:24:40 Call m_esets_charon_start_send_thread
      13:24:40 Call m_esets_charon_setup_set
      13:24:40 m_esets_charon_setup_set OK
      13:24:40 Updating
      13:24:40 Update Init
      13:24:50 Call m_esets_charon_setup_create
      13:24:50 Call m_esets_charon_create
      13:24:50 m_esets_charon_setup_set ERROR
      13:24:50 Update Download
      13:37:47 esets_scanner_update returned -1 esets_gle=12
      13:37:47 g_uiModuleBuild: 31343
      13:37:47 Update Finalize
      13:37:47 Call m_esets_charon_send
      13:37:47 Call m_esets_charon_destroy
      13:37:47 Retrying Update
      13:37:47 Updating
      13:37:47 Update Init
      13:39:03 Call m_esets_charon_setup_create
      13:39:03 Call m_esets_charon_create
      13:39:03 m_esets_charon_setup_set ERROR
      13:39:03 Update Download
      13:52:30 esets_scanner_update returned -1 esets_gle=12
      13:52:30 g_uiModuleBuild: 31343
      13:52:30 Update Finalize
      13:52:30 Call m_esets_charon_send
      13:52:30 Call m_esets_charon_destroy
      13:52:30 Retrying Update
      13:52:30 Updating
      13:52:30 Update Init
      13:52:46 Call m_esets_charon_setup_create
      13:52:46 Call m_esets_charon_create
      13:52:46 m_esets_charon_setup_set ERROR
      13:52:46 Update Download
      14:00:53 esets_scanner_update returned -1 esets_gle=12
      14:00:53 g_uiModuleBuild: 31343
      14:00:53 Update Finalize
      14:00:53 Call m_esets_charon_send
      14:00:53 Call m_esets_charon_destroy
      14:01:17 Call m_esets_charon_setup_create
      14:01:17 Call m_esets_charon_create
      14:01:17 m_esets_charon_setup_set ERROR
      14:48:49 Call m_esets_charon_setup_create
      14:48:49 Call m_esets_charon_create
      14:48:49 m_esets_charon_setup_set ERROR
      14:48:49 Updating
      14:48:50 Update Init
      14:49:00 Call m_esets_charon_setup_create
      14:49:00 Call m_esets_charon_create
      14:49:00 m_esets_charon_setup_set ERROR
      14:49:00 Update Download
      14:55:47 esets_scanner_update returned -1 esets_gle=12
      14:55:47 g_uiModuleBuild: 31343
      14:55:47 Update Finalize
      14:55:47 Call m_esets_charon_send
      14:55:47 Call m_esets_charon_destroy
      14:55:47 Retrying Update
      14:55:47 Updating
      14:55:47 Update Init
      14:56:02 Call m_esets_charon_setup_create
      14:56:02 Call m_esets_charon_create
      14:56:02 m_esets_charon_setup_set ERROR
      14:56:02 Update Download
      15:05:16 esets_scanner_update returned -1 esets_gle=12
      15:05:16 g_uiModuleBuild: 31343
      15:05:16 Update Finalize
      15:05:16 Call m_esets_charon_send
      15:05:16 Call m_esets_charon_destroy
      15:05:16 Retrying Update
      15:05:16 Updating
      15:05:16 Update Init
      15:05:31 Call m_esets_charon_setup_create
      15:05:31 Call m_esets_charon_create
      15:05:31 m_esets_charon_setup_set ERROR
      15:05:31 Update Download
      15:18:02 esets_scanner_update returned -1 esets_gle=12
      15:18:02 g_uiModuleBuild: 31343
      15:18:02 Update Finalize
      15:18:02 Call m_esets_charon_send
      15:18:02 Call m_esets_charon_destroy
      15:18:20 Call m_esets_charon_setup_create
      15:18:20 Call m_esets_charon_create
      15:18:20 m_esets_charon_setup_set ERROR
      15:24:54 Call m_esets_charon_send
      15:24:54 Call m_esets_charon_destroy
      15:24:55 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Owner\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
      09:27:14 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=7ee526a5058af846bdfed16a29a0c48a
      # end=init
      # utc_time=2017-09-11 12:27:11
      # local_time=2017-09-11 09:27:11 (-0300, Hora estándar de Argentina)
      # country="Spain"
      # osver=10.0.14393 NT
      09:27:40 Call m_esets_charon_setup_create
      09:27:40 Call m_esets_charon_create
      09:27:40 m_esets_charon_create OK
      09:27:40 Call m_esets_charon_start_send_thread
      09:27:40 Call m_esets_charon_setup_set
      09:27:40 m_esets_charon_setup_set OK
      09:27:42 Updating
      09:27:42 Update Init
      09:27:55 Call m_esets_charon_setup_create
      09:27:55 Call m_esets_charon_create
      09:27:55 m_esets_charon_setup_set ERROR
      09:27:55 Update Download
      09:47:24 esets_scanner_reload returned 0
      09:47:24 g_uiModuleBuild: 34706
      09:47:24 Update Finalize
      09:47:24 Call m_esets_charon_send
      09:47:24 Call m_esets_charon_destroy
      09:47:24 Updated modules version: 34706
      09:47:35 Call m_esets_charon_setup_create
      09:47:35 Call m_esets_charon_create
      09:47:36 m_esets_charon_setup_set ERROR
      09:47:36 Scanner engine: 34706
      15:28:27 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=7ee526a5058af846bdfed16a29a0c48a
      # engine=34706
      # end=finished
      # remove_checked=false
      # archives_checked=false
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # sfx_checked=true
      # utc_time=2017-09-11 18:28:27
      # local_time=2017-09-11 15:28:27 (-0300, Hora estándar de Argentina)
      # country="Spain"
      # lang=13322
      # osver=10.0.14393 NT
      # compatibility_mode_1='Avira Antivirus'
      # compatibility_mode=1815 16777213 100 97 0 46613752 0 0
      # compatibility_mode_1=''
      # compatibility_mode=5893 16776574 100 94 7671561 35563521 0 0
      # scanned=2
      # found=12
      # cleaned=0
      # scan_time=20461
      sh=D72876E537BD04E76045D31D79512E489A231940 ft=1 fh=0000000000000000 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura" ac=I fn="C:\Program Files\GlobalMapper16_64bit\Patch-REPT.exe"
      sh=7D1409D15CF79B53BFA2466A9B3E8765D83948BE ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Desktop\ccsetup523.exe"
      sh=C705C0B0210EBDA6A3301C6CA9C6091B2EE11D5B ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Desktop\ccsetup533.exe"
      sh=D72876E537BD04E76045D31D79512E489A231940 ft=1 fh=0000000000000000 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Desktop\Descargadeinformacion\Patch-REPT.exe"
      sh=C77812B53AF78540827947F3D42AD379C2743876 ft=1 fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Downloads\aTubeCatcher.exe"
      sh=E67F27E28D2D05CD222C6CF9059911C8D73CBEE3 ft=1 fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Downloads\aTube_Catcher.exe"
      sh=0CCB68AF90F9A51F7D06B4A5C0B625356A17E8B3 ft=1 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite aplicación potencialmente no deseada" ac=I fn="C:\Users\Owner\Downloads\Setup_FreeFlvConverter.exe"
      sh=B37B52285DE862B7CAEA96BB8EB99D9B10DE236F ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Downloads\Shockwave_Installer_Slim.exe"
      sh=2828B9BD9E3D65E578B51B049A2BF5D4F2AEF182 ft=1 fh=0000000000000000 vn="Win32/Keygen.MH aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Downloads\Internet_candio\Internet Download Manager 6.05\SnDk&p.exe"
      sh=0ED8F79BE8A59183AF7A95F7FE3AFDB61D55DD54 ft=1 fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.C aplicación potencialmente no segura,una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura" ac=I fn="C:\Users\Owner\Music\aTube_Catcher.exe"
      sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura,está correcto,una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura" ac=I fn="${Startup}"
      19:48:50 Call m_esets_charon_send
      19:48:50 Call m_esets_charon_destroy

      queda a disposición de alguna nueva sugerencia.
      Muchas gracias y saludos

    10. #20
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.336

      Re: Ayuda! Virus chino en mi escritorio

      Hola

      No has configurado EsetOnline como te indiqué y no ha eliminado nada de lo que ha detectado, vuelve a ejecutar EsetOnline prestando atención de como configurarlo.

      Pon el reporte y comenta como sigue.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.