• Registrarse
  • Iniciar sesión


  • Página 1 de 3 123 ÚltimoÚltimo
    Resultados 1 al 10 de 22

    Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

    Buenas tardes amigos necesito ayuda para eliminar este spyware, MEM:Trojan-Spy.Win32.ZBot.b tengo el Kaspersky TOtal Segurity que dice : 25.09.2017 14.53.31;El objeto detectado (memoria del sistema) se ha desinfectado.;System Memory;System Memory;MEM:Trojan-Spy.Win32.ZBot.b;Programa troyano;09/25/2017 pero no es así, ...

    1. #1
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Buenas tardes amigos necesito ayuda para eliminar este spyware, MEM:Trojan-Spy.Win32.ZBot.b tengo el Kaspersky TOtal Segurity que dice :

      25.09.2017 14.53.31;El objeto detectado (memoria del sistema) se ha desinfectado.;System Memory;System Memory;MEM:Trojan-Spy.Win32.ZBot.b;Programa troyano;09/25/2017
      pero no es así, pase el super antispyware y el ComboFix pero nada, agradezco su ayuda por favor es urgente,
      normalmente el mensaje del virus apararece cuando estoy usando NTLite con un winmdows que quiero modificar,
      hasta lo escanee pero nada, PLEASE AYUDA

    2. #2
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      17.927

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Saludos y [email protected]




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      Siguen saliendo los avisos de tu antivirus??



      Pega el log de Combofix que esta en C:\ComboFix.txt.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Hola amigo Miguel gracias por responder, y si aun sigue saliendo, pero solo cuando uso el NTLite para modificar un windows, pero mi temor es que el mismo virus este dentro de las librerias de las iso que quiero modificar y si no se elimina yo instalaria un sistema infectado, ayudame hermano, ahorita estoy pasando el MalwareBytes y el Virus Removal for Win32/zbot

      este es el log:
      ComboFix 17-09-14.01 - tavo pc 18/09/2017 11:39:57.2.1 - x86
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.58.3082.18.2046.662 [GMT -4:00]
      Running from: c:\users\tavo pc\Desktop\ComboFix.exe
      AV: Kaspersky Total Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
      FW: Kaspersky Total Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
      SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
      SP: Kaspersky Total Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((( Files Created from 2017-08-18 to 2017-09-18 )))))))))))))))))))))))))))))))
      .
      .
      2017-09-18 16:18 . 2017-09-18 16:18 -------- d-----w- c:\users\Invitado\AppData\Local\temp
      2017-09-18 16:18 . 2017-09-18 16:18 -------- d-----w- c:\users\Familia\AppData\Local\temp
      2017-09-18 16:18 . 2017-09-18 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
      2017-09-11 17:00 . 2017-09-11 17:00 786912 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
      2017-09-11 17:00 . 2017-09-11 17:00 109024 ----a-w- c:\windows\system32\RtNicProp32.dll
      2017-09-11 16:10 . 2017-09-11 16:10 688224 ----a-w- c:\windows\system32\ICEsoundAPO.dll
      2017-09-11 16:08 . 2017-09-11 16:08 602216 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
      2017-09-06 13:29 . 2017-09-06 13:32 -------- d-----w- c:\program files\NTLite
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2017-09-13 11:05 . 2017-02-10 20:21 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2017-09-13 11:05 . 2017-02-10 20:21 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2017-09-11 17:00 . 2017-02-10 15:59 112160 ----a-w- c:\windows\system32\RTNUninst32.dll
      2017-09-06 15:18 . 2017-02-24 14:30 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
      2017-08-19 20:01 . 2017-05-06 04:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
      2017-08-14 13:14 . 2017-05-04 18:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
      2017-06-23 16:02 . 2017-06-23 16:02 895264 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
      2017-06-23 16:02 . 2017-06-23 16:02 28448 ----a-w- c:\windows\system32\nvhdap32.dll
      2017-06-23 16:02 . 2017-06-23 16:02 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
      2015-12-23 20:27 759072 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Pending)]
      @="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
      [HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
      2017-05-11 14:44 569856 ----a-w- c:\users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Synced)]
      @="{05B38830-F4E9-4329-978B-1DD28605D202}"
      [HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
      2017-05-11 14:44 569856 ----a-w- c:\users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Syncing)]
      @="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
      [HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
      2017-05-11 14:44 569856 ----a-w- c:\users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
      @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
      [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
      2015-07-31 13:58 1512152 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
      @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
      [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
      2015-07-31 13:58 1512152 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
      @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
      [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
      2015-07-31 13:58 1512152 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
      @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
      [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
      2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-02-24 3890768]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2017-02-27 15009280]
      "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
      "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2017-05-19 5232928]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Wireless Configuration Utility.lnk - c:\program files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe [2017-6-6 491520]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      "EnableLinkedConnections"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSimpleNetIDList"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^Users^tavo pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk]
      path=c:\users\tavo pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
      backup=c:\windows\pss\MEGAsync.lnk.Startup
      backupExtension=.Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
      2015-02-24 10:09 3890768 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
      2013-03-10 17:08 88984 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      R2 AVP16.0.0;Servicio Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [2017-03-01 194000]
      R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-01-15 2945312]
      R3 ampa;ampa;c:\windows\system32\ampa.sys [2011-12-26 12728]
      R3 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
      R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-04-16 104960]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
      R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
      R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2017-04-28 116624]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\DRIVERS\cm_km.sys [2015-07-06 201912]
      S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-07-17 16880]
      S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 46776]
      S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
      S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2017-02-20 23840]
      S1 IMFCameraProtect;IMFCameraProtect;c:\windows\system32\drivers\IMFCameraProtect.sys [2017-03-17 25120]
      S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2015-06-27 58224]
      S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2017-03-01 53168]
      S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2017-03-01 44120]
      S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2017-03-01 39304]
      S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2015-06-11 54328]
      S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys [2015-06-17 87736]
      S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-06-23 156856]
      S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2017-04-28 803328]
      S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2017-04-28 113432]
      S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys [2017-04-28 177368]
      S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2017-04-28 123856]
      S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
      S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-11-29 115752]
      S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2017-05-19 1766176]
      S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2017-03-01 66976]
      S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
      S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2012-07-13 769432]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-08 369256]
      S2 WlanWpsSvc;WlanWpsSvc;c:\program files\Encore\ENUWI-N4 Wireless USB Adapter\WlanWpsSvc.exe [2008-06-26 167936]
      S3 IMFDownProtect;IMFDownProtect;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [2017-03-08 20336]
      S3 IMFForceDelete;IMFForceDelete;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [2017-03-17 14168]
      S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2017-03-01 147328]
      S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 37048]
      S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2015-06-07 38072]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2017-09-11 786912]
      S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2017-09-11 602216]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - 39447391
      *Deregistered* - 39447391
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      utcsvc REG_MULTI_SZ DiagTrack
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2017-08-25 19:12 1429848 ----a-w- c:\program files\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe
      .
      .
      ------- Supplementary Scan -------
      .
      IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office16\ONBttnIE.dll/105
      IE: Descargar con IDM - c:\program files\Internet Download Manager\IEExt.htm
      IE: Descargar con IDM todos los enlaces - c:\program files\Internet Download Manager\IEGetAll.htm
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office16\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.1
      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files\Microsoft Office\Office16\MSOSB.DLL
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\Office16\MSOSB.DLL
      FF - ProfilePath - c:\users\tavo pc\AppData\Roaming\Mozilla\Firefox\Profiles\wpvpjloo.default\
      FF - user.js: network.http.pipelining.maxrequests - 8
      FF - user.js: network.http.request.max-start-delay - 0
      FF - user.js: network.http.max-connections - 48
      FF - user.js: network.http.max-connections-per-server - 16
      FF - user.js: network.http.max-persistent-connections-per-proxy - 16
      FF - user.js: network.http.max-persistent-connections-per-server - 8
      FF - user.js: browser.turbo.enabled - true
      FF - user.js: browser.display.show_image_placeholders - true
      FF - user.js: browser.chrome.favicons - false
      FF - user.js: browser.urlbar.autocomplete.enabled - true
      FF - user.js: browser.cache.memory.capacity - 65536
      FF - user.js: content.notify.ontimer - true
      FF - user.js: content.interrupt.parsing - true
      FF - user.js: content.max.tokenizing.time - 2250000
      FF - user.js: content.switch.threshold - 750000
      FF - user.js: plugin.expose_full_path - true
      FF - user.js: ui.submenuDelay - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      SafeBoot-39447391.sys
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-774849719-567333669-2755415988-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):17,90,79,f4,ef,7a,3d,ef,c7,88,42,f6,09,65,09,a8,ce,1f,36,6c,57,
      91,35,7f,09,fc,d9,6c,5b,4f,42,1b,04,44,1a,7f,23,c2,bc,62,00,00,00,00,00,00,\
      .
      [HKEY_USERS\S-1-5-21-774849719-567333669-2755415988-1000_Classes\CLSID\{9e26405e-858f-4c6c-b210-bd7357d908ed}]
      @Denied: (Full) (Everyone)
      @Allowed: (Read) (RestrictedCode)
      "Model"=dword:00000072
      "Therad"=dword:0000000f
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2017-09-18 12:22:54
      ComboFix-quarantined-files.txt 2017-09-18 16:22
      ComboFix2.txt 2017-09-18 13:13
      .
      Pre-Run: 185.705.332.736 bytes libres
      Post-Run: 185.394.499.584 bytes libres
      .
      - - End Of File - - 5945408FDF303064EE57CEB084BF5882
      A36C5E4F47E84449FF07ED3517B43A31

    4. #4
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      17.927

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Si solo sale cuando usas Ntlite, es lo mas probable que sea la causa, pues a los antivirus no les gustan los programas que modifican archivos del sistema



      Paso 1.-: Descarga Malwarebytes Anti-Rootkit Beta >>Malwarebytes Anti-Rootkit | InfoSpyware y descomprima el contenido en su escritorio
      Paso 2.- : Desactiva tu antivirus >> Cómo deshabilitar temporalmente su Antivirus

      Abra la carpeta Mbar. Doble clic en el archivo Mbar.exe
      • En la interfaz del programa haga clic en Next.
      • Haga clic en el botón Update. Terminando clic en Next
      • Para iniciar el análisis clic en el botón Scan
      • Terminando, si hay infección clic en CleanUp, si no hay, clic en Exit.


      Al finalizar abra la carpeta Mbar, los archivos mbar-log.txt , copie y pegue todo su contenido en la siguiente respuesta y comentando los resultados.


      Descarga y ejecuta >> Manual de Dr.Web CureIt! y sigue las instrucciones para realizar un escaneo completo (ver donde pone Realizando un escaneo Completo con un escaneo Personalizado (Recomendado)
      Antes de comenzar el escaneo se recomienda presionar el icono en forma de llave inglesa y de las opciones elegirá Configuración:
      En la ventana ira a Log y pondrá el nivel en mínimo y deberá dar en OK para guardar los cambios.
      Advertencia. Si esta sección se deja en Máximo o Medio el reporte será innecesariamente extenso y no podrá publicarlo en el tema del foro en donde lo estén ayudando.
      Una vez ajustado lo anterior volverá a la ventana principal del programa donde podrá elegir la opción de escaneo Personalizado según lo que se ha indicado

      Escaneo personalizado: Este es el otro escaneo que ofrece Dr. Web CureIt!, el cual puede accederse presionando en la sección que pone Seleccione Objetos a Escanear. Gracias a este modo, puede seleccionar la carpeta/fichero que desee analizar al igual que crear un perfil de análisis.
      1. Deberá marcar todas las casillas de la sección Escaneando Objetos.
      2. Posteriormente presionar sobre Click to select files and folders, con lo cual se abrirá una ventana para seleccionar unidades que serán escaneadas. Se recomienda seleccionar todas incluyendo los dispositivos extraíbles.
      3. Para iniciar el escaneo presionara en Comenzando Escaneo.
      4. Una vez finalizado, si encuentra amenazas,pulsamos en Neutralizar
      5. Luego pega el reporte aquí.
      De forma predeterminada, una vez que Dr. Web CureIt! finaliza de escanear el sistema operativo, crea un reporte que puede encontrar en la siguiente ruta:
      Disco C-Nombre de Usuario-Dr Web-Cure-it.log

      Nota:Solo pegamos, la ultima parte del log, donde dice que detecto y elimino , donde pone “Start Curing”




      1-Descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • La guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas /ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.

      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Me pegas logs en orden
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Hola amigo miguel gracias por responder este es el log de mbar, aunque lo que detecto y elimino es un crack de Balware Bytes y me di cuenta despues:

      Malwarebytes Anti-Rootkit BETA 1.9.3.1001
      www.malwarebytes.org

      Database version:
      main: v2017.09.28.04
      rootkit: v2017.09.13.01

      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 11.0.9600.18792
      tavo pc :: TAVOPC-PC [administrator]

      28/09/2017 02:52:17 p.m.
      mbar-log-2017-09-28 (14-52-17).txt

      Scan type: Quick scan
      Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
      Scan options disabled:
      Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
      Objects scanned: 314877
      Time elapsed: 34 minute(s), 32 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 1
      C:\Windows\System32\drivers\etc\hosts (RiskWare.DontStealOurSoftware) -> Bad: (0.0.0.0 keystone.mwbsys.com) Good: () -> Replace on reboot. [edd793269514cb6b73aa203515ebab55]

      Physical Sectors Detected: 0
      (No malicious items detected)

      (end)

    6. #6
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      este el de Dr.Web:

      Start curing
      -----------------------------------------------------------------------------

      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe - quarantined, reboot required
      C:\Windows\system32\drivers\etc\hosts - cured
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe - Ok
      \device\harddiskvolume2\program files\iobit\driver booster\driverbooster.exe - Ok
      \device\harddiskvolume2\program files\iobit\iobit malware fighter\surfing protection\adblock\adblock.dll - Ok
      \device\harddiskvolume2\program files\iobit\iobit malware fighter\surfing protection\browerprotect\ascplugin_protection.dll - Ok
      \device\harddiskvolume2\program files\iobit\iobit uninstaller\uninstallexplorer.dll - Ok
      \device\harddiskvolume2\program files\iobit\iobit malware fighter\drivers\win7_x86\imffilter.sys - Ok
      \device\harddiskvolume2\program files\iobit\liveupdate\liveupdate.exe - Ok
      \device\harddiskvolume2\program files\iobit\iobit uninstaller\iobituninstaler.exe - Ok
      \device\harddiskvolume2\program files\iobit\iobit uninstaller\uninstallmenuright.dll - Ok
      \device\harddiskvolume2\program files\iobit\iobit malware fighter\drivers\win7_x86\regfilter.sys - quarantined
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\SafeCheckCode32.dll - quarantined, reboot required
      \Device\HarddiskVolume2\Program Files\IObit\IObit Uninstaller\madexcept_.bpl - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Uninstaller\maddisAsm_.bpl - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Uninstaller\madbasic_.bpl - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Uninstaller\vcl120.bpl - quarantined
      \Device\HarddiskVolume2\Program Files\IObit\IObit Uninstaller\rtl120.bpl - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\datastate.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\sqlite3.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\rtl120.bpl - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\vcl120.bpl - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\HomepageSvc.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\Antivirus\OEMDetection.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\OFCommon.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\cameractl.dll - Ok
      \Device\HarddiskVolume2\Program Files\IObit\IObit Malware Fighter\fdptctl.dll - Ok
      C:\Windows\TEMP\iocC77C.tmp - deleted
      C:\Windows\TEMP\iocC070.tmp - deleted

      Total 6011185992 bytes in 68822 files scanned (72930 objects)
      Total 28772 files (32813 objects) are clean
      Total 32 files are infected
      Total 32 files are neutralized
      Total 40084 files are raised error condition
      Scan time is 02:04:05.067

      Error to send CureIt! statistics: (12007)

    7. #7
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-09-2017
      Ran by tavo pc (administrator) on TAVOPC-PC (29-09-2017 16:00:51)
      Running from C:\Users\tavo pc\Desktop
      Loaded Profiles: tavo pc (Available Profiles: tavo pc & Familia & Invitado)
      Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
      (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
      (UASSOFT.COM) C:\Program Files\Mouse Driver\KMWDSrv.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      () C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanWpsSvc.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      (UASSOFT.COM) C:\Program Files\Mouse Driver\StartAutorun.exe
      (UASSOFT.COM) C:\Program Files\Mouse Driver\KMCONFIG.exe
      (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
      (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
      () C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe
      (UASSOFT.COM) C:\Program Files\Mouse Driver\KMProcess.exe
      (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
      (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
      (Farbar) C:\Users\tavo pc\Desktop\(Farbar Recovery Scan Tool By Farbar)FRST_2.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [15009280 2017-02-27] (Realtek Semiconductor)
      HKLM\...\Run: [KMCONFIG] => C:\Program Files\Mouse Driver\StartAutorun.exe [212992 2007-03-06] (UASSOFT.COM)
      HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3890768 2015-02-24] (Tonec Inc.)
      HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-09-25] (SUPERAntiSpyware)
      HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2017-06-06]
      ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe ()
      GroupPolicy\User: Restriction ? <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-774849719-567333669-2755415988-1001\User: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{B9BB69AD-C584-44BA-B5AB-550ED536C0AF}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
      Tcpip\..\Interfaces\{F47A9A06-CBBC-4C2C-AB89-47408EF5703A}: [DhcpNameServer] 192.168.1.1

      Internet Explorer:
      ==================
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-774849719-567333669-2755415988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
      BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
      BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
      BHO: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-12-22] (IObit)
      BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2017-03-01] (AO Kaspersky Lab)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
      BHO: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2016-12-22] (IObit)
      Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2017-03-01] (AO Kaspersky Lab)
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

      FireFox:
      ========
      FF DefaultProfile: wpvpjloo.default
      FF ProfilePath: C:\Users\tavo pc\AppData\Roaming\Mozilla\Firefox\Profiles\wpvpjloo.default [2017-09-29]
      FF user.js: detected! => C:\Users\tavo pc\AppData\Roaming\Mozilla\Firefox\Profiles\wpvpjloo.default\user.js [2017-09-18]
      FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\tavo pc\AppData\Roaming\Mozilla\Firefox\Profiles\wpvpjloo.default\Extensions\[email protected] [2016-10-25]
      FF Extension: (Al Traductor de Google) - C:\Users\tavo pc\AppData\Roaming\Mozilla\Firefox\Profiles\wpvpjloo.default\Extensions\[email protected] [2017-04-20]
      FF Extension: (ImTranslator) - C:\Users\tavo pc\AppData\Roaming\Mozilla\Firefox\Profiles\wpvpjloo.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2017-06-16]
      FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
      FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2017-03-02]
      FF HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\tavo pc\AppData\Roaming\IDM\idmmzcc5
      FF Extension: (IDM CC) - C:\Users\tavo pc\AppData\Roaming\IDM\idmmzcc5 [2017-02-14] [not signed]
      FF HKU\S-1-5-21-774849719-567333669-2755415988-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\tavo pc\AppData\Roaming\IDM\idmmzcc5
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
      FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
      FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-10-08] (NVIDIA Corporation)
      FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-10-08] (NVIDIA Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-26] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-26] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
      FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
      FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR StartupUrls: Default -> "hxxp://www.google.com/"
      CHR Profile: C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default [2017-09-29]
      CHR Extension: (Traductor de Google) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-05-10]
      CHR Extension: (Presentaciones de Google) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-21]
      CHR Extension: (Google Docs) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-21]
      CHR Extension: (Google Drive) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-21]
      CHR Extension: (MEGA) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-09-28]
      CHR Extension: (YouTube) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-21]
      CHR Extension: (Kaspersky Protection) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2017-03-01]
      CHR Extension: (Traducir Texto Seleccionado) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2017-05-10]
      CHR Extension: (uBlock Adblock Plus) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-06-27]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-21]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-21]
      CHR Extension: (IDM Integration Module) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-14]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-21]
      CHR Extension: (Chrome Media Router) - C:\Users\tavo pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
      CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
      CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-02-24]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
      S2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2017-03-01] (Kaspersky Lab ZAO)
      S3 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
      R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
      R2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [208896 2007-04-05] (UASSOFT.COM) [File not signed]
      S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
      R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
      S3 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      R2 WlanWpsSvc; C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
      S2 SpyHunter 4 Service; "C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe" [X]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 ampa; C:\Windows\system32\ampa.sys [12728 2011-12-26] () [File not signed]
      R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
      R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
      S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2017-09-22] ()
      R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
      R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-02-20] (REALiX(tm))
      R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [25120 2017-03-17] (IObit.com)
      R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)
      S3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21392 2017-01-06] (IObit)
      R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-03-17] (IObit.com)
      R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
      R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation)
      R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
      R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
      R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
      R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2017-03-01] (AO Kaspersky Lab)
      R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2017-03-01] (AO Kaspersky Lab)
      R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2017-03-01] (AO Kaspersky Lab)
      R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2017-03-01] (AO Kaspersky Lab)
      R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2017-03-01] (AO Kaspersky Lab)
      R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
      R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
      R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2017-03-01] (AO Kaspersky Lab)
      R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
      R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
      R3 KMWDFilter; C:\Windows\System32\Drivers\KMWDFilter.SYS [17024 2007-03-29] (Windows (R) Codename Longhorn DDK provider) [File not signed]
      R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
      R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221632 2017-09-29] (Malwarebytes)
      R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
      R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2017-02-10] (Duplex Secure Ltd.)
      R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [458656 2016-12-05] (BitDefender S.R.L.)
      R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113432 2017-04-28] (Oracle Corporation)
      R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [177368 2017-04-28] (Oracle Corporation)
      U3 abdxdi69; C:\Windows\system32\Drivers\abdxdi69.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
      S3 catchme; \??\C:\Users\TAVOPC~1\AppData\Local\Temp\catchme.sys [X]
      S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
      S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-09-29 16:00 - 2017-09-29 16:02 - 000018400 _____ C:\Users\tavo pc\Desktop\FRST.txt
      2017-09-29 15:59 - 2017-09-29 16:00 - 000000000 ____D C:\FRST
      2017-09-29 15:57 - 2017-09-29 15:57 - 001795584 _____ (Farbar) C:\Users\tavo pc\Desktop\(Farbar Recovery Scan Tool By Farbar)FRST_2.exe
      2017-09-28 16:08 - 2017-09-28 18:24 - 000000000 ____D C:\Users\tavo pc\Doctor Web
      2017-09-28 16:08 - 2017-09-28 16:08 - 000000000 ____D C:\ProgramData\Doctor Web
      2017-09-28 16:06 - 2017-09-28 16:01 - 158855272 _____ C:\Users\tavo pc\Desktop\cureit.exe
      2017-09-27 16:46 - 2017-09-27 16:50 - 033262686 _____ C:\Users\tavo pc\Desktop\Arquitectura_de_Computadoras-FL.rar
      2017-09-27 12:05 - 2017-09-27 12:24 - 000000000 ____D C:\Program Files\SpeedFan
      2017-09-27 12:05 - 2017-09-27 12:05 - 000000965 _____ C:\Users\tavo pc\Desktop\SpeedFan.lnk
      2017-09-27 12:05 - 2017-09-27 12:05 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
      2017-09-27 12:03 - 2017-09-27 12:05 - 000000045 _____ C:\Windows\system32\initdebug.nfo
      2017-09-27 11:39 - 2017-09-27 11:39 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\77E66622.sys
      2017-09-27 11:39 - 2017-09-27 11:39 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\43B36650.sys
      2017-09-27 09:02 - 2017-09-28 15:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
      2017-09-27 08:58 - 2017-09-28 15:30 - 000000000 ____D C:\Users\tavo pc\Desktop\mbar
      2017-09-27 08:38 - 2017-09-27 08:38 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\30675B8D.sys
      2017-09-26 07:32 - 2017-09-28 14:51 - 000094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
      2017-09-26 07:32 - 2017-09-28 14:03 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2017-09-26 07:32 - 2017-09-26 10:12 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2017-09-26 07:31 - 2017-09-29 14:24 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-09-26 07:30 - 2017-09-27 15:50 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
      2017-09-26 07:30 - 2017-09-27 09:03 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-09-26 07:30 - 2017-09-26 07:30 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-09-26 07:30 - 2017-09-26 07:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-09-26 07:30 - 2017-09-26 07:30 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-09-25 17:29 - 2017-09-25 17:29 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\Obsidium
      2017-09-23 17:39 - 2017-09-23 17:39 - 000000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c5b3ffb2-c17a-46e9-8944-8bf6c8434b9a.job
      2017-09-23 17:39 - 2017-09-23 17:39 - 000000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task aa545093-df11-429a-b0ff-067d71e1c292.job
      2017-09-23 17:39 - 2017-09-23 17:39 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\SUPERAntiSpyware.com
      2017-09-23 17:38 - 2017-09-25 20:46 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
      2017-09-23 17:38 - 2017-09-25 17:09 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
      2017-09-23 17:38 - 2017-09-23 17:38 - 000001961 _____ C:\Users\tavo pc\Desktop\SUPERAntiSpyware Free Edition.lnk
      2017-09-23 17:38 - 2017-09-23 17:38 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
      2017-09-23 07:21 - 2017-09-23 17:37 - 000140400 _____ C:\Windows\ntbtlog.txt
      2017-09-22 15:02 - 2017-09-22 15:06 - 000272120 _____ C:\Users\tavo pc\Downloads\Patch SH santoslaguna88.zip
      2017-09-22 11:34 - 2017-09-27 08:30 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\Enigma Software Group
      2017-09-22 11:32 - 2017-09-22 11:32 - 000000000 ____D C:\sh4ldr
      2017-09-22 11:25 - 2017-09-22 11:25 - 000019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
      2017-09-22 11:24 - 2017-09-28 14:01 - 000000000 ____D C:\Program Files\Enigma Software Group
      2017-09-21 13:36 - 2017-08-16 10:50 - 002403328 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-09-21 13:36 - 2017-08-15 20:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-09-21 13:36 - 2017-08-15 10:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-09-21 13:36 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-09-21 13:36 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-09-21 13:36 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-09-21 13:36 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-09-21 13:36 - 2017-08-13 12:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-09-21 13:36 - 2017-08-13 12:45 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-09-21 13:36 - 2017-08-13 12:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-09-21 13:36 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-09-21 13:36 - 2017-08-13 12:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-09-21 13:36 - 2017-08-13 12:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-09-21 13:36 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-09-21 13:36 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-09-21 13:36 - 2017-08-13 12:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-09-21 13:36 - 2017-08-13 12:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-09-21 13:36 - 2017-08-13 12:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-09-21 13:36 - 2017-08-13 12:18 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-09-21 13:36 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-09-21 13:36 - 2017-08-13 12:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-09-21 13:36 - 2017-08-13 12:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-09-21 13:36 - 2017-08-13 12:10 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-09-21 13:36 - 2017-08-13 12:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-09-21 13:36 - 2017-08-13 12:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-09-21 13:36 - 2017-08-13 12:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-09-21 13:36 - 2017-08-13 11:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-09-21 13:36 - 2017-08-13 11:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-09-21 13:36 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-09-21 13:36 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-09-21 13:36 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-09-21 13:36 - 2017-08-13 11:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-09-21 13:36 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-09-21 13:36 - 2017-08-13 11:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-09-21 13:36 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-09-21 13:36 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-09-21 13:36 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-09-21 13:36 - 2017-08-11 02:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2017-09-21 13:36 - 2017-08-11 02:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2017-09-21 13:36 - 2017-08-11 02:19 - 000554496 _____ (Microsoft Corporation)

    8. #8
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      C:\Windows\system32\kerberos.dll
      2017-09-21 13:36 - 2017-07-21 10:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
      2017-09-21 13:36 - 2017-07-21 10:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
      2017-09-21 13:36 - 2017-07-14 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-09-21 13:36 - 2017-07-14 11:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-09-21 13:36 - 2017-07-14 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-09-21 13:36 - 2017-07-14 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-09-21 13:36 - 2017-07-07 11:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
      2017-09-21 13:36 - 2017-07-01 09:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
      2017-09-21 13:36 - 2017-06-09 11:17 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-09-21 13:36 - 2017-06-02 03:57 - 000497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
      2017-09-21 13:36 - 2017-05-30 00:39 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2017-09-21 13:36 - 2017-05-16 11:16 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
      2017-09-21 13:36 - 2017-05-12 12:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2017-09-21 13:36 - 2017-05-12 12:25 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2017-09-21 13:36 - 2017-05-10 11:12 - 002953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2017-09-21 13:36 - 2017-05-10 11:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2017-09-21 13:36 - 2017-05-10 11:10 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
      2017-09-21 13:36 - 2017-05-10 11:01 - 002092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2017-09-21 13:36 - 2017-05-10 11:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2017-09-21 13:36 - 2017-05-10 11:00 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2017-09-21 13:36 - 2017-05-10 11:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2017-09-21 13:36 - 2017-05-10 11:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2017-09-21 13:35 - 2017-08-19 11:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
      2017-09-21 13:35 - 2017-08-16 11:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
      2017-09-21 13:35 - 2017-08-15 11:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2017-09-21 13:35 - 2017-08-15 11:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2017-09-21 13:35 - 2017-08-14 13:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
      2017-09-21 13:35 - 2017-08-14 13:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
      2017-09-21 13:35 - 2017-08-14 13:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
      2017-09-21 13:35 - 2017-08-14 13:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
      2017-09-21 13:35 - 2017-08-13 17:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
      2017-09-21 13:35 - 2017-08-11 02:24 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2017-09-21 13:35 - 2017-08-11 02:24 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2017-09-21 13:35 - 2017-08-11 02:21 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000781824 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 02:10 - 000066048 _____ C:\Windows\system32\PrintBrmUi.exe
      2017-09-21 13:35 - 2017-08-11 02:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
      2017-09-21 13:35 - 2017-08-11 02:09 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
      2017-09-21 13:35 - 2017-08-11 02:09 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
      2017-09-21 13:35 - 2017-08-11 02:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
      2017-09-21 13:35 - 2017-08-11 02:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2017-09-21 13:35 - 2017-08-11 02:00 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2017-09-21 13:35 - 2017-08-11 02:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2017-09-21 13:35 - 2017-08-11 02:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2017-09-21 13:35 - 2017-08-11 02:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2017-09-21 13:35 - 2017-08-11 02:00 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2017-09-21 13:35 - 2017-08-11 01:58 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2017-09-21 13:35 - 2017-08-11 01:58 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2017-09-21 13:35 - 2017-08-11 01:56 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2017-09-21 13:35 - 2017-08-11 01:56 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2017-09-21 13:35 - 2017-08-11 01:56 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2017-09-21 13:35 - 2017-08-11 01:56 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2017-09-21 13:35 - 2017-08-11 01:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2017-09-21 13:35 - 2017-08-11 01:56 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2017-09-21 13:35 - 2017-08-11 01:55 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
      2017-09-21 13:35 - 2017-08-11 01:55 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2017-09-21 13:35 - 2017-08-11 01:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2017-09-21 13:35 - 2017-08-11 01:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2017-09-21 13:35 - 2017-08-11 01:55 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
      2017-09-21 13:35 - 2017-08-11 01:55 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2017-09-21 13:35 - 2017-08-11 01:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 01:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 01:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2017-09-21 13:35 - 2017-08-11 01:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2017-09-21 13:35 - 2017-07-29 10:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
      2017-09-21 13:35 - 2017-07-21 10:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
      2017-09-21 13:35 - 2017-07-21 10:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-09-21 13:35 - 2017-07-14 11:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-09-21 13:35 - 2017-07-14 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-09-21 13:35 - 2017-07-14 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-09-21 13:35 - 2017-07-14 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-09-21 13:35 - 2017-07-14 10:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
      2017-09-21 13:35 - 2017-07-14 10:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
      2017-09-21 13:35 - 2017-07-08 11:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2017-09-21 13:35 - 2017-07-07 11:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
      2017-09-21 13:35 - 2017-07-07 11:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-09-21 13:35 - 2017-07-01 09:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
      2017-09-21 13:35 - 2017-07-01 09:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
      2017-09-21 13:35 - 2017-07-01 09:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
      2017-09-21 13:35 - 2017-07-01 09:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
      2017-09-21 13:35 - 2017-06-15 16:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2017-09-21 13:35 - 2017-06-12 18:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
      2017-09-21 13:35 - 2017-06-12 18:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
      2017-09-21 13:35 - 2017-06-12 18:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
      2017-09-21 13:35 - 2017-06-12 18:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
      2017-09-21 13:35 - 2017-06-12 18:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
      2017-09-21 13:35 - 2017-06-12 18:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
      2017-09-21 13:35 - 2017-06-12 18:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
      2017-09-21 13:35 - 2017-05-30 00:39 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2017-09-21 13:35 - 2017-05-30 00:39 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2017-09-21 13:35 - 2017-05-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2017-09-21 13:35 - 2017-05-16 11:16 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
      2017-09-21 13:35 - 2017-05-16 11:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
      2017-09-21 13:35 - 2017-05-12 14:07 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-09-21 13:35 - 2017-05-12 14:03 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
      2017-09-21 13:35 - 2017-05-12 14:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-09-21 13:35 - 2017-05-12 14:03 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-09-21 13:35 - 2017-05-12 14:03 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-09-21 13:35 - 2017-05-12 13:43 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-09-21 13:35 - 2017-05-10 11:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
      2017-09-21 13:35 - 2017-05-10 11:00 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2017-09-21 13:35 - 2017-05-10 11:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2017-09-21 13:35 - 2017-05-10 11:00 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
      2017-09-21 13:35 - 2017-05-07 11:14 - 000078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
      2017-09-21 13:35 - 2017-05-07 10:53 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
      2017-09-21 13:35 - 2017-03-30 10:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
      2017-09-21 10:24 - 2017-09-21 10:25 - 000164547 _____ C:\Users\tavo pc\Desktop\zbotkiller.zip
      2017-09-21 07:20 - 2017-09-21 07:20 - 000105621 _____ C:\Users\tavo pc\Desktop\CLAVE ROUTER.xps
      2017-09-18 15:05 - 2017-09-18 15:05 - 000000000 ____D C:\ProgramData\BDLogging
      2017-09-18 15:05 - 2016-12-05 15:32 - 000458656 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
      2017-09-18 14:55 - 2017-09-18 14:55 - 000001131 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
      2017-09-18 14:55 - 2017-09-18 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
      2017-09-18 13:20 - 2017-09-18 13:20 - 084014060 _____ C:\Users\tavo pc\Desktop\Malware Fighter 5.1 Pro Por Geek Tutos.rar
      2017-09-18 12:35 - 2017-09-18 12:41 - 000000000 ____D C:\AdwCleaner
      2017-09-18 12:22 - 2017-09-18 12:22 - 000015095 _____ C:\ComboFix.txt
      2017-09-18 11:34 - 2017-09-18 11:35 - 005336518 _____ C:\Users\tavo pc\Desktop\RakhniDecryptor.zip
      2017-09-18 11:20 - 2017-09-18 11:24 - 008182736 _____ (Malwarebytes) C:\Users\tavo pc\Desktop\AdwCleaner.exe
      2017-09-18 09:56 - 2017-09-18 09:58 - 005660248 ____R (Swearware) C:\Users\tavo pc\Desktop\ComboFix.exe
      2017-09-18 09:31 - 2017-09-18 10:01 - 000689008 _____ C:\TDSSKiller.3.1.0.15_18.09.2017_09.31.58_log.txt
      2017-09-18 09:24 - 2017-09-18 09:26 - 000004552 _____ C:\TDSSKiller.3.1.0.15_18.09.2017_09.24.30_log.txt
      2017-09-18 09:24 - 2017-04-18 04:36 - 004922400 _____ (AO Kaspersky Lab) C:\Users\tavo pc\Desktop\TDSSKiller.exe
      2017-09-18 09:22 - 2017-09-18 09:22 - 000000364 _____ C:\TDSSKiller.2.9.2.0_18.09.2017_09.22.39_log.txt
      2017-09-18 08:05 - 2011-06-26 02:45 - 000256000 _____ C:\Windows\PEV.exe
      2017-09-18 08:05 - 2010-11-07 13:20 - 000208896 _____ C:\Windows\MBR.exe
      2017-09-18 08:05 - 2009-04-20 00:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
      2017-09-18 08:05 - 2000-08-30 20:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
      2017-09-18 08:05 - 2000-08-30 20:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
      2017-09-18 08:05 - 2000-08-30 20:00 - 000098816 _____ C:\Windows\sed.exe
      2017-09-18 08:05 - 2000-08-30 20:00 - 000080412 _____ C:\Windows\grep.exe
      2017-09-18 08:05 - 2000-08-30 20:00 - 000068096 _____ C:\Windows\zip.exe
      2017-09-18 08:00 - 2017-09-18 12:29 - 000000000 ____D C:\Qoobox
      2017-09-18 08:00 - 2017-09-18 09:11 - 000000000 ____D C:\Windows\erdnt
      2017-09-11 13:00 - 2017-09-11 13:00 - 000786912 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
      2017-09-11 13:00 - 2017-09-11 13:00 - 000109024 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 020794464 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 019139544 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 012016256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 011924336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO40.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 005675096 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 005324736 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 004982552 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 003173736 _____ (DTS, Inc.) C:\Windows\system32\slcnt32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 002800320 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 001502640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO70.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 001400800 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 001279312 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 001201808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 001074048 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000965672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000954192 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000936608 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000911080 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000877424 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000868448 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000860512 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000794800 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000742608 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000737960 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000562416 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000481304 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000401040 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000390936 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000307232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000232752 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000225040 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000144680 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000083640 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000078480 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
      2017-09-11 12:11 - 2017-09-11 12:11 - 000067752 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 007053688 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 004244224 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 001824920 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 001529288 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32APO.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 001512312 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 001451616 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32Proxy.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 001024016 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000688224 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000367352 _____ (Harman) C:\Windows\system32\HMUI.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000363416 _____ (Harman) C:\Windows\system32\HMClariFi.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000322056 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000316424 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000285616 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000232416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000221904 _____ (Harman) C:\Windows\system32\HMHVS.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000214664 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000214664 _____ (Harman) C:\Windows\system32\HMEQ.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000200728 _____ (Harman) C:\Windows\system32\HMLimiter.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000130296 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000101328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
      2017-09-11 12:10 - 2017-09-11 12:10 - 000096600 _____ C:\Windows\system32\audioLibVc.dll
      2017-09-11 12:08 - 2017-09-11 12:08 - 000602216 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192su.sys
      2017-09-09 06:58 - 2017-09-09 17:06 - 000344033 _____ C:\Users\tavo pc\Downloads\wnetwatcher.zip
      2017-09-09 06:56 - 2017-05-24 17:04 - 000005116 _____ C:\Users\tavo pc\Desktop\WNetWatcher_lng.ini
      2017-09-09 06:54 - 2017-09-09 06:55 - 000002132 _____ C:\Users\tavo pc\Downloads\wnetwatcher_spanish.zip
      2017-09-06 16:12 - 2017-09-06 16:20 - 008506234 _____ C:\Users\tavo pc\Downloads\KUC W7 UpdateChecker-Beta-v.4.03.007.2106.zip
      2017-09-06 15:42 - 2017-09-06 15:44 - 000768017 _____ C:\Users\tavo pc\Downloads\WHDownloader_0.0.2.2.zip
      2017-09-06 15:35 - 2017-09-06 15:36 - 000976749 _____ C:\Users\tavo pc\Downloads\WHDownloader 2.1.7z
      2017-09-06 09:29 - 2017-09-06 09:32 - 000000000 ____D C:\Program Files\NTLite
      2017-09-06 09:29 - 2017-09-06 09:29 - 000000937 _____ C:\Users\tavo pc\Desktop\NTLite.lnk
      2017-09-06 09:29 - 2017-09-06 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite
      2017-09-05 10:48 - 2017-09-06 05:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-08-30 13:23 - 2017-08-30 13:23 - 000987840 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
      2017-08-30 13:23 - 2017-08-30 13:23 - 000485576 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-09-29 15:59 - 2017-02-14 10:47 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\DMCache
      2017-09-29 14:38 - 2017-03-01 09:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
      2017-09-29 14:30 - 2017-07-28 15:57 - 000000000 ____D C:\Program Files\Opera
      2017-09-29 14:30 - 2009-07-14 00:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-09-29 14:30 - 2009-07-14 00:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-09-29 14:23 - 2017-06-06 12:08 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-09-29 14:23 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-09-28 19:04 - 2017-02-10 11:37 - 000000000 ____D C:\Users\tavo pc
      2017-09-27 12:03 - 2017-02-14 10:47 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\IDM
      2017-09-27 06:26 - 2017-02-21 07:03 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-09-27 06:26 - 2017-02-21 07:03 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-09-26 10:29 - 2017-02-20 15:36 - 000000000 ____D C:\Users\tavo pc\AppData\LocalLow\IObit
      2017-09-26 07:10 - 2017-02-20 15:36 - 000000000 ____D C:\ProgramData\ProductData
      2017-09-25 17:27 - 2017-02-14 10:47 - 000000000 ____D C:\Users\tavo pc\Downloads\Compressed
      2017-09-25 16:42 - 2017-02-10 15:08 - 000000000 ____D C:\Program Files\IllustratorCs6
      2017-09-25 12:51 - 2017-05-11 15:01 - 000000000 ____D C:\Users\tavo pc\Downloads\Isos de windows
      2017-09-23 05:49 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
      2017-09-21 16:47 - 2017-06-29 06:01 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\vlc
      2017-09-21 16:46 - 2011-04-11 21:30 - 000746992 _____ C:\Windows\system32\perfh00A.dat
      2017-09-21 16:46 - 2011-04-11 21:30 - 000158464 _____ C:\Windows\system32\perfc00A.dat
      2017-09-21 16:46 - 2010-11-20 17:01 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-09-21 16:46 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
      2017-09-21 16:39 - 2009-07-14 00:33 - 000435080 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-09-21 16:34 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\migwiz
      2017-09-21 13:59 - 2017-02-13 11:33 - 000000000 ____D C:\Windows\system32\MRT
      2017-09-21 13:46 - 2017-02-13 11:32 - 135337392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-09-21 07:28 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
      2017-09-19 15:53 - 2017-05-12 14:56 - 000000656 __RSH C:\Users\tavo pc\ntuser.pol
      2017-09-19 10:00 - 2009-07-13 22:37 - 000000000 __RHD C:\Users\Public\Libraries
      2017-09-18 14:55 - 2017-02-20 15:36 - 000000000 ____D C:\Program Files\IObit
      2017-09-18 13:32 - 2017-02-13 08:09 - 000000000 ____D C:\Users\tavo pc\AppData\Roaming\IObit
      2017-09-18 12:41 - 2017-05-03 17:59 - 000000000 ____D C:\Users\Invitado\AppData\LocalLow\IObit
      2017-09-18 12:41 - 2017-05-01 09:48 - 000000000 ____D C:\Program Files\Common Files\IObit
      2017-09-18 12:41 - 2017-04-28 15:43 - 000000000 ____D C:\Users\Invitado\AppData\Roaming\IObit
      2017-09-18 12:41 - 2017-02-20 15:36 - 000000000 ____D C:\ProgramData\IObit
      2017-09-18 12:19 - 2009-07-13 22:04 - 000000215 _____ C:\Windows\system.ini
      2017-09-13 07:05 - 2017-02-10 16:21 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2017-09-13 07:05 - 2017-02-10 16:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2017-09-13 07:05 - 2017-02-10 15:10 - 000000000 ____D C:\Windows\system32\Macromed
      2017-09-12 10:14 - 2017-02-10 15:43 - 000000000 ____D C:\Users\tavo pc\Desktop\respaldo
      2017-09-11 13:11 - 2017-06-06 11:57 - 000000000 ____D C:\Program Files\NVIDIA Corporation
      2017-09-11 13:00 - 2017-02-10 11:59 - 000112160 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
      2017-09-11 12:58 - 2017-02-10 12:02 - 000000000 ____D C:\Windows\system32\RTCOM
      2017-09-07 07:45 - 2017-04-28 07:16 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-09-06 14:55 - 2017-03-01 09:06 - 000002347 _____ C:\Users\tavo pc\Desktop\Pago Seguro.lnk
      2017-09-06 05:13 - 2017-02-10 13:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2017-09-05 10:39 - 2017-02-13 08:28 - 000000000 ____D C:\Users\tavo pc\AppData\LocalLow\Mozilla

      ==================== Files in the root of some directories =======

      2017-02-10 14:52 - 2017-02-10 14:52 - 000000001 _____ () C:\Users\tavo pc\AppData\Local\llftool.4.40.agreement
      2017-02-10 14:52 - 2017-02-10 14:52 - 000000019 _____ () C:\Users\tavo pc\AppData\Local\llftool.license
      2017-02-16 10:39 - 2017-05-28 17:47 - 000007609 _____ () C:\Users\tavo pc\AppData\Local\Resmon.ResmonCfg
      2017-02-10 12:03 - 2017-02-10 12:03 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

      Some files in TEMP:
      ====================
      2017-09-27 12:24 - 2017-09-27 12:24 - 000192512 _____ () C:\Users\tavo pc\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 13:56 - 2015-02-10 13:56 - 000105984 _____ () C:\Users\tavo pc\AppData\Local\Temp\sfextra.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-09-21 13:27

      ==================== End of FRST.txt ============================

    9. #9
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-09-2017
      Ran by tavo pc (29-09-2017 16:02:48)
      Running from C:\Users\tavo pc\Desktop
      Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-02-10 15:37:38)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-774849719-567333669-2755415988-500 - Administrator - Disabled)
      Familia (S-1-5-21-774849719-567333669-2755415988-1001 - Limited - Enabled) => C:\Users\Familia
      HomeGroupUser$ (S-1-5-21-774849719-567333669-2755415988-1005 - Limited - Enabled)
      Invitado (S-1-5-21-774849719-567333669-2755415988-501 - Limited - Disabled) => C:\Users\Invitado
      tavo pc (S-1-5-21-774849719-567333669-2755415988-1000 - Administrator - Enabled) => C:\Users\tavo pc

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Kaspersky Total Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
      AV: IObit Malware Fighter (Enabled - Up to date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
      AS: Kaspersky Total Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
      AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
      FW: Kaspersky Total Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      7-Data Recovery Suite version 3.2.0 (HKLM\...\{02386A56-080B-485c-941D-AF96B29140DD}_is1) (Version: 3.2.0 - SharpNight Co,Ltd)
      Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
      Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
      Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
      AOMEI Partition Assistant Home Edition 5.0 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - Aomei Technology Co., Ltd.)
      aTube Catcher versión 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
      CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
      Driver Booster 3.4 (HKLM\...\Driver Booster_is1) (Version: 3.4 - IObit)
      Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      ENUWI-N4 Wireless USB Adapter (HKLM\...\{9579ED20-C195-454E-984A-535F0D2D8590}) (Version: 1.00.0000 - Encore)
      Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
      Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
      Hard Disk Sentinel PRO (HKLM\...\Hard Disk Sentinel_is1) (Version: - HDS)
      HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
      Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
      Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
      IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)
      IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
      Kaspersky Total Security (HKLM\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
      Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
      Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
      MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
      MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Mouse Driver (HKLM\...\{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 2.0 - Driver Builder) Hidden
      Mouse Driver (HKLM\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 2.0 - Driver Builder)
      Mozilla Firefox 55.0.3 (x86 es-CL) (HKLM\...\Mozilla Firefox 55.0.3 (x86 es-CL)) (Version: 55.0.3 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
      MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
      MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
      Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
      NTLite v1.4.0.5537 (HKLM\...\NTLite_is1) (Version: 1.4.0.5537 - Nlitesoft)
      NVIDIA Controlador de 3D Vision 260.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 260.89 - NVIDIA Corporation)
      NVIDIA Controlador de gráficos 260.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.89 - NVIDIA Corporation)
      Opera Stable 47.0.2631.71 (HKLM\...\Opera 47.0.2631.71) (Version: 47.0.2631.71 - Opera Software)
      Oracle VM VirtualBox 5.1.22 (HKLM\...\{BEC6F70F-350E-4073-A4A7-49F17D7FBD0E}) (Version: 5.1.22 - Oracle Corporation)
      Panel de control de NVIDIA 260.89 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 260.89 - NVIDIA Corporation) Hidden
      Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
      Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 4.24.2.2327 - Cybertron Software Co., Ltd.)
      Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
      Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.8.6356 - GetData Pty Ltd)
      Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      Shark007 ADVANCED Codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 6.8.1 - Shark007)
      SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
      SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
      VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
      Volume Activation Management Tool 2.0 (HKLM\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
      Welcome App (Start-up experience) (HKLM\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.14000 - Nero AG) Hidden
      Windows Deployment Tools (HKLM\...\{FEA31583-30A7-0951-718C-AF75DCB003B1}) (Version: 8.100.25984 - Microsoft)
      Windows Driver Package - Realtek Semiconductor Corp. (RTL8192su) Net (08/15/2009 1085.7.0815.2009) (HKLM\...\F3C1B08AC46EE8FC22E18FB320018382BA175A84) (Version: 08/15/2009 1085.7.0815.2009 - Realtek Semiconductor Corp.)
      WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      Wondershare Filmora(Build 7.8.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
      Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-11] ()
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-11] ()
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-11] ()
      ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
      ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
      ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
      ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-12-23] (IObit)
      ContextMenuHandlers1: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\shellex.dll [2017-03-01] (Kaspersky Lab ZAO)
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-11] ()
      ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
      ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)
      ContextMenuHandlers2: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\shellex.dll [2017-03-01] (Kaspersky Lab ZAO)
      ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
      ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\Windows\system32\ShellExt\HashCheck.dll [2009-07-03] (code.kliu.org)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-11] ()
      ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
      ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-12-23] (IObit)
      ContextMenuHandlers4: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\shellex.dll [2017-03-01] (Kaspersky Lab ZAO)
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll [2017-05-11] ()
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2010-10-08] (NVIDIA Corporation)
      ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
      ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-12-23] (IObit)
      ContextMenuHandlers6: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\shellex.dll [2017-03-01] (Kaspersky Lab ZAO)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
      ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {14A9AFFD-A606-4648-853E-BCF6FE97EF8A} - System32\Tasks\Cybertron\Privacy Eraser\SkipUAC_tavo pc => C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe [2017-05-16] (Cybertron Software, Co., Ltd.)
      Task: {1503B166-2544-47B4-8959-8232FB2E423B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-21] (Google Inc.)
      Task: {1AA30850-DF72-4996-B878-DDBB6527C672} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
      Task: {1C59D774-4019-4447-9581-329D2548D1E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
      Task: {319D9FBE-E49C-4EBF-A516-876A4CF5079B} - System32\Tasks\{1F875A78-C96C-4E9A-B432-6E385D50A877} => C:\Windows\system32\pcalua.exe [2010-11-20] (Microsoft Corporation)
      Task: {453F9C31-5565-46FA-B92D-8D27F8A9C980} - System32\Tasks\Opera scheduled Autoupdate 1501276121 => C:\Program Files\Opera\launcher.exe [2017-08-25] (Opera Software)
      Task: {637E23A2-F00D-4155-B2E0-DFE8AD98E520} - System32\Tasks\Uninstaller_SkipUac_tavo_pc => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
      Task: {89EF9109-86CF-4004-905C-CA7C99FE4C66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
      Task: {A744D768-F1E7-4AF2-A703-CF5B80D63675} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
      Task: {B803BAA2-9594-471E-AAED-09B12D096F53} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
      Task: {B921DF86-8154-41A9-A67C-9DEF6E04E3F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
      Task: {EBE5D6D6-B401-412D-B298-43547469D5B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-21] (Google Inc.)
      Task: {F1885A36-F781-40B0-893D-05DE5082142A} - System32\Tasks\Driver Booster SkipUAC (tavo pc) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task aa545093-df11-429a-b0ff-067d71e1c292.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c5b3ffb2-c17a-46e9-8944-8bf6c8434b9a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2015-07-08 23:48 - 2015-07-08 23:48 - 000794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
      2017-06-06 12:24 - 2008-06-26 19:09 - 000167936 _____ () C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanWpsSvc.exe
      2016-10-31 15:43 - 2017-05-11 10:44 - 000569856 _____ () C:\Users\tavo pc\AppData\Local\MEGAsync\ShellExtX32.dll
      2017-06-06 12:24 - 2010-04-13 15:44 - 000491520 _____ () C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe
      2017-06-06 12:24 - 2009-10-07 16:58 - 000376832 _____ () C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanDll.dll
      2017-06-06 12:24 - 2009-12-11 14:59 - 000200704 _____ () C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WPSCtrl.dll
      2007-03-29 12:17 - 2007-03-29 12:17 - 000106496 _____ () C:\Program Files\Mouse Driver\keydll.dll
      2005-05-04 19:12 - 2005-05-04 19:12 - 000028672 _____ () C:\Program Files\Mouse Driver\MouseHook.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9 [352]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 22:04 - 2017-09-28 18:25 - 000000869 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-774849719-567333669-2755415988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tavo pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.1 - 8.8.8.8
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupfolder: C:^Users^tavo pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
      MSCONFIG\startupreg: IDMan => C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{8270C83C-F4C8-41C7-9917-D25CD08627C0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [{EED77BF2-4158-42FE-979F-C441C5FA862F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{3A3FFFDB-48AF-4E87-B64C-5B338113220B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{EBE1013B-996A-423D-8DB6-EA84AA48B999}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
      FirewallRules: [{0B0757EC-325A-4950-8043-D3F19D882EEE}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
      FirewallRules: [{C300EB19-F285-48B2-BB7B-F777EF67F02D}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
      FirewallRules: [{0859D483-A2FC-4AEA-BF6B-CE25F9471F6A}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
      FirewallRules: [{FA78C238-863C-49ED-B0BD-5F50E2DEF3E4}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
      FirewallRules: [{9E85127C-9CAD-49FE-AD06-1214A7BF75AA}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
      FirewallRules: [{4193B9CC-A218-4332-A73E-B85AA0FF1D6A}] => (Allow) C:\Program Files\Nero\KM\KwikMedia.exe
      FirewallRules: [{CEAEE3F7-FD88-4785-A0D8-38B0A14AFFDE}] => (Allow) C:\Program Files\Nero\KM\KwikMedia.exe
      FirewallRules: [{CD9FFE72-9E8D-49A7-992B-5EB7D860189B}] => (Block) LPort=445
      FirewallRules: [{B5476B88-3CAB-43E0-8CE1-A27324CBC07C}] => (Block) LPort=445
      FirewallRules: [{D9009ADA-62DD-4DDE-8A4F-4DCD260C878F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
      FirewallRules: [{9922CC9D-FBE9-400E-9ED6-3E2EFD96B888}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
      FirewallRules: [{B0FE58F7-2AF3-4B60-B13F-318D9E5B1704}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
      FirewallRules: [{68CB3C44-6276-455A-B780-CC8B5935613B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
      FirewallRules: [{C0B50415-607E-492E-8B16-0BE12D672E5B}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
      FirewallRules: [{067C66D1-CABE-4E6E-89CA-43E7E00961A5}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
      FirewallRules: [{34707CE2-B8BD-4BE6-8014-A3DF376EFC06}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe
      FirewallRules: [{B78FB2FE-3790-4DA5-BAD1-FFE244C1F340}] => (Allow) C:\Program Files\Opera\47.0.2631.71\opera.exe
      FirewallRules: [{84D5225A-D473-4233-A681-1FDEEF4BD51B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      27-09-2017 08:25:47 SpyHunter 4 restore point
      28-09-2017 15:29:43 Malwarebytes Anti-Rootkit Restore Point
      28-09-2017 15:55:36 análisis 28/09/2017

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (09/29/2017 09:05:38 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest".
      No se encontró el ensamblado dependiente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/29/2017 09:05:09 AM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifest". Error en el archivo de manifiesto o directiva "c:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST" en la línea 3.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
      La definición es SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/29/2017 09:04:46 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/29/2017 09:02:26 AM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\aomei partition assistant home edition 5.0\SetupGreen64.exe". Error en el archivo de manifiesto o directiva "c:\program files\aomei partition assistant home edition 5.0\Microsoft.VC80.CRT.MANIFEST" en la línea 4.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
      La definición es Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/29/2017 08:55:43 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/28/2017 07:00:47 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
      Description: No se puede inicializar el proceso de host de filtro. Finalizando.

      Detalles:
      Se devolvió esta operación porque se agotó el tiempo de espera. (HRESULT : 0x800705b4) (0x800705b4)

      Error: (09/28/2017 03:29:43 PM) (Source: VSS) (EventID: 8194) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
      .
      A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


      Operación:
      Recopilando datos del escritor

      Contexto:
      Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
      Nombre del escritor: System Writer
      Id. de instancia del escritor: {15fa4cae-db7b-44ef-a0d6-475d304a9878}

      Error: (09/28/2017 01:58:25 PM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/27/2017 08:25:45 AM) (Source: VSS) (EventID: 8194) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
      .
      A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


      Operación:
      Recopilando datos del escritor

      Contexto:
      Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
      Nombre del escritor: System Writer
      Id. de instancia del escritor: {084794fa-82a7-4948-baff-daa98bb2615d}

      Error: (09/27/2017 04:16:18 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest".
      No se encontró el ensamblado dependiente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.


      System errors:
      =============
      Error: (09/29/2017 02:23:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio SpyHunter4 Service no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar el archivo especificado.

      Error: (09/29/2017 09:46:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio SpyHunter4 Service no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar el archivo especificado.

      Error: (09/29/2017 09:45:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio MBAMService.

      Error: (09/29/2017 08:15:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio SpyHunter4 Service no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar el archivo especificado.

      Error: (09/28/2017 07:05:53 PM) (Source: DCOM) (EventID: 10010) (User: )
      Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (09/28/2017 07:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio SpyHunter4 Service no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar el archivo especificado.

      Error: (09/28/2017 06:59:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Protección de software no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar la ruta especificada.

      Error: (09/28/2017 06:39:11 PM) (Source: NetBT) (EventID: 4300) (User: )
      Description: No se puede crear el controlador.

      Error: (09/28/2017 06:25:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
      Description: Error al intentar leer el archivo local de hosts.

      Error: (09/28/2017 02:13:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Nero Update.


      ==================== Memory info ===========================

      Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
      Percentage of memory in use: 44%
      Total physical RAM: 2046.18 MB
      Available physical RAM: 1128.03 MB
      Total Virtual: 4092.35 MB
      Available Virtual: 2858.33 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:297.99 GB) (Free:174.23 GB) NTFS
      Drive d: (NUEVO) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 000852C1)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    10. #10
      Usuario Avatar de Sulfuro3000
      Registrado
      sep 2017
      Ubicación
      Venezuela
      Mensajes
      16

      Re: Ayuda para elimina MEM:Trojan-Spy.Win32.ZBot.b

      Gracias amigo te agradezco tu ayuda

    Página 1 de 3 123 ÚltimoÚltimo