• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 20

    virus que ejecuta cosas en mi pc y no se que hacer mas

    Pues ayer intentando arreglar un usb que me ha fallado, no se que ****** descargue que se me ha infectado totalmente el pc, cuando lo enciendo salen ventanas que enseguida cierran, seguro son cosas que ...

    1. #1
      Usuario Avatar de azair22
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      11

      Atención virus que ejecuta cosas en mi pc y no se que hacer mas

      Pues ayer intentando arreglar un usb que me ha fallado, no se que ****** descargue que se me ha infectado totalmente el pc, cuando lo enciendo salen ventanas que enseguida cierran, seguro son cosas que se ejecutan y no tengo idea de que puede ser, los navegadores me abren solos en paginas desconocidas, todas con extension .ru , no puedo ejecutar malwarebytes ni ningun programa de malware, me sale una ventana roja diciendo que esta bloqueado, yo no tengo mucha idea de esto , pongo lo que me sale en hijackthis que es lo unico que he podido hacer, a ver si pueden ayudarme por favor.

      Logfile of Trend Micro HijackThis v2.0.5
      Scan saved at 11:15:40, on 20/10/2017
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.18377)


      Boot mode: Normal

      Running processes:
      C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
      C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
      C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
      C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
      C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Windows\AsScrPro.exe
      C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
      C:\Users\Asus\Downloads\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.mail.ru/?ieverfix=1&fr=ieverfix_sg
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=userinit.exe,
      O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\Asus\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
      O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
      O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
      O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
      O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
      O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
      O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
      O4 - Global Startup: SRS Premium Sound.lnk = ?
      O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: http://*.webcompanion.com
      O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.mizonadeconsumo.com/TNSClickrb.CAB
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
      O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Servicio Kaspersky Security Scan (kss) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: Plex Update Service (PlexUpdateService) - Plex, Inc. - C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: SvcHost Service Host - Unknown owner - C:\Windows\Microsoft\svchost.exe
      O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
      O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

      --
      End of file - 25250 bytes

    2. #2
      Usuario Avatar de azair22
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      11

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Tambien os dejo el IFS.log por si os es de ayuda:


      Código:
      ~~~~~~~~~~~| Inicio: 
      
      *IFS (InfoSpyware First Steps) v 1.3
      *www.InfoSpyware.com | www.ForoSpyware.com
      *Iniciado: 20/10/2017 a las 11h.34m.06s
      
      ~~~~~~~~~~~|  Información del Sistema:
      
      OS: Microsoft Windows 7 Home Premium  x64 Service Pack 1
      Idioma: Spanish (Spain, International Sort) (España|es-ES)
      Permisos de Administrador / ON
      Windows se Inició en   Modo Normal
      Drive: C:\Windows (Install: \Device\HarddiskVolume2)
      
      ~~~~~~~~~~~| Arquitectura Fisica:
      
      CPU: ASUSTeK Computer Inc.
      CPU Modelo: K52JU
      Procesador: Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz (x64-BasedPC)
      Memoria RAM: 4 Gb. En Uso: 50 %
      Video: AMD Radeon HD 6370M
      Chip: ATI display adapter (0x68E4) Capacidad video:512 MB (Internal DAC(400MHz))
      
      ~~~~~~~~~~~| Unidades
      
      C: [FIXED|NTFS|OS] - [273.1 Gb][63.1 Gb][209.9 Gb]
      D: [CDROM]
      F: [CDROM]
      C:\ Fragmentación total 47.16% - Desfragmentar unidad 
      
      ~~~~~~~~~~~| Seguridad del SO
      
      SafeBoot: Inicio en Modo seguro Correcto
      Security Center: Correcto (Servicio Activo)
      Windows Update: Correcto (Servicio Activo) [LST: 2016-04-10 20:47:12][LD: 2016-11-13 00:37:04][LI: 2016-11-13 01:53:58][NDT: 2017-10-20 08:51:17][LRP: 2017-06-01 17:12:34]
      AV: Microsoft Security Essentials *Protección Residente [OFF] / Actualizado*
      SP: Microsoft Security Essentials *Protección Residente [OFF] / Actualizado*
      SP: Windows Defender *Protección Residente [OFF] / Actualizado*
      FW: Windows Firewall *Habilitado*
      
      ~~~~~~~~~~~|  Update Check
      
      Internet Explorer Versión Instalada 11
      Google Chrome Versión Instalada 61.0.3163.100
      Microsoft SilverLigth Versión instalada 5.1.50906.0
      
      ~~~~~~~~~~~| Process List 
      
      msseces.exe (Microsoft Security Essentials)
      MsMpEng.exe (Windows Defender)
      
      ~~~~~~~~~~~| Install Check 
      
      
      Kaspersky Software Updater Beta [1.5.2.228]
      Kaspersky Security Scan [15.0.0.740]
      CCleaner [5.35]
      SUPERAntiSpyware [6.0.1248]
      
      ~~~~~~~~~~~| Registry Check
      
      HKLM\Run(x64): [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
      HKLM\Run(x64): [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      HKLM\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      HKLM\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      HKLM\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
      HKLM\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      HKLM\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
      HKLM\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
      HKLM\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
      HKLM\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
      HKLM\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKLM\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      Winlogon(x64): Shell = explorer.exe
      Winlogon: Shell = explorer.exe
      Userinit(x64): Userinit = userinit.exe,
      Userinit: Userinit = userinit.exe,
      
      [HKCR\.\.open\command] -> Navegador Preferido es Google Chrome
      
      ~~~~~~~~~~~| PUPs Check
      
      
      ~~~~~~~~~~~| Listado 7 Días (Predeterminado)
      
      [19/10/2017 11:11] - C:\Windows\283d1b2f86984af19877daddc733018a.exe
      [19/10/2017 20:48] - C:\Windows\Microsoft
      [20/10/2017 08:59] - C:\Windows\ntbtlog.txt
      [20/10/2017 10:34] - C:\Windows\PFRO.log
      [20/10/2017 08:08] - C:\Windows\pss
      [20/10/2017 09:05] - C:\Windows\setupact.log
      [20/10/2017 09:05] - C:\Windows\setuperr.log
      [19/10/2017 11:11] - C:\Windows\uninstaller.dat
      [20/10/2017 09:06] - C:\Windows\WindowsUpdate.log
      [20/10/2017 11:32] - C:\FSTool
      [20/10/2017 11:34] - C:\IFS.log
      [19/10/2017 21:04] - C:\SUPERDelete
      
      ~~~~~~~~~~~| C:\Windows\Tasks:
      
      [28/06/2015 14:18] - C:\Windows\Tasks\Adobe Flash Player Updater.job
      [19/10/2017 20:56] - C:\Windows\Tasks\PC Clean Plus_DEFAULT.job
      [19/10/2017 20:55] - C:\Windows\Tasks\PC Clean Plus_UPDATES.job
      [15/10/2017 16:09] - C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9db31e8a-c3ae-409d-bf3c-993340385218.job
      [15/10/2017 16:09] - C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task be71f36d-5ae8-4720-8225-9c272b022f01.job
      
      ~~~~~~~~~~~| End Report
      *Finalizado 11:37:35
      *Se limpiaron los archivos temporales
      *[1599815] C:\Users\Asus\Downloads\IFS.exe
      *Herramienta de Análisis e investigación

    3. #3
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.991

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Hola azair22



      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C0].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #4
      Usuario Avatar de azair22
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      11

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      lo he intentado otra vez pero no lo he conseguido, como bien he dicho arriba no me deja ejecutar el Malwarebytes ni AdwClener , no se como lo tengo que hacer

    5. #5
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.991

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Hola

      Realiza lo siguiente pero en Modo Seguro

      Descarga Rkill 2.6 | InfoSpyware https://www.infospyware.com/utiles/rkill/ (descarga el que se llama iexplore) en el escritorio.

      Ejecuta Rkill como administrador.

      • Aparecera una ventana negra que indicara que la herramienta se ha ejecutado con exito.[Presiona Aqui para ver una imagen de ejemplo]
      • Una vez ejecutado trata de no reiniciar hasta que en los demas pasos tengas que hacerlo o hasta que termines todo el procedimiento.
      • Si no sucede vuelve a ejecutarlo hasta que se ejecute (de ser necesario insiste, este paso es importante).

      Nos traerias los reportes rkill(en la misma ubicacion donde lo ejecutaste o en c:\rkill.log)

      Después de ello mira a ver si puedes realizar los pasos de mi respuesta anterior también en modo seguro.

      Trae los reportes y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de azair22
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      11

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Este es el reponte de rkill y el problema sigue exactamente igual.

      Rkill 2.9.1 by Lawrence Abrams (Grinler)
      http://www.bleepingcomputer.com/
      Copyright 2008-2017 BleepingComputer.com
      More Information about Rkill can be found at this link:
      http://www.bleepingcomputer.com/forums/topic308364.html

      Program started at: 10/20/2017 01:08:48 PM in x64 mode. (Safe Mode)
      Windows Version: Windows 7 Home Premium Service Pack 1

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * No malware processes found to kill.

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * No issues found.

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * HOSTS file entries found:

      127.0.0.1 platform.wondershare.com
      127.0.0.1 wemsofts.com
      127.0.0.1 bongadoom.com
      127.0.0.1 wepcmainsystem.com
      127.0.0.1 internalcampaigntargets.com
      127.0.0.1 bongadoom.com
      127.0.0.1 getthefilenow.com
      127.0.0.1 bigpicturepop.com
      127.0.0.1 wizzcaster.com
      127.0.0.1 bestoffersfortoday.com
      127.0.0.1 wepcmainsystem.com
      127.0.0.1 agent.wizztrakys.com
      127.0.0.1 csdimonetize.com
      127.0.0.1 dl.azalee.site
      127.0.0.1 titiaredh.com
      127.0.0.1 wepcdisplaysystem.com
      127.0.0.1 wepcanalyticsystem.com
      127.0.0.1 healthydownload.com
      127.0.0.1 leading2download.com
      127.0.0.1 dwl0.wizzlabs.com

      20 out of 392 HOSTS entries shown.
      Please review HOSTS file for further entries.

      Program finished at: 10/20/2017 01:13:05 PM
      Execution time: 0 hours(s), 4 minute(s), and 16 seconds(s)

    7. #7
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.991

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Hola

      Realiza los siguientes pasos:

      Descarga >> Malwarebytes Anti-Rootkit (Beta) y descomprimes el contenido en tu escritorio.

      • Abre la carpeta Mbar, haces doble clic en el archivo Mbar.exe
      • En la ventana que saldrá pulsas en "Next".
      • Pulsar en "Update", y cuando termine en "Next"
      • Ahora inicias el análisis pulsando en el botón "Scan"
      • Al terminar, si existe infección pulsamos en "CleanUp" y si no hay infección pulsamos en ""Exit"


      Al terminar busca en la carpeta Mbar, y abres los archivos mbar-log.txt y system-log.txt, nos copias el contenido en la siguiente respuesta y comentas resultados.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de azair22
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      11

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Hola de nuevo, muchisimas gracias @Daniela por brindarme tu ayuda, ya he seguido las instrucciones tal cual me has descrito en tu respuesta anterior, ha encontrado mucho malware, pero el pc sigue en las mismas y cada vez va a peor, ahora se abren solas paginas rusas en interner explorer, no actualiza el antivirus, y para descargar algo me dice que no es seguro y me pide permiso, cuando antes no lo hacia.
      Aqui te dejo los resultados que me pides:

      system-log.txt:

      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.09.3.1001

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7601 Windows 7 Service Pack 1 x64

      Account is Administrative

      Internet Explorer version: 11.0.9600.18376

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED
      CPU speed: 2.527000 GHz
      Memory total: 4140347392, free: 1573580800

      Downloaded database version: v2017.10.24.01
      Downloaded database version: v2017.10.14.01
      Downloaded database version: v2017.09.01.01
      =======================================
      Initializing...
      Driver version: 0.3.0.4
      ------------ Kernel report ------------
      10/24/2017 09:14:00
      ------------ Loaded modules -----------
      \SystemRoot\system32\ntoskrnl.exe
      \SystemRoot\system32\hal.dll
      \SystemRoot\system32\kdcom.dll
      \SystemRoot\system32\mcupdate_GenuineIntel.dll
      \SystemRoot\system32\PSHED.dll
      \SystemRoot\system32\CLFS.SYS
      \SystemRoot\system32\CI.dll
      \SystemRoot\system32\drivers\Wdf01000.sys
      \SystemRoot\system32\drivers\WDFLDR.SYS
      \SystemRoot\system32\drivers\ACPI.sys
      \SystemRoot\system32\drivers\WMILIB.SYS
      \SystemRoot\system32\drivers\msisadrv.sys
      \SystemRoot\system32\drivers\pci.sys
      \SystemRoot\system32\drivers\vdrvroot.sys
      \SystemRoot\System32\drivers\partmgr.sys
      \SystemRoot\system32\DRIVERS\compbatt.sys
      \SystemRoot\system32\DRIVERS\BATTC.SYS
      \SystemRoot\system32\drivers\volmgr.sys
      \SystemRoot\System32\drivers\volmgrx.sys
      \SystemRoot\system32\drivers\pciide.sys
      \SystemRoot\system32\drivers\PCIIDEX.SYS
      \SystemRoot\System32\drivers\mountmgr.sys
      \SystemRoot\system32\DRIVERS\iaStor.sys
      \SystemRoot\system32\drivers\atapi.sys
      \SystemRoot\system32\drivers\ataport.SYS
      \SystemRoot\system32\drivers\msahci.sys
      \SystemRoot\system32\drivers\amdxata.sys
      \SystemRoot\system32\drivers\fltmgr.sys
      \SystemRoot\system32\drivers\fileinfo.sys
      \SystemRoot\system32\DRIVERS\MpFilter.sys
      \SystemRoot\System32\Drivers\AsDsm.sys
      \SystemRoot\System32\Drivers\Ntfs.sys
      \SystemRoot\System32\Drivers\msrpc.sys
      \SystemRoot\System32\Drivers\ksecdd.sys
      \SystemRoot\System32\Drivers\cng.sys
      \SystemRoot\System32\drivers\pcw.sys
      \SystemRoot\System32\Drivers\Fs_Rec.sys
      \SystemRoot\system32\drivers\ndis.sys
      \SystemRoot\system32\drivers\NETIO.SYS
      \SystemRoot\System32\Drivers\ksecpkg.sys
      \SystemRoot\System32\drivers\tcpip.sys
      \SystemRoot\System32\drivers\fwpkclnt.sys
      \SystemRoot\system32\drivers\volsnap.sys
      \SystemRoot\System32\Drivers\spldr.sys
      \SystemRoot\System32\drivers\rdyboost.sys
      \SystemRoot\System32\Drivers\mup.sys
      \SystemRoot\System32\drivers\hwpolicy.sys
      \SystemRoot\System32\DRIVERS\fvevol.sys
      \SystemRoot\system32\drivers\disk.sys
      \SystemRoot\system32\drivers\CLASSPNP.SYS
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\drivers\VIDEOPRT.SYS
      \SystemRoot\System32\drivers\watchdog.sys
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\system32\drivers\rdpencdd.sys
      \SystemRoot\system32\drivers\rdprefmp.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\tdx.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\drivers\afd.sys
      \SystemRoot\System32\DRIVERS\netbt.sys
      \SystemRoot\system32\DRIVERS\wfplwf.sys
      \SystemRoot\system32\DRIVERS\pacer.sys
      \SystemRoot\system32\DRIVERS\vwififlt.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\system32\drivers\termdd.sys
      \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
      \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\drivers\nsiproxy.sys
      \SystemRoot\system32\drivers\mssmbios.sys
      \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
      \SystemRoot\System32\drivers\discache.sys
      \SystemRoot\System32\Drivers\dfsc.sys
      \SystemRoot\system32\DRIVERS\blbdrive.sys
      \SystemRoot\system32\DRIVERS\tunnel.sys
      \SystemRoot\system32\DRIVERS\atikmpag.sys
      \SystemRoot\system32\DRIVERS\atikmdag.sys
      \SystemRoot\System32\drivers\dxgkrnl.sys
      \SystemRoot\System32\drivers\dxgmms1.sys
      \SystemRoot\system32\drivers\HDAudBus.sys
      \SystemRoot\system32\DRIVERS\HECIx64.sys
      \SystemRoot\system32\drivers\usbehci.sys
      \SystemRoot\system32\drivers\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\athrx.sys
      \SystemRoot\system32\DRIVERS\vwifibus.sys
      \SystemRoot\system32\DRIVERS\jmcr.sys
      \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
      \SystemRoot\system32\DRIVERS\i8042prt.sys
      \SystemRoot\system32\DRIVERS\ETD.sys
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\kbfiltr.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
      \SystemRoot\system32\DRIVERS\CmBatt.sys
      \SystemRoot\system32\DRIVERS\intelppm.sys
      \SystemRoot\system32\DRIVERS\ATK64AMD.sys
      \SystemRoot\system32\drivers\CompositeBus.sys
      \SystemRoot\system32\DRIVERS\AgileVpn.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\rassstp.sys
      \SystemRoot\system32\drivers\swenum.sys
      \SystemRoot\system32\drivers\ks.sys
      \SystemRoot\system32\drivers\umbus.sys
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\drivers\AtihdW76.sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\system32\drivers\ksthunk.sys
      \SystemRoot\system32\drivers\CHDRT64.sys
      \SystemRoot\system32\DRIVERS\usbccgp.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\DRIVERS\snp2uvc.sys
      \SystemRoot\system32\DRIVERS\STREAM.SYS
      \SystemRoot\system32\DRIVERS\sncduvc.SYS
      \SystemRoot\System32\Drivers\crashdmp.sys
      \SystemRoot\System32\Drivers\dump_iaStor.sys
      \SystemRoot\System32\Drivers\dump_dumpfve.sys
      \SystemRoot\system32\drivers\usbaudio.sys
      \SystemRoot\system32\DRIVERS\hidusb.sys
      \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\system32\DRIVERS\kbdhid.sys
      \SystemRoot\system32\DRIVERS\mouhid.sys
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\system32\DRIVERS\monitor.sys
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\cdd.dll
      \SystemRoot\system32\drivers\luafv.sys
      \SystemRoot\system32\DRIVERS\lltdio.sys
      \SystemRoot\system32\DRIVERS\nwifi.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\DRIVERS\rspndr.sys
      \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
      \SystemRoot\system32\drivers\HTTP.sys
      \SystemRoot\system32\DRIVERS\bowser.sys
      \SystemRoot\System32\drivers\mpsdrv.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      \SystemRoot\system32\drivers\peauth.sys
      \SystemRoot\System32\DRIVERS\srvnet.sys
      \SystemRoot\System32\drivers\tcpipreg.sys
      \SystemRoot\System32\DRIVERS\srv2.sys
      \SystemRoot\System32\DRIVERS\srv.sys
      \SystemRoot\System32\Drivers\fastfat.SYS
      \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
      \SystemRoot\system32\drivers\spsys.sys
      \??\C:\Windows\system32\drivers\mbamchameleon.sys
      \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
      \Windows\System32\ntdll.dll
      \Windows\System32\smss.exe
      \Windows\System32\apisetschema.dll
      \Windows\System32\autochk.exe
      \Windows\System32\wininet.dll
      \Windows\System32\normaliz.dll
      \Windows\System32\msvcrt.dll
      \Windows\System32\sechost.dll
      \Windows\System32\gdi32.dll
      \Windows\System32\imm32.dll
      \Windows\System32\clbcatq.dll
      \Windows\System32\ws2_32.dll
      \Windows\System32\difxapi.dll
      \Windows\System32\Wldap32.dll
      \Windows\System32\rpcrt4.dll
      \Windows\System32\urlmon.dll
      \Windows\System32\user32.dll
      \Windows\System32\ole32.dll
      \Windows\System32\oleaut32.dll
      \Windows\System32\iertutil.dll
      \Windows\System32\usp10.dll
      \Windows\System32\comdlg32.dll
      \Windows\System32\shlwapi.dll
      \Windows\System32\setupapi.dll
      \Windows\System32\lpk.dll
      \Windows\System32\kernel32.dll
      \Windows\System32\imagehlp.dll
      \Windows\System32\shell32.dll
      \Windows\System32\msctf.dll
      \Windows\System32\nsi.dll
      \Windows\System32\psapi.dll
      \Windows\System32\advapi32.dll
      \Windows\System32\crypt32.dll
      \Windows\System32\wintrust.dll
      \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
      \Windows\System32\userenv.dll
      \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
      \Windows\System32\devobj.dll
      \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      \Windows\System32\cfgmgr32.dll
      \Windows\System32\comctl32.dll
      \Windows\System32\KernelBase.dll
      \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
      \Windows\System32\msasn1.dll
      \Windows\System32\profapi.dll
      ----------- End -----------
      Done!

      Scan started
      Database versions:
      main: v2017.10.24.01
      rootkit: v2017.10.14.01

      <<<2>>>
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xfffffa8004d10060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa8004d10b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa8004d10060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8004a96550, DeviceName: Unknown, DriverName: \Driver\ACPI\
      DevicePointer: 0xfffffa8004a98050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      Upper DeviceData: 0x0, 0x0, 0x0
      Lower DeviceData: 0x0, 0x0, 0x0
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      <<<2>>>
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
      Done!
      Drive 0
      This is a System drive
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: 727B3521

      Partition information:

      Partition 0 type is Other (0x1c)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 2048 Numsec = 52428800
      Partition is not bootable
      Partition file system is FAT32

      Partition 1 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 52430848 Numsec = 572709552
      Partition is bootable
      Partition file system is NTFS

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0
      Partition is not bootable

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0
      Partition is not bootable

      Disk Size: 320072933376 bytes
      Sector size: 512 bytes

      Done!
      Infected: C:\Windows\System32\BIT158C.tmp --> [Adware.SpeedBit]
      Infected: C:\Windows\System32\BIT1B57.tmp --> [Adware.SpeedBit]
      Infected: C:\Windows\Temp\g4134.tmp.exe --> [Trojan.Wdfload]
      Infected: C:\Users\Asus\AppData\Local\Joysoft.exe --> [Adware.Linkury]
      Infected: C:\Windows\283d1b2f86984af19877daddc733018a.exe --> [Adware.Wajam]
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.7C" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F9DB9076CE185175C33975BD80C596FFC78D0621.bin.83" is compressed (flags = 1)
      Infected: C:\Users\Asus\AppData\Roaming\Jungler\AppIDSmc.exe --> [Trojan.BitCoinMiner]
      Infected: C:\Users\Asus\AppData\Local\agent.dat --> [Adware.Linkury.Generic]
      Infected: C:\Users\Asus\AppData\Local\Joysoft.tst --> [Adware.Linkury.Generic]
      Infected: C:\Users\Asus\AppData\Local\noah.dat --> [Adware.Linkury.Generic]
      Infected: C:\Users\Asus\AppData\Local\md.xml --> [Adware.Linkury.Generic]
      Infected: C:\Windows\Microsoft\svchost.exe --> [Backdoor.XTRat]
      Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host --> [Backdoor.XTRat]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
      Infected: C:\Users\Asus\AppData\Local\Config.xml --> [Adware.Linkury.Generic]
      Scan finished
      Creating System Restore point...
      Could not create restore point...
      Cleaning up...
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action reg.exe...
      Success!
      Executing an action cmd.exe...
      Success!
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action reg.exe
      Queuing an action cmd.exe
      Queuing an action cmd.exe
      Queuing an action cmd.exe
      Queuing an action cmd.exe
      Queuing an action cmd.exe
      Removal scheduling successful. System shutdown needed.
      System shutdown occurred
      =======================================

      mbar-log.txt:

      Malwarebytes Anti-Rootkit BETA 1.9.3.1001
      www.malwarebytes.org

      Database version:
      main: v2017.10.24.01
      rootkit: v2017.10.14.01

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.18376
      Asus :: ASUS-PC [administrator]

      24/10/2017 9:14:16
      mbar-log-2017-10-24 (09-14-16).txt

      Scan type: Quick scan
      Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
      Scan options disabled:
      Objects scanned: 322200
      Time elapsed: 33 minute(s), 15 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 91
      HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host (Backdoor.XTRat) -> Delete on reboot. [70d1518e842544f2006e2e9316ecbc44]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf7297484762c96dc43d81749170d22e]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4bf6f6e97732b383363180793ac7649c]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5ee3e7f8b3f6f343bea3a154e1201ee2]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d66b746bf7b2f4423eb06591f20fce32]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cd7478673277c76f3477728440c10df3]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bb86439cd8d1e452dc8ee4137f82669a]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b38ebd225653280e1d2313e6956c8a76]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ed549e41703954e23a4fad4bb1501be5]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [88b9647bb9f0142270e3b44056ab5ca4]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [00417a65a504ee48ab7901f620e17f81]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [132e637c5e4bd066f5bd9266c839a759]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [89b81dc23673350171511fd9c73a9967]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7dc401de3277a690738d0ce9d42d07f9]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0c35c11ed1d80e285235ac4cb74ad52b]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4100f8e77b2ee551c42b17e04bb61ee2]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [54ed89565f4af244ecdac72e9c65b24e]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [81c034ab3079d2644d0126d1e61bab55]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aa97845bf9b09a9c1cf630c8946da25e]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [231edb041891dd59faeb21d6728ff20e]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [54ed9748f7b264d22fbef00640c1d62a]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [063b9a451c8dcb6b435e50a9c041b050]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [93ae7f600a9f9b9be81ca057738eb34d]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [76cb4699ebbe42f41726d027cb3650b0]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b38eb32cffaaee48b06637c21de4738d]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b1900ad5e2c77cba1dd62cccfb06b947]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [60e137a83475c5719e0cac4a877a916f]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [dd64e0ffb8f1e650838ede1a7988f808]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0839924d614837ffd4c5c82f38c9ea16]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [76cb568988212115ac7a18e1c23fa759]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1a2702ddebbe3cfaeab0d126639ed729]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a0a1c01fd5d403338b535e9afc0504fc]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e859548b02a75dd9822d1bdccb3608f8]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [87ba35aa2c7dfe385a85807851b08779]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [72cf934caffab58167d8c534fa0737c9]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d071845ba108cf678100f3065ba6c13f]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [99a830af4b5e989ea74700f74bb64fb1]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30117d62d3d6cd69f732c533c43d60a0]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5fe26f700f9aea4c9ab82ecb857ca858]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b98816c9cadfa294912ffff7837ed927]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5be6c51a03a69b9b23579462679a7b85]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2c15f6e9773271c5b9890de6ae53e11f]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a69b1ac57d2c12242beb787e847d8878]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7ec3aa35a80159dd8acb24d449b851af]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [50f1b22defba75c12c5c48b01ee325db]
      HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c67b756a2485f3433ed57a7e2ed346ba]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [91b0a738decb46f06d94e60f4fb233cd]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [81c06877aefb280e4621a0597190fc04]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2819f4eb5356fe38194864919d648d73]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ac955d8238718da9836b8571ee136a96]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [083922bd8722d75ff8b3589ed52c946c]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e75a4d9294153303b8b243b4758c36ca]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b091d6091d8cfc3a59e710e9cb36936d]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a79a5f80edbc0f27d0b91bdd629f59a7]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0938716ea900f640e56e757f37caeb15]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [64dd79667336da5c1e06e215c73ada26]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9ea3627ddecb32043e74d325cd34af51]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7cc53ba406a331059b27c8304bb606fa]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6dd42ab586230e28847ccc2956ab29d7]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8db419c6fbaec373dea9a35542bfb24e]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9aa7b22d00a93402d91614e3c23fef11]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ad947f60a405ce6817af4ca98b7636ca]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [28198659b5f483b38fbf39be39c8e818]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [340d8a5506a361d5fc162bcd926f0cf4]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7ec3746b189174c2ad383fb8cc35d030]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ee531fc03c6df0469855e90d768b09f7]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7cc5e0ff515833031e8321d8ab56d22e]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c77a4d928e1b6fc7887c6493ba4759a7]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e55c914ef8b1b58184b9748340c1936d]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [271add02575243f343d35d9ca75a49b7]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1d24d40b34756cca965d5a9ebf424fb1]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [033e00dfe8c10a2c7634fcfa8978758b]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b09158873e6bf541b65b0aeea061d729]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8cb5637ccadf1d19bddca55252aff40c]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9fa2766921880a2cef37ab4e61a0ac54]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45fc934c7a2f5dd9d2c807f030d1b14f]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [360b30af01a854e27c62956359a853ad]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52efb7283475f3435956ef0839c86997]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [54ed6679efba310522bdc236926f936d]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [241d9b44a90039fd0f3043b68a77a55b]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9da4429df8b170c6730e8673bd44ad53]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ca7735aa8f1a41f50fdfdd1a887943bd]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2a17a33cd7d26acc77b216e2e21f649c]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [57eaf6e99d0c6dc991c157a2c9388878]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bd84e1fee1c854e2b7097f77a75ad12f]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab964699c5e4df577efc1fd7cd34a35d]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [44fdd20ddecb49edc181678c2ed3f907]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e35e706f3e6b51e55abca74f4bb69967]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [de6379664c5da78f99bcb4448c75fa06]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3c053aa55e4b8caa92f69662f40d2fd1]
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [56eb3aa58e1b171f8f849860cd34a45c]

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 12
      C:\Windows\System32\BIT158C.tmp (Adware.SpeedBit) -> Delete on reboot. [6ad7617e9b0e999d783d8978d2307987]
      C:\Windows\System32\BIT1B57.tmp (Adware.SpeedBit) -> Delete on reboot. [9ea314cb6841b5816e47e021af53a15f]
      C:\Windows\Temp\g4134.tmp.exe (Trojan.Wdfload) -> Delete on reboot. [033e99463376f442f2b9e100956c8878]
      C:\Users\Asus\AppData\Local\Joysoft.exe (Adware.Linkury) -> Delete on reboot. [251c21be3c6dd75f4efd938851b17b85]
      C:\Windows\283d1b2f86984af19877daddc733018a.exe (Adware.Wajam) -> Delete on reboot. [1928994636730333e759bc5d748e8080]
      C:\Users\Asus\AppData\Roaming\Jungler\AppIDSmc.exe (Trojan.BitCoinMiner) -> Delete on reboot. [d26f30af7039ee48877924ed28dad62a]
      C:\Users\Asus\AppData\Local\agent.dat (Adware.Linkury.Generic) -> Delete on reboot. [fc457768d3d6f046b020c3ff14ed34cc]
      C:\Users\Asus\AppData\Local\Joysoft.tst (Adware.Linkury.Generic) -> Delete on reboot. [7dc4449b2584ee48dd9be7dc867bdc24]
      C:\Users\Asus\AppData\Local\noah.dat (Adware.Linkury.Generic) -> Delete on reboot. [d46d6a752e7b58de4962972cbd44e020]
      C:\Users\Asus\AppData\Local\md.xml (Adware.Linkury.Generic) -> Delete on reboot. [9da42cb3b7f2bd79cde3249f4ab7c13f]
      C:\Windows\Microsoft\svchost.exe (Backdoor.XTRat) -> Delete on reboot. [70d1518e842544f2006e2e9316ecbc44]
      C:\Users\Asus\AppData\Local\Config.xml (Adware.Linkury.Generic) -> Delete on reboot. [9ea3e2fd7138e650d3a76063ae53f709]

      Physical Sectors Detected: 0
      (No malicious items detected)

      (end)

    9. #9
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.991

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Hola

      Realiza los siguientes pasos:

      1) Descarga HitmanPRO su manual de uso

      • Ejecuta HitmanPRO, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona el botón: "Siguiente" en las dos pantallas para comenzar.
      • Una vez finalizado el escaneo HitmanPRO incluye 30 días gratuitos para la eliminación de los posibles malwares detectados.
      • En todo caso se puede con su reporte encontrar la ruta especifica de lo detectado y eliminar manualmente.
      • El reporte se genera presionando "Guardar Registro" en donde queramos, para luego abrirlo y copiarnos el contenido en este mismo tema.


      2) Realiza un escaneo en linea ESET Online Scanner

      • Desactiva el Antivirus
      • Después de realizar el escaneo, vuelves a activar el Antivirus
      • Descarga y ejecuta ESET Online (Ver Manual)
      • Marca las casillas de Eliminar las amenazas detectadas y analizar archivos.
      • Haz clic en Configuración adicional y tilda las casillas:
        - Analizar en busca de aplicaciones potencialmente indeseables,
        - Analizar en busca de aplicaciones potencialmente peligrosas
        - Activar la tecnología Anti-Stealth.
      • Pulsa en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      • Cuando acabe haz clic en Finalizar
      • Localiza el reporte en C:\Archivos de programa\ESET\ESET Online Scanner\log y nos lo adjuntas en tu próxima respuesta.


      Para el reporte de la nueva versión de Eset Online
      • La ruta por defecto es: C:\users\%userprofile%\appdata\local\temp\log.txt
      • Así que primero tendras que mostrar Archivos y Carpetas Ocultos
      • Cuando lo hayas hecho podras acceder a la carpeta AppData de tu cuenta de usuario, abrela
      • Entras a la carpeta local y ahí encontraras la carpeta Temp
      • Dentro de este directorio debes encontrar el archivo log.txt
      • Ya sabes, abrelo con el bloc de notas, seleccionalo todo, copialo y pegalo en tu próxima respuesta


      Pega los reportes y comenta como sigue.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de azair22
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      11

      Re: virus que ejecuta cosas en mi pc y no se que hacer mas

      Hola de nuevo!!!

      Una vez hecho esto último que me indicas, parece que ya no se abren paginas en internet solas, ya actualiza el antivirus, y por fin he podido abrir malwarebytes, con lo cual me he ido al tu primer mensaje y he seguido tambien los pasos descritos ahí.
      Ahora lo que no actualiza son las actualizaciones de windows y cuando intento descargar algo me sigue diciendo que no es seguro y necesito darle permiso, ademas de esto cuando inicia windows veo que se abren un par de ventanas ms-dos y rapidamente se cierran, no me da tiempo a ver que puede ser.

      Aqui te pego los 2 ultimos reportes:

      Reporte HitmanPRO.log

      [code]
      HitmanPro 3.7.20.286
      www.hitmanpro.com

      Computer name . . . . : ASUS-PC
      Windows . . . . . . . : 6.1.1.7601.X64/4
      User name . . . . . . : Asus-PC\Asus
      UAC . . . . . . . . . : Enabled
      License . . . . . . . : Trial (30 days left)

      Scan date . . . . . . : 2017-10-27 09:14:40
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 15m 18s
      Disk access mode . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot . . . . . . . : No

      Threats . . . . . . . : 0
      Traces . . . . . . . : 5

      Objects scanned . . . : 2.388.319
      Files scanned . . . . : 183.278
      Remnants scanned . . : 805.923 files / 1.399.118 keys

      Suspicious files ____________________________________________________________

      C:\Users\Asus\Downloads\ACTION KAFTAGAME\Lanzador.exe -> Deleted
      Size . . . . . . . : 18.051.072 bytes
      Age . . . . . . . : 129.7 days (2017-06-19 15:29:12)
      Entropy . . . . . : 7.0
      SHA-256 . . . . . : 2C1CB1A4766B47B04C67C392EBAB99E20D3B24D172D1CB1A9BCEAD77706F50EC
      Product . . . . . : Action!
      Publisher . . . . : Mirillis Ltd.
      Description . . . : Action!
      Version . . . . . : 1.18.0.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 9
      Authenticode . . . : Invalid
      Fuzzy . . . . . . : 22.0
      Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.


      Cookies _____________________________________________________________________

      C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
      C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
      C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Cookies\Low\FX40UPCT.txt
      C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Cookies\Low\N4JX3EJS.txt




      Reporte ESET Online Scanner (log.txt)

      [code]13:01:05 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=
      # end=init
      # utc_time=2017-10-26 11:01:05
      # local_time=2017-10-26 13:01:05 (+0100, Hora de verano romance)
      # country="Spain"
      # osver=6.1.7601 NT Service Pack 1
      13:01:13 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=45bee16374edc74faa0eeffc54d4a49f
      # end=init
      # utc_time=2017-10-26 11:01:12
      # local_time=2017-10-26 13:01:12 (+0100, Hora de verano romance)
      # country="Spain"
      # osver=6.1.7601 NT Service Pack 1
      13:05:26 Updating
      13:05:26 Update Init
      13:05:28 Update Download
      13:07:57 esets_scanner_reload returned 0
      13:07:57 g_uiModuleBuild: 35191
      13:07:57 Update Finalize
      13:07:57 Call m_esets_charon_send
      13:07:57 Call m_esets_charon_destroy
      13:07:57 Updated modules version: 35191
      13:08:10 Call m_esets_charon_setup_create
      13:08:10 Call m_esets_charon_create
      13:08:10 m_esets_charon_create OK
      13:08:10 Call m_esets_charon_start_send_thread
      13:08:10 Call m_esets_charon_setup_set
      13:08:10 m_esets_charon_setup_set OK
      13:08:10 Scanner engine: 35191
      09:40:52 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=45bee16374edc74faa0eeffc54d4a49f
      # end=init
      # utc_time=2017-10-27 07:40:51
      # local_time=2017-10-27 09:40:51 (+0100, Hora de verano romance)
      # country="Spain"
      # osver=6.1.7601 NT Service Pack 1
      09:41:05 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=45bee16374edc74faa0eeffc54d4a49f
      # end=init
      # utc_time=2017-10-27 07:41:05
      # local_time=2017-10-27 09:41:05 (+0100, Hora de verano romance)
      # country="Spain"
      # osver=6.1.7601 NT Service Pack 1
      09:42:28 Call m_esets_charon_setup_create
      09:42:28 Call m_esets_charon_create
      09:42:28 m_esets_charon_create OK
      09:42:28 Call m_esets_charon_start_send_thread
      09:42:28 Call m_esets_charon_setup_set
      09:42:28 m_esets_charon_setup_set OK
      09:42:37 Updating
      09:42:37 Update Init
      09:42:49 Call m_esets_charon_setup_create
      09:42:49 Call m_esets_charon_create
      09:42:49 m_esets_charon_setup_set ERROR
      09:42:49 Update Download
      09:43:22 esets_scanner_reload returned 0
      09:43:22 g_uiModuleBuild: 35201
      09:43:22 Update Finalize
      09:43:22 Call m_esets_charon_send
      09:43:22 Call m_esets_charon_destroy
      09:43:22 Updated modules version: 35201
      09:43:33 Call m_esets_charon_setup_create
      09:43:33 Call m_esets_charon_create
      09:43:33 m_esets_charon_setup_set ERROR
      09:43:33 Scanner engine: 35201
      13:30:50 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=45bee16374edc74faa0eeffc54d4a49f
      # engine=35201
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # sfx_checked=true
      # utc_time=2017-10-27 11:30:47
      # local_time=2017-10-27 13:30:47 (+0100, Hora de verano romance)
      # country="Spain"
      # lang=13322
      # osver=6.1.7601 NT Service Pack 1
      # compatibility_mode_1='Microsoft Security Essentials'
      # compatibility_mode=5895 16777213 100 100 29271957 132091441 0 0
      # scanned=2
      # found=11
      # cleaned=11
      # scan_time=13644
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/CoinMiner.FY troyano (desinfectado por eliminación)" ac=C fn="C:\Users\Asus\AppData\Roaming\Jungler\nbqa.vbs"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Patcher.A aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Asus\Documents\SAMPLITUDE.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Asus\Documents\MAGIX_Speed2_burnR_mxcdr\atube-catcher-3-8-8007-multi-win.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Patcher.A aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Asus\Documents\programas usb\SAMPLITUDE\SAMPLITUDE\SAMPLITUDE MUSIC STUDIO 16 FULL\PArche Samplitude\MAGIX Samplitude Music Studio 16.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Asus\Documents\total video converter\atube-catcher-3-8-8007-multi-win.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Asus\Downloads\ccsetup526.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="BAT/HostsChanger.A aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Asus\Downloads\IDM 6.25 build 10, Programas Full.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Patcher.A aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Asus\Downloads\SAMPLITUDE.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Patcher.A aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Asus\Downloads\SAMPLITUDE\SAMPLITUDE\SAMPLITUDE MUSIC STUDIO 16 FULL\PArche Samplitude\MAGIX Samplitude Music Studio 16.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="BAT/HostsChanger.A aplicación potencialmente no segura,está correcto (eliminado)" ac=C fn="C:\Users\Asus\PROGRAMA FIMONA FULL\WonderShare Filmora.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Qhost troyano (desinfectado por eliminación)" ac=C fn="C:\Windows\System32\drivers\etc\hosts"
      13:39:23 Call m_esets_charon_send
      13:39:24 Call m_esets_charon_destroy
      13:39:25 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Asus\AppData\Local\ESET\ESETOnlineScanner\Quarantine\


      Muchisimas gracias por tu tiempo, a ver si lo conseguimos. Un saludo

    Página 1 de 2 12 ÚltimoÚltimo