• Registrarse
  • Iniciar sesión


  • Página 1 de 3 123 ÚltimoÚltimo
    Resultados 1 al 10 de 21

    Virus windows 8.1 riskware | actualizacion

    Urgente: widnows 8.1 buenos diaas a todos recientemente acabo de iniciar mi laptop y al ingresar mi contrasena me salio un mensaje de...grupo hogar algo asi(en realidad no me percate bien de dicho mensaje) posterior ...

    1. #1
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Malware Virus windows 8.1 riskware | actualizacion

      Urgente: widnows 8.1 buenos diaas a todos recientemente acabo de iniciar mi laptop y al ingresar mi contrasena me salio un mensaje de...grupo hogar algo asi(en realidad no me percate bien de dicho mensaje) posterior a ello no pude ingresar ya que solo me aparecia las ventanas de windows algo asi como si el color se hubiese personalizado. posterior como no pude ingresar, presione las teclas ctrl + alt + del y me dirijo en adminsitrador de tareas para que ver al menos algo ya que no me dejaba ingresar a mi escritorio pues logre ingresar, ya dentro veo algo asi como entrando en modo seguro porque toda mi configuracion de personalizacion habia cambiado a otra que yo ya antes habia configurado. la hora esta como la ven en la imagen estaba en ingles no habia zone alarm ni avg que tenia si entro hacia la tecla windows no hay ninguna aplicacion pero si estan en el disco c y ppuedo acceder a ellos indirectamente... ANALISIS: al analizar con Malwarebytes, ya culminado el analisis me arroja 4 RISWARE y paso a eliminarlos(cuarentena), entro al registro y me doy con la sorpresa que en HKCU solo hay dos ramas las cuales son SOFTWARE, SYSTEM y VOLATILE EVIRONMENT [foto]
      y dias atras estuve viendo un video sobre las actualizaciones de windows 8.1 que te deja sin acceso por crear una cotrasena online algo asi... AL EJECUTAR ZONE ALARM dar Validation failed for: (ruta de la carpeta donde esta almacenada.) y chrome desaparecio :) pero tengo a firefox..
      POSTERIOR descargo KASPERSKY TOOLS REMOVE Y NO ENCUENTRA NADA alguien tendria la amabilidad de ayudarme?
      [adjunto imagenes]
      https://i.imgur.com/YPRY5aH.png
      https://i.imgur.com/szefQ4I.png
      https://i.imgur.com/Fxmi4pf.png
      https://i.imgur.com/fa2HHUG.png
      https://i.imgur.com/ha8csOL.png

    2. #2
      Usuario Avatar de tcr7
      Registrado
      oct 2012
      Ubicación
      España
      Mensajes
      85

      Re: Virus windows 8.1 riskware | actualizacion

      Hola, con permiso de los moderadores

      1- ¿Tienes instalado el Tuneup u otro programa de optimización? Según la imagen subida de Malwarebytes, lo que te detecta como riskware es cuando el Tuneup desactiva el Firefox y el Chrome con el desactivador de programas. A mí me sale lo mismo, pero yo lo tengo puesto en exclusiones. https://ibb.co/hPSZvw

      EDITADO**********************************

      SOLO LOS MIEMBROS DEL STAFF PUEDEN USAR HERRAMIENTAS COMO FABAR, OTL, COMBOFIX..........
      Última edición por @Miguelgrado fecha: 09/11/17 a las 15:18:52

    3. #3
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Re: Virus windows 8.1 riskware | actualizacion

      Hola gracias por la atencion. si tengo avg teneup y [ccleaner] lo elimine porque me daba problemas con la actualizacion ultima que fue hackeada felizmente zone alarm pudo con el; okey muchas gracias seguire el post y publico los dos log como respuesta...

    4. #4
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Re: Virus windows 8.1 riskware | actualizacion

      FRST.txt

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
      Ran by host (administrator) on SAMSUNG (09-11-2017 13:27:56)
      Running from C:\Users\pc\Downloads
      Loaded Profiles: host (Available Profiles: host)
      Platform: Windows 8.1 Pro (Update) (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
      (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
      HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [126925120 2017-10-12] (Microsoft Corporation)
      HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
      HKLM\...\Run: [chrome] => chrome.exe
      HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
      HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [273920 2014-10-28] (Microsoft Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      IFEO: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\activation.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\DATABASECOMPARE.EXE: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\mbam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\OcPubMgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\reporter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\SPREADSHEETCOMPARE.EXE: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\uninshs.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\ve.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\Winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      IFEO\wvs.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
      Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Enviar a OneNote.lnk [2017-04-25]
      ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{F8387EBC-B95F-4E39-97FB-48E1D1539D24}: [NameServer] 200.48.225.130,200.48.225.146

      Internet Explorer:
      ==================
      URLSearchHook: [S-1-5-21-2313239394-3466792357-375500660-1001] ATTENTION => Default URLSearchHook is missing
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-26] (Oracle Corporation)
      BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-26] (Oracle Corporation)

      FireFox:
      ========
      FF DefaultProfile: j3rj478b.default-1504322101284
      FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284 [2017-11-09]
      FF Extension: (Acebug) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284\Extensions\[email protected] [2017-10-29]
      FF Extension: (anonymoX) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284\Extensions\[email protected] [2017-10-19]
      FF Extension: (Firebug) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284\Extensions\[email protected] [2017-10-29]
      FF Extension: (Privacy Badger) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284\Extensions\[email protected] [2017-10-19]
      FF Extension: (Dark Background and Light Text) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284\Extensions\[email protected] [2017-10-27]
      FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\j3rj478b.default-1504322101284\Extensions\[email protected] [2017-10-21]
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-26] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-26] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR DefaultProfile: Default

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S4 AcuWVSSchedulerv8; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [1009840 2012-07-04] ()
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
      R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
      S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
      R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
      R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
      S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
      R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
      R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2017-03-22] (AO Kaspersky Lab)
      S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29216 2017-03-22] (AO Kaspersky Lab)
      R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [207576 2017-11-09] (AO Kaspersky Lab)
      R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [594144 2017-11-09] (AO Kaspersky Lab)
      R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1055448 2017-11-09] (AO Kaspersky Lab)
      S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-15] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-15] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-15] (Malwarebytes)
      S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [5269568 2016-10-09] (Realtek Semiconductor Corporation )
      R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
      S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [214832 2015-12-08] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오ì‹*것을 환영합니다.))
      R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
      R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
      R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation)
      S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [137920 2017-04-28] (Oracle Corporation)
      R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
      S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
      S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
      S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
      S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-09-19] (Basil Projects)
      S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
      U3 iswSvc; no ImagePath

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-09 13:27 - 2017-11-09 13:28 - 000016347 _____ C:\Users\pc\Downloads\FRST.txt
      2017-11-09 13:26 - 2017-11-09 13:27 - 000000000 ____D C:\FRST
      2017-11-09 13:19 - 2017-11-09 13:19 - 002403328 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
      2017-11-09 11:23 - 2017-11-09 11:24 - 000000000 ____D C:\KVRT_Data
      2017-11-09 11:06 - 2017-11-09 11:11 - 131027240 _____ (Kaspersky Lab ZAO) C:\Users\pc\Downloads\KVRT.exe
      2017-11-09 11:03 - 2017-11-09 11:03 - 001055448 ____N (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
      2017-11-09 11:03 - 2017-11-09 11:03 - 000594144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
      2017-11-09 11:03 - 2017-11-09 11:03 - 000207576 ____N (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
      2017-11-09 11:03 - 2017-11-09 11:03 - 000149304 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
      2017-11-09 11:03 - 2017-11-09 11:03 - 000000000 _____ C:\Windows\system32\Drivers\OLD2D06.tmp
      2017-11-09 11:03 - 2017-11-09 11:03 - 000000000 _____ C:\Windows\system32\Drivers\OLD2D05.tmp
      2017-11-09 10:55 - 2017-11-09 10:55 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
      2017-11-09 10:53 - 2017-11-09 10:53 - 002522168 _____ (Kaspersky Lab) C:\Users\pc\Downloads\startup.exe
      2017-11-09 10:03 - 2017-11-09 10:03 - 000000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
      2017-11-08 23:14 - 2017-11-09 10:29 - 000262144 _____ C:\Users\pc\ntuser.man
      2017-10-26 19:06 - 2017-10-26 19:06 - 007905536 _____ (Tim Kosse) C:\Users\pc\Downloads\FileZilla_3.28.0_win64-setup.exe
      2017-10-13 22:27 - 2017-10-13 22:27 - 000000908 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-10-13 22:27 - 2017-10-13 22:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-10-13 22:25 - 2017-11-09 09:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-10-13 11:06 - 2017-10-13 11:06 - 004956888 _____ (Piriform Ltd) C:\Users\pc\Desktop\recuva64.exe
      2017-10-12 08:45 - 2017-10-12 08:45 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-10-11 10:04 - 2017-09-14 14:30 - 007439704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2017-10-11 10:04 - 2017-09-14 14:30 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2017-10-11 10:04 - 2017-09-14 14:29 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2017-10-11 10:04 - 2017-09-13 20:18 - 001384216 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
      2017-10-11 10:04 - 2017-09-13 20:14 - 001124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
      2017-10-11 10:04 - 2017-09-13 08:32 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
      2017-10-11 10:04 - 2017-09-13 08:31 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
      2017-10-11 10:04 - 2017-09-13 08:27 - 000384000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
      2017-10-11 10:04 - 2017-09-09 13:53 - 022361864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2017-10-11 10:04 - 2017-09-09 12:55 - 019790760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2017-10-11 10:04 - 2017-09-09 12:38 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2017-10-11 10:04 - 2017-09-09 11:10 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-10-11 10:04 - 2017-09-09 10:49 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
      2017-10-11 10:04 - 2017-09-09 10:47 - 014466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
      2017-10-11 10:04 - 2017-09-09 10:21 - 012879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
      2017-10-11 10:04 - 2017-09-09 08:13 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
      2017-10-11 10:04 - 2017-09-09 08:13 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2017-10-11 10:04 - 2017-09-09 08:13 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
      2017-10-11 10:04 - 2017-09-08 22:50 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-10-11 10:04 - 2017-09-08 22:50 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
      2017-10-11 10:04 - 2017-09-08 13:21 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-10-11 10:04 - 2017-09-08 13:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-10-11 10:04 - 2017-09-08 12:39 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2017-10-11 10:04 - 2017-09-08 11:57 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
      2017-10-11 10:04 - 2017-09-07 16:33 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2017-10-11 10:04 - 2017-09-07 16:33 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2017-10-11 10:04 - 2017-09-07 16:32 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2017-10-11 10:04 - 2017-09-07 16:32 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2017-10-11 10:04 - 2017-09-07 16:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-10-11 10:04 - 2017-09-07 16:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-10-11 10:04 - 2017-09-07 16:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-10-11 10:04 - 2017-09-07 16:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-10-11 10:04 - 2017-09-07 16:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-10-11 10:04 - 2017-09-07 15:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-10-11 10:04 - 2017-09-07 15:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-10-11 10:04 - 2017-09-07 15:31 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2017-10-11 10:04 - 2017-09-07 15:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-10-11 10:04 - 2017-09-07 15:21 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2017-10-11 10:04 - 2017-09-07 15:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-10-11 10:04 - 2017-09-07 15:11 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-10-11 10:04 - 2017-09-07 15:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-10-11 10:04 - 2017-09-07 15:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-10-11 10:04 - 2017-09-07 15:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-10-11 10:04 - 2017-09-07 15:08 - 000656896 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
      2017-10-11 10:04 - 2017-09-07 14:54 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
      2017-10-11 10:04 - 2017-09-07 14:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-10-11 10:04 - 2017-09-07 14:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-10-11 10:04 - 2017-09-07 14:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-10-11 10:04 - 2017-09-07 14:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-10-11 10:04 - 2017-09-07 14:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-10-11 10:04 - 2017-09-07 14:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-10-11 10:04 - 2017-09-07 14:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-10-11 10:04 - 2017-09-07 14:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-10-11 10:04 - 2017-09-07 13:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-10-11 10:04 - 2017-09-07 13:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-10-11 10:04 - 2017-09-07 13:38 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
      2017-10-11 10:04 - 2017-09-07 13:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-10-11 10:04 - 2017-09-07 13:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2017-10-11 10:04 - 2017-09-07 13:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-10-11 10:04 - 2017-09-07 13:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-10-11 10:04 - 2017-09-07 13:27 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-10-11 10:04 - 2017-09-07 13:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-10-11 10:04 - 2017-09-07 13:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-10-11 10:04 - 2017-09-07 13:24 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
      2017-10-11 10:04 - 2017-09-07 13:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-10-11 10:04 - 2017-09-07 13:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-10-11 10:04 - 2017-09-07 12:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-10-11 10:04 - 2017-09-07 12:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-10-11 10:04 - 2017-08-13 14:48 - 000202592 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2017-10-11 10:04 - 2017-08-13 12:52 - 000174944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
      2017-10-11 10:04 - 2017-08-13 12:10 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2017-10-11 10:04 - 2017-08-13 11:33 - 000252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
      2017-10-11 10:04 - 2017-08-11 16:19 - 000482304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
      2017-10-11 10:04 - 2017-08-11 16:14 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
      2017-10-11 10:04 - 2017-08-10 21:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2017-10-11 10:04 - 2017-08-10 21:22 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2017-10-11 10:04 - 2017-08-10 21:20 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2017-10-11 10:04 - 2017-08-10 21:16 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
      2017-10-11 10:04 - 2017-08-10 20:57 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
      2017-10-11 10:04 - 2017-08-06 16:50 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
      2017-10-11 10:04 - 2017-08-06 16:20 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
      2017-10-11 10:04 - 2017-08-06 16:13 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
      2017-10-11 10:04 - 2017-08-06 02:08 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
      2017-10-11 10:04 - 2017-08-01 21:19 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
      2017-10-11 10:04 - 2017-08-01 03:25 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-09 13:28 - 2016-11-21 14:38 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Mozilla
      2017-11-09 12:00 - 2016-05-01 12:58 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-11-09 11:03 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
      2017-11-09 10:35 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
      2017-11-09 10:00 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-09 09:57 - 2017-09-19 09:57 - 000000000 ____D C:\Users\pc\AppData\Roaming\vlc
      2017-11-09 09:57 - 2017-09-07 08:19 - 000000000 ____D C:\xampp
      2017-11-09 09:57 - 2017-07-23 18:11 - 000000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
      2017-11-09 09:57 - 2017-07-16 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
      2017-11-09 09:51 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\registration
      2017-11-09 09:11 - 2015-09-05 23:19 - 000003368 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001Core1d0e85b3cdb7a15
      2017-11-09 09:03 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
      2017-11-08 23:14 - 2015-09-05 13:57 - 000000000 ____D C:\Users\pc
      2017-11-08 22:13 - 2017-07-23 18:11 - 000000000 ____D C:\Users\pc\AppData\Roaming\WhatsApp
      2017-11-08 22:03 - 2015-09-05 14:03 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2313239394-3466792357-375500660-1001
      2017-11-08 21:44 - 2017-07-16 19:02 - 000000000 ____D C:\Users\pc\.p2
      2017-11-08 21:43 - 2017-08-09 23:43 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
      2017-11-08 19:08 - 2017-09-27 10:16 - 000000822 _____ C:\Users\pc\Desktop\texto.txt
      2017-11-08 13:24 - 2014-03-18 05:11 - 001832546 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-08 13:24 - 2014-03-18 04:31 - 000812052 _____ C:\Windows\system32\perfh00A.dat
      2017-11-08 13:24 - 2014-03-18 04:31 - 000167252 _____ C:\Windows\system32\perfc00A.dat
      2017-11-06 15:48 - 2015-09-05 13:32 - 000002424 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-04 12:48 - 2017-08-09 22:31 - 000000000 ____D C:\Users\pc\Desktop\screenshot
      2017-10-31 08:56 - 2015-09-05 13:38 - 000003700 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
      2017-10-29 18:03 - 2017-07-14 12:42 - 000000000 ____D C:\Users\pc\.VirtualBox
      2017-10-26 19:42 - 2017-07-18 21:50 - 000000000 ____D C:\Users\pc\AppData\Roaming\FileZilla
      2017-10-26 10:48 - 2017-07-16 18:14 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
      2017-10-26 10:47 - 2017-07-16 18:13 - 000000000 ____D C:\Program Files (x86)\Java
      2017-10-18 10:14 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
      2017-10-13 22:16 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
      2017-10-12 18:59 - 2013-08-22 09:44 - 000482384 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-10-12 18:51 - 2013-08-22 10:36 - 000000000 ___RD C:\Windows\ToastData
      2017-10-12 17:25 - 2017-06-16 10:53 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-10-12 17:25 - 2017-06-16 10:53 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-10-12 08:51 - 2015-09-05 14:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2017-10-12 08:50 - 2015-12-21 23:34 - 000000000 ____D C:\Windows\system32\MRT
      2017-10-12 08:45 - 2015-12-21 23:34 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-10-12 08:40 - 2013-08-22 08:25 - 000000261 _____ C:\Windows\win.ini

      ==================== Files in the root of some directories =======

      2017-07-18 21:56 - 2017-08-11 21:30 - 000000600 _____ () C:\Users\pc\AppData\Local\PUTTY.RND
      2017-07-22 14:14 - 2017-07-22 14:14 - 000007666 _____ () C:\Users\pc\AppData\Local\Resmon.ResmonCfg

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-04 15:34

      ==================== End of FRST.txt ============================

    5. #5
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Re: Virus windows 8.1 riskware | actualizacion

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
      Ran by host (09-11-2017 13:29:32)
      Running from C:\Users\pc\Downloads
      Windows 8.1 Pro (Update) (X64) (2015-09-05 18:57:10)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-2313239394-3466792357-375500660-500 - Administrator - Disabled)
      host (S-1-5-21-2313239394-3466792357-375500660-1001 - Administrator - Enabled) => C:\Users\pc
      Invitado (S-1-5-21-2313239394-3466792357-375500660-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
      AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Acunetix Web Vulnerability Scanner 8.0 (HKLM-x32\...\{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1) (Version: 8.0 - Acunetix)
      aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
      AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
      AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
      Brackets (HKLM-x32\...\{1E8FE8D5-B532-4320-83D8-DA83B8E7F608}) (Version: 1.10 - brackets.io)
      D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
      Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
      FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
      Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
      Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
      Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
      Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      Malwarebytes versión 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
      Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      Mozilla Firefox 56.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 56.0.2 (x64 es-ES)) (Version: 56.0.2 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
      Node.js (HKLM\...\{79708824-B29E-4DFA-B39A-46A97DCFB729}) (Version: 8.4.0 - Node.js Foundation)
      Oracle VM VirtualBox 5.1.22 (HKLM\...\{8D5E4D4D-5E0C-4448-B018-5DDEF1E208D9}) (Version: 5.1.22 - Oracle Corporation)
      Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      Photoshop Cs6 versión Final (HKLM-x32\...\{5CF1F901-ED27-4C34-A9CE-A10E8C1DDDB2}_is1) (Version: Final - Braian Urzagaste)
      Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
      Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
      Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
      TP-LINK TL-WN722N Controlador (HKLM-x32\...\{F9C15685-38A9-46A1-9826-97204015C19C}) (Version: 1.3.1 - TP-LINK)
      Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
      Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
      WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      XAMPP (HKLM-x32\...\xampp) (Version: 7.1.8-0 - Bitnami)
      ZoneAlarm Antivirus (HKLM-x32\...\{87D6BFBA-093E-40B8-845E-746B75BE7339}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
      ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
      ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
      ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers1-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-04-14] (Check Point Software Technologies Ltd.)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
      ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
      ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-04] (Intel Corporation)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers6-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-04-14] (Check Point Software Technologies Ltd.)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {1712539F-21A0-4499-9A5C-FBCCB617AC89} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
      Task: {1CFEFD38-69DA-4738-976D-F53B7CA6CCD8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001Core1d0e85b217626e7 => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
      Task: {22131959-2AF1-4FCF-9D57-6C093658F609} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001UA => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
      Task: {241577D4-71BE-4473-A044-4B6D004EBC82} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
      Task: {31CF85AE-9452-4B40-88BC-1E0B9A0AFE0C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      Task: {4CA29EBE-28FE-42EF-BFBE-5A598370F17F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001UA1d0f09def0d8ab7 => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
      Task: {6551AD32-6D8B-4E8B-939E-41B7D6D66014} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
      Task: {731A7347-1499-4998-956B-371909D9BD5D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
      Task: {8518C8B6-5298-402E-A20F-685CC8A46BC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001Core1d0e85b3cdb7a15 => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
      Task: {A588E815-1F8B-4991-B8B4-9520FC8DDBC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
      Task: {AB797216-7194-4D5C-BF55-C0D842FDD4C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001Core => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
      Task: {D78FE080-D36D-4665-B4C4-CD7230D1785D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001Core.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001Core1d0e85b217626e7.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313239394-3466792357-375500660-1001UA.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-07-19 11:18 - 2017-07-19 11:18 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
      2017-03-22 08:06 - 2017-03-22 08:06 - 000865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
      2017-08-09 23:43 - 2017-08-09 23:42 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2017-08-13 03:33 - 2017-08-31 18:04 - 000000042 _____ C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 localhost
      127.0.0.1 wclever.com

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      DNS Servers: 200.48.225.130 - 200.48.225.146
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
      Windows Firewall is disabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
      HKLM\...\StartupApproved\Run: => "HotKeysCmds"
      HKLM\...\StartupApproved\Run: => "IgfxTray"
      HKLM\...\StartupApproved\Run: => "Persistence"
      HKLM\...\StartupApproved\Run: => "SynTPEnh"
      HKLM\...\StartupApproved\Run: => "MRT"
      HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
      HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
      HKLM\...\StartupApproved\Run: => "WinZip UN"
      HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
      HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
      HKLM\...\StartupApproved\Run32: => "Dropbox"
      HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
      HKU\S-1-5-21-2313239394-3466792357-375500660-1001\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{508CCE58-44CA-45D6-BF15-CAF44A7D9BBB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{848033A9-6241-4CA4-9FA5-DECDA424AEB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{966F5D14-E78D-4641-BDCF-909F5779E55C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{99678AED-CD23-4CCC-AB6D-CCB73163E82E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{77778BFE-EA46-4C1F-906A-C5C6EF4ACA97}] => (Allow) LPort=1689
      FirewallRules: [TCP Query User{D760CFF5-EC8F-4EA1-9734-F29251730E0A}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{9BC5E687-26F9-4C47-80DE-EA05ED07E890}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [{026A3DCA-F1DE-44D6-8CD8-DE8CC3BED633}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{2B377A60-FF40-44D8-908A-948292308574}] => (Allow) LPort=2869
      FirewallRules: [{B2908C01-D0F9-4F79-8FBE-6DD1DE58C25F}] => (Allow) LPort=1900
      FirewallRules: [TCP Query User{E107ACA0-9DE7-4652-9CF5-B330B39D56DF}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{DED0A219-5350-4E74-8295-99B59730153B}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [{C1B4D31A-BB08-45A2-ADB0-D7CBB0A57905}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{2617BBF0-A115-408E-8A30-8DC9DAA1A98A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{94181BF2-7AD0-4172-AD7B-9EB6284B4375}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{F50225CF-B10E-4EF2-BB62-A379EE9247F1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{3DE923D2-92B7-4BBB-8137-BA3555AB1B36}] => (Allow) LPort=1688
      FirewallRules: [TCP Query User{101BA189-7938-47A5-87C8-B6FD6F8918EA}C:\users\pc\eclipse\java-latest-released\eclipse\eclipse.exe] => (Block) C:\users\pc\eclipse\java-latest-released\eclipse\eclipse.exe
      FirewallRules: [UDP Query User{F85867E0-27B5-498A-9988-9621A78E5F8F}C:\users\pc\eclipse\java-latest-released\eclipse\eclipse.exe] => (Block) C:\users\pc\eclipse\java-latest-released\eclipse\eclipse.exe
      FirewallRules: [{827AF8A5-DE2E-44D4-B30A-B98DB5985DF5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
      FirewallRules: [{8A5468CB-2F32-4500-873E-A21710402079}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
      FirewallRules: [{230931C4-DECB-4F04-A2DD-D616A6D17570}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
      FirewallRules: [{FDD74F04-8DEA-4FAE-933B-6F8BCB7BBE93}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
      FirewallRules: [{BBD24486-B5A2-4CD9-A061-FA71DB76FAB0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{076EE203-7016-40F0-9552-C2510600FF86}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

      ==================== Restore Points =========================

      17-10-2017 22:20:01 Punto de control programado
      25-10-2017 11:48:05 Punto de control programado
      03-11-2017 16:34:37 Punto de control programado
      09-11-2017 09:45:03 Operación de restauración

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/09/2017 01:26:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 01:26:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 01:05:52 PM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/09/2017 12:55:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 12:55:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 12:54:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 12:54:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 12:54:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 12:54:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.

      Error: (11/09/2017 11:53:45 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: El sistema no puede encontrar el archivo especificado.


      System errors:
      =============
      Error: (11/09/2017 11:20:38 AM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/09/2017 11:15:39 AM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/09/2017 11:15:09 AM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/09/2017 11:03:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
      Description: Error en la llamada ScRegSetValueExW para Type con el error siguiente:
      Acceso denegado.

      Error: (11/09/2017 09:46:29 AM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/09/2017 09:46:29 AM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/08/2017 02:52:37 PM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/08/2017 02:47:29 PM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/08/2017 02:46:59 PM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (11/08/2017 09:22:50 AM) (Source: DCOM) (EventID: 10010) (User: SAMSUNG)
      Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido.


      CodeIntegrity:
      ===================================
      Date: 2017-07-01 19:43:15.404
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:15.232
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:15.054
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:14.888
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:14.715
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:14.526
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:14.351
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:14.108
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:13.940
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-07-01 19:43:13.765
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
      Percentage of memory in use: 37%
      Total physical RAM: 3971.35 MB
      Available physical RAM: 2475.38 MB
      Total Virtual: 5251.35 MB
      Available Virtual: 3774.07 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:243.65 GB) (Free:123.95 GB) NTFS
      Drive d: (DISCO LOCAL) (Fixed) (Total:221.62 GB) (Free:89.24 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CDA73872)
      Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    6. #6
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Re: Virus windows 8.1 riskware | actualizacion

      ahi estan todos los datos ahora que procede, crees que la causa pueda ser AVG y el conflicto entre firefox y google chrome?

    7. #7
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.171

      Re: Virus windows 8.1 riskware | actualizacion

      Hola indexclever


      Paso a llevar tu tema, pues los usuarios no pueden solicitar ni usar Fabar, pues esta reservado a miembros del Staff.


      No me queda muy claro que problemas presenta en estos momentos tu pc.

      Eso si, el uso de Avg Tune up puede producir errores y ademas he visto muchos casos de daños en el sistema, pues es un programa agresivo y delicado de usar y yo no lo recomiendo para nda

      Hay mejores maneras de mantener el pc sin tantos riesgos.

      Por otro lado, los navegadores no generan conflictos entre si



      Coméntame que errores tiene el pc o problemas actualmente
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Re: Virus windows 8.1 riskware | actualizacion

      Hola @miguelgrado gracias por responder. el problema que actualmente tiene es si abro word, excel sale error 24, para zone alarm (validation failed for: ruta de zone alarm )que es mi antivirus y firewall que el archivo ha fallado, a si mismo para avg no se ejecuta, el taskhost tampo solo sale los procesos actuales que se estan ejecutando, al parecer ha sido modificado en el registro, de lo que me percato tambien que si quiero ver los archivos ocultos no se puede doy en la cassila y es como un rebote no da checked... y las aplicaciones de la store salen vacias, chrome no se ejecuta desde cmd...

    9. #9
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.171

      Re: Virus windows 8.1 riskware | actualizacion

      Tienes un sistema bastante dañado, pero vemaos si se puede hacer algo


      Ejecutas en orden:

      Paso 1.-: Descarga Malwarebytes Anti-Rootkit Beta >>Malwarebytes Anti-Rootkit | InfoSpyware y descomprima el contenido en su escritorio
      Paso 2.- : Desactiva tu antivirus >> Cómo deshabilitar temporalmente su Antivirus

      Abra la carpeta Mbar. Doble clic en el archivo Mbar.exe
      • En la interfaz del programa haga clic en Next.
      • Haga clic en el botón Update. Terminando clic en Next
      • Para iniciar el análisis clic en el botón Scan
      • Terminando, si hay infección clic en CleanUp, si no hay, clic en Exit.


      Al finalizar abra la carpeta Mbar, los archivos mbar-log.txt , copie y pegue todo su contenido en la siguiente respuesta y comentando los resultados.



      Descarga >> https://www.infospyware.com/antispyware/adwcleaner y colócalo en el escritorio:


      - Ejecútalo con todos los programas cerrados y con el antivirus deshabilitado >>Cómo deshabilitar temporalmente su Antivirus.
      - Si usas Windows Vista/ W 7/W 8, ejecútalo como administrador. (Botón derecho >> Ejecutar como Administrador) , aceptas la licencia (j’acepte) ..


      Presionas y das en Escanear y esperas a que el programa haga lo suyo.
      Ejecutamos Limpiar para realizar la limpieza y si nos pide reiniciar el pc lo hacemos.

      - Al terminar se abrirá un reporte en un archivo de texto, cuyo contenido deberás copiar y pegar en tu próxima respuesta.


      El reporte se encuentra también en C:\AdwCleaner- AdwCleaner[CX].txt




      Descarga Windows Repair all in one. , hazlo con la versión portable suele estar la ultima de todas donde veas que te pone :

      - Direct Download

      Es un fichero ZIP con este nombre "tweaking.com_windows_repair_aio.zip", lo descomprimes y ejecutas desde la carpeta que se habrá generado.

      Haces doble clic sobre el archivo Repair_Windows.exe.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      :
      Vas a Repairs- Main y luego a Preset:all repairs y Start Repairs

      Cuando finalize reinicias el Pc


      Me pegas logs de Mbar y Adwcleaner y comentas como va el pc
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de indexclever
      Registrado
      abr 2015
      Ubicación
      location
      Mensajes
      13

      Re: Virus windows 8.1 riskware | actualizacion

      Hola otra vez disculpa por no estar al tanto pero tuve muchos inconvenientes, hice la reparacion con windows-repair y soluciono muchos de los problemas del registro(habilito mucho), al igual con malwarebytes que no se podia instalar y yo antes con el malwarebytes tenia detected 2 riskware que adjunte como imagen de este post https://i.imgur.com/ha8csOL.png, de lo que me percato es que sigo teniendo los problemas del administrador de tareas que suelo frecuentar esta asi https://i.imgur.com/Fxmi4pf.png (como se ve en la parte derecha), acabo de notar tbm que al hacer el punto de restauracion no pude hacerlo del todo bien YA QUE TUVE QUE ESPERAR MAS DE 3 HORAS A QUE ACABARA EL PROCESO Y ME DIJERA QUE NO HA SIDO REALIZADO CON EXITO dejo imagen https://i.imgur.com/G8idXCx.png ; por otro lado el mismo problema con el antivirus y firewall de zone alarm ahora me sale esto "Unable start" y el mismo problema con word y excel: https://i.imgur.com/AcJ6kHF.png : cuando presiono la tecla windows no me sale nada tanto en aplicaciones ni en su estado normal pero eso no es tanto de mi interes porque uso mas el escritorio... espero y me respondas.. muchas gracias por tu apoyo @Miguelgrado
      _____ AGREGO al poner taskhost en win + R no me sale nada.

    Página 1 de 3 123 ÚltimoÚltimo