• Registrarse
  • Iniciar sesión


  • Página 1 de 3 123 ÚltimoÚltimo
    Resultados 1 al 10 de 23

    Virus Sality

    ...

    1. #1
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Virus Sality

      Buenas tengan los que me lean tal como dice el titulo al parecer mi ordenador padece de este virus win xp servi pack 3, estuve buscando y me encontre con esto http://www.forospyware.com/t482030.html lo que describe es basicamente lo que me sucede el enlace que deja el moderador no me carga en ningun navegador, ni si quiera me deja acceder a la pagina de el antivirus karspesky, es el mismo SO, las descargas se quedan en 99 tambien, aparte aveces en el administrador de tareas viendo los procesos, veo que aparecen .exes extraños que nunca habia visto, los he buscado por google y no aparece nada.. y consumen ram unos ejemplos de cuales: sgkoax.exe, winimewb.exe,uyla.exe,windvildmh.exe y otros 3 mas que ahorita no recuerdo, debor añadir que el pc no cuenta con antivirus debido a que no es muy potente y un antivirus lo relantiza mucho por eso recurro al malwarebytes o superantispyware que actualmente no ejecuta, tambien tengo el adwcleaner pero no me sirve este debido a que me sale un mensaje de que no es una aplicacion win32 valida y por ultimo el ccleaner, se que he leido que lo mejor en un caso con este virus es formatear, pero este ordenador ha pasado por tanto formateo por varias cosas y en verdad no quiero recurrir a eso, por que me han dicho que por tanto formateo se le puede dañar el disco duro o la placa madre, pero si no queda de otra... bueno, dejo el regristo del malwarebytes.

      Tipo de análisis: Análisis personalizado
      Resultado: Completado
      Objetos analizados: 102191
      Amenazas detectadas: 9
      Amenazas en cuarentena: 9
      Tiempo transcurrido: 1 hr, 33 min, 9 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 1
      Virus.Sality, C:\WINDOWS\TEMP\HMRK.EXE, En cuarentena, [558], [464098],1.0.3390

      Módulo: 1
      Virus.Sality, C:\WINDOWS\TEMP\HMRK.EXE, En cuarentena, [558], [464098],1.0.3390

      Clave del registro: 2
      Virus.Sality, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\amsint32, En cuarentena, [558], [213310],1.0.3390
      Virus.Sality, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_AMSINT32, En cuarentena, [558], [213093],1.0.3390

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 3
      PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Sustituido, [15866], [293294],1.0.3390
      PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Sustituido, [15866], [293295],1.0.3390
      PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Sustituido, [15866], [293296],1.0.3390

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 2
      Virus.Sality, C:\WINDOWS\TEMP\HMRK.EXE, En cuarentena, [558], [464098],1.0.3390
      Virus.Sality, C:\TEMP\WINCRUB.EXE, En cuarentena, [558], [464098],1.0.3390

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      al terminar eso nada ha cambiado y cualquier programa antivirus, antispyware que intente descargar no me deja o algun archivo .exe, algun instalador de algo por ejemplo, pero en cambio lo que es video o musica si se descarga o archivo rar, tambien hubo un momento en el que al terminar los procesos antes mencionados la pc se reinicio sola 2 veces seguidas al encender normal, el cartel de windows a detectado un problema, muchas gracias de antemano a las personas que se tomen el tiempo de leer.

    2. #2
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      19.396

      Re: Virus Sality

      Saludos y [email protected]




      Vas a ejecutar en orden y cualquier duda o problema me dices


      Descarga y ejecutas Rkill 2.6 | InfoSpyware en el escritorio

      • Rkill se disfraza bajo el nombre iExplore, cuando lo ejecute tendrá que esperar y aceptar un mensaje.
      • Rkill no se instala.
      • Después de ejecutar este, no reinicie el PC hasta que un programa se lo solicite.
      • Luego peganos el log que se encuentra en C: rkill.log


      Una vez usado Rkill, sin reiniciar el pc, sigues con Dr Web



      Descarga y ejecuta >> Manual de Dr.Web CureIt! y sigue las instrucciones para realizar un escaneo completo (ver donde pone Realizando un escaneo Completo con un escaneo Personalizado (Recomendado)
      Antes de comenzar el escaneo se recomienda presionar el icono en forma de llave inglesa y de las opciones elegirá Configuración:
      En la ventana ira a Log y pondrá el nivel en mínimo y deberá dar en OK para guardar los cambios.
      Advertencia. Si esta sección se deja en Máximo o Medio el reporte será innecesariamente extenso y no podrá publicarlo en el tema del foro en donde lo estén ayudando.
      Una vez ajustado lo anterior volverá a la ventana principal del programa donde podrá elegir la opción de escaneo Personalizado según lo que se ha indicado

      Escaneo personalizado: Este es el otro escaneo que ofrece Dr. Web CureIt!, el cual puede accederse presionando en la sección que pone Seleccione Objetos a Escanear. Gracias a este modo, puede seleccionar la carpeta/fichero que desee analizar al igual que crear un perfil de análisis.
      1. Deberá marcar todas las casillas de la sección Escaneando Objetos.
      2. Posteriormente presionar sobre Click to select files and folders, con lo cual se abrirá una ventana para seleccionar unidades que serán escaneadas. Se recomienda seleccionar todas incluyendo los dispositivos extraíbles.
      3. Para iniciar el escaneo presionara en Comenzando Escaneo.
      4. Una vez finalizado, si encuentra amenazas,pulsamos en Neutralizar
      5. Luego pega el reporte aquí.
      De forma predeterminada, una vez que Dr. Web CureIt! finaliza de escanear el sistema operativo, crea un reporte que puede encontrar en la siguiente ruta:
      Disco C-Nombre de Usuario-Dr Web-Cure-it.log

      Nota:Solo pegamos, la ultima parte del log, donde dice que detecto y elimino , donde pone “Start Curing”



      1-Descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • La guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas /ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.

      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Re: Virus Sality

      Buenas @Miguelgrado gracias por responder, muy bien. aqui esta el log del Rkill.

      Rkill 2.9.1 by Lawrence Abrams (Grinler)
      http://www.bleepingcomputer.com/
      Copyright 2008-2017 BleepingComputer.com
      More Information about Rkill can be found at this link:
      http://www.bleepingcomputer.com/forums/topic308364.html

      Program started at: 12/02/2017 07:53:25 AM in x86 mode.
      Windows Version: Microsoft Windows XP Service Pack 3

      Checking for Windows services to stop:

      * Schedule Stopped. [PUP/GEN]

      1 service stopped!

      Checking for processes to terminate:

      * C:\WINDOWS\TEMP\winjmwhf.exe (PID: 5272) [WD-HEUR]

      1 proccess terminated!

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * Windows Firewall Disabled

      [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = dword:00000000

      * Reparse Point/Junctions Found (Most likely legitimate)!

      * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
      * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

      Searching for Missing Digital Signatures:

      * C:\WINDOWS\System32\sfcfiles.dll : 1.572.352 : 05/11/2016 04:01 AM : a984fd70323f1badc33c170f60dbd5f6 [NoSig]

      Checking HOSTS File:

      * HOSTS file entries found:

      127.0.0.1 localhost

      Program finished at: 12/02/2017 07:54:33 AM
      Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)

      El Dr.webcureit no pude descargarlo, nunca inicia la descarga, doy en descargar programa pero nada.. Siguiendo el siguiente paso si pude descargar el Farbar Recovery Scan Tool By Farbar y aqui estan los 2 logs:

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2017
      Ran by PC (administrator) on LANX0001 (02-12-2017 08:02:36)
      Running from C:\Documents and Settings\PC\Escritorio
      Loaded Profiles: PC (Available Profiles: PC)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Español (alfabetización internacional)
      Internet Explorer Version 8 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Sandboxie Holdings, LLC) C:\Archivos de programa\Sandboxie\SbieSvc.exe
      (SUPERAntiSpyware.com) C:\Archivos de programa\SUPERAntiSpyware\SASCore.exe
      (Ralink Technology, Corp.) C:\Archivos de programa\Ralink\Common\RalinkRegistryWriter.exe
      (Malwarebytes) C:\Archivos de programa\Malwarebytes\Anti-Malware\MBAMService.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      ( ) C:\Archivos de programa\CursorXP\CursorXP.exe
      (Piriform Ltd) C:\Archivos de programa\CCleaner\CCleaner.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
      (Malwarebytes) C:\Archivos de programa\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-12] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
      Winlogon\Notify\RailNotification: C:\WINDOWS\system32\winlogonnotification.dll [2016-05-11] (Microsoft Corporation)
      HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
      HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
      HKU\S-1-5-21-1202660629-152049171-1177238915-1003\...\Run: [CursorXP] => C:\Archivos de programa\CursorXP\CursorXP.exe [140288 2005-01-19] ( )
      HKU\S-1-5-21-1202660629-152049171-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Archivos de programa\CCleaner\CCleaner.exe [7685808 2017-09-20] (Piriform Ltd)
      HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
      SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
      ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2016-05-11] (Microsoft Corporation)
      ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 200.109.78.12 200.44.32.12
      Tcpip\..\Interfaces\{3B59A61B-E985-435E-B208-CBC0F05B8862}: [DhcpNameServer] 200.109.78.12 200.44.32.12

      Internet Explorer:
      ==================
      Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
      Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
      Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
      Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
      Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll [2006-10-26] (Microsoft Corporation)
      Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
      Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)

      FireFox:
      ========
      FF DefaultProfile: k27lhgq4.default
      FF ProfilePath: C:\Documents and Settings\PC\Datos de programa\Mozilla\Firefox\Profiles\k27lhgq4.default [2017-12-02]
      FF Extension: (MEGA) - C:\Documents and Settings\PC\Datos de programa\Mozilla\Firefox\Profiles\k27lhgq4.default\Extensions\[email protected] [2017-11-30]
      FF Extension: (Application Update Service Helper) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2017-11-15] [Lagacy] [not signed]
      FF Extension: (Multi-process staged rollout) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2017-11-15] [Lagacy] [not signed]
      FF Extension: (Pocket) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2017-11-15] [Lagacy] [not signed]
      FF Extension: (Web Compat) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2017-11-15] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-19] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Archivos de programa\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Archivos de programa\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Archivos de programa\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin: Adobe Reader -> C:\Archivos de programa\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-1202660629-152049171-1177238915-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\PC\Configuración local\Datos de programa\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 !SASCORE; C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
      S2 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [153168 2017-10-19] (Google Inc.)
      S3 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [153168 2017-10-19] (Google Inc.)
      S3 idsvc; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
      R2 MBAMService; C:\Archivos de programa\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
      S3 MozillaMaintenance; C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe [174032 2017-11-15] (Mozilla Foundation)
      S3 odserv; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
      S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
      R2 RalinkRegistryWriter; C:\Archivos de programa\Ralink\Common\RalinkRegistryWriter.exe [156960 2008-09-05] (Ralink Technology, Corp.) [File not signed]
      R2 SbieSvc; C:\Archivos de programa\Sandboxie\SbieSvc.exe [154760 2017-06-05] (Sandboxie Holdings, LLC)
      S3 WMPNetworkSvc; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [916480 2016-05-11] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2008-01-14] (Cisco Systems, Inc.) [File not signed]
      S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
      S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2016-05-11] (Microsoft Corporation)
      R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2017-12-02] (Malwarebytes)
      S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
      R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [5632 2010-12-06] (Marvell Semiconductor Inc.) [File not signed]
      R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2010-12-06] (Marvell Semiconductor Inc.) [File not signed]
      R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [5632 2010-12-06] (Marvell Semiconductor Inc.) [File not signed]
      S3 RAPIProtocol; C:\WINDOWS\System32\DRIVERS\RAPIProtocol.sys [16512 2008-08-07] (Ralink Technology, Corp.) [File not signed]
      S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [966912 2009-03-24] (Ralink Technology, Corp.)
      R1 SASDIFSV; C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      R1 SASKUTIL; C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      R3 SbieDrv; C:\Archivos de programa\Sandboxie\SbieDrv.sys [179336 2017-06-05] (Sandboxie Holdings, LLC)
      R1 vcdrom; C:\WINDOWS\system32\DRIVERS\VCdRom.sys [8576 2016-05-11] (Microsoft Corporation) [File not signed]
      R3 amsint32; \??\C:\WINDOWS\system32\drivers\klhils.sys [X]
      S4 IntelIde; no ImagePath
      U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-05-11] (Microsoft Corporation)
      U1 WS2IFSL; no ImagePath

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-02 08:02 - 2017-12-02 08:03 - 000010490 _____ C:\Documents and Settings\PC\Escritorio\FRST.txt
      2017-12-02 08:02 - 2017-12-02 08:02 - 000000000 ____D C:\FRST
      2017-12-02 08:00 - 2017-12-02 08:00 - 001752064 _____ (Farbar) C:\Documents and Settings\PC\Escritorio\FRST.exe
      2017-12-02 07:54 - 2017-12-02 07:54 - 000003536 _____ C:\Documents and Settings\PC\Escritorio\Rkill2.txt
      2017-12-02 07:53 - 2017-12-02 07:53 - 000000784 _____ C:\Documents and Settings\PC\Escritorio\Acceso directo a iExplore.lnk
      2017-12-02 07:51 - 2017-12-02 07:52 - 001792640 _____ (Bleeping Computer, LLC) C:\Documents and Settings\PC\Mis documentos\iExplore (1).exe
      2017-12-02 07:41 - 2017-12-02 07:41 - 000002175 _____ C:\Documents and Settings\PC\Escritorio\25111.txt
      2017-12-02 07:18 - 2017-12-02 07:18 - 000002052 _____ C:\Documents and Settings\PC\Escritorio\6666222.txt
      2017-12-02 07:17 - 2017-12-02 07:17 - 000002052 _____ C:\Documents and Settings\PC\Escritorio\56565.txt
      2017-12-02 06:51 - 2017-12-02 07:54 - 000003536 _____ C:\Documents and Settings\PC\Escritorio\Rkill.txt
      2017-12-02 06:45 - 2017-12-02 06:45 - 000090112 _____ C:\WINDOWS\Minidump\Mini120217-02.dmp
      2017-12-02 06:43 - 2017-12-02 06:43 - 000090112 _____ C:\WINDOWS\Minidump\Mini120217-01.dmp
      2017-12-02 05:26 - 2017-12-02 05:27 - 001792640 _____ (Bleeping Computer, LLC) C:\Documents and Settings\PC\Mis documentos\iExplore.exe
      2017-12-01 16:02 - 2017-12-01 16:06 - 023527113 _____ C:\Documents and Settings\PC\Mis documentos\Andas En Mi Cabeza - Adexe & Nau (Chino & Nacho ft. Daddy Yankee Cover).mp4
      2017-12-01 15:08 - 2017-12-01 15:12 - 015568634 _____ C:\Documents and Settings\PC\Mis documentos\┗-∵-┓ノンファンタジー/HoneyWorks feat.初音ミク&GUMI.mp4
      2017-12-01 14:19 - 2017-12-01 14:19 - 000002222 _____ C:\Documents and Settings\PC\Escritorio\regristro malwarebytes.txt
      2017-11-30 20:01 - 2017-11-30 20:03 - 010559492 _____ C:\Documents and Settings\PC\Mis documentos\solo quedate en silencio RBD anime mix.mp4
      2017-11-30 19:53 - 2017-11-30 19:54 - 009592782 _____ C:\Documents and Settings\PC\Mis documentos\Sakura y Shaoran-besame sin miedo.mp4
      2017-11-30 19:40 - 2017-11-30 19:42 - 009637110 _____ C:\Documents and Settings\PC\Mis documentos\kudai - morir de amor - sakura.mp4
      2017-11-30 19:36 - 2017-11-30 19:38 - 010435176 _____ C:\Documents and Settings\PC\Mis documentos\Sakura Y Shaoran (Voy a conquistarte).mp4
      2017-11-30 19:24 - 2017-11-30 19:26 - 008809508 _____ C:\Documents and Settings\PC\Mis documentos\Belinda - Vivir.mp4
      2017-11-30 19:21 - 2017-11-30 19:23 - 014963608 _____ C:\Documents and Settings\PC\Mis documentos\Kana Boon Diver Boruto Naruto The Movie AMV.mp4
      2017-11-30 19:11 - 2017-11-30 19:13 - 011629313 _____ C:\Documents and Settings\PC\Mis documentos\Victor Drija - Única (Number One).mp4
      2017-11-30 19:04 - 2017-11-30 19:07 - 015539871 _____ C:\Documents and Settings\PC\Mis documentos\【Kagamine Len and Rin】The Straight-Faced Science Girl 理系女子は笑わない PV (English Subs).mp4
      2017-11-30 18:30 - 2017-11-30 18:33 - 015127835 _____ C:\Documents and Settings\PC\Mis documentos\┗-∵-┓言葉のいらない約束/HoneyWorks feat.GUMI.mp4
      2017-11-30 11:12 - 2013-08-01 12:24 - 000000197 _____ C:\Documents and Settings\PC\Downloads\Gana dolares en internet.txt
      2017-11-29 19:35 - 2017-11-29 19:38 - 016905799 _____ C:\Documents and Settings\PC\Mis documentos\┗-∵-┓僕が名前を呼ぶ日/HoneyWorks feat.GUMI.mp4
      2017-11-29 19:28 - 2017-11-29 19:31 - 012530450 _____ C:\Documents and Settings\PC\Mis documentos\┗-∵-┓病名恋ワズライ/HoneyWorks feat.GUMI.mp4
      2017-11-29 19:14 - 2017-11-29 19:15 - 004526915 _____ C:\Documents and Settings\PC\Mis documentos\Digimon universe Ending 4 (poor quality).mp4
      2017-11-29 18:56 - 2017-11-29 19:01 - 015982883 _____ C:\Documents and Settings\PC\Mis documentos\Victor Drija - I Love You (La Propuesta).mp4
      2017-11-29 18:49 - 2017-11-29 18:57 - 033532268 _____ C:\Documents and Settings\PC\Mis documentos\Victor Drija - Tu Caballero (Dance Video).mp4
      2017-11-29 18:40 - 2017-11-29 18:43 - 015748133 _____ C:\Documents and Settings\PC\Mis documentos\Victor Drija - De Ti No Me Voy A Olvidar ft. Britsio.mp4
      2017-11-29 18:26 - 2017-11-29 18:28 - 014797749 _____ C:\Documents and Settings\PC\Mis documentos\César Franco - Sola Nunca Estarás , HitoriJanai (Full).mp4
      2017-11-29 17:56 - 2017-11-29 17:57 - 005933296 _____ C:\Documents and Settings\PC\Mis documentos\Paulina Goto - El camino a donde voy (Vídeo con LETRA).mp4
      2017-11-27 17:32 - 2017-11-27 17:33 - 005032376 _____ C:\Documents and Settings\PC\Mis documentos\GRE2016.pdf
      2017-11-27 08:01 - 2017-11-29 05:46 - 000000000 ____D C:\Documents and Settings\PC\Downloads\APLIAC-72p
      2017-11-27 05:42 - 2017-11-27 14:42 - 000000000 ____D C:\Documents and Settings\PC\Downloads\VIJSLA-72p
      2017-11-26 19:58 - 2017-11-26 20:01 - 009035937 _____ C:\Documents and Settings\PC\Mis documentos\Sakura y Shaoran - De Niña A Mujer.mp4
      2017-11-26 19:44 - 2017-11-26 19:47 - 011174719 _____ C:\Documents and Settings\PC\Mis documentos\Sakura y Shaoran - Rosas... La Oreja de Van Gogh.wmv.mp4
      2017-11-26 19:35 - 2017-11-26 19:38 - 011000737 _____ C:\Documents and Settings\PC\Mis documentos\Ranma ½ - Ending 2 "Equal Romansu" (Equal Romance).mp4
      2017-11-26 19:24 - 2017-11-26 19:26 - 010557210 _____ C:\Documents and Settings\PC\Mis documentos\Ranma ½ - Opening 3 "Omoide ga Ippai" (So Many Memories).mp4
      2017-11-26 18:58 - 2017-11-26 19:02 - 020046028 _____ C:\Documents and Settings\PC\Mis documentos\Inuyasha Opening 4 (Español Latino) letra en español HD.mp4
      2017-11-26 18:05 - 2017-11-26 18:31 - 135310887 _____ C:\Documents and Settings\PC\Mis documentos\Naruto Shippuden Openings 1-20 ⁀⊙﹏☉⁀.mp4
      2017-11-25 23:44 - 2017-11-20 23:11 - 000000000 ____D C:\Documents and Settings\PC\Mis documentos\SACFIG-72p
      2017-11-25 14:44 - 2017-11-25 14:45 - 000321872 _____ C:\Documents and Settings\PC\Mis documentos\CrucialScan.exe
      2017-11-22 15:53 - 2017-11-22 15:54 - 000003987 _____ C:\Documents and Settings\PC\Mis documentos\clsdatetime.zip
      2017-11-22 15:53 - 2017-11-22 15:54 - 000003987 _____ C:\Documents and Settings\PC\Mis documentos\clsdatetime (1).zip
      2017-11-21 22:14 - 2017-11-21 22:14 - 000000931 _____ C:\Documents and Settings\All Users\Escritorio\Revo Uninstaller.lnk
      2017-11-21 22:14 - 2017-11-21 22:14 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Revo Uninstaller
      2017-11-21 22:14 - 2017-11-21 22:14 - 000000000 ____D C:\Archivos de programa\VS Revo Group
      2017-11-21 22:03 - 2017-11-21 22:03 - 000000838 _____ C:\Documents and Settings\PC\Menú Inicio\Programas\Internet Explorer.lnk
      2017-11-21 22:00 - 2017-11-21 22:00 - 000000000 ____D C:\WINDOWS\system32\appmgmt
      2017-11-20 15:25 - 2017-11-20 15:36 - 027120564 _____ C:\Documents and Settings\PC\Mis documentos\Programando en C++ con Editor Codeblocks.mp4
      2017-11-20 12:04 - 2014-07-12 00:26 - 000000109 _____ C:\Documents and Settings\PC\Downloads\NicoBlog.url
      2017-11-19 18:30 - 2017-11-19 18:32 - 006314699 _____ C:\Documents and Settings\PC\Mis documentos\python-3.6.0b4-embed-win32.zip
      2017-11-19 18:28 - 2017-11-19 18:29 - 006387918 _____ C:\Documents and Settings\PC\Mis documentos\python-3.6.3rc1-embed-win32.zip
      2017-11-19 18:24 - 2017-11-19 18:27 - 019238912 _____ C:\Documents and Settings\PC\Mis documentos\python-2.7.14 (1).msi
      2017-11-19 18:15 - 2017-11-19 18:21 - 030584520 _____ (Python Software Foundation) C:\Documents and Settings\PC\Mis documentos\python-3.6.3.exe
      2017-11-19 18:15 - 2017-11-19 18:15 - 000116054 _____ C:\Documents and Settings\PC\Mis documentos\Manual_C++.PDF
      2017-11-19 18:09 - 2017-11-19 18:12 - 019238912 _____ C:\Documents and Settings\PC\Mis documentos\python-2.7.14.msi
      2017-11-19 00:41 - 2017-10-02 18:10 - 000000000 ____D C:\Documents and Settings\PC\Mis documentos\SNDPRT-72p
      2017-11-16 16:42 - 2017-12-01 11:21 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\CodeBlocks
      2017-11-16 16:42 - 2017-11-23 17:26 - 000000000 ____D C:\Documents and Settings\PC\Datos de programa\CodeBlocks
      2017-11-15 15:34 - 2017-11-15 15:40 - 034568647 _____ (The Code::Blocks Team) C:\Documents and Settings\PC\Mis documentos\codeblocks-16.01-setup.exe
      2017-11-15 14:55 - 2017-11-15 15:24 - 090574496 _____ (The Code::Blocks Team) C:\Documents and Settings\PC\Mis documentos\codeblocks-16.01mingw_fortran-setup.exe
      2017-11-12 18:01 - 2017-11-12 18:03 - 000000000 ____D C:\Documents and Settings\PC\Mis documentos\ANIME
      2017-11-12 17:49 - 2017-11-12 17:55 - 036980865 _____ C:\Documents and Settings\PC\Mis documentos\MAJARETE DE MAIZ VERDE.mp4
      2017-11-12 17:41 - 2017-11-12 17:44 - 015999141 _____ C:\Documents and Settings\PC\Mis documentos\Receta Para Hacer Una Arepa De Huevo - Cómo Hacer Una Arepa De Huevo - Sweet y Salado.mp4
      2017-11-12 17:25 - 2017-11-12 17:36 - 019361252 _____ C:\Documents and Settings\PC\Mis documentos\TORTA BURRERA DE PAN Tradición venezolana de Temperos e Sabores.mp4
      2017-11-11 19:01 - 2017-11-11 19:16 - 046361071 _____ C:\Documents and Settings\PC\Mis documentos\TORTA DE ARROZ de Licuadora, sin harina, sin gluten, fácil y deliciosa.mp4
      2017-11-11 18:14 - 2017-11-11 18:20 - 039878589 _____ C:\Documents and Settings\PC\Mis documentos\TORTA DE MAIZ TIERNO, JOJOTO, de Licuadora, sin Gluten, receta venezolana.mp4
      2017-11-11 17:49 - 2017-11-11 17:55 - 046067422 _____ C:\Documents and Settings\PC\Mis documentos\Quesadillas Venezolanas receta fácil.mp4
      2017-11-11 17:29 - 2017-11-11 17:43 - 067324442 _____ C:\Documents and Settings\PC\Mis documentos\GOLFEADOS VENEZOLANOS Rollos de pan dulce con queso, muy deliciosos.mp4
      2017-11-11 16:17 - 2017-11-11 16:36 - 048895082 _____ C:\Documents and Settings\PC\Mis documentos\TORTA CHOCOFLAN SIN HORNO HECHA EN OLLA, muy fácil.mp4
      2017-11-11 16:07 - 2017-11-11 16:11 - 023449357 _____ C:\Documents and Settings\PC\Mis documentos\QUESILLO FLAN DE CAFÉ SIN HORNO delicioso y muy fácil - YouTube.mp4
      2017-11-10 01:12 - 2017-12-01 11:20 - 000000000 ____D C:\WINDOWS\Minidump
      2017-11-08 16:37 - 2017-11-08 16:37 - 000125389 _____ C:\Documents and Settings\PC\Mis documentos\Presentación1.pptx
      2017-11-08 15:53 - 2017-11-08 15:53 - 000032218 _____ C:\Documents and Settings\PC\Mis documentos\dfd xxx.sdr
      2017-11-08 15:46 - 2017-11-08 15:46 - 000044817 _____ C:\Documents and Settings\PC\Mis documentos\DFD.sdr
      2017-11-07 16:50 - 2017-11-07 17:45 - 000000000 ____D C:\Documents and Settings\PC\.dia
      2017-11-07 16:49 - 2017-11-07 16:50 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Dia
      2017-11-07 16:49 - 2017-11-07 16:49 - 000000000 ____D C:\Archivos de programa\Dia
      2017-11-07 16:40 - 2017-11-08 15:05 - 000000000 ____D C:\Documents and Settings\PC\Datos de programa\SmartDraw
      2017-11-07 16:40 - 2017-11-07 16:40 - 000000000 ____D C:\Documents and Settings\PC\System
      2017-11-07 16:39 - 2017-12-02 07:37 - 000000456 _____ C:\WINDOWS\Tasks\SDMsgUpdate (Local).job
      2017-11-07 16:39 - 2017-12-02 07:37 - 000000448 _____ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
      2017-11-07 16:39 - 2017-11-07 16:39 - 000000533 _____ C:\Documents and Settings\All Users\Escritorio\SmartDraw 2017.lnk
      2017-11-07 16:39 - 2017-11-07 16:39 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\SmartDraw 2017
      2017-11-07 16:35 - 2017-11-08 15:43 - 000000000 ____D C:\SmartDraw 2017
      2017-11-04 05:45 - 2017-11-04 05:45 - 000002245 _____ C:\Documents and Settings\PC\Escritorio\JDownloader 2.lnk
      2017-11-04 05:45 - 2017-11-04 05:45 - 000000000 ____D C:\Documents and Settings\PC\Menú Inicio\Programas\JDownloader
      2017-11-04 05:38 - 2017-11-04 05:38 - 000000000 ____D C:\Archivos de programa\JDownloader
      2017-11-04 04:57 - 2017-11-18 12:05 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2017-11-04 04:56 - 2017-12-02 06:52 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      2017-11-04 04:56 - 2017-11-04 04:56 - 000001778 _____ C:\Documents and Settings\All Users\Escritorio\Malwarebytes.lnk
      2017-11-04 04:56 - 2017-11-04 04:56 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes
      2017-11-04 04:56 - 2017-11-04 04:56 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
      2017-11-04 04:56 - 2017-11-04 04:56 - 000000000 ____D C:\Archivos de programa\Malwarebytes
      2017-11-04 04:56 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
      2017-11-04 04:34 - 2017-11-07 22:47 - 000000532 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task cd343b48-ef3b-4c0a-8181-a2b59f93db30.job
      2017-11-04 04:34 - 2017-11-07 22:47 - 000000532 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4de1fc22-76e8-46da-b0fc-3e9dd22ee175.job
      2017-11-04 04:34 - 2017-11-04 04:34 - 000001741 _____ C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
      2017-11-04 04:34 - 2017-11-04 04:34 - 000000000 ____D C:\Documents and Settings\PC\Datos de programa\SUPERAntiSpyware.com
      2017-11-04 04:34 - 2017-11-04 04:34 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
      2017-11-04 04:34 - 2017-11-04 04:34 - 000000000 ____D C:\Archivos de programa\SUPERAntiSpyware
      2017-11-04 04:25 - 2017-11-04 04:26 - 008261584 _____ (Malwarebytes) C:\Documents and Settings\PC\Mis documentos\AdwCleaner (1).exe
      2017-11-04 04:21 - 2017-11-04 04:22 - 008261584 _____ (Malwarebytes) C:\Documents and Settings\PC\Mis documentos\AdwCleaner.exe
      2017-11-03 14:50 - 2017-11-03 14:50 - 000000000 ____D C:\WINDOWS\system32\ReinstallBackups
      2017-11-03 14:47 - 2017-11-03 14:47 - 000000000 ____D C:\Intel
      2017-11-03 14:44 - 2017-11-03 14:58 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\Package Cache
      2017-11-02 23:40 - 2017-11-27 04:30 - 000000210 _____ C:\Documents and Settings\PC\Escritorio\111111.txt

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-02 08:03 - 2008-03-14 01:34 - 000000000 ____D C:\Temp
      2017-12-02 08:02 - 2008-03-14 01:42 - 000000000 ____D C:\Documents and Settings\PC\Escritorio
      2017-12-02 08:00 - 2008-03-14 01:42 - 000000000 ___RD C:\Documents and Settings\PC\Mis documentos
      2017-12-02 07:57 - 2017-10-31 06:00 - 000007680 ___SH C:\WINDOWS\Thumbs.db
      2017-12-02 07:53 - 2008-03-14 01:40 - 000032524 _____ C:\WINDOWS\SchedLgU.Txt
      2017-12-02 07:53 - 2008-03-14 01:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-02 07:38 - 2017-10-20 20:02 - 000000416 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1508544155.job
      2017-12-02 07:37 - 2008-03-14 00:03 - 000001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      2017-12-02 07:36 - 2008-03-14 01:42 - 000000192 ___SH C:\Documents and Settings\PC\ntuser.ini
      2017-12-02 07:20 - 2008-03-14 00:03 - 000001038 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      2017-12-02 06:38 - 2017-10-20 10:53 - 000000000 ____D C:\Archivos de programa\Nostale_ES
      2017-12-01 21:58 - 2017-10-28 18:06 - 000020480 ___SH C:\Documents and Settings\PC\Escritorio\Thumbs.db
      2017-12-01 19:35 - 2017-10-19 22:37 - 000000000 ____D C:\Archivos de programa\CCleaner
      2017-12-01 11:29 - 2017-10-19 20:50 - 000000000 ____D C:\Documents and Settings\PC\Mis documentos\Descargas
      2017-12-01 11:21 - 2008-03-14 01:42 - 000000000 ___RD C:\Documents and Settings\PC\Menú Inicio\Programas
      2017-12-01 11:21 - 2008-03-13 20:19 - 000000000 ___RD C:\Archivos de programa
      2017-12-01 11:20 - 2008-03-14 01:42 - 000000000 ____D C:\Documents and Settings\PC
      2017-12-01 01:49 - 2017-10-19 22:41 - 000000000 ____D C:\WINDOWS\pss
      2017-12-01 01:45 - 2008-03-14 01:39 - 000000192 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
      2017-11-30 18:07 - 2017-10-20 21:15 - 000000000 ____D C:\KMPlayer
      2017-11-30 15:02 - 2001-08-24 07:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-30 11:10 - 2017-10-21 19:21 - 000000000 ____D C:\Documents and Settings\PC\Escritorio\DCIM
      2017-11-29 20:43 - 2017-10-20 21:19 - 000001502 _____ C:\WINDOWS\Sandboxie.ini
      2017-11-29 16:52 - 2017-10-20 19:55 - 000000000 ____D C:\Archivos de programa\Opera
      2017-11-28 13:46 - 2017-10-30 23:53 - 000076800 ___SH C:\Documents and Settings\PC\Mis documentos\Thumbs.db
      2017-11-25 20:08 - 2008-03-14 01:31 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-11-22 19:35 - 2017-10-25 15:18 - 000000000 ____D C:\Documents and Settings\PC\Escritorio\ARCHIVOS
      2017-11-21 22:14 - 2008-03-13 20:19 - 000000000 ___RD C:\Documents and Settings\All Users\Menú Inicio\Programas
      2017-11-21 22:14 - 2008-03-13 20:19 - 000000000 ____D C:\Documents and Settings\All Users\Escritorio
      2017-11-21 22:03 - 2008-03-13 20:19 - 001294966 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-11-21 22:03 - 2001-08-24 07:00 - 000584708 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-11-21 22:03 - 2001-08-24 07:00 - 000116170 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-11-16 16:42 - 2008-03-14 01:42 - 000000000 __RHD C:\Documents and Settings\PC\Datos de programa
      2017-11-15 20:17 - 2017-10-19 20:45 - 000000000 ____D C:\Archivos de programa\Mozilla Maintenance Service
      2017-11-15 13:03 - 2017-10-19 20:44 - 000000000 ____D C:\Archivos de programa\Mozilla Firefox
      2017-11-07 22:47 - 2017-10-19 21:38 - 000000332 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
      2017-11-07 17:40 - 2008-03-14 01:44 - 000000000 ___RD C:\Documents and Settings\PC\Mis documentos\Mis imágenes
      2017-11-07 10:28 - 2017-10-27 17:12 - 000000000 ___RD C:\Documents and Settings\PC\Mis documentos\Mis vídeos
      2017-11-06 13:15 - 2017-10-23 20:37 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
      2017-11-04 04:56 - 2008-03-13 20:16 - 000000000 __RHD C:\Documents and Settings\All Users\Datos de programa
      2017-11-04 04:34 - 2008-03-13 20:19 - 000000000 ___RD C:\Documents and Settings\All Users\Menú Inicio
      2017-11-03 14:50 - 2008-03-14 01:44 - 000000000 ____D C:\WINDOWS\system32\Lang
      2017-11-03 00:28 - 2017-11-01 19:04 - 000000000 ____D C:\Documents and Settings\PC\Mis documentos\Juegos de GBA en ESPAÑOL

      ==================== Files in the root of some directories =======

      2017-10-31 06:00 - 2017-10-31 06:00 - 000003584 _____ () C:\Documents and Settings\PC\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-11-07 17:45 - 2017-11-07 17:45 - 000000218 _____ () C:\Documents and Settings\PC\Configuración local\Datos de programa\recently-used.xbel

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      ==================== End of FRST.txt ============================

    4. #4
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Re: Virus Sality

      Siguiente log Addition:

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
      Ran by PC (02-12-2017 08:03:33)
      Running from C:\Documents and Settings\PC\Escritorio
      Microsoft Windows XP Professional Service Pack 3 (X86) (2008-03-14 05:38:32)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1202660629-152049171-1177238915-500 - Administrator - Enabled)
      Asistente de ayuda (S-1-5-21-1202660629-152049171-1177238915-1000 - Limited - Disabled)
      ASPNET (S-1-5-21-1202660629-152049171-1177238915-1004 - Limited - Enabled)
      Invitado (S-1-5-21-1202660629-152049171-1177238915-501 - Limited - Disabled)
      PC (S-1-5-21-1202660629-152049171-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\PC
      SUPPORT_388945a0 (S-1-5-21-1202660629-152049171-1177238915-1002 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)


      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
      Adobe Reader XI (11.0.08) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
      Age of Mythology Gold (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)
      CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
      CursorXP (HKLM\...\CursorXP) (Version: - )
      Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
      Dia (sólo eliminar) (HKLM\...\Dia) (Version: - )
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
      Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.7 - Google Inc.) Hidden
      Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
      JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
      KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.2.3 - PandoraTV)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
      Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN (HKLM\...\{BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6}) (Version: 2.1.21022 - Microsoft Corporation)
      Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
      Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN (HKLM\...\{12E0A949-8861-35F8-B7ED-5658788A7BFE}) (Version: 3.1.21022 - Microsoft Corporation)
      Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
      Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
      Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09C0A8D5-EEC1-369D-8C7A-2E2DD17DCA5E}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Mozilla Firefox 52.5.0 ESR (x86 es-ES) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 es-ES)) (Version: 52.5.0 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
      MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
      NosTale (HKLM\...\Nostale(ES)_is1) (Version: - Gameforge 4D GmbH)
      Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
      Pokémon Reloaded Beta 14.3 14.3 (HKLM\...\Pokémon Reloaded Beta 14.3 14.3) (Version: 14.3 - Fer Productions)
      Ralink Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.9.0 - Ralink)
      Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
      Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
      Sandboxie 5.20 (32-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
      SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
      Unity Web Player (HKU\S-1-5-21-1202660629-152049171-1177238915-1003\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
      Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
      WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-1202660629-152049171-1177238915-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\PC\Configuración local\Datos de programa\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
      CustomCLSID: HKU\S-1-5-21-1202660629-152049171-1177238915-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Archivos de programa\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Archivos de programa\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2008-02-15] (Intel Corporation)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Archivos de programa\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)

      ==================== Scheduled Tasks=============================

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Archivos de programa\Alwil Software\Avast5\AvastEmUpdate.exe
      Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
      Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
      Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1508544155.job => C:\Archivos de programa\Opera\launcher.exe
      Task: C:\WINDOWS\Tasks\SDMsgUpdate (Local).job => C:\SMARTD~1\Messages\SDNotify.exe`-PLocal -V24000000 -SSDNI.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp
      Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\SMARTD~1\Messages\SDNotify.exe\-PTE -V24000000 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp
      Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4de1fc22-76e8-46da-b0fc-3e9dd22ee175.job => C:\Archivos de programa\SUPERAntiSpyware\SASTask.exe C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
      Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task cd343b48-ef3b-4c0a-8181-a2b59f93db30.job => C:\Archivos de programa\SUPERAntiSpyware\SASTask.exe C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Documents and Settings\All Users\Menú Inicio\Programas\Stardock CursorXP\CursorXP Plus.lnk -> hxxp://www.cursorxp.com/plus.htm
      Shortcut: C:\Documents and Settings\All Users\Menú Inicio\Programas\Stardock CursorXP\Website.lnk -> hxxp://www.cursorxp.com

      ==================== Loaded Modules (Whitelisted) ==============

      2017-11-04 04:56 - 2017-11-01 08:55 - 001930696 _____ () C:\ARCHIVOS DE PROGRAMA\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2008-04-14 07:48 - 2008-04-14 07:48 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
      2017-09-19 16:34 - 2017-09-19 16:34 - 000054488 _____ () C:\Archivos de programa\CCleaner\branding.dll
      2017-09-07 12:12 - 2017-09-07 12:12 - 000077824 _____ () C:\Archivos de programa\CCleaner\lang\lang-1034.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2001-08-24 07:00 - 2017-11-01 20:34 - 000000792 _____ C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 localhost

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1202660629-152049171-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\PC\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      DNS Servers: 200.109.78.12 - 200.44.32.12
      sharedaccess => Firewall Service is not running.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Ralink Wireless Utility.lnk => C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup
      MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
      MSCONFIG\startupreg: Adobe ARM => "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
      MSCONFIG\startupreg: CCleaner Monitoring => "C:\Archivos de programa\CCleaner\CCleaner.exe" /MONITOR
      MSCONFIG\startupreg: GrooveMonitor => "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
      MSCONFIG\startupreg: SandboxieControl => "C:\Archivos de programa\Sandboxie\SbieCtrl.exe"
      MSCONFIG\startupreg: SUPERAntiSpyware => C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Microsoft Games\Age of Mythology\aomx.exe] => Enabled:Age of Mythology - The Titans Expansion
      StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
      StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Mozilla Firefox\firefox.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\18d0f08.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\yvnynj.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\SMARTD~1\Messages\SDNotify.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\userinit.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\taskmgr.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\wincrub.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Ralink\Common\RalinkRegistryWriter.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\iesg.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\winnxorie.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\hmrk.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\winimewb.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\vdfq.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\uyla.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\igfxsrvc.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\winvildmh.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\sgkoax.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\winiqac.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\ogvj.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Temp\smrf.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\gpqjm.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\ljllv.exe] => Enabled:ipsec
      StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\winjmwhf.exe] => Enabled:ipsec

      ==================== Restore Points =========================

      19-10-2017 20:23:09 Punto de control del sistema
      19-10-2017 22:40:06 avast! Free Antivirus Setup
      19-10-2017 23:04:03 Se ha instalado DirectX 9.0
      19-10-2017 23:14:36 Instalado Microsoft Visual C++ 2005 Redistributable
      20-10-2017 21:08:35 Se ha instalado DirectX
      20-10-2017 21:32:25 Se instaló Windows Internet Explorer 8.
      22-10-2017 06:12:37 Punto de control del sistema
      23-10-2017 06:45:04 Punto de control del sistema
      23-10-2017 20:36:12 Installed Microsoft Office Enterprise 2007
      23-10-2017 20:49:14 Se instaló el controlador de impresora Send To Microsoft OneNot
      23-10-2017 20:53:24 Se instaló el controlador de impresora Send To Microsoft OneNot
      23-10-2017 20:57:09 Se instaló el controlador de impresora Send To Microsoft OneNot
      25-10-2017 03:19:46 Punto de control del sistema
      26-10-2017 04:44:19 Punto de control del sistema
      27-10-2017 08:14:57 Punto de control del sistema
      28-10-2017 02:50:06 Se instaló Windows Internet Explorer 8.
      29-10-2017 02:55:19 Punto de control del sistema
      29-10-2017 08:23:52 Removed Microsoft Office Enterprise 2007
      30-10-2017 15:42:22 Punto de control del sistema
      31-10-2017 16:08:05 Punto de control del sistema
      01-11-2017 15:00:22 Installed Microsoft Office Professional Plus 2007
      02-11-2017 16:53:43 Punto de control del sistema
      03-11-2017 14:44:25 Intel® Driver & Support Assistant
      04-11-2017 15:13:53 Punto de control del sistema
      06-11-2017 04:06:26 Punto de control del sistema
      07-11-2017 10:09:23 Punto de control del sistema
      09-11-2017 08:20:12 Punto de control del sistema
      10-11-2017 09:40:25 Punto de control del sistema
      11-11-2017 10:34:34 Punto de control del sistema
      12-11-2017 18:56:57 Punto de control del sistema
      14-11-2017 11:47:15 Punto de control del sistema
      15-11-2017 14:09:51 Punto de control del sistema
      17-11-2017 04:04:29 Punto de control del sistema
      18-11-2017 04:16:43 Punto de control del sistema
      19-11-2017 12:48:41 Punto de control del sistema
      20-11-2017 18:34:23 Punto de control del sistema
      21-11-2017 21:04:54 Punto de control del sistema
      23-11-2017 03:31:30 Punto de control del sistema
      24-11-2017 04:40:38 Punto de control del sistema
      25-11-2017 05:24:45 Punto de control del sistema
      26-11-2017 06:17:57 Punto de control del sistema
      28-11-2017 06:16:00 Punto de control del sistema
      29-11-2017 07:43:16 Punto de control del sistema
      30-11-2017 07:52:02 Punto de control del sistema
      01-12-2017 10:41:17 Punto de control del sistema

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (12/02/2017 07:20:06 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 06:20:04 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 05:20:04 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 04:20:05 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 03:20:10 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 02:20:08 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 01:20:06 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/02/2017 12:20:08 AM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/01/2017 11:20:13 PM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)

      Error: (12/01/2017 10:20:17 PM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
      Description: Product: Google Update Helper -- Error 1260. Windows no puede abrir este programa porque se lo ha impedido una directiva de de restricción de software. Para más información, abra el Visor de sucesos o póngase en contacto con el administrador del sistema.
      (NULL)(NULL)(NULL)(NULL)


      System errors:
      =============
      Error: (12/02/2017 06:45:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio amsint32 no pudo iniciarse debido al siguiente error:
      El sistema no puede hallar el archivo especificado.

      Error: (12/02/2017 06:44:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio amsint32 no pudo iniciarse debido al siguiente error:
      El sistema no puede hallar el archivo especificado.

      Error: (12/02/2017 06:44:03 AM) (Source: System Error) (EventID: 1003) (User: )
      Description: Código de error 100000d0, parámetro 1 00000000, parámetro 2 00000002, parámetro 3 00000001, parámetro 4 8054e577.

      Error: (12/02/2017 06:44:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Ralink Registry Writer se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (12/01/2017 08:38:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Malwarebytes Service terminó inesperadamente. Lo ha hecho 3 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

      Error: (12/01/2017 08:37:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Malwarebytes Service terminó inesperadamente. Lo ha hecho 2 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

      Error: (12/01/2017 08:36:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Malwarebytes Service terminó inesperadamente. Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

      Error: (12/01/2017 07:35:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Ralink Registry Writer se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (12/01/2017 11:11:47 AM) (Source: System Error) (EventID: 1003) (User: )
      Description: Código de error 100000c5, parámetro 1 0000ffff, parámetro 2 00000002, parámetro 3 00000000, parámetro 4 8055159a.

      Error: (12/01/2017 11:00:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Ralink Registry Writer se terminó de manera inesperada. Esto ha sucedido 1 veces.


      ==================== Memory info ===========================

      Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
      Percentage of memory in use: 42%
      Total physical RAM: 503.23 MB
      Available physical RAM: 288.96 MB
      Total Virtual: 1423.69 MB
      Available Virtual: 1075.16 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:149.04 GB) (Free:87.26 GB) NTFS ==>[drive with boot components (Windows XP)]

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 149.1 GB) (Disk ID: 95F3457A)
      Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

      Antes de leerte, seguia viendo en el administrador de tareas un proceso que salia de la nada al terminar el proceso, a los minutos salia otro pero con diferentes letras y numeros, podia seguir terminando y terminando y seguian saliendo, hasta que en un momento el ordenador se reinicio 3 veces seguidas, en la ultima antes de que se reiniciara abri el administrador de tareas y note en los procesos que aparecio un espacio en blanco, como proceso que iba aparecer y se reinicio justo antes de ver que era, esos procesos los busco por google pero no sale nada, ahorita por ejemplo tengo uno que tiene por nombre winrkotp.exe y siempre consumen desde 11.000 kb hasta 20.000 kb. bueno eso seria .

    5. #5
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      19.396

      Re: Virus Sality

      Tienes otro dispositivo desde donde puedas descargar el Dr Web y luego copiarlo al escritorio de tu pc para ejecutarlo???
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Re: Virus Sality

      Buenas @Miguelgrado siento mucho la tardanza en responder, tuve algunos problemas y anduve sin internet, igualmente eso mismo hice pase el drweb desde al escritorio segui las instrucciones, pero en el dr webcureit que descague de aqui, en las opciones de informe esta maximo y minimo, ya estaba en minimo y aun asi el log salio demasiado grande, lo mismo que no encontre lo del escaneo personalizado, aqui esta lo ultimo del log Star curing:

      -----------------------------------------------------------------------------
      Start curing
      -----------------------------------------------------------------------------

      C:\WINDOWS\Temp\winkkevu.exe - quarantined
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Archivos de programa\Ralink\Common\RalinkRegistryWriter.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\smartdraw 2017\messages\sdnotify.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\archivos de programa\superantispyware\superantispyware.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\archivos de programa\messenger\msmsgs.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\codeblocks-16.01-setup.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\CrucialScan.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\DeSmuME_0.9.11_x86.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\dotnetfx30SP1setup.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\dotNetFx35setup.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\dxwebsetup.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\internet-explorer-7.0-final.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\SandboxieInstall32-520.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\UnityWebPlayer.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\vcredist_x86(1).exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\vcredist_x86(2).exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\winxp_14324.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\AOMSetup.Exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\_aomg.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Cracks y Serial\aom.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Cracks y Serial\aomx.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\DirectX\dxsetup.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\autopatcher.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\autopatcherx.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\chktrust.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\dw15.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\gfxinfo.exe - quarantined
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\instapup.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\instapux.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\movieplayer.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\redist\ar60esp.exe - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\redist\INSTMSIA.EXE - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\redist\INSTMSIW.EXE - cured, reboot required
      Error to send CureIt! statistics: The server name or address could not be resolved
      (12007)
      C:\Documents and Settings\PC\Mis documentos\Emulador GBA\VisualBoyAdvance.exe - cured, reboot required

      Total 45371016839 bytes in 24172 files scanned (29739 objects)
      Total 24155 files (29687 objects) are clean
      Total 33 files (35 objects) are infected
      Total 34 files are neutralized
      Total 1 file is incurable
      Total 17 files are raised error condition
      Scan time is 00:34:37.984

      Quiero añadir que el superantispyware ya me abre, ya no salen .exe randoms en el administrador de tareas, tambien puedo descargar lo que antes no podia al 100%, tambien me carga la pagina de kasperky, esto luego del hacer lo del drweb cureit, coloque el superantyspyware y aun asi detecto malware sality y en el malwarebytes tambien lo sigue detectando.

    7. #7
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      19.396

      Re: Virus Sality

      Vale, ahora sigues:


      Instala y Realiza un escaneo online con ESET Online Scanner usando la version V2
      ESET Online Scanner | InfoSpyware.
      Abres el Eset Online Scanner y lo ejecutas de la siguiente manera:

      1. Dejamos marcada la casilla de Detección de aplicaciones potencialmente no deseadas
      2. Haces click en Configuración adicional o Avanzada y marcamos las casillas como en la imagen:




      • Objetos para explorar actuales >> Cambiar >> Seleccionar todas las unidades del Pc
      • Pulsas en Escanear para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      • Cuando acabe haz clic en Finalizar


      Localiza y pega el reporte :

      ESET Online Scanner almacena un archivo de registro de luego de ser ejecutado, el cual puede ser examinado o enviado a ESET para ser analizado. Para ver tal archivo será necesario que la opción Ver archivos y carpetas ocultos se encuentre habilitada. Nuevos registros son agregados a los existentes cuando se ejecutan múltiples exploraciones.

      La ruta del archivo de registro es: C:\users\ TU NOMBRE DE USUARIO\appdata\local\temp\log.txt


      Descarga Hitman Pro >> HitmanPro 3.7.9 | InfoSpyware
      Manual Hitman Pro >> Manual de HitmanPro.
      -Eliges según tu Windows sea de 32 bits o de 64 bits >> Como determinar si su sistema es de 32 o 64 bits

      • Ejecuta HitmanPRO, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona el botón: "Siguiente".
      • Dejamos marcada la opción recomendada >> Instalar una copia en el equipo<< y desmarcamos las casillas adicionales
      • En "Configuración", desmarcamos análisis de Cookies y “aceptar” Pulsamos Siguiente
      • Una vez finalizado el escaneo HitmanPRO incluye 30 días gratuitos para la eliminación de los posibles malwares detectados.

      - Cuando la búsqueda haya finalizado, se mostrará la ventana Resultados del análisis.
      -Recuerde OMITIR los marcados como Sospechosos
      - Pulsamos en Siguiente, para que Hitman realice lo necesario con las amenazas encontradas

      El informe también lo puede encontrar en Configuración>> Historial >> Registros
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Re: Virus Sality

      Buenas @Miguelgrado aqui esta el log de el eset:

      C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ACECNFLT.EXE Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\CCleaner\uninst.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\CursorXP\CurXPCpl.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\CursorXP\CurXPUtil.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Dia\dia-0.97.2-uninstall.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\Dia\bin\dia-win-remote.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Dia\bin\dia.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Dia\bin\diaw.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Google\1.2.183.7-GoogleUpdateSetup.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\aom.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\aomx.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\ar60esp.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\autopatcher.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\autopatcherx.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\chktrust.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\dw15.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\gfxinfo.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\instapup.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\instapux.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\movieplayer.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Microsoft Games\Age of Mythology\UNINSTAL.EXE Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\Mozilla Maintenance Service\Uninstall.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\MSN\MSNCoreFiles\Install\msnsusii.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Archivos de programa\Ralink\Common\AegisI2.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\Common\AegisI5.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\Common\ApUI.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\Common\RaSwap.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\Common\RaUI.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\Common\SelectCard.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\Aegis\AegisI2.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\Aegis\AegisI5.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\RAPI\netcfg.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\Service\RalinkRegistryWriter.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\SoftAP\ApUI.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\SoftAP\RaSwap.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\SoftAP\SelectCard.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Ralink\RT2860 Wireless LAN Card\Utility\RaUI.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\SUPERAntiSpyware\SSUpdate.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\VS Revo Group\Revo Uninstaller\RevoUnin.exe Win32/Sality.NDR virus desinfectado
      C:\Archivos de programa\Windows NT\hypertrm.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\uninstall.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Dev-Cpp\bin\addr2line.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\ar.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\as.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\c++.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\c++filt.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\cpp.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\dlltool.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\dllwrap.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\g++.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\gcc.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\gcov.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\gdb.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\gprof.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\ld.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\mingw32-c++.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\mingw32-g++.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\mingw32-gcc.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\nm.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\objcopy.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\objdump.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\ranlib.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\readelf.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\rm.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\size.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\strings.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\strip.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\bin\windres.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2\cc1.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2\cc1plus.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2\collect2.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\ar.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\as.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\dlltool.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\ld.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\nm.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\ranlib.exe Win32/Sality.NDR virus desinfectado
      C:\Dev-Cpp\mingw32\bin\strip.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\All Users\Datos de programa\Adobe\Setup\{AC76BA86-7AD7-1034-7B44-AB0000000001}\setup.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\All Users\Datos de programa\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Configuración local\Datos de programa\JDownloader 2.0\tools\Windows\elevate\Elevate32.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Configuración local\Datos de programa\JDownloader 2.0\tools\Windows\rtmpdump\SendSignal.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Configuración local\Datos de programa\Unity\WebPlayer\Uninstall.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Documents and Settings\PC\Escritorio\KasSS.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Escritorio\ARCHIVOS\CI.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Mis documentos\Descargas\internet-explorer-8-para-xp-(1).exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Mis documentos\Descargas\internet-explorer-8-para-xp-.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Mis documentos\Descargas\vcredist_x86.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\aom.exe Win32/Sality.NDR virus desinfectado
      C:\Documents and Settings\PC\Mis documentos\Descargas\AMGE\Files\aomx.exe Win32/Sality.NDR virus desinfectado
      C:\En caso de emergencia rompa el vidrio!!!\WgaTray.exe Win32/Sality.NDR virus desinfectado
      C:\SmartDraw 2017\Filters.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\SmartDraw 2017\PDC.exe Win32/Sality.NDR virus desinfectado
      C:\SmartDraw 2017\Program.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\SmartDraw 2017\Ribbons.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\SmartDraw 2017\Tooltips.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\SmartDraw 2017\TrialContent.exe Win32/Sality.NDR virus,está correcto desinfectado
      C:\SmartDraw 2017\Uninstall.exe Win32/Sality.NDR virus desinfectado
      C:\SmartDraw 2017\Unwise.exe Win32/Sality.NDR virus desinfectado

    9. #9
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Re: Virus Sality

      @Miguelgrado el log dle hitmanpro es bastante extenso:

      [code]
      HitmanPro 3.7.20.286
      www.hitmanpro.com

      Computer name . . . . : LANX0001
      Windows . . . . . . . : 5.1.3.2600.X86/2
      User name . . . . . . : LANX0001\PC
      License . . . . . . . : Trial (31 days left)

      Scan date . . . . . . : 2017-12-05 12:03:16
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 40m 19s
      Disk access mode . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot . . . . . . . : No

      Threats . . . . . . . : 115
      Traces . . . . . . . : 126

      Objects scanned . . . : 460.160
      Files scanned . . . . : 20.772
      Remnants scanned . . : 79.958 files / 359.430 keys

      Malware _____________________________________________________________________

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036072.EXE -> Deleted
      Size . . . . . . . : 142.208 bytes
      Age . . . . . . . : 2.9 days (2017-12-02 13:39:30)
      Entropy . . . . . : 7.3
      SHA-256 . . . . . : 949BE883C580D87F97A508D4C99D3B2DCB9D12AF93AE749E470CCF805399C0B5
      Product . . . . . : 2007 Microsoft Office system
      Publisher . . . . : Microsoft Corporation
      Description . . . : Replication Conflict Viewing and Resolution for Microsoft Access
      Version . . . . . : 12.0.4518.1014
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 111.0
      Forensic Cluster
      -13.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036071.EXE
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036072.EXE
      10.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036073.EXE
      11.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036074.EXE
      11.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036075.EXE
      12.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036076.EXE
      12.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036077.EXE
      22.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036078.EXE
      42.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\Opera Software\Opera Stable\Cache\f_000d72
      43.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\Opera Software\Opera Stable\Cache\f_000d73
      56.5s C:\Documents and Settings\PC\Configuración local\Datos de programa\Opera Software\Opera Stable\Cache\f_000d74
      58.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036079.EXE
      62.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0036080.EXE
      77.5s C:\Documents and Settings\PC\Configuración local\Datos de programa\Opera Software\Opera Stable\Cache\f_000d75
      106.7s C:\Documents and Settings\PC\Configuración local\Datos de programa\Opera Software\Opera Stable\Cache\f_000d76
      120.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\Opera Software\Opera Stable\Cache\f_000d78

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0037338.exe -> Deleted
      Size . . . . . . . : 156.960 bytes
      Age . . . . . . . : 0.8 days (2017-12-04 17:41:18)
      Entropy . . . . . : 7.3
      SHA-256 . . . . . : 4B417033156B324EAEA3A89D96528D6141495878639AACEA95DF5F8055284B75
      Product . . . . . : Ralink RalinkRegistryWriter
      Publisher . . . . : Ralink Technology, Corp.
      Description . . . : RalinkRegistryWriter
      Version . . . . . : 1.0.0.4
      Copyright . . . . : (c) Copyright 2008, Ralink Technology, Inc.
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 111.0
      Forensic Cluster
      -0.2s C:\Documents and Settings\PC\Doctor Web\CureIt Quarantine\2a\
      -0.2s C:\Documents and Settings\PC\Doctor Web\CureIt Quarantine\2a\F2abe8ecffa69c101c575142f26c71001e1a6f35cf8479269ebb65f79dc24006.met
      -0.2s C:\Documents and Settings\PC\Doctor Web\CureIt Quarantine\2a\F2abe8ecffa69c101c575142f26c71001e1a6f35cf8479269ebb65f79dc24006
      -0.1s C:\Archivos de programa\Ralink\Common\RalinkRegistryWriter.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP51\A0037338.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037404.EXE -> Deleted
      Size . . . . . . . : 142.208 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:09:17)
      Entropy . . . . . : 7.3
      SHA-256 . . . . . : 949BE883C580D87F97A508D4C99D3B2DCB9D12AF93AE749E470CCF805399C0B5
      Product . . . . . : 2007 Microsoft Office system
      Publisher . . . . : Microsoft Corporation
      Description . . . : Replication Conflict Viewing and Resolution for Microsoft Access
      Version . . . . . : 12.0.4518.1014
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 111.0
      Forensic Cluster
      -12.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037403.EXE
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037404.EXE
      9.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037405.EXE
      10.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037406.EXE
      11.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037407.EXE
      12.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037408.EXE
      13.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037409.EXE
      23.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037410.EXE

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe -> Deleted
      Size . . . . . . . : 485.144 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:12:35)
      Entropy . . . . . : 6.8
      SHA-256 . . . . . : 4E45A006DA2F8EA122CB746F7C7BFD60F457436722A4D5498FA1701024077919
      Product . . . . . : SUPERAntiSpyware Update Application
      Publisher . . . . : SUPERAntiSpyware.com
      Description . . . : SUPERAntiSpyware Update Application
      Version . . . . . : 1.0.0.1080
      Copyright . . . . : Copyright (C) 2004-2011 SuperAdBlocker.com and SUPERAntiSpyware.com
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 110.0
      Forensic Cluster
      -49.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -48.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -47.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -46.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -45.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -42.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -41.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -19.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -15.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -11.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -5.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -4.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      3.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      5.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      8.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      12.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      41.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      45.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      45.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      47.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      48.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      50.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      53.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      55.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      57.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      60.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      61.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      62.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      64.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      65.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      68.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      75.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      89.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      89.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      95.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      97.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe -> Deleted
      Size . . . . . . . : 12.101.413 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:17)
      Entropy . . . . . : 8.0
      SHA-256 . . . . . : DABF9F75154F8E40D0058FCD805703F623847C51C033E8A91E82E3483ADF26FD
      Product . . . . . : 7-Zip
      Publisher . . . . : Igor Pavlov
      Description . . . : 7z SFX
      Version . . . . . : 15.14
      Copyright . . . . : Copyright (c) 1999-2015 Igor Pavlov
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > Kaspersky . . . . : Virus.Win32.Sality.gen
      Fuzzy . . . . . . : 110.0
      Forensic Cluster
      -91.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -90.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -89.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -88.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -86.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -84.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -82.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -60.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -57.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -53.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -47.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -45.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -41.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -38.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -36.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -33.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -28.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      3.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      4.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      6.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      7.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      8.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      11.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      14.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      16.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      18.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      19.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      20.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      22.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      23.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      26.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      34.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      47.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      48.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      53.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      55.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe -> Deleted
      Size . . . . . . . : 1.133.712 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:21)
      Entropy . . . . . : 7.9
      SHA-256 . . . . . : 7B9073CCBEE8757C629B9A478F0B30883523FCD9A151096E51BB6DB7B0308B00
      Product . . . . . : 7-Zip
      Publisher . . . . : Igor Pavlov
      Description . . . : 7z SFX
      Version . . . . . : 15.14
      Copyright . . . . : Copyright (c) 1999-2015 Igor Pavlov
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      -95.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -94.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -93.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -92.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -90.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -88.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -86.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -65.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -61.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -57.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -51.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -49.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -45.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -42.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -40.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -37.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -33.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -4.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -0.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      1.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      2.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      4.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      7.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      9.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      11.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      14.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      15.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      16.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      18.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      19.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      22.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      30.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      43.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      43.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      49.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      51.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe -> Deleted
      Size . . . . . . . : 482.360 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:23)
      Entropy . . . . . : 7.6
      SHA-256 . . . . . : 8022E994532AC9AC5B144EB6B4D9ADDE703511636500B2FA1E7FD8A2341711F5
      Product . . . . . : 7-Zip
      Publisher . . . . : Igor Pavlov
      Description . . . : 7z SFX
      Version . . . . . : 15.14
      Copyright . . . . : Copyright (c) 1999-2015 Igor Pavlov
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      -97.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -96.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -95.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -94.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -92.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -90.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -88.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -67.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -63.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -59.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -53.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -51.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -47.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -44.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -42.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -39.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -34.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -6.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -2.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      -1.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      0.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      2.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      5.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      8.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      10.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      12.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      13.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      14.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      16.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      17.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      20.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      28.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      41.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      42.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      47.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      49.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe -> Deleted
      Size . . . . . . . : 610.944 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:24)
      Entropy . . . . . : 7.7
      SHA-256 . . . . . : 653C0BF092C1A3B39DDE2DFD5623E19ABC09A4DAAD388BB0343505A3897AFB71
      Product . . . . . : 7-Zip
      Publisher . . . . : Igor Pavlov
      Description . . . : 7z SFX
      Version . . . . . : 15.14
      Copyright . . . . : Copyright (c) 1999-2015 Igor Pavlov
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      -98.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -97.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -96.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -95.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -93.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -91.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -89.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -67.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -64.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -60.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -54.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -52.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -48.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -45.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -43.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -40.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -35.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -7.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -3.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      -2.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      -0.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      1.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      4.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      7.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      9.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      11.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      12.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      13.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      15.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      16.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      19.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      27.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      40.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      41.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      46.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      49.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

    10. #10
      Usuario Avatar de HydenSk
      Registrado
      dic 2017
      Ubicación
      venezuela
      Mensajes
      54

      Re: Virus Sality

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe -> Deleted
      Size . . . . . . . : 6.370.944 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:25)
      Entropy . . . . . : 8.0
      SHA-256 . . . . . : 58AA5054989E78228E41E53F7BAA788AC6AB5D0FAF49F52E705CD38912C0C5A4
      Product . . . . . : 7-Zip
      Publisher . . . . : Igor Pavlov
      Description . . . : 7z SFX
      Version . . . . . : 15.14
      Copyright . . . . : Copyright (c) 1999-2015 Igor Pavlov
      LanguageID . . . . : 1033
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 110.0
      Forensic Cluster
      -99.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -99.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -97.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -96.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -95.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -92.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -91.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -69.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -65.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -61.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -56.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -54.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -50.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -47.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -44.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -41.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -37.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -8.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -5.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      -4.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      -2.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      -1.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      2.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      5.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      7.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      9.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      10.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      11.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      14.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      14.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      17.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      25.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      38.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      39.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      45.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      47.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe -> Deleted
      Size . . . . . . . : 114.688 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:31)
      Entropy . . . . . : 7.3
      SHA-256 . . . . . : 36CD4E6A7A286FE333783AD478C7163A00642B85742E55B539096CB6794123C4
      > Kaspersky . . . . : Virus.Win32.Sality.gen
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 117.0
      Forensic Cluster
      -105.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -104.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -103.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -102.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -100.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -98.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -96.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -75.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -71.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -67.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -61.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -59.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -55.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -52.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -50.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -47.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -42.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -14.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -10.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      -9.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      -8.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      -7.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      -5.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      -2.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      2.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      4.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      5.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      6.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      8.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      9.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      12.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      20.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      33.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      34.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      39.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      41.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe -> Deleted
      Size . . . . . . . : 569.216 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:39)
      Entropy . . . . . : 6.5
      SHA-256 . . . . . : 9097D3148F7AE3D18A78B61FFEE53DD73D7C2B18429B4C4F3E9B726B424F1F6F
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 108.0
      Forensic Cluster
      -113.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -113.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -111.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -110.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -109.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -106.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -105.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -83.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -79.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -75.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -70.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -68.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -64.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -61.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -58.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -55.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -51.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -22.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -19.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      -18.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      -16.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      -15.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      -14.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      -11.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      -8.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      -6.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      -4.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      -3.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      -2.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      0.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      3.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      11.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      24.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      25.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      31.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      33.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe -> Quarantined
      Size . . . . . . . : 12.654.368 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:13:43)
      Entropy . . . . . : 6.5
      SHA-256 . . . . . : D435D423F4F75082D2AE35897D3B327384399AE5FA9C954759BAE27ADE04FF70
      Product . . . . . : Revo Uninstaller
      Publisher . . . . : VS Revo Group
      Description . . . : Revo Uninstaller
      Version . . . . . : 2.0.4.0
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      Fuzzy . . . . . . : 110.0
      Forensic Cluster
      -117.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037415.exe
      -116.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037416.exe
      -115.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037417.EXE
      -114.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037418.exe
      -112.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037419.exe
      -110.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037420.exe
      -109.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037421.exe
      -87.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037422.EXE
      -83.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037423.EXE
      -79.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037424.exe
      -73.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037425.exe
      -72.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037426.EXE
      -68.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037427.exe
      -64.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037428.exe
      -62.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037429.exe
      -59.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037430.exe
      -55.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037431.EXE
      -26.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037432.exe
      -22.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037433.exe
      -22.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037434.exe
      -20.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037435.exe
      -19.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037436.exe
      -17.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037437.exe
      -15.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037438.exe
      -12.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037439.exe
      -10.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037440.EXE
      -8.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037441.exe
      -6.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037442.exe
      -6.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037443.exe
      -3.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037444.exe
      -3.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037445.EXE
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037446.exe
      7.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037447.exe
      21.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037448.exe
      21.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037449.EXE
      27.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037450.exe
      29.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037451.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe -> Deleted
      Size . . . . . . . : 268.624 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:14:59)
      Entropy . . . . . : 7.5
      SHA-256 . . . . . : 93C7F1842D77A0845D85E301F6F3C38EE3A8EF24CEA280B3382041B273466456
      Product . . . . . : CCleaner
      Publisher . . . . : Piriform Ltd
      Description . . . : CCleaner Installer
      Version . . . . . : 5.35.00.6210
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe
      6.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe
      7.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe
      26.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe
      26.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe
      28.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037457.exe
      28.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037458.exe
      32.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe -> Quarantined
      Size . . . . . . . : 149.504 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:15:05)
      Entropy . . . . . : 7.4
      SHA-256 . . . . . : 06B35A6B9F0BF63E7B25CF533EFA3EA563A4E54EFC9D42A5D18DEDA9F8C765FC
      Product . . . . . : Stardock CursorXP
      Publisher . . . . :
      Description . . . : CursorXP
      Version . . . . . : 1.3.0.0
      LanguageID . . . . : 0
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 114.0
      Forensic Cluster
      -6.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe
      1.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe
      20.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe
      20.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe
      22.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037457.exe
      22.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037458.exe
      26.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe -> Deleted
      Size . . . . . . . : 176.640 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:15:06)
      Entropy . . . . . : 7.4
      SHA-256 . . . . . : 5987D48B4A0C96B3125E9404CCF6C01EBC4CF1D3AEF02598AF8C57D0583AFF9B
      Product . . . . . : Stardock CursorXP
      Publisher . . . . :
      Description . . . : CursorXP
      Version . . . . . : 1.3.0.0
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 114.0
      Forensic Cluster
      -7.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe
      -1.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe
      19.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe
      19.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe
      21.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037457.exe
      21.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037458.exe
      25.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe -> Deleted
      Size . . . . . . . : 117.992 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:15:26)
      Entropy . . . . . : 7.4
      SHA-256 . . . . . : 778A41ABCA27AF8345930D8F9040B946058F80ADA71FAB9FE347FAF9A0298A21
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 117.0
      Forensic Cluster
      -26.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe
      -20.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe
      -19.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe
      0.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe
      1.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037457.exe
      2.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037458.exe
      6.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe -> Deleted
      Size . . . . . . . : 110.592 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:15:26)
      Entropy . . . . . : 7.2
      SHA-256 . . . . . : 815CECF4AFF2E16F715DE65769E567831A0E1E829035E322056AFFC3EB44F107
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 117.0
      Forensic Cluster
      -26.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe
      -20.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe
      -19.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe
      -0.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe
      1.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037457.exe
      1.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037458.exe
      5.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe -> Deleted
      Size . . . . . . . : 172.538 bytes
      Age . . . . . . . : 0.6 days (2017-12-04 22:15:32)
      Entropy . . . . . : 7.6
      SHA-256 . . . . . : 614AE3CB263F024E1C3E5B0253763C3B616525A0B22502B26426DF3341FBF515
      Product . . . . . : Dia for Windows
      Publisher . . . . : The Dia Developers
      Description . . . : Dia for Windows Installer
      Version . . . . . : 0.97.2.2
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      -32.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037452.exe
      -26.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037453.exe
      -25.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037454.exe
      -6.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037455.exe
      -5.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037456.exe
      -4.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037457.exe
      -3.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037458.exe
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP52\A0037459.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038390.EXE -> Deleted
      Size . . . . . . . : 142.208 bytes
      Age . . . . . . . : 0.0 days (2017-12-05 10:54:03)
      Entropy . . . . . : 7.3
      SHA-256 . . . . . : 949BE883C580D87F97A508D4C99D3B2DCB9D12AF93AE749E470CCF805399C0B5
      Product . . . . . : 2007 Microsoft Office system
      Publisher . . . . : Microsoft Corporation
      Description . . . : Replication Conflict Viewing and Resolution for Microsoft Access
      Version . . . . . : 12.0.4518.1014
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 111.0

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038391.exe -> Deleted
      Size . . . . . . . : 268.624 bytes
      Age . . . . . . . : 0.0 days (2017-12-05 10:54:35)
      Entropy . . . . . : 7.5
      SHA-256 . . . . . : 93C7F1842D77A0845D85E301F6F3C38EE3A8EF24CEA280B3382041B273466456
      Product . . . . . : CCleaner
      Publisher . . . . : Piriform Ltd
      Description . . . : CCleaner Installer
      Version . . . . . : 5.35.00.6210
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      -0.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NQF
      -0.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NDF
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038391.exe
      1.7s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NQF
      1.7s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NDF
      1.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038392.exe
      1.8s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NQF
      1.8s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NDF
      1.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038393.exe
      4.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NQF
      4.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NDF
      4.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038394.exe
      4.8s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NQF
      4.8s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NDF
      4.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038395.exe
      5.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NQF
      5.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NDF
      5.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038396.exe
      5.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NQF
      5.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NDF
      5.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038397.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038392.exe -> Quarantined
      Size . . . . . . . : 149.504 bytes
      Age . . . . . . . : 0.0 days (2017-12-05 10:54:37)
      Entropy . . . . . : 7.4
      SHA-256 . . . . . : 06B35A6B9F0BF63E7B25CF533EFA3EA563A4E54EFC9D42A5D18DEDA9F8C765FC
      Product . . . . . : Stardock CursorXP
      Publisher . . . . :
      Description . . . : CursorXP
      Version . . . . . : 1.3.0.0
      LanguageID . . . . : 0
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 114.0
      Forensic Cluster
      -2.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NQF
      -2.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NDF
      -1.8s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038391.exe
      -0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NQF
      -0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NDF
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038392.exe
      0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NQF
      0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NDF
      0.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038393.exe
      2.5s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NQF
      2.5s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NDF
      2.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038394.exe
      3.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NQF
      3.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NDF
      3.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038395.exe
      3.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NQF
      3.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NDF
      3.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038396.exe
      3.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NQF
      3.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NDF
      3.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038397.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038393.exe -> Deleted
      Size . . . . . . . : 176.640 bytes
      Age . . . . . . . : 0.0 days (2017-12-05 10:54:37)
      Entropy . . . . . : 7.4
      SHA-256 . . . . . : 5987D48B4A0C96B3125E9404CCF6C01EBC4CF1D3AEF02598AF8C57D0583AFF9B
      Product . . . . . : Stardock CursorXP
      Publisher . . . . :
      Description . . . : CursorXP
      Version . . . . . : 1.3.0.0
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 114.0
      Forensic Cluster
      -2.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NQF
      -2.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NDF
      -1.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038391.exe
      -0.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NQF
      -0.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NDF
      -0.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038392.exe
      -0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NQF
      -0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NDF
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038393.exe
      2.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NQF
      2.3s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NDF
      2.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038394.exe
      2.9s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NQF
      2.9s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NDF
      2.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038395.exe
      3.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NQF
      3.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NDF
      3.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038396.exe
      3.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NQF
      3.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NDF
      3.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038397.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038394.exe -> Deleted
      Size . . . . . . . : 172.538 bytes
      Age . . . . . . . : 0.0 days (2017-12-05 10:54:39)
      Entropy . . . . . : 7.6
      SHA-256 . . . . . : 614AE3CB263F024E1C3E5B0253763C3B616525A0B22502B26426DF3341FBF515
      Product . . . . . : Dia for Windows
      Publisher . . . . : The Dia Developers
      Description . . . : Dia for Windows Installer
      Version . . . . . : 0.97.2.2
      LanguageID . . . . : 0
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-E
      Fuzzy . . . . . . : 115.0
      Forensic Cluster
      -4.8s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NQF
      -4.8s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NDF
      -4.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038391.exe
      -2.7s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NQF
      -2.7s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NDF
      -2.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038392.exe
      -2.6s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NQF
      -2.6s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NDF
      -2.5s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038393.exe
      -0.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NQF
      -0.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NDF
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038394.exe
      0.4s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NQF
      0.4s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NDF
      0.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038395.exe
      0.5s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NQF
      0.5s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NDF
      0.6s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038396.exe
      0.6s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NQF
      0.6s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NDF
      0.7s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038397.exe

      C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038395.exe -> Deleted
      Size . . . . . . . : 117.992 bytes
      Age . . . . . . . : 0.0 days (2017-12-05 10:54:40)
      Entropy . . . . . : 7.4
      SHA-256 . . . . . : 778A41ABCA27AF8345930D8F9040B946058F80ADA71FAB9FE347FAF9A0298A21
      > Bitdefender . . . : Win32.Sality.4
      > HitmanPro . . . . : Mal/Sality-D
      Fuzzy . . . . . . : 117.0
      Forensic Cluster
      -5.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NQF
      -5.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BB29EE270BE0D7F9DBEB3347C67F3C59D509F639.NDF
      -4.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038391.exe
      -3.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NQF
      -3.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\BCA75F5BAEC1895B5CACA677BC5F1EC08101CDBD.NDF
      -3.1s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038392.exe
      -3.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NQF
      -3.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\28202515F75BA3E2B4D061CF443F0023ECC9444C.NDF
      -2.9s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038393.exe
      -0.6s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NQF
      -0.6s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\B51907710C8656EAC079A1707821666D8EF326A7.NDF
      -0.4s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038394.exe
      -0.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NQF
      -0.0s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\518D0FDBA34517149AEE6D6C068D1FF77EE92C43.NDF
      0.0s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038395.exe
      0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NQF
      0.1s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\712E34B7DA86D67D04F418340C886895F7C6CE32.NDF
      0.2s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038396.exe
      0.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NQF
      0.2s C:\Documents and Settings\PC\Configuración local\Datos de programa\ESET\ESETOnlineScanner\Quarantine\7CF701188C20F3119F2067DA93196F5B8E4CDFCA.NDF
      0.3s C:\System Volume Information\_restore{6D53F154-F04F-46DA-A780-3D21CFD1315F}\RP53\A0038397.exe

    Página 1 de 3 123 ÚltimoÚltimo