• Registrarse
  • Iniciar sesión


  • Página 2 de 2 PrimeroPrimero 12
    Resultados 11 al 19 de 19

    kemgadeojglibflomicgnfeopkdfflnk el virus (Solucionado)

    ...

          
    1. #11
      Usuario Avatar de ronaldo54674
      Registrado
      dic 2017
      Ubicación
      vnezuela
      Mensajes
      14

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [UDP Query User{F75FC1B9-F278-4F1E-8729-DDD4E675E88E}C:\program files (x86)\halo spartan assault\data\halospartanassault.exe] => (Allow) C:\program files (x86)\halo spartan assault\data\halospartanassault.exe
      FirewallRules: [TCP Query User{574A6CA9-488A-4FA7-92BB-3C8F9F4A00C3}C:\program files (x86)\halo spartan assault\data\halospartanassault.exe] => (Allow) C:\program files (x86)\halo spartan assault\data\halospartanassault.exe
      FirewallRules: [UDP Query User{D20790E0-161B-42F3-97F7-A0097C634ACE}C:\program files (x86)\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 gold edition\tools\addonweb.exe
      FirewallRules: [TCP Query User{E4EE8F81-8113-44EF-9E1F-43C5303B2553}C:\program files (x86)\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 gold edition\tools\addonweb.exe
      FirewallRules: [{59914380-CD7C-4447-8BB1-899D6EF561E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero of the Kingdom II\Hero of the Kingdom II.exe
      FirewallRules: [{F71221CB-2A4E-4CDA-BBAF-A1FBCCA84818}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero of the Kingdom II\Hero of the Kingdom II.exe
      FirewallRules: [{E27BBC36-DBA0-4BE2-BA0F-20FD059EC5E7}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
      FirewallRules: [{1A6BDEC0-5A54-4914-9A81-5D46F7DD3B88}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
      FirewallRules: [{D70627BD-601D-47D9-8E24-E49F2B5320BA}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
      FirewallRules: [{83D47E2A-D0A0-4C4C-91C6-8E200A4F3F5E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
      FirewallRules: [{FFED86BD-9155-44D9-B0BC-503A2D09F513}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
      FirewallRules: [UDP Query User{8D563E63-3687-43DC-A8D9-794A3631D50A}C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe
      FirewallRules: [TCP Query User{DE3595AF-3FF3-48E2-8A74-97A270430E69}C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe
      FirewallRules: [UDP Query User{E5629644-B3B5-442F-962E-DF2C86102912}C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe
      FirewallRules: [TCP Query User{F7DE846D-A074-4742-85A7-1DBB9FE649AF}C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\program files (x86)\anno 1404 gold edition\tools\anno4web.exe
      FirewallRules: [{934CA4D0-FC4D-4140-9015-EEFFA196E4B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{0E78A9C6-68C8-43DB-A446-6885764BDBF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{AE32FA20-C641-4D5C-9E85-0D8A165321B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{5BE179DA-60A2-43BB-B7C1-5FD79D1E28F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{3BCBFA70-F237-4C3A-9BD7-D82637C97BF2}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
      FirewallRules: [{EF520077-CF17-4A43-BF44-9A74F832E6AD}] => (Allow) C:\Program Files (x86)\2K Games\Sid Meier's Civilization V\CivilizationV.exe
      FirewallRules: [{6D0DFCEA-6630-4963-AEDB-C8E45EE5F5EF}] => (Allow) C:\Program Files (x86)\2K Games\Sid Meier's Civilization V\CivilizationV.exe
      FirewallRules: [{A3DE3BE5-064C-42BD-9C29-81DEDE84D939}] => (Allow) C:\Program Files (x86)\2K Games\Sid Meier's Civilization V\CivilizationV.exe
      FirewallRules: [{C4AE8580-798D-4856-BF2D-B24EFED25C4E}] => (Allow) C:\Program Files (x86)\2K Games\Sid Meier's Civilization V\CivilizationV.exe
      FirewallRules: [{E383075D-0712-4976-98EA-FE2418D4E967}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
      FirewallRules: [{29E0033A-4DE8-49F5-A07B-4E74D5D09E2E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
      FirewallRules: [{FA0496B7-43E0-425C-A0A5-05744D23E2AB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
      FirewallRules: [{B0F1E255-2EA4-472B-9ACF-40E8576916F9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
      FirewallRules: [{D3559909-A276-4978-BCC9-BB12BAA85E18}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
      FirewallRules: [{BF404870-7F1A-4B0D-9246-C6F912B64110}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
      FirewallRules: [{6F858ADD-5B9C-4F45-BBFB-782289A2B406}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
      FirewallRules: [{C6DE7C83-F660-4EF3-B1A3-E9FDEECCA826}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
      FirewallRules: [{D49F6BC6-39FE-4D8F-8804-E2DA0EC94428}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
      FirewallRules: [{6E6888B3-52A8-4797-9238-DA5FCF5DE707}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
      FirewallRules: [{C2678C1D-43C9-4E95-BCDB-C063C9A8E448}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{194C977D-D3DE-41DA-9636-44111F80C8AC}] => (Allow) LPort=2869
      FirewallRules: [{4E77A4A8-3B33-4146-94D2-4B1E6EDCA017}] => (Allow) LPort=1900
      FirewallRules: [{6EBADF82-492A-4EC1-A4EE-EFF6FC75EDB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
      FirewallRules: [{FF7CC915-53F8-4D00-BC8A-4D9A44162FA6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
      FirewallRules: [{A56559B7-21FC-419C-A5F6-732053BFF5F3}] => (Allow) C:\Users\ronnycrespo\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{56F43A43-00B1-4FEC-AE89-207CDADD0BDD}] => (Allow) C:\Users\ronnycrespo\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{D2706612-6DBA-4F87-B3B0-264808233809}] => (Allow) C:\Users\ronnycrespo\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{14F6B961-CAED-444F-96EF-02FD81D95598}] => (Allow) C:\Users\ronnycrespo\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{72A85E12-51BC-4D07-9FC9-CDC542225DAB}] => (Allow) C:\Users\ronnycrespo\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{C9C899B0-313B-486A-9D33-2B9EF548D107}] => (Allow) C:\Users\ronnycrespo\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{A2BB5C64-99EA-4CCA-BF02-29D7C65D59F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{A73C832C-8E78-4B1A-B89D-DC6E78E74985}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{98802107-C6F9-46C5-B9AA-4D3D87A80EDA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{F0F1C965-99C2-4C6B-BE5C-202032BC2645}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{034E95BA-7EBF-4CB7-9CD6-28D8FA78D44D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
      FirewallRules: [{4023C657-B676-4929-AFD9-FF6A34F05FDF}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
      FirewallRules: [{767A7F91-469D-49F1-BEE8-E962771314F8}] => (Allow) C:\Program Files (x86)\Electronic Arts\Los Sims 3 Hacia el Futuro\Game\Bin\Sims3Launcher.exe
      FirewallRules: [{E727CD7E-0FAB-4604-B54D-AA261B2CB5EF}] => (Allow) C:\Program Files (x86)\Electronic Arts\Los Sims 3 Hacia el Futuro\Game\Bin\Sims3Launcher.exe
      FirewallRules: [{A3E56A6D-E03E-4F66-BC92-9DD45E7B08F4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Los Sims 3 Hacia el Futuro\Game\Bin\Sims3Launcher.exe
      FirewallRules: [{9902A6DD-D4FE-4193-9307-24E5301F8E8E}] => (Allow) C:\Program Files (x86)\Electronic Arts\Los Sims 3 Hacia el Futuro\Game\Bin\Sims3Launcher.exe
      FirewallRules: [{AA0C66E2-9B7D-4914-8AA1-4C8A1D56FCEB}] => (Allow) C:\Program Files (x86)\VictorVal\Fallout 3 Gold Repack\FalloutLauncher.exe
      FirewallRules: [{544940A8-611D-4977-B828-9BCDD01081C0}] => (Allow) C:\Program Files (x86)\VictorVal\Fallout 3 Gold Repack\FalloutLauncher.exe
      FirewallRules: [{3039C2F4-874F-4A66-8FCB-226EFC907680}] => (Allow) C:\Program Files (x86)\VictorVal\Fallout 3 Gold Repack\FalloutLauncher.exe
      FirewallRules: [{24F3C52D-EA1B-4028-A1A3-5F9B9E713007}] => (Allow) C:\Program Files (x86)\VictorVal\Fallout 3 Gold Repack\FalloutLauncher.exe
      FirewallRules: [{1559CB4E-4693-4BF1-9E86-3BCDFA4FA142}] => (Allow) C:\Games\Fallout Shelter\unins000.exe
      FirewallRules: [{2BC3DD1C-93E5-4E50-BEFF-852C8E82F420}] => (Allow) C:\Games\Fallout Shelter\unins000.exe
      FirewallRules: [{2781951E-A142-4DF2-B991-D2979EAA54E0}] => (Allow) C:\Games\Fallout Shelter\unins000.exe
      FirewallRules: [{881FC9D4-039C-43C9-A26C-D444F592770D}] => (Allow) C:\Games\Fallout Shelter\unins000.exe
      FirewallRules: [{B49F892F-DAB2-4A89-A285-FDBAFDC2142D}] => (Allow) C:\Program Files (x86)\Mobogenie3\Mobogenie.exe
      FirewallRules: [{D5FA7726-D819-4E47-8DB8-4410380ED968}] => (Allow) C:\Program Files (x86)\Mobogenie3\Mobogenie.exe
      FirewallRules: [{B864BF5A-FC6B-45FA-ABCC-73E191E2DEB7}] => (Allow) C:\Program Files (x86)\Mobogenie3\Mobogenie.exe
      FirewallRules: [{7B7183E6-9AFC-4A6C-B4D7-EE79D2ED67C9}] => (Allow) C:\Program Files (x86)\Mobogenie3\Mobogenie.exe
      FirewallRules: [{978FB01D-A0FA-4BD1-BAA0-03F5D07B7E4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{48578F9F-829C-4ED0-8A36-E58A264BBF09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{91CFB81E-9AA7-4B88-AC26-895717390FF9}C:\users\ronnycrespo\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\ronnycrespo\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
      FirewallRules: [UDP Query User{7380B60C-6DEC-4361-B73A-125B8262E2C4}C:\users\ronnycrespo\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\ronnycrespo\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
      FirewallRules: [TCP Query User{1B7DEDD7-5B6D-45BA-B1DE-F388638F5E44}C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe
      FirewallRules: [UDP Query User{450A5957-2EA1-4C57-BF19-FAC24704E2EE}C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe
      FirewallRules: [{A4FA1A84-03FA-44E0-9CE9-C732FA8D0A34}] => (Allow) C:\AeriaGames\AuraKingdom-ES\game.bin
      FirewallRules: [{A5E713E9-EA85-4A15-AB44-5DFFDD9BCEFA}] => (Allow) C:\AeriaGames\AuraKingdom-ES\game.bin
      FirewallRules: [{C50CC78A-8BE8-4A2F-9F1D-8CB1FA9D5EA7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
      FirewallRules: [{B12B05A4-091C-4D5F-9CD0-CB2091633A4E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
      FirewallRules: [{E2AA1829-47A8-4FD9-9B78-D0B3CA8C5FBE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
      FirewallRules: [{94FBCE98-D600-49CE-BD0E-A53591380849}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
      FirewallRules: [{E8CAAD1F-72A2-43E1-8A2A-8D9FB2024501}] => (Allow) C:\AeriaGames\AuraKingdom-ES\Launcher.exe
      FirewallRules: [{5249ACCE-DA86-490F-B462-959210DEE036}] => (Allow) C:\AeriaGames\AuraKingdom-ES\Launcher.exe
      FirewallRules: [{E23D1173-5AEC-4393-9339-791C4BE27943}] => (Allow) C:\AeriaGames\AuraKingdom-ES\Launcher.exe
      FirewallRules: [{15E79D9C-B793-45A0-9E9A-6D6EE9437E87}] => (Allow) C:\AeriaGames\AuraKingdom-ES\Launcher.exe
      FirewallRules: [TCP Query User{173AAE45-47A3-4800-BED0-4B7FBC90879A}C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe
      FirewallRules: [UDP Query User{C7D25D6D-8FAA-4FEB-A29A-5E943EC85811}C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ronnycrespo\appdata\local\akamai\netsession_win.exe
      FirewallRules: [{8FC85E0D-3AF6-40FC-9C57-E68348182409}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
      FirewallRules: [{7567F2CB-135C-406D-959F-10B6671FB620}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
      FirewallRules: [{E5977805-5418-4474-822C-72FF680C99D9}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
      FirewallRules: [{1A548E74-F453-44E7-99BB-5F85FA7E3D5C}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
      FirewallRules: [{7FD7FA40-28C9-444D-9C98-390234E23CCB}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
      FirewallRules: [{AF361118-3FDA-4997-B591-659D47B50FDC}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
      FirewallRules: [{18918570-F923-4BC3-8700-15F72F1A6383}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
      FirewallRules: [{953790C0-8C12-4190-89C7-8E1D9AAF294F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
      FirewallRules: [{1C7DA90A-83B0-44EF-A614-550956C434DF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_1\SZBrowser.exe
      FirewallRules: [TCP Query User{1299C126-2A82-46FE-ABB3-699DDDF06D4D}C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe] => (Allow) C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe
      FirewallRules: [UDP Query User{C705F6A8-3C29-414A-A217-141B54CADF81}C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe] => (Allow) C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe
      FirewallRules: [TCP Query User{290A4E77-A737-45D8-A58F-5201412A43FB}C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe
      FirewallRules: [UDP Query User{0383D381-B0F6-48C8-A342-07109AF04E61}C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe
      FirewallRules: [{4CA3824D-D688-4618-BCDE-F1FA217FC6DB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\StartNBR.exe
      FirewallRules: [{8BD2DC09-F911-4650-B321-4E1C24B60901}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe
      FirewallRules: [{1E71C498-1B27-4850-9449-0272A2DBCF27}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe
      FirewallRules: [{9C057C6C-B308-40E8-AEEC-22334968AEFB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\NMDllHost.exe
      FirewallRules: [{0142492D-A147-4589-973B-06B0341E9CB3}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\MediaHome.exe
      FirewallRules: [{E701A684-EB8E-4E5F-B88F-38342054526F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\nero.exe
      FirewallRules: [TCP Query User{411AED8D-0C83-4732-B40E-09036861DC57}C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe] => (Block) C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe
      FirewallRules: [UDP Query User{4E2077E9-309A-4DF8-AF63-CA0F2E93971A}C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe] => (Block) C:\program files (x86)\transformers fall of cybertron\binaries\tfoc.exe
      FirewallRules: [TCP Query User{A949CB31-F015-44C3-82F7-2DCEF0C34643}C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe] => (Allow) C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe
      FirewallRules: [UDP Query User{9F3802B9-63E2-4826-9A57-0B3FAF893C89}C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe] => (Allow) C:\program files (x86)\2k games\borderlands - game of the year edition\binaries\borderlands.exe
      FirewallRules: [TCP Query User{D5B21C4D-1BF8-41E1-AC54-C289A2A32159}C:\program files (x86)\master of orion\masteroforion.exe] => (Allow) C:\program files (x86)\master of orion\masteroforion.exe
      FirewallRules: [UDP Query User{F1A62107-65F1-4AE2-868E-57AB4011AF1C}C:\program files (x86)\master of orion\masteroforion.exe] => (Allow) C:\program files (x86)\master of orion\masteroforion.exe
      FirewallRules: [TCP Query User{B55A7D50-9C4A-44FD-88BC-BB3646138755}C:\program files (x86)\master of orion\masteroforion.exe] => (Allow) C:\program files (x86)\master of orion\masteroforion.exe
      FirewallRules: [UDP Query User{CB4138C4-59BE-480D-B5B1-287847469B18}C:\program files (x86)\master of orion\masteroforion.exe] => (Allow) C:\program files (x86)\master of orion\masteroforion.exe
      FirewallRules: [{248BD908-8550-4A79-B90B-C7180FC2889D}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
      FirewallRules: [{0E2ACA00-AA24-4721-86A6-45A0F994C22D}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
      FirewallRules: [{D987E16A-6EA9-4594-95DB-8F031690FB7E}] => (Allow) LPort=4481
      FirewallRules: [{9D9B44A8-5CCD-4530-916A-545199B3700B}] => (Allow) LPort=4481
      FirewallRules: [{774EF066-25E0-49C8-86FC-6D661A6896E3}] => (Allow) LPort=4482
      FirewallRules: [{CC530298-BFA9-49E9-A60A-37253AC3A08D}] => (Allow) LPort=4482
      FirewallRules: [TCP Query User{E4E11758-BF5F-40BC-BDCC-0689F8114C3A}C:\program files (x86)\counter-strike 1.6\hlds.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hlds.exe
      FirewallRules: [UDP Query User{88ABF287-8943-483A-8BF2-A12141854EE2}C:\program files (x86)\counter-strike 1.6\hlds.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hlds.exe
      FirewallRules: [TCP Query User{463CED99-C624-48A0-8D9D-B94A4B32A6DA}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
      FirewallRules: [UDP Query User{073442A3-47FC-46F7-A892-3BBF8A9B0998}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
      FirewallRules: [{0D5DDE25-0F5C-4687-B197-D63E88590F62}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
      FirewallRules: [{8F1E91C4-DDBE-4129-8674-DDD597DDEDDF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
      FirewallRules: [{E259339C-931C-4D1A-B8A3-7F3C04C60D72}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
      FirewallRules: [{761C78E2-4336-4890-B5F9-231069A474E4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
      FirewallRules: [{C4E40C7D-9226-4AAC-AA5A-67C8DFA300E7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
      FirewallRules: [{AE42EF1D-1EB5-4962-A22A-A387916B0BAE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
      FirewallRules: [{320FB774-F273-46B9-AE02-E5EA8326A0BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      13-12-2017 16:59:33 Punto de control programado
      16-12-2017 16:09:03 Installed SpyHunter
      16-12-2017 21:00:11 JRT Pre-Junkware Removal
      16-12-2017 21:08:01 JRT Pre-Junkware Removal
      16-12-2017 21:52:47 JRT Pre-Junkware Removal
      16-12-2017 22:16:32 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (12/17/2017 04:01:43 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.5.3.0, marca de tiempo: 0x54c2b458
      Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.15063.726, marca de tiempo: 0x1a9bbe0b
      Código de excepción: 0xe0434352
      Desplazamiento de errores: 0x0000000000069d98
      Identificador del proceso con errores: 0x628
      Hora de inicio de la aplicación con errores: 0x01d3770c5be0d76e
      Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
      Identificador del informe: 9c3b617d-986c-44c0-ba0a-bb98980cfe9b
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/17/2017 04:01:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Aplicación: AutoKMS.exe
      Versión de Framework: v4.0.30319
      Descripción: el proceso terminó debido a una excepción no controlada.
      Información de la excepción: System.IO.FileNotFoundException
      en Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask.()
      en Microsoft.Win32.TaskScheduler.Task.GetV2Definition(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
      en Microsoft.Win32.TaskScheduler.Task.CreateTask(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
      en .+.()
      en ..(System.String)
      en ..()
      en ..()
      en ..(.)
      en ..(.)
      en ..()

      Error: (12/17/2017 04:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: IMF.exe, versión: 5.1.0.3884, marca de tiempo: 0x591e9119
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00000000
      Identificador del proceso con errores: 0x2038
      Hora de inicio de la aplicación con errores: 0x01d3770cd205d98d
      Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: 35d714c3-55b0-40a9-b873-88dfdecdc724
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/16/2017 11:45:39 PM) (Source: ESENT) (EventID: 454) (User: )
      Description: DllHost (11880) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: Error inesperado al recuperar o restaurar la base de datos -515.

      Error: (12/16/2017 11:02:28 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.5.3.0, marca de tiempo: 0x54c2b458
      Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.15063.726, marca de tiempo: 0x1a9bbe0b
      Código de excepción: 0xe0434352
      Desplazamiento de errores: 0x0000000000069d98
      Identificador del proceso con errores: 0x594
      Hora de inicio de la aplicación con errores: 0x01d376e2d0cd679e
      Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
      Identificador del informe: 1a49b028-112e-4161-a1dc-dc274b3e94e2
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/16/2017 11:02:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Aplicación: AutoKMS.exe
      Versión de Framework: v4.0.30319
      Descripción: el proceso terminó debido a una excepción no controlada.
      Información de la excepción: System.IO.FileNotFoundException
      en Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask.()
      en Microsoft.Win32.TaskScheduler.Task.GetV2Definition(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
      en Microsoft.Win32.TaskScheduler.Task.CreateTask(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
      en .+.()
      en ..(System.String)
      en ..()
      en ..()
      en ..(.)
      en ..(.)
      en ..()

      Error: (12/16/2017 11:01:41 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: IMF.exe, versión: 5.1.0.3884, marca de tiempo: 0x591e9119
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00000000
      Identificador del proceso con errores: 0x26f0
      Hora de inicio de la aplicación con errores: 0x01d376e31cf507fa
      Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: cf568e8c-fa58-428a-8b45-902615cc0a41
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/16/2017 10:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.595, marca de tiempo: 0x59f745cb
      Nombre del módulo con errores: mbae-api-na.dll_unloaded, versión: 1.11.4.254, marca de tiempo: 0x5a0ef33c
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000000000002ec80
      Identificador del proceso con errores: 0x1f20
      Hora de inicio de la aplicación con errores: 0x01d376e175f8821d
      Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: mbae-api-na.dll
      Identificador del informe: fc520e65-2ebc-4b52-98a2-41e787b69a0f
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/16/2017 10:47:57 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.595, marca de tiempo: 0x59f745cb
      Nombre del módulo con errores: ntdll.dll, versión: 10.0.15063.608, marca de tiempo: 0x8274fd8b
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000000000003bbdf
      Identificador del proceso con errores: 0x2f68
      Hora de inicio de la aplicación con errores: 0x01d376e0ee9405bb
      Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
      Identificador del informe: b6b68d21-9b0d-48de-bfef-67c549c52b7c
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/16/2017 09:21:11 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: explorer.exe, versión: 10.0.15063.674, marca de tiempo: 0xd8364343
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x0000000003480fd8
      Identificador del proceso con errores: 0xe60
      Hora de inicio de la aplicación con errores: 0x01d376bede066b5d
      Ruta de acceso de la aplicación con errores: C:\WINDOWS\explorer.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: cb78f2cd-7b26-4106-9107-4975bf1dabe5
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:


      System errors:
      =============
      Error: (12/17/2017 04:00:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
      Description: El servicio Optimización de entrega no respondió después de iniciar.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:59 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:58 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/17/2017 03:55:54 AM) (Source: DCOM) (EventID: 10016) (User: ronnycrespo-HP)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
      {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      y APPID
      {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      al usuario ronnycrespo-HP\ronnycrespo con SID (S-1-5-21-1148897783-301171496-773222092-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


      CodeIntegrity:
      ===================================
      Date: 2017-12-16 22:48:54.621
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 22:45:01.608
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 21:23:09.287
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:48:02.524
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:48:02.309
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:48:01.707
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:47:57.346
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:47:57.145
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:47:55.148
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-14 12:47:44.836
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

    2. #12
      Usuario Avatar de ronaldo54674
      Registrado
      dic 2017
      Ubicación
      vnezuela
      Mensajes
      14

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus

      ==================== Memory info ===========================

      Processor: AMD Athlon(tm) II X2 260u Processor
      Percentage of memory in use: 46%
      Total physical RAM: 5887.3 MB
      Available physical RAM: 3135.25 MB
      Total Virtual: 7743.3 MB
      Available Virtual: 4845.86 MB

      ==================== Drives ================================

      Drive c: (OS) (Fixed) (Total:918.33 GB) (Free:529.65 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive d: (HP_RECOVERY) (Fixed) (Total:12.64 GB) (Free:1.54 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive g: () (Removable) (Total:14.89 GB) (Free:9.75 GB) FAT32

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 931.5 GB) (Disk ID: 28AE28CD)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=918.3 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
      Partition 4: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
      Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

      ==================== End of Addition.txt ============================

    3. #13
      Usuario Avatar de ronaldo54674
      Registrado
      dic 2017
      Ubicación
      vnezuela
      Mensajes
      14
      y luego que mas

      ***************

      no entiendo para que sirve hace esto????'

      ***************

      hola
      saludo
      Última edición por @Daniela fecha: 17/12/17 a las 14:11:55 Razón: Combinar mensajes

    4. #14
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.562

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus

      Hola

      Cita Originalmente publicado por ronaldo54674 Ver Mensaje
      y luego que mas

      ***************

      no entiendo para que sirve hace esto????'

      ***************

      hola
      saludo
      Políticas del Foro de InfoSpyware

      5.2 Recuerden que: NO somos una empresa que le cobra por los servicios, NO somos un servicio técnico, NO atendemos las 24hrs, somos humanos, tenemos también nuestros trabajos, responsabilidades, problemas y familias que atender; somos voluntarios. En conclusión, sólo somos una COMUNIDAD (FORO) DE AYUDANTES VOLUNTARIOS que intentarán ayudarle sin fines de lucro, sin pedirle nada a cambio más que se respeten estas normas y políticas. Sobre todo respeto y camaradería a quienes voluntariamente dedican su tiempo en intentar ayudar a otros.

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5232928 2017-05-19] (IObit)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\...\Run: [Advanced SystemCare 11] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3597600 2017-09-20] (IObit)
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\...\MountPoints2: {9913331b-7490-11e7-91a0-3860770ee01f} - "G:\TL_Bootstrap.exe" 
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\...\MountPoints2: {e1546f74-50d2-11e6-87af-3860770ee01f} - "H:\setup.exe" 
      ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\ronnycrespo\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
      SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzztCtDtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzy0EyCyEtDtC0DtGyCtCtDtBtGtAtCtDyEtGtDtBtA0DtG0B0CyEtCyE0EyDtByBtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D1148738768%26a%3Dwbf_fs_16_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      SearchScopes: HKLM -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0BzytB0CtByDtGtCtDyDtBtG0AyEtAyEtGyEyCyC0CtG0DyEtDtCtB0DzztCtB0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D242178152%26a%3Dwbf_fs_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
      SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope value is missing
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0BzytB0CtByDtGtCtDyDtBtG0AyEtAyEtGyEyCyC0CtG0DyEtDtCtB0DzztCtB0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D242178152%26a%3Dwbf_fs_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzztCtDtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzy0EyCyEtDtC0DtGyCtCtDtBtGtAtCtDyEtGtDtBtA0DtG0B0CyEtCyE0EyDtByBtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D1148738768%26a%3Dwbf_fs_16_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
      SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzztCtDtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzy0EyCyEtDtC0DtGyCtCtDtBtGtAtCtDyEtGtDtBtA0DtG0B0CyEtCyE0EyDtByBtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D1148738768%26a%3Dwbf_fs_16_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      FF Extension: (Avast Online Security) - C:\Users\ronnycrespo\AppData\Roaming\Mozilla\Firefox\Profiles\sjzsyhis.default-1504363553210\Extensions\[email protected] [2017-10-08]
      FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox => not found
      CHR DefaultSearchURL: Default -> hxxps://www.teoma.com/web?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> hxxps://teoma.com
      CHR DefaultSuggestURL: Default -> hxxp://www.teoma.com/ss?type=prefix&li=ff&q={searchTerms}
      CHR Extension: (Presentaciones) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-14]
      CHR Extension: (Documentos) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14]
      CHR Extension: (MEGA) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-12-14]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-14]
      CHR Extension: (Avast Online Security) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-14]
      CHR Extension: (TV en directo) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2017-12-14]
      CHR Extension: (Chrome Media Router) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      CHR HKLM\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
      U3 idsvc; no ImagePath
      S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
      2017-12-16 23:25 - 2017-12-16 23:27 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\ronnycrespo\Downloads\SpyHunter-Installer.exe
      2017-12-16 16:35 - 2017-12-16 16:35 - 000605424 _____ (Reimage) C:\Users\ronnycrespo\Downloads\ReimageRepair (1).exe
      2017-12-16 21:46 - 2016-12-15 20:21 - 000000000 ____D C:\Users\ronnycrespo\AppData\Local\{30C2069E-146A-6A26-79F2-4FCE5D9AB356}
      2014-11-08 04:33 - 2014-12-04 19:01 - 000601088 _____ () C:\Users\ronnycrespo\AppData\Local\Temp\Quarantine.exe
      2014-11-08 04:47 - 2014-10-17 07:39 - 000665682 _____ (SQLite Development Team) C:\Users\ronnycrespo\AppData\Local\Temp\sqlite3.dll
      2017-12-16 15:27 - 2017-12-16 15:27 - 000005120 _____ () C:\Users\ronnycrespo\AppData\Local\Temp\vwhre5lc.dll
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      Task: {0264927F-19B3-4C94-8055-53F6F414D141} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
      Task: {20A48C8D-D701-43FD-BA57-10CD478CFC18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {2204F8AF-0ADE-42D5-B8CC-9C24496EC0AF} - System32\Tasks\ASC11_SkipUac_ronnycrespo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
      Task: {36A24574-464B-4DAE-A8A2-9EA3FA4B930F} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-11-07] (IObit)
      Task: {39F3C1A0-4B2F-4B46-BD48-0CA89BAC0BDD} - \Yahoo! Powered coder -> No File <==== ATTENTION
      Task: {980B8480-1ADD-473B-86B8-6E6BE4369FB7} - \Games\UpdateCheck_S-1-5-21-1148897783-301171496-773222092-1000 -> No File <==== ATTENTION
      Task: {AC1491A3-BEE9-49F4-A39B-65CB209EBA9B} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
      Task: {DFB8EEE8-92ED-4520-983A-676975657473} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
      Task: C:\WINDOWS\Tasks\Yahoo! Powered coder.job => Wscript.exe C:\ProgramData\{59809CE3-D3C2-1625-5504-8867CF4603A9}\loto.txt <==== ATTENTION
      WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION
      ShortcutWithArgument: C:\Users\ronnycrespo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> "hxxp://groznyg.ru/?utm_source=startlink03&utm_content=867fe3304d60f83d78282432a73b98c5&utm_term=91263E30B4E5A6A6FDA6AC90950C710A&utm_d=20160915"
      ShortcutWithArgument: C:\Users\ronnycrespo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\RONNYC~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\RONNYC~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #15
      Usuario Avatar de ronaldo54674
      Registrado
      dic 2017
      Ubicación
      vnezuela
      Mensajes
      14

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus

      Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
      Ran by ronnycrespo (17-12-2017 16:31:42) Run:3
      Running from C:\Users\ronnycrespo\Desktop
      Loaded Profiles: ronnycrespo (Available Profiles: ronnycrespo & DefaultAppPool)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5232928 2017-05-19] (IObit)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\...\Run: [Advanced SystemCare 11] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3597600 2017-09-20] (IObit)
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\...\MountPoints2: {9913331b-7490-11e7-91a0-3860770ee01f} - "G:\TL_Bootstrap.exe"
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\...\MountPoints2: {e1546f74-50d2-11e6-87af-3860770ee01f} - "H:\setup.exe"
      ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\ronnycrespo\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
      SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzztCtDtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzy0EyCyEtDtC0DtGyCtCtDtBtGtAtCtDyEtGtDtBtA0DtG0B0CyEtCyE0EyDtByBtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D1148738768%26a%3Dwbf_fs_16_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      SearchScopes: HKLM -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0BzytB0CtByDtGtCtDyDtBtG0AyEtAyEtGyEyCyC0CtG0DyEtDtCtB0DzztCtB0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D242178152%26a%3Dwbf_fs_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
      SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope value is missing
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0BzytB0CtByDtGtCtDyDtBtG0AyEtAyEtGyEyCyC0CtG0DyEtDtCtB0DzztCtB0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D242178152%26a%3Dwbf_fs_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzztCtDtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzy0EyCyEtDtC0DtGyCtCtDtBtGtAtCtDyEtGtDtBtA0DtG0B0CyEtCyE0EyDtByBtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D1148738768%26a%3Dwbf_fs_16_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
      SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://ve.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dve%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0Azz0EtCtA0DyByC0EyCzztN0D0Tzu0StCzztCtDtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzy0EyCyEtDtC0DtGyCtCtDtBtGtAtCtDyEtGtDtBtA0DtG0B0CyEtCyE0EyDtByBtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztCtCyD0EtD0FtGzz0B0E0FtGyE0FtB0CtG0BtAtAtDtGzzyDtDtDyC0EtCtAyDtC0F0B2QtN0A0LzuyE%26cr%3D1148738768%26a%3Dwbf_fs_16_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
      SearchScopes: HKU\S-1-5-21-1148897783-301171496-773222092-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      FF Extension: (Avast Online Security) - C:\Users\ronnycrespo\AppData\Roaming\Mozilla\Firefox\Profiles\sjzsyhis.default-1504363553210\Extensions\[email protected] [2017-10-08]
      FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox => not found
      CHR DefaultSearchURL: Default -> hxxps://www.teoma.com/web?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> hxxps://teoma.com
      CHR DefaultSuggestURL: Default -> hxxp://www.teoma.com/ss?type=prefix&li=ff&q={searchTerms}
      CHR Extension: (Presentaciones) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-14]
      CHR Extension: (Documentos) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14]
      CHR Extension: (MEGA) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-12-14]
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-14]
      CHR Extension: (Avast Online Security) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-14]
      CHR Extension: (TV en directo) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2017-12-14]
      CHR Extension: (Chrome Media Router) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      CHR HKLM\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
      U3 idsvc; no ImagePath
      S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
      2017-12-16 23:25 - 2017-12-16 23:27 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\ronnycrespo\Downloads\SpyHunter-Installer.exe
      2017-12-16 16:35 - 2017-12-16 16:35 - 000605424 _____ (Reimage) C:\Users\ronnycrespo\Downloads\ReimageRepair (1).exe
      2017-12-16 21:46 - 2016-12-15 20:21 - 000000000 ____D C:\Users\ronnycrespo\AppData\Local\{30C2069E-146A-6A26-79F2-4FCE5D9AB356}
      2014-11-08 04:33 - 2014-12-04 19:01 - 000601088 _____ () C:\Users\ronnycrespo\AppData\Local\Temp\Quarantine.exe
      2014-11-08 04:47 - 2014-10-17 07:39 - 000665682 _____ (SQLite Development Team) C:\Users\ronnycrespo\AppData\Local\Temp\sqlite3.dll
      2017-12-16 15:27 - 2017-12-16 15:27 - 000005120 _____ () C:\Users\ronnycrespo\AppData\Local\Temp\vwhre5lc.dll
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      Task: {0264927F-19B3-4C94-8055-53F6F414D141} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
      Task: {20A48C8D-D701-43FD-BA57-10CD478CFC18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {2204F8AF-0ADE-42D5-B8CC-9C24496EC0AF} - System32\Tasks\ASC11_SkipUac_ronnycrespo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
      Task: {36A24574-464B-4DAE-A8A2-9EA3FA4B930F} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-11-07] (IObit)
      Task: {39F3C1A0-4B2F-4B46-BD48-0CA89BAC0BDD} - \Yahoo! Powered coder -> No File <==== ATTENTION
      Task: {980B8480-1ADD-473B-86B8-6E6BE4369FB7} - \Games\UpdateCheck_S-1-5-21-1148897783-301171496-773222092-1000 -> No File <==== ATTENTION
      Task: {AC1491A3-BEE9-49F4-A39B-65CB209EBA9B} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
      Task: {DFB8EEE8-92ED-4520-983A-676975657473} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
      Task: C:\WINDOWS\Tasks\Yahoo! Powered coder.job => Wscript.exe C:\ProgramData\{59809CE3-D3C2-1625-5504-8867CF4603A9}\loto.txt <==== ATTENTION
      WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION
      ShortcutWithArgument: C:\Users\ronnycrespo\AppData\Local\Microsoft\Start Menu\?o??? ? ???e??e?.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> "hxxp://groznyg.ru/?utm_source=startlink03&utm_content=867fe3304d60f83d78282432a73b98c5&utm_term=91263E30B4E5A6A6FDA6AC90950C710A&utm_d=20160915"
      ShortcutWithArgument: C:\Users\ronnycrespo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\RONNYC~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\RONNYC~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => value not found.
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 11 => value not found.
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9913331b-7490-11e7-91a0-3860770ee01f} => key not found
      HKLM\Software\Classes\CLSID\{9913331b-7490-11e7-91a0-3860770ee01f} => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1546f74-50d2-11e6-87af-3860770ee01f} => key not found
      HKLM\Software\Classes\CLSID\{e1546f74-50d2-11e6-87af-3860770ee01f} => key not found
      C:\Users\ronnycrespo\AppData\Local\Facebook\Games\FacebookGameroom.exe => not found.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found
      HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found
      HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found
      HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => key not found
      HKLM\Software\Classes\CLSID\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => key not found
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
      HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
      HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
      HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found
      HKLM\Software\Wow6432Node\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found
      HKLM\Software\Wow6432Node\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => key not found
      HKLM\Software\Wow6432Node\Classes\CLSID\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
      HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
      HKLM\Software\Wow6432Node\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found
      HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found
      HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => key not found
      HKLM\Software\Classes\CLSID\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
      HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
      HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
      C:\Users\ronnycrespo\AppData\Roaming\Mozilla\Firefox\Profiles\sjzsyhis.default-1504363553210\Extensions\[email protected] => not found.
      HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} => value not found.
      Chrome DefaultSearchURL => not found.
      Chrome DefaultSearchKeyword => not found.
      Chrome DefaultSuggestURL => not found.
      CHR Extension: (Presentaciones) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-14] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14] => Error: No automatic fix found for this entry.
      CHR Extension: (MEGA) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-12-14] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-14] => Error: No automatic fix found for this entry.
      CHR Extension: (Avast Online Security) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-14] => Error: No automatic fix found for this entry.
      CHR Extension: (TV en directo) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2017-12-14] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\ronnycrespo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14] => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Google\Chrome\Extensions\cohecngphbppjpaokeilaichhgggcmjb => key not found
      HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => key not found
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cohecngphbppjpaokeilaichhgggcmjb => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => key not found
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key not found
      idsvc => service not found.
      MBAMSwissArmy => service not found.
      "C:\Users\ronnycrespo\Downloads\SpyHunter-Installer.exe" => not found.
      "C:\Users\ronnycrespo\Downloads\ReimageRepair (1).exe" => not found.
      "C:\Users\ronnycrespo\AppData\Local\{30C2069E-146A-6A26-79F2-4FCE5D9AB356}" => not found.
      "C:\Users\ronnycrespo\AppData\Local\Temp\Quarantine.exe" => not found.
      "C:\Users\ronnycrespo\AppData\Local\Temp\sqlite3.dll" => not found.
      "C:\Users\ronnycrespo\AppData\Local\Temp\vwhre5lc.dll" => not found.
      HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key not found
      HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0264927F-19B3-4C94-8055-53F6F414D141} => key not found
      C:\WINDOWS\System32\Tasks\IObitSelfCheckTask => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObitSelfCheckTask => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20A48C8D-D701-43FD-BA57-10CD478CFC18} => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2204F8AF-0ADE-42D5-B8CC-9C24496EC0AF} => key not found
      C:\WINDOWS\System32\Tasks\ASC11_SkipUac_ronnycrespo => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_SkipUac_ronnycrespo => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A24574-464B-4DAE-A8A2-9EA3FA4B930F} => key not found
      C:\WINDOWS\System32\Tasks\ASC11_PerformanceMonitor => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39F3C1A0-4B2F-4B46-BD48-0CA89BAC0BDD} => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered coder => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{980B8480-1ADD-473B-86B8-6E6BE4369FB7} => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-1148897783-301171496-773222092-1000 => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC1491A3-BEE9-49F4-A39B-65CB209EBA9B} => key not found
      C:\WINDOWS\System32\Tasks\SmartDefrag_Update => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB8EEE8-92ED-4520-983A-676975657473} => key not found
      C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze => key not found
      C:\WINDOWS\Tasks\Yahoo! Powered coder.job => not found.
      WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION => not found
      C:\Users\ronnycrespo\AppData\Local\Microsoft\Start Menu\?o??? ? ???e??e?.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
      C:\Users\ronnycrespo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 11 mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de *rea local* 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de *rea local* 11:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::1554:3dc5:838e:da4d%14
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.103
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.181

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      0 out of 0 jobs canceled.

      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1148897783-301171496-773222092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 11034624 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6361939 B
      Java, Flash, Steam htmlcache => 0 B
      Windows/system/drivers => 2664 B
      Edge => 0 B
      Chrome => 0 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 0 B
      systemprofile32 => 128 B
      LocalService => 0 B
      NetworkService => 2630 B
      ronnycrespo => 95964 B
      DefaultAppPool => 0 B

      RecycleBin => 28295 B
      EmptyTemp: => 16.7 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 16:35:10 ====

    6. #16
      Usuario Avatar de ronaldo54674
      Registrado
      dic 2017
      Ubicación
      vnezuela
      Mensajes
      14

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus

      todo bien por ahora gracias

    7. #17
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.562

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus

      Hola

      Sigue estos pasos, para eliminar las herramientas utilizadas:

      • Utiliza de nuevo >> Descarga >> DelFix
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca todas las casillas.
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), revisa que se hayan eliminado las herramientas utilizadas.


      Confirmanos que siga todo bien.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de ronaldo54674
      Registrado
      dic 2017
      Ubicación
      vnezuela
      Mensajes
      14

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus(Solucionado)

      todo bien gracias y disculpa por la molestia

    9. #19
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      25.562

      Re: kemgadeojglibflomicgnfeopkdfflnk el virus(Solucionado)

      Hola

      Cita Originalmente publicado por ronaldo54674 Ver Mensaje
      todo bien gracias y disculpa por la molestia
      No te preocupes, no hay problema


      Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte

      Nos alegramos que se te haya resuelto Damos el tema por solucionado.


      Si deseas REABRIR ESTE TEMA presiona para reportarlo Como Reportar Mensajes?.

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, para estar al tanto de los nuevos malwares y cómo prevenirlos.
      *** Tema solucionado ***


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 2 de 2 PrimeroPrimero 12