• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 20

    HackTool:Win32/AutoKMS (Solucionado)

    Buenos días, es que desde hace varias semanas mi antivirus detecto un programa como sospechoso con el nombre de HackTool:Win32/AutoKMS.... Después de darle la orden de quitar con el antivirus desaparecía, pero la siguiente vez ...

    1. #1
      Usuario Avatar de SabinaC
      Registrado
      nov 2015
      Ubicación
      Colombia
      Mensajes
      18

      HackTool:Win32/AutoKMS (Solucionado)

      Buenos días, es que desde hace varias semanas mi antivirus detecto un programa como sospechoso con el nombre de HackTool:Win32/AutoKMS.... Después de darle la orden de quitar con el antivirus desaparecía, pero la siguiente vez que prendida el computador volvió a aparecer.... esto sucedió en varias ovaciones, por lo cual seguí la guía de eliminación de virus de esta pagina y al parecer funciono, pero desde hace tres días volvió a apacer. No si es es el mismo virus o es otro nuevo , pero desde esta vez ya no desapareces con los pasos de la guía, después de hacerlos dice como que si lo quito pero cuando vuelvo y prendo el computador vuelve y aparece.
      Solicito ayuda. Muchas Gracias

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.877

      Re: Virus? HackTool:Win32/AutoKMS

      Hola

      AutoKMS es un pequeño programa que pone licencias ilegales al sistema Operativo Windows y a Microsoft Office.

      Debieras buscarlo entre Tus programas y desinstalarlo como a cualquier otro programa.

      Nos comentas ...
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de SabinaC
      Registrado
      nov 2015
      Ubicación
      Colombia
      Mensajes
      18

      Re: Virus? HackTool:Win32/AutoKMS

      Gracias por responder. No encuentro el programa, no esta en la lista de programas del panel de control

    4. #4
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.877

      Re: Virus? HackTool:Win32/AutoKMS

      Hola


      Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

      Descarga a Tu Escritorio Farbar Recovery Scan Tool considerando la versión adecuada para tu equipo.

      ¿Cómo saber si mi Windows es de 32 o 64 bits?


      Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

      En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

      Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.


      En Tu próxima respuesta, [B]copias y pegas el reporte Frst.txt de FRST


      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    5. #5
      Usuario Avatar de SabinaC
      Registrado
      nov 2015
      Ubicación
      Colombia
      Mensajes
      18

      Re: Virus? HackTool:Win32/AutoKMS

      Buenas Tardes. aquí esta el informe:

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by User (administrator) on HOME (21-12-2017 13:32:49)
      Running from D:\Programas
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 8.1 (Update) (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      () C:\Windows\System32\igfxTray.exe
      (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
      (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
      (NCsoft) D:\Programas\Juego Blade & Sould\BnS\bin64\Client.exe
      (Wellbia.com Co., Ltd.) D:\Programas\Juego Blade & Sould\BnS\bin64\XignCode\xcoronahost.xem
      (Wellbia.com) D:\Programas\Juego Blade & Sould\BnS\bin64\XignCode\xxd-0.xem
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
      HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Zbshareware Lab)
      HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
      HKLM\...\Policies\Explorer: [HideSCAHealth] 0
      HKU\S-1-5-21-3049676236-654874007-292565900-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
      HKU\S-1-5-21-3049676236-654874007-292565900-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.100.1
      Tcpip\..\Interfaces\{C006B239-7906-4E5E-A23A-6C0683E6CAA0}: [DhcpNameServer] 192.168.100.1 192.168.100.1

      Internet Explorer:
      ==================
      HKU\S-1-5-21-3049676236-654874007-292565900-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
      HKU\S-1-5-21-3049676236-654874007-292565900-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
      SearchScopes: HKU\S-1-5-21-3049676236-654874007-292565900-1001 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
      BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

      FireFox:
      ========
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wmmz3u5p.default [2017-12-21]
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-18] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR DefaultProfile: Profile 1
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-21]
      CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
      CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-03]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-03]
      CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
      CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-02]
      CHR Extension: (Web Navigation) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2017-10-22] [UpdateUrl: hxxp://www.linkszb.com/addon/chrome/update.xml] <==== ATTENTION
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-03]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2017-10-22]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
      R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
      R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
      R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-07-27] (Intel Corporation)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
      S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
      S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
      R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2017-11-30] (Dell Inc.)
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
      R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
      R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
      S1 didziwla; C:\Windows\system32\drivers\didziwla.sys [72816 2017-12-21] (Microsoft Corporation)
      R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [52240 2015-06-06] (Intel Corporation)
      R3 iaLPSS2_GPIO2; C:\Windows\system32\DRIVERS\iaLPSS2_GPIO2.sys [88376 2016-09-20] (Intel Corporation)
      R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
      R1 MpKsl50957001; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11E9AAE-CFA7-4A58-B83E-F87F4D6A6FB8}\MpKsl50957001.sys [58120 2017-12-21] (Microsoft Corporation)
      R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [4043544 2015-07-16] (Intel Corporation)
      S3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
      S1 nsrpwkgb; C:\Windows\system32\drivers\nsrpwkgb.sys [72816 2017-12-21] (Microsoft Corporation)
      S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
      S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
      S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
      R3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-21 13:21 - 2017-12-21 13:32 - 000000000 ____D C:\FRST
      2017-12-21 06:55 - 2017-12-21 06:55 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsrpwkgb.sys
      2017-12-21 06:55 - 2017-12-21 06:55 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\didziwla.sys
      2017-12-21 06:53 - 2017-12-21 06:53 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2017-12-16 23:49 - 2017-12-04 11:23 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-16 23:49 - 2017-12-04 11:23 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-13 20:53 - 2017-11-17 10:37 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-12-13 20:53 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-12-13 20:53 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-12-13 20:53 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-12-13 20:53 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-12-13 20:53 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-12-13 20:53 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-12-13 20:53 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-12-13 20:53 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-12-13 20:53 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-12-13 20:53 - 2017-11-07 16:15 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
      2017-12-13 20:53 - 2017-11-07 15:46 - 000285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
      2017-12-13 20:53 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-12-13 20:53 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-12-13 20:53 - 2017-11-07 15:08 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
      2017-12-13 20:53 - 2017-11-07 15:02 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
      2017-12-13 20:53 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-12-13 20:53 - 2017-10-14 02:23 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2017-12-13 20:53 - 2017-10-14 02:17 - 003717632 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2017-12-13 20:53 - 2017-10-14 01:19 - 000780800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2017-12-13 20:53 - 2017-10-10 11:39 - 001192960 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
      2017-12-13 20:53 - 2017-10-10 11:29 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
      2017-12-13 20:53 - 2017-10-10 09:58 - 000949760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
      2017-12-13 20:52 - 2017-11-13 21:55 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2017-12-13 20:52 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-12-13 20:52 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-12-13 20:52 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-12-13 20:52 - 2017-11-08 10:55 - 000032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
      2017-12-13 20:52 - 2017-11-07 15:49 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2017-12-13 20:52 - 2017-11-07 15:29 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
      2017-12-13 20:52 - 2017-11-07 15:27 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2017-12-13 20:52 - 2017-11-07 15:22 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2017-12-13 20:52 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-12-13 20:52 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-12-13 20:52 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-12-13 20:52 - 2017-10-18 12:14 - 000136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2017-12-13 20:52 - 2017-10-14 02:55 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2017-12-13 20:52 - 2017-10-14 02:29 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2017-12-13 20:52 - 2017-10-14 01:41 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2017-12-13 20:52 - 2017-10-10 10:42 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
      2017-12-08 22:26 - 2017-12-08 22:26 - 000003808 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
      2017-12-05 21:21 - 2017-12-05 21:22 - 000000000 ____D C:\Users\User\Desktop\Cumple Juli
      2017-12-05 20:33 - 2017-12-05 20:36 - 000000000 ____D C:\Users\User\Desktop\CEREMONIA INTERNISTAS
      2017-11-30 23:11 - 2017-11-30 23:11 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-11-27 18:36 - 2017-11-27 18:36 - 000001082 _____ C:\Users\Public\Desktop\USB Disk Security.lnk
      2017-11-27 18:36 - 2017-11-27 18:36 - 000001070 _____ C:\Users\Public\Desktop\Web Navigation.lnk

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-21 13:07 - 2016-11-02 18:25 - 000003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3050E24E-FBED-4D1C-9A80-D7F998BDC8E1}
      2017-12-21 06:58 - 2016-11-02 19:25 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
      2017-12-21 06:54 - 2017-09-16 07:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
      2017-12-21 06:53 - 2016-11-10 20:34 - 000000000 ___DO C:\Users\User\OneDrive
      2017-12-21 06:53 - 2016-11-02 18:21 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
      2017-12-21 06:53 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-21 06:52 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
      2017-12-21 06:51 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
      2017-12-20 13:37 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
      2017-12-17 18:37 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
      2017-12-16 23:48 - 2017-11-20 17:23 - 000483536 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-12-16 10:14 - 2016-11-08 00:34 - 000000000 ____D C:\Windows\system32\MRT
      2017-12-16 10:07 - 2017-10-11 22:08 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-12-16 10:07 - 2016-11-08 00:33 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-12-14 09:42 - 2016-11-02 16:44 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3049676236-654874007-292565900-1001
      2017-12-14 09:14 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
      2017-12-14 09:10 - 2016-11-02 17:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2017-12-10 20:57 - 2013-08-22 08:25 - 000000167 _____ C:\Windows\win.ini
      2017-12-10 07:20 - 2016-11-02 16:38 - 000000000 ____D C:\Users\User\AppData\Local\Packages
      2017-12-10 07:20 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-08 21:35 - 2016-11-02 19:45 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-08 21:35 - 2016-11-02 19:45 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-05 20:31 - 2016-11-02 16:42 - 001753310 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-05 20:31 - 2013-08-22 18:34 - 000779120 _____ C:\Windows\system32\perfh00A.dat
      2017-12-05 20:31 - 2013-08-22 18:34 - 000161008 _____ C:\Windows\system32\perfc00A.dat
      2017-11-30 01:03 - 2017-11-15 20:08 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
      2017-11-30 01:02 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\NDF
      2017-11-27 18:36 - 2017-10-22 12:50 - 000000000 ____D C:\Program Files (x86)\USB Disk Security

      Some files in TEMP:
      ====================
      2017-12-21 12:50 - 2017-12-21 12:50 - 000000036 _____ () C:\Users\User\AppData\Local\Temp\3adf5987ca35a98510e597938647377e.dll
      2017-12-21 12:50 - 2017-12-21 12:50 - 000000180 _____ () C:\Users\User\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-12-19 00:10

      ==================== End of FRST.txt ============================

    6. #6
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.877

      Re: Virus? HackTool:Win32/AutoKMS

      Hola




      Abri un nuevo archivo Notepad y copia y pega este contenido:


      Start
      CreateRestorePoint:
      CloseProcesses
      HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
      HKLM\...\Policies\Explorer: [HideSCAHealth] 0
      R3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      2017-12-21 12:50 - 2017-12-21 12:50 - 000000036 _____ () C:\Users\User\AppData\Local\Temp\3adf5987ca35a98510e597938647377e.dll
      2017-12-21 12:50 - 2017-12-21 12:50 - 000000180 _____ () C:\Users\User\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end




      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.


      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.






      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    7. #7
      Usuario Avatar de SabinaC
      Registrado
      nov 2015
      Ubicación
      Colombia
      Mensajes
      18

      Re: Virus? HackTool:Win32/AutoKMS

      Hola , aquí esta el informe:

      Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
      Ran by User (21-12-2017 13:56:05) Run:1
      Running from D:\Programas
      Loaded Profiles: User (Available Profiles: User)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses
      HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
      HKLM\...\Policies\Explorer: [HideSCAHealth] 0
      R3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      2017-12-21 12:50 - 2017-12-21 12:50 - 000000036 _____ () C:\Users\User\AppData\Local\Temp\3adf5987ca35a98510e597938647377e.dll
      2017-12-21 12:50 - 2017-12-21 12:50 - 000000180 _____ () C:\Users\User\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Restore point was successfully created.
      CloseProcesses => Error: No automatic fix found for this entry.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
      xhunter1 => Unable to stop service.
      "HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully
      xhunter1 => service removed successfully
      C:\Users\User\AppData\Local\Temp\3adf5987ca35a98510e597938647377e.dll => moved successfully
      C:\Users\User\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll => moved successfully

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 3 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Conexi¢n de *rea local* 3:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Wi-Fi:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : fdd4:6e5c:bdd7:e000:6cee:cb3e:394c:3ed4
      Direcci¢n IPv6 temporal. . . . . . : fdd4:6e5c:bdd7:e000:f461:defa:8d2d:fb32
      V¡nculo: direcci¢n IPv6 local. . . : fe80::6cee:cb3e:394c:3ed4%4
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.100.5
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.100.1

      Adaptador de Ethernet Ethernet:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.7.9600 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to cancel {A44B40D4-0BA8-4336-A367-4AA13E97A09C}.
      {EAF416F7-481E-4ADF-AE9F-EF9D5B51EAF4} canceled.
      1 out of 2 jobs canceled.

      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-3049676236-654874007-292565900-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-3049676236-654874007-292565900-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15212012 B
      Java, Flash, Steam htmlcache => 202 B
      Windows/system/drivers => 15980 B
      Edge => 0 B
      Chrome => 12669848 B
      Firefox => 2511062 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      systemprofile32 => 0 B
      LocalService => 3338 B
      NetworkService => 39452 B
      User => 32790390 B

      RecycleBin => 1256 B
      EmptyTemp: => 68.3 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 13:57:14 ====

    8. #8
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.877

      Re: Virus? HackTool:Win32/AutoKMS

      .-.

      Y como sigue el problema que planteaste ?
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    9. #9
      Usuario Avatar de SabinaC
      Registrado
      nov 2015
      Ubicación
      Colombia
      Mensajes
      18

      Re: Virus? HackTool:Win32/AutoKMS

      ... Como el problema aparecía siempre que pendía el computador de nuevo, al terminar los pasos anteriores , apague el computador espere 10 min y luego lo prendí de nuevo.
      Al hacerlo el antivirus detecto un problema y al darle - limpiar equipo - dijo que ya estaba protegido.

      Pero aun sigue identificándolo, eso es lo que me ha pasado en ocasiones anteriores , que el antivirus dice que lo quitó pero vuelve y aparece después...

    10. #10
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.877

      Re: Virus? HackTool:Win32/AutoKMS

      Hola

      Fijate en Tu antivirus, debe tener algún reporte de la acción que tomo sobre el archivo.
      Abrilo, copialo y pegalo en Tu próxima respuesta.
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    Página 1 de 2 12 ÚltimoÚltimo