• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 19

    Ayuda con ordenador infectado(Solucionado)

    Buenos días. Tengo la certeza que mi ordenador ha sido infectado. Les ruego ayuda para desinfectarlo. Tengo Windows 7 y he pasado varios programas de los que tienen en su web. El único que no ...

          
    1. #1
      Usuario Avatar de luverto
      Registrado
      feb 2007
      Ubicación
      DONDEYO
      Mensajes
      26

      Ayuda con ordenador infectado(Solucionado)

      Buenos días. Tengo la certeza que mi ordenador ha sido infectado.
      Les ruego ayuda para desinfectarlo.

      Tengo Windows 7 y he pasado varios programas de los que tienen en su web. El único que no me permite es el MalwareBytes por que me lo bloquea el sistema de seguridad.

      Gracias

      Copio reporte del JRT y del AdwBytes

      Gracias por todo

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Professional x64
      Ran by DGGC (Limited) on 02/01/2018 at 10:03:14,77
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





      # AdwCleaner 7.0.5.0 - Logfile created on Tue Jan 02 09:08:49 2018
      # Updated on 2017/29/11 by Malwarebytes
      # Database: 01-01-2018.1
      # Running on Windows 7 Professional (X64)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      PUP.Adware.Heuristic, 50752fa520db2feac0d66f9a0d44aff5


      ***** [ Folders ] *****

      PUP.Optional.Legacy, C:\Windows\System32\SSL
      PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL
      PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate
      PUP.Optional.FastDataX, C:\Users\DGGC\AppData\Local\FastDataX
      PUP.Optional.SystemHealer, C:\Users\DGGC\AppData\Local\SystemHealer
      PUP.Optional.PCBooster, C:\Users\DGGC\AppData\Local\PCBooster
      PUP.Optional.HDWallPaper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
      PUP.Optional.MirageISO, C:\Users\Public\Documents\XMUpdate
      PUP.Optional.HexaDesk, C:\Users\DGGC\AppData\Roaming\HexaDesK
      PUP.Adware.Heuristic, C:\Program Files\128a3f4fb2aa08923d81a2d971c06428
      PUP.Adware.Heuristic, C:\Program Files\42c3e2c1df2865b3d63a8149a37073e3


      ***** [ Files ] *****

      PUP.Optional.ChinAd, C:\Windows\SysNative\drivers\wfcre.sys
      Adware.NetUtils, C:\Windows\SysNative\NetUtils2016.dll
      Adware.NetUtils, C:\Windows\SysNative\drivers\NetUtils2016.sys


      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      PUP.Optional.BitCoinMiner, LaCieS
      PUP.Optional.SystemHealer, SystemHealer Task
      Adware.NeoBar, pnIxobGIUDXdNt
      Adware.NeoBar, BcyoMZkjXMgFaPP
      Adware.NeoBar, saKXaLnxQURzlMgex2
      Adware.NeoBar, BcyoMZkjXMgFaPP2
      Adware.NeoBar, plaAVjRQXWCDePSecyr2
      Adware.NeoBar, plaAVjRQXWCDePSecyr
      Adware.NeoBar, saKXaLnxQURzlMgex
      PUP.Optional.HDWallPaper, HDWallPaper
      PUP.Adware.Heuristic, 128a3f4fb2aa08923d81a2d971c06428


      ***** [ Registry ] *****

      PUP.Optional.Wajam, [Key] - HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\Software\WajIEnhance
      PUP.Optional.Wajam, [Key] - HKCU\Software\WajIEnhance
      PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer
      PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
      PUP.Optional.FastDataX, [Key] - HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\Software\FastDataX
      PUP.Optional.FastDataX, [Key] - HKCU\Software\FastDataX
      PUP.Optional.SystemHealer, [Key] - HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\Software\System Healer
      PUP.Optional.SystemHealer, [Key] - HKCU\Software\System Healer
      Adware.NeoBar, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
      Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
      Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      PUP.Optional.Legacy, SearchProvider found: webssearches - webssearches
      PUP.Optional.Legacy, SearchProvider found: webssearches - istart.webssearches.com
      PUP.Optional.Legacy, SearchProvider found: FileConverter 1.2 Customized Web Search - search.conduit.com

      /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [3561 B] - [2018/1/2 8:28:50]
      C:/AdwCleaner/AdwCleaner[S1].txt - [3627 B] - [2018/1/2 90]


      ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########




      File System: 12

      Successfully deleted: C:\ProgramData\078c5788-46c1-1 (Folder)
      Successfully deleted: C:\Windows\system32\Tasks\128a3f4fb2aa08923d81a2d971c06428 (Task)
      Successfully deleted: C:\Windows\system32\Tasks\System Healer Delayed (Task)
      Successfully deleted: C:\Windows\system32\Tasks\System Healer Monitor (Task)
      Successfully deleted: C:\Users\DGGC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1108NOAC (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\DGGC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNHFS9SF (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\DGGC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7AD6SKL (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\DGGC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXT9O83X (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1108NOAC (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNHFS9SF (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7AD6SKL (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXT9O83X (Temporary Internet Files Folder)



      Registry: 1

      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} (Registry Key)




      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 02/01/2018 at 10:04:20,54
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    2. #2
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      9.018

      Re: Ayuda con ordenador infectado

      Hola

      En el reporte de Adwcleaner pone "SCAN" pero parece que no le has dado al botón "limpiar", hazlo nuevamente y pega el reporte.


      Descarga en el escritorio >> IFS (InfoSpyware First Steps).

      • Cierra todos los programas que tengas abiertos ( Internet explorer, mozilla,ares, emule, incluso al lado del reloj, excepto el del antivirus)
      • Ejecuta IFS.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Analizar, y espera a que se realice el proceso.
      • Al terminar se abrirá un informe, que debes copiar y pegar(entero) en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\IFS.log"


      Un saludo
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de luverto
      Registrado
      feb 2007
      Ubicación
      DONDEYO
      Mensajes
      26

      Re: Ayuda con ordenador infectado

      Es cierto.... no le había dado a limpiar.
      Adjunto el reporte del adwcleaner, pero.... el IFS no me lo descarga. Me redirige a una "pagina 404 no encontrada"

      # AdwCleaner 7.0.5.0 - Logfile created on Tue Jan 02 10:48:27 2018
      # Updated on 2017/29/11 by Malwarebytes
      # Running on Windows 7 Professional (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      Deleted: C:\Windows\System32\\SSL
      Deleted: C:\Windows\SysWOW64\\SSL
      Deleted: C:\Users\Public\Documents\XMUpdate
      Deleted: C:\Users\DGGC\AppData\Local\FastDataX
      Deleted: C:\Users\DGGC\AppData\Local\SystemHealer
      Deleted: C:\Users\DGGC\AppData\Local\PCBooster
      Deleted: C:\\Users\Public\Documents\XMUpdate
      Deleted: C:\Users\DGGC\AppData\Roaming\HexaDesK
      Deleted: C:\Program Files\128a3f4fb2aa08923d81a2d971c06428
      Deleted: C:\Program Files\42c3e2c1df2865b3d63a8149a37073e3


      ***** [ Files ] *****

      No malicious files deleted.

      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      Deleted: 128a3f4fb2aa08923d81a2d971c06428


      ***** [ Registry ] *****

      Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      SearchProvider deleted: webssearches - webssearches
      SearchProvider deleted: webssearches - webssearches
      SearchProvider deleted: FileConverter 1.2 Customized Web Search - search.conduit.com


      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [3561 B] - [2018/1/2 8:28:50]
      C:/AdwCleaner/AdwCleaner[S1].txt - [3627 B] - [2018/1/2 90]
      C:/AdwCleaner/AdwCleaner[S2].txt - [3637 B] - [2018/1/2 949]
      C:/AdwCleaner/AdwCleaner[S3].txt - [2189 B] - [2018/1/2 10:47:59]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    4. #4
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      9.018

      Re: Ayuda con ordenador infectado

      Haz una limpieza con Ccleaner tanto de archivos como de registro.

      Luego descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • Lo guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas/ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de luverto
      Registrado
      feb 2007
      Ubicación
      DONDEYO
      Mensajes
      26

      Re: Ayuda con ordenador infectado

      Ahí va...

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
      Ran by DGGC (administrator) on D31_CZC204B54S (02-01-2018 13:37:02)
      Running from C:\Users\DGGC\Desktop
      Loaded Profiles: DGGC (Available Profiles: DGGC)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      (McAfee, Inc.) C:\Program Files\McAfee\Agent\macmnsvc.exe
      (McAfee, Inc.) C:\Program Files\McAfee\Agent\masvc.exe
      (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
      (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      () C:\Windows\Temp\g3E19.tmp.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      (McAfee, Inc.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
      (McAfee, Inc.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (johnsadventures.com) C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Spotify Ltd) C:\Users\DGGC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
      (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
      () C:\Windows\SysWOW64\b4notify.exe
      (McAfee, Inc.) C:\Program Files\McAfee\Agent\x86\mctray.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
      HKLM\...\Run: [RegistrarCeresCertStoreDLL] => C:\Program Files (x86)\FNMT-RCM\uccs.exe [40960 2013-10-30] (C3PO, S.A.)
      HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
      HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
      HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [516432 2016-07-29] (McAfee, Inc.)
      HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [254072 2016-09-12] (McAfee, Inc.)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
      HKLM-x32\...\Run: [bit4id csp store register (M)] => "C:\Windows\SysWOW64\RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RunImportServer
      HKLM-x32\...\Run: [Bit4id Notifications] => C:\Windows\SysWOW64\b4notify.exe [299008 2016-03-23] ()
      HKLM\...\RunOnce: [D31_CZC204B54S] => C:\Windows\Temp\g3E18.tmp.exe [207360 2018-01-02] () <==== ATTENTION
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
      HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
      HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
      HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
      HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
      HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
      HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
      HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
      HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
      HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
      HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
      HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
      HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
      HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
      HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
      HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
      HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [121688 2017-09-08] (johnsadventures.com)
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\Run: [Spotify Web Helper] => C:\Users\DGGC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-11] (Spotify Ltd)
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{299CC6A9-0790-4FFB-9B20-C020D78D7C6D}: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{3CF74161-D910-4E70-9757-6AB748DD9449}: [DhcpNameServer] 80.58.61.250 80.58.61.254

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b9be3323&q={searchTerms}
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b9be3323&q={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b9be3323&q={searchTerms}
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b9be3323&q={searchTerms}
      BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20170309144452.dll [2017-03-09] (McAfee, Inc.)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-02] (Oracle Corporation)
      BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20170309144454.dll [2017-03-09] (McAfee, Inc.)
      BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-02] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe

      FireFox:
      ========
      FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
      FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2017-03-09] [Legacy] [not signed]
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-02] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-02] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-2995789703-3386369415-2822681129-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> hxxps://www.google.es/
      CHR StartupUrls: Default -> "hxxps://www.google.es/"
      CHR Profile: C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default [2018-01-02]
      CHR Extension: (Google Drive) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
      CHR Extension: (YouTube) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
      CHR Extension: (Geogebra Clásico) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2017-09-11]
      CHR Extension: (Light Green Theme) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddanbpappolmiebldmnklmmjmgpcocai [2018-01-02]
      CHR Extension: (HP SimplePass) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2017-11-14]
      CHR Extension: (Escritorio Remoto de Chrome) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-07]
      CHR Extension: (Google Keep: notas y listas) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-12-12]
      CHR Extension: (anonymoX) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2017-05-29]
      CHR Extension: (Extensión de Google Keep para Chrome) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-03-10]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
      CHR Extension: (Gmail) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
      CHR Extension: (Chrome Media Router) - C:\Users\DGGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-11]
      CHR HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx

      Opera:
      =======
      OPR Extension: (Lookup Pro) - C:\Users\DGGC\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghdonojphkbfhdccpohfhckojkpfanlg [2018-01-02]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
      R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
      R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [141136 2016-07-29] (McAfee, Inc.)
      R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [56656 2016-07-29] (McAfee, Inc.)
      R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [213840 2016-07-29] (McAfee, Inc.)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [272400 2017-03-09] (McAfee, Inc.)
      R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [218952 2016-09-12] (McAfee, Inc.)
      R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384528 2017-03-09] (McAfee, Inc.)
      R3 mfevtp; C:\Windows\system32\mfevtps.exe [316432 2017-03-09] (McAfee, Inc.)
      R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
      R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
      R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [479288 2017-03-09] (McAfee, Inc.)
      R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [75320 2017-03-09] (McAfee, Inc.)
      R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364600 2017-03-09] (McAfee, Inc.)
      U3 mfeavfk01; no ImagePath
      R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513080 2017-03-09] (McAfee, Inc.)
      R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [877624 2017-03-09] (McAfee, Inc.)
      R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2017-03-09] (McAfee, Inc.)
      S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [125496 2017-03-09] (McAfee, Inc.)
      R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2017-03-09] (McAfee, Inc.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
      U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
      S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-01-02 13:37 - 2018-01-02 13:38 - 000022012 _____ C:\Users\DGGC\Desktop\FRST.txt
      2018-01-02 13:35 - 2018-01-02 13:37 - 000000000 ____D C:\FRST
      2018-01-02 13:28 - 2018-01-02 13:15 - 002393088 _____ (Farbar) C:\Users\DGGC\Desktop\FRST64.exe
      2018-01-02 13:15 - 2018-01-02 13:15 - 002393088 _____ (Farbar) C:\Users\DGGC\Downloads\FRST64.exe
      2018-01-02 12:00 - 2018-01-02 12:00 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
      2018-01-02 12:00 - 2018-01-02 12:00 - 000002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2018-01-02 12:00 - 2018-01-02 12:00 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2018-01-02 11:59 - 2018-01-02 11:59 - 011201632 _____ (Piriform Ltd) C:\Users\DGGC\Downloads\ccsetup538.exe
      2018-01-02 11:43 - 2018-01-02 11:43 - 000000000 ____D C:\Users\DGGC\AppData\Local\ElevatedDiagnostics
      2018-01-02 11:40 - 2018-01-02 11:40 - 008187336 _____ (Malwarebytes) C:\Users\DGGC\Downloads\AdwCleaner.exe
      2018-01-02 10:21 - 2018-01-02 10:21 - 000000000 ____D C:\Users\DGGC\AppData\Local\Adv Net Media
      2018-01-02 09:27 - 2018-01-02 11:48 - 000000000 ____D C:\AdwCleaner
      2018-01-02 09:05 - 2018-01-02 12:00 - 000000000 ____D C:\Program Files\CCleaner
      2018-01-02 09:05 - 2018-01-02 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2018-01-02 09:00 - 2018-01-02 09:00 - 000000000 ____D C:\ProgramData\System Native
      2018-01-02 08:52 - 2018-01-02 08:52 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\Opera Software
      2018-01-02 08:52 - 2018-01-02 08:52 - 000000000 ____D C:\Users\DGGC\AppData\Local\Opera Software
      2018-01-02 08:51 - 2018-01-02 11:23 - 000000000 ____D C:\Program Files\Opera
      2018-01-02 07:55 - 2018-01-02 11:23 - 000000000 ____D C:\Users\DGGC\AppData\Local\Netfixs
      2018-01-02 07:55 - 2018-01-02 07:55 - 000000000 ____D C:\Windows\system32\sstmp
      2018-01-02 07:54 - 2018-01-02 11:23 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\pgbad3c3nah
      2018-01-02 07:54 - 2018-01-02 11:23 - 000000000 ____D C:\Program Files (x86)\Multitimer
      2018-01-02 07:48 - 2018-01-02 11:23 - 000000000 ___HD C:\Windows\system32\GroupPolicy
      2018-01-02 07:41 - 2018-01-02 07:41 - 000003492 _____ C:\Windows\System32\Tasks\Guard
      2018-01-02 07:41 - 2018-01-02 07:41 - 000000000 ____D C:\Program Files (x86)\System Native
      2018-01-02 07:39 - 2018-01-02 07:39 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\System Native
      2017-12-22 08:53 - 2017-12-22 08:56 - 000000000 ____D C:\Users\DGGC\Downloads\JohWilliStaWaThUltiDigiCollec16
      2017-12-21 12:42 - 2017-12-21 12:42 - 000018001 _____ C:\Users\DGGC\Desktop\Sin título 1.odt
      2017-12-21 12:37 - 2017-12-21 12:38 - 245379072 _____ C:\Users\DGGC\Downloads\LibreOffice_5.4.3_Win_x64.msi
      2017-12-18 07:45 - 2017-12-18 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
      2017-12-18 07:45 - 2017-12-18 07:45 - 000000000 ____D C:\Program Files (x86)\qBittorrent
      2017-12-14 14:10 - 2017-12-14 14:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-12-14 13:46 - 2017-12-14 14:18 - 000000012 _____ C:\ProgramData\rwi.ygad
      2017-12-14 13:44 - 2009-09-27 09:39 - 000415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
      2017-12-14 13:44 - 2005-07-14 12:31 - 000032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
      2017-12-14 13:44 - 2004-02-22 10:11 - 000764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
      2017-12-14 13:44 - 2004-01-25 00:00 - 000070656 ___SH (HelixCommunity - The Foundation of Great Multimedia Applications) C:\Windows\SysWOW64\yv12vfw.dll
      2017-12-14 13:44 - 2004-01-25 00:00 - 000070656 ___SH (HelixCommunity - The Foundation of Great Multimedia Applications) C:\Windows\SysWOW64\i420vfw.dll
      2017-12-14 13:43 - 2017-12-14 13:43 - 000714741 _____ (Textify ) C:\Users\DGGC\AppData\Roaming\4cmlhecgxto.exe
      2017-12-14 13:42 - 2017-12-14 13:42 - 003700615 _____ ( ) C:\Users\DGGC\AppData\Roaming\pq0gvunons3.exe
      2017-12-14 13:42 - 2017-12-14 13:42 - 000000000 ____D C:\Users\DGGC\Documents\eRightSoft
      2017-12-14 13:41 - 2018-01-02 13:40 - 000016750 _____ C:\Windows\System32\Tasks\Network Administration
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\k3di1mfvci1
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\hj3bmlhdjtx
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\3kxzgyhl2lw
      2017-12-14 13:41 - 2017-12-14 13:41 - 002585088 _____ C:\Users\DGGC\AppData\Roaming\owjncqvxbwx.exe
      2017-12-14 13:41 - 2017-12-14 13:41 - 000000000 ____D C:\Program Files (x86)\nHSLyOcX7wlo
      2017-12-14 13:41 - 2004-10-10 08:50 - 000278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
      2017-12-14 13:41 - 2004-07-02 16:33 - 000327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
      2017-12-14 13:41 - 2004-04-05 09:31 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
      2017-12-14 13:41 - 2004-04-05 09:31 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
      2017-12-14 13:40 - 2017-12-14 13:59 - 000000000 ____D C:\Program Files (x86)\eRightSoft
      2017-12-14 13:36 - 2017-12-14 13:36 - 000000000 ____D C:\Program Files (x86)\Bigasoft
      2017-12-14 11:43 - 2017-12-14 13:49 - 000000629 _____ C:\Windows\wininit.ini
      2017-12-14 11:31 - 2017-12-14 11:31 - 000000000 ____D C:\Users\DGGC\.fontconfig
      2017-12-14 11:30 - 2017-12-14 11:31 - 000000000 ____D C:\Users\DGGC\AppData\Local\Movavi
      2017-12-14 11:30 - 2017-12-14 11:30 - 000004935 _____ C:\ProgramData\vfiakfjk.zeu
      2017-12-14 11:30 - 2017-12-14 11:30 - 000000000 ____D C:\Users\DGGC\AppData\Local\converter
      2017-12-14 11:30 - 2017-12-14 11:30 - 000000000 ____D C:\ProgramData\Movavi Video Converter 18
      2017-12-14 11:30 - 2017-12-14 11:30 - 000000000 ____D C:\ProgramData\Movavi
      2017-12-13 13:05 - 2017-12-13 13:05 - 000518656 _____ C:\Windows\1b89c5edf3b71a0247467b40d5bf9b33.exe
      2017-12-13 13:05 - 2017-12-13 13:05 - 000051622 _____ C:\Windows\uninstaller.dat
      2017-12-13 12:32 - 2017-12-14 13:49 - 000000000 ___RD C:\Users\DGGC\Documents\MEGA
      2017-12-13 12:31 - 2017-12-14 13:49 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
      2017-12-13 12:31 - 2017-12-13 12:31 - 000000000 ____D C:\Users\DGGC\AppData\Local\Mega Limited
      2017-12-13 07:49 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-12-13 07:49 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-12-13 07:49 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-12-13 07:49 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-12-13 07:49 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-12-13 07:49 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-12-13 07:49 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-12-13 07:49 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-12-13 07:49 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-12-13 07:49 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-12-13 07:49 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-12-13 07:49 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-12-13 07:49 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-12-13 07:49 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-12-13 07:49 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-12-13 07:49 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-12-13 07:49 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-12-13 07:49 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-12-13 07:49 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-12-13 07:49 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-12-13 07:49 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-12-13 07:49 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-12-13 07:49 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-12-13 07:49 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-12-13 07:49 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-12-13 07:49 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-12-13 07:49 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-12-13 07:49 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-12-13 07:49 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-12-13 07:49 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-12-13 07:49 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-12-13 07:49 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-12-13 07:49 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-12-13 07:49 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-12-13 07:49 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-12-13 07:49 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-12-13 07:49 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-12-13 07:49 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-12-13 07:49 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-12-13 07:49 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2017-12-13 07:49 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-12-13 07:49 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-12-13 07:49 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-12-13 07:49 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-12-13 07:49 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-12-13 07:49 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2017-12-13 07:49 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2017-12-13 07:49 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2017-12-13 07:49 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2017-12-13 07:49 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-12-13 07:49 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2017-12-13 07:49 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2017-12-13 07:49 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2017-12-13 07:49 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-12-13 07:49 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2017-12-13 07:49 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2017-12-13 07:49 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2017-12-13 07:49 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2017-12-13 07:49 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2017-12-13 07:49 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-12-13 07:49 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2017-12-13 07:49 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2017-12-13 07:49 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-12-13 07:49 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-12-13 07:49 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-12-13 07:49 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2017-12-13 07:49 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-12-13 07:49 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-12-13 07:49 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-12-13 07:49 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2017-12-13 07:49 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2017-12-13 07:49 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2017-12-13 07:49 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2017-12-13 07:49 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2017-12-13 07:49 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2017-12-13 07:49 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
      2017-12-13 07:49 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
      2017-12-13 07:49 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
      2017-12-13 07:49 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
      2017-12-13 07:49 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
      2017-12-13 07:49 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
      2017-12-13 07:49 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
      2017-12-13 07:49 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
      2017-12-13 07:49 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
      2017-12-13 07:49 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
      2017-12-13 07:49 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
      2017-12-11 13:15 - 2018-01-02 13:37 - 000000000 ____D C:\Quarantine

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-01-02 13:32 - 2017-03-14 07:30 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\qBittorrent
      2018-01-02 13:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
      2018-01-02 13:29 - 2010-11-21 08:08 - 000747970 _____ C:\Windows\system32\perfh00A.dat
      2018-01-02 13:29 - 2010-11-21 08:08 - 000159410 _____ C:\Windows\system32\perfc00A.dat
      2018-01-02 13:29 - 2009-07-14 06:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-01-02 13:20 - 2009-07-14 05:45 - 000032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-01-02 13:20 - 2009-07-14 05:45 - 000032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-01-02 13:16 - 2017-11-24 12:11 - 001177462 _____ C:\Windows\SysWOW64\bit4upki-store.dll.elog.bin
      2018-01-02 11:51 - 2012-01-11 08:53 - 000085304 _____ C:\Users\DGGC\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-01-02 11:49 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-01-02 11:43 - 2017-03-09 14:38 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-01-02 11:35 - 2011-12-07 07:46 - 000000000 ____D C:\Users\DGGC
      2018-01-02 11:23 - 2017-05-04 09:17 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\Spotify
      2018-01-02 11:23 - 2017-05-04 09:17 - 000000000 ____D C:\Users\DGGC\AppData\Local\Spotify
      2018-01-02 11:23 - 2017-03-10 14:10 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
      2018-01-02 11:23 - 2017-03-09 14:37 - 000000000 ____D C:\Program Files (x86)\Google
      2018-01-02 11:23 - 2017-03-09 14:25 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
      2018-01-02 11:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
      2018-01-02 11:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\security
      2018-01-02 11:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
      2018-01-02 11:21 - 2017-03-09 14:38 - 000000000 ____D C:\Users\DGGC\AppData\Local\Google
      2018-01-02 11:21 - 2017-03-09 14:25 - 000000000 ____D C:\Program Files\LibreOffice 5
      2017-12-22 08:40 - 2017-03-15 08:08 - 000000000 ____D C:\Users\DGGC\AppData\Local\JDownloader v2.0
      2017-12-18 10:14 - 2017-03-17 13:53 - 000000008 __RSH C:\Users\DGGC\ntuser.pol
      2017-12-18 10:14 - 2017-03-15 08:08 - 000000008 __RSH C:\ProgramData\ntuser.pol
      2017-12-18 10:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
      2017-12-15 14:00 - 2017-07-25 11:02 - 000000000 ____D C:\Users\DGGC\Downloads\Guns N' Roses - Greatest Hits (2004)
      2017-12-15 14:00 - 2017-03-14 07:30 - 000000000 ____D C:\Users\DGGC\Downloads\Joaquín Sabina – Lo niego todo (2017)(www.DESCARGASMIX.com)
      2017-12-15 08:15 - 2017-03-09 14:21 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\vlc
      2017-12-14 14:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
      2017-12-14 09:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
      2017-12-14 07:26 - 2009-07-14 05:45 - 000358976 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-12-14 07:25 - 2009-07-14 06:08 - 000032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2017-12-14 07:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
      2017-12-14 07:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
      2017-12-13 14:22 - 2017-03-13 14:49 - 000000000 ____D C:\Windows\system32\MRT
      2017-12-13 14:19 - 2017-10-11 13:49 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-12-13 14:19 - 2017-03-13 14:49 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-12-05 07:36 - 2017-09-01 13:39 - 000000000 ____D C:\95b23189e2330aab4087b9d277d3
      2017-12-05 07:25 - 2017-03-09 14:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-04 07:25 - 2017-03-09 14:38 - 000000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job

      ==================== Files in the root of some directories =======

      2017-12-14 13:43 - 2017-12-14 13:43 - 000714741 _____ (Textify ) C:\Users\DGGC\AppData\Roaming\4cmlhecgxto.exe
      2017-12-14 13:41 - 2017-12-14 13:41 - 002585088 _____ () C:\Users\DGGC\AppData\Roaming\owjncqvxbwx.exe
      2017-12-14 13:42 - 2017-12-14 13:42 - 003700615 _____ ( ) C:\Users\DGGC\AppData\Roaming\pq0gvunons3.exe

      Files to move or delete:
      ====================
      C:\Windows\Temp\g3E18.tmp.exe


      Some files in TEMP:
      ====================
      2018-01-02 12:34 - 2018-01-02 12:34 - 000073728 _____ () C:\Users\DGGC\AppData\Local\Temp\cryptoapi4java.dll
      2018-01-02 12:34 - 2018-01-02 12:34 - 000049152 _____ () C:\Users\DGGC\AppData\Local\Temp\nativecall.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2018-01-02 13:13

      ==================== End of FRST.txt ============================

    6. #6
      Usuario Avatar de luverto
      Registrado
      feb 2007
      Ubicación
      DONDEYO
      Mensajes
      26

      Re: Ayuda con ordenador infectado

      y....

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
      Ran by DGGC (02-01-2018 13:41:46)
      Running from C:\Users\DGGC\Desktop
      Windows 7 Professional Service Pack 1 (X64) (2017-03-09 10:01:13)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-2995789703-3386369415-2822681129-500 - Administrator - Disabled)
      DGGC (S-1-5-21-2995789703-3386369415-2822681129-1000 - Administrator - Enabled) => C:\Users\DGGC
      HomeGroupUser$ (S-1-5-21-2995789703-3386369415-2822681129-1002 - Limited - Enabled)
      Invitado (S-1-5-21-2995789703-3386369415-2822681129-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
      Adobe Flash Player 11 ActiveX (HKLM-x32\...\{6BA9BA04-B062-42F4-A852-902229FD4C2A}) (Version: 11.6.602.168 - Adobe Systems Incorporated)
      Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
      Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
      CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
      D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      HP 3D DriveGuard (HKLM\...\{E5D02167-DD50-4E8C-B9F9-992182E08D6B}) (Version: 4.2.9.1 - Hewlett-Packard Company)
      HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
      HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
      IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
      InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
      Instalable módulo criptográfico DNIe (HKLM\...\{BE9DD44B-344E-46AA-A717-76D2C478ACC7}) (Version: 11.1.0 - Cuerpo Nacional de Policía)
      Instalable TC-FNMT (HKLM\...\{2F1D83C7-3F0F-4455-A711-DD163FA527E0}) (Version: 4.0.0 - FNMT-RCM)
      Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
      Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
      Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
      Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
      Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
      JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
      JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
      John's Background Switcher 4.16 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.16 - johnsadventures.com)
      Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      K-Lite Mega Codec Pack 11.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.5 - )
      LibreOffice 5.0.3.2 (HKLM\...\{F6536765-3E8F-4D1E-9833-0A89F4681D79}) (Version: 5.0.3.2 - The Document Foundation)
      Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
      McAfee Agent (HKLM\...\{2B4B02CD-CA9E-4024-9B9B-2EA9950EEC11}) (Version: 5.0.4.283 - McAfee, Inc.)
      McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.08000 - McAfee, Inc.)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.4763.1000 - Microsoft Corporation)
      Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
      Microsoft Office PowerPoint Viewer 2007 (Spanish) (HKLM-x32\...\{95120000-00AF-0C0A-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
      Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850C0A-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
      Paquete de compatibilidad para 2007 Office system (HKLM-x32\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
      PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.0.1 - pdfforge GmbH)
      qBittorrent 4.0.3 (HKLM-x32\...\qBittorrent) (Version: 4.0.3 - The qBittorrent project)
      Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
      Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
      SCR3xxx Smart Card Reader (HKLM-x32\...\{6DA99C69-0799-467E-9496-F37E1E452A4A}) (Version: 8.40 - SCM Microsystems)
      Spotify (HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\Spotify) (Version: 1.0.69.336.g7edcc575 - Spotify AB)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
      TEDI (HKLM-x32\...\{C5DC7045-5D00-46EB-A6B9-33A38F1EF6AC}) (Version: 1.00.0000 - Telecable)
      Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
      ViewRight Web PC 3.6.0.0 (HKLM-x32\...\{27961C9F-1965-48D9-A579-40F8EBEA0603}) (Version: 3.6.0.0 - Verimatrix, Inc.)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
      Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard (03/11/2013 1.0.2.1) (HKLM\...\B52C0A3A839B7EB8677E7EE3DAC12245F751A578) (Version: 03/11/2013 1.0.2.1 - Dirección General de la Policía)
      Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\ChromeHTML: -> <==== ATTENTION
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
      ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
      ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2016-09-12] (McAfee, Inc.)
      ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
      ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2016-09-12] (McAfee, Inc.)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-31] (Intel Corporation)
      ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
      ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
      ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
      ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2016-09-12] (McAfee, Inc.)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0A36FC90-251A-405F-ABE4-F72F61D24CC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
      Task: {178BAFC9-0D67-4672-BC02-355B2FFDC140} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
      Task: {6CE478D4-571B-4069-A06D-87FCC09203A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {A75142C0-067B-47E7-9469-E7D388A3B503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
      Task: {B7608846-7A2A-4E03-90AA-A202127FF352} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
      Task: {BD578D1D-9814-46BE-8005-776A2A9AE2B3} - System32\Tasks\Microsoft\Windows\Application Experience\Threat Base Loader => C:\Users\DGGC\AppData\Roaming\\threatdatabase\\tdget.exe
      Task: {F10FB84F-D94C-456E-96B9-EEA4630EB35B} - System32\Tasks\Network Administration => C:\Windows\system32\rundll32.exe "C:\Program Files\Network Administration\Network Administration.dll",CkCIZfuEIzI <==== ATTENTION
      Task: {FE06C6E2-BE4A-4DAA-9064-95962F80D458} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-03-09] (Adobe Systems Incorporated)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ShortcutWithArgument: C:\Users\DGGC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
      ShortcutWithArgument: C:\Users\DGGC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Keep_ notas y listas.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
      ShortcutWithArgument: C:\Users\DGGC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

      ==================== Loaded Modules (Whitelisted) ==============

      2017-12-14 13:41 - 2015-06-01 22:58 - 002464768 _____ () C:\Program Files\Network Administration\Network Administration.dll
      2016-07-29 11:10 - 2016-07-29 11:10 - 000546640 _____ () C:\Program Files\McAfee\Agent\sqlite.dll
      2016-07-29 11:10 - 2016-07-29 11:10 - 000020816 _____ () C:\Program Files\McAfee\Agent\trex.dll
      2016-07-29 10:56 - 2016-07-29 10:56 - 000144208 _____ () C:\Program Files\McAfee\Agent\libuv.dll
      2016-07-29 11:10 - 2016-07-29 11:10 - 000051024 _____ () C:\Program Files\McAfee\Agent\MXML.dll
      2016-07-29 11:11 - 2016-07-29 11:11 - 000112976 _____ () C:\Program Files\McAfee\Agent\zlib.dll
      2016-07-29 10:55 - 2016-07-29 10:55 - 000026448 _____ () C:\Program Files\McAfee\Agent\libini.dll
      2010-07-15 05:44 - 2010-07-15 05:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
      2015-11-27 12:24 - 2013-10-31 13:24 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
      2016-03-23 15:35 - 2016-03-23 15:35 - 000299008 _____ () C:\Windows\SysWOW64\b4notify.exe
      2018-01-02 11:43 - 2017-12-14 03:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
      2018-01-02 11:43 - 2017-12-14 03:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
      2016-07-29 11:10 - 2016-07-29 11:10 - 000423248 _____ () C:\Program Files\McAfee\Agent\x86\sqlite.dll
      2016-07-29 11:10 - 2016-07-29 11:10 - 000019792 _____ () C:\Program Files\McAfee\Agent\x86\trex.dll
      2016-07-29 10:56 - 2016-07-29 10:56 - 000132944 _____ () C:\Program Files\McAfee\Agent\x86\libuv.dll
      2016-07-29 11:09 - 2016-07-29 11:09 - 000041296 _____ () C:\Program Files\McAfee\Agent\x86\MXML.dll
      2016-07-29 10:55 - 2016-07-29 10:55 - 000021840 _____ () C:\Program Files\McAfee\Agent\x86\libini.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\fnmt.es -> hxxps://fnmt.es
      IE trusted site: HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\fnmt.es -> hxxp://fnmt.es
      IE trusted site: HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\fnmt.gob.es -> hxxp://fnmt.gob.es
      IE trusted site: HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\fnmt.gob.es -> hxxps://fnmt.gob.es
      IE trusted site: HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\intranet.gc -> *.auditor.intranet.gc
      IE trusted site: HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\justicia.es -> hxxps://lexnet.justicia.es

      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-14 03:34 - 2017-12-14 14:14 - 000013238 _____ C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 cpm.paneladmin.pro
      127.0.0.1 publisher.hmdiadmingate.xyz
      127.0.0.1 hmdicrewtracksystem.xyz
      127.0.0.1 mydownloaddomain.com
      127.0.0.1 linkmate.space
      127.0.0.1 space1.adminpressure.space
      127.0.0.1 trackpressure.website
      127.0.0.1 doctorlink.space
      127.0.0.1 plugpackdownload.net
      127.0.0.1 texttotalk.org
      127.0.0.1 gambling577.xyz
      127.0.0.1 htagdownload.space
      127.0.0.1 mybcnmonetize.com
      127.0.0.1 360devtraking.website
      127.0.0.1 dscdn.pw
      127.0.0.1 bcnmonetize.go2affise.com
      127.0.0.1 beautifllink.xyz
      127.0.0.1 GAR1204923.garrigues.com # LMS GENERATED LINE
      127.0.0.1 gf.tools.avast.com
      127.0.0.1 pair.ff.avast.com
      127.0.0.1 ipm-provider.ff.avast.com
      127.0.0.1 ipm-provider.ff.avast.com
      127.0.0.1 ipm-provider.ff.avast.com
      127.0.0.1 id.avast.com
      127.0.0.1 v4618535.iavs9x.u.avast.com
      127.0.0.1 v4618535.ivps9x.u.avast.com
      127.0.0.1 v4618535.ivps9tiny.u.avast.com
      127.0.0.1 v4618535.vpsnitro.u.avast.com
      127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
      127.0.0.1 v4618535.iavs5x.u.avast.com

      There are 350 more lines.


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DGGC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 80.58.61.250 - 80.58.61.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [{DE504962-0EC8-4633-B39D-18D04DB2717C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{2FF4080A-C71A-4E4D-B74C-0A00B3829B82}] => (Allow) LPort=2869
      FirewallRules: [{D552BABB-0C4A-4F45-A33E-82B85DCC705F}] => (Allow) LPort=1900
      FirewallRules: [{D55C39A0-104E-4055-85C0-07442F49488D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
      FirewallRules: [{1E9C0BC0-140A-4176-8AD8-B6E723267AE5}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
      FirewallRules: [{7F810EDE-C04F-4DB6-887E-A985A0F48355}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
      FirewallRules: [{20436494-9115-43EB-9DCC-09DB280DAFE3}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
      FirewallRules: [{F1C78FF3-E998-45D1-A780-572EB07A0D3A}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
      FirewallRules: [{0B243B06-85DF-42A1-8421-7E3DA157A252}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
      FirewallRules: [TCP Query User{1DAB5FC1-AD43-4483-BD36-B08664E44392}C:\users\dggc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dggc\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{742D4433-9F91-4919-8EFA-0137797C7A90}C:\users\dggc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dggc\appdata\roaming\spotify\spotify.exe
      FirewallRules: [TCP Query User{3FCDE99C-B62F-4A93-970C-F13D40E1A9E8}C:\users\dggc\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dggc\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{2F6C508E-A08C-47DE-879E-60122487FD5C}C:\users\dggc\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dggc\appdata\roaming\spotify\spotify.exe
      FirewallRules: [{846C4D1D-E731-4246-B309-D11EADAF06AA}] => (Allow) C:\Windows\system32\rundll32.exe
      FirewallRules: [{11EC0641-5D04-484D-B4BA-2F3EB5A9BA56}] => (Allow) C:\Windows\System32\rundll32.exe
      FirewallRules: [{E0FA9E3B-645A-4F3D-82CE-98F28759384E}] => (Allow) C:\Windows\System32\rundll32.exe
      FirewallRules: [{FB2F9203-7567-44D5-AAC3-4901F0BC1E0D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      FirewallRules: [{A2364646-FBED-40A6-A6CB-57CAAE381CA7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      FirewallRules: [{913EDB01-2431-41C5-B1CB-9951F509661B}] => (Allow) C:\Windows\System32\rundll32.exe
      FirewallRules: [{DAE886B5-AF96-4871-9147-8DBE43ABFA3E}] => (Allow) C:\Windows\System32\rundll32.exe
      FirewallRules: [{AFE0ECAF-1A96-4F5C-BCBA-95E89650FFA9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      22-12-2017 08:44:33 Installed LibreOffice 5.4.3.2

      ==================== Faulty Device Manager Devices =============

      Name:
      Description:
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Teredo Tunneling Pseudo-Interface
      Description: Adaptador de tunelización Teredo de Microsoft
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Microsoft
      Service: tunnel
      Problem: : This device cannot start. (Code10)
      Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
      On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (01/02/2018 11:50:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/02/2018 11:36:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/02/2018 11:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/02/2018 10:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: svchost.exe_WPDBusEnum, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc3c1
      Nombre del módulo con errores: wpdbusenum.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x4ce7caa8
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000007fef9b8326b
      Id. del proceso con errores: 0xb68
      Hora de inicio de la aplicación con errores: 0x01d383af8e304b34
      Ruta de acceso de la aplicación con errores: C:\Windows\System32\svchost.exe
      Ruta de acceso del módulo con errores: wpdbusenum.dll
      Id. del informe: 7fc8c96a-efa3-11e7-88f9-402cf46d6caa

      Error: (01/02/2018 10:53:35 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: svchost.exe_WPDBusEnum, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc3c1
      Nombre del módulo con errores: wpdbusenum.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x4ce7caa8
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000007fefa1118ba
      Id. del proceso con errores: 0x1908
      Hora de inicio de la aplicación con errores: 0x01d383af45d436a0
      Ruta de acceso de la aplicación con errores: C:\Windows\System32\svchost.exe
      Ruta de acceso del módulo con errores: wpdbusenum.dll
      Id. del informe: cbaf9bef-efa2-11e7-88f9-402cf46d6caa

      Error: (01/02/2018 10:48:59 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: svchost.exe_WPDBusEnum, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc3c1
      Nombre del módulo con errores: wpdbusenum.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x4ce7caa8
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000007fefad7326b
      Id. del proceso con errores: 0x24c
      Hora de inicio de la aplicación con errores: 0x01d383aab4bc43a9
      Ruta de acceso de la aplicación con errores: C:\Windows\System32\svchost.exe
      Ruta de acceso del módulo con errores: wpdbusenum.dll
      Id. del informe: 277de969-efa2-11e7-88f9-402cf46d6caa

      Error: (01/02/2018 10:28:23 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1284, marca de tiempo: 0x5a15ab42
      Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x59a63e00
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x001aa3b6
      Id. del proceso con errores: 0x19f0
      Hora de inicio de la aplicación con errores: 0x01d383ab99418664
      Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
      Id. del informe: 46c2b672-ef9f-11e7-88f9-402cf46d6caa

      Error: (01/02/2018 10:22:16 AM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\DGGC\AppData\Roaming\HexaDesK\HexaDesK.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/02/2018 10:22:16 AM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\DGGC\AppData\Roaming\HexaDesK\HexaDesK.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/02/2018 10:22:16 AM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\DGGC\AppData\Roaming\HexaDesK\HexaDesK.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


      System errors:
      =============
      Error: (01/02/2018 01:16:11 PM) (Source: SCardSvr) (EventID: 610) (User: )
      Description: El lector de tarjeta inteligente 'Generic Smart Card Reader Interface 0' rechazó el IOCTL GET_STATE: La operación de E/S se anuló por una salida de subproceso o por una solicitud de aplicación.. Si el error continúa, es posible que la tarjeta inteligente o el lector no funcionen correctamente.

      Encabezado de comando: XX XX XX XX

      Error: (01/02/2018 12:25:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 20.

      Error: (01/02/2018 12:24:11 PM) (Source: WudfUsbccidDriver) (EventID: 1) (User: NT AUTHORITY)
      Description: Event-ID 1

      Error: (01/02/2018 12:24:11 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
      Description: Event-ID 11

      Error: (01/02/2018 11:59:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 40.

      Error: (01/02/2018 11:59:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (01/02/2018 11:52:55 AM) (Source: BROWSER) (EventID: 8032) (User: )
      Description: El servicio Examinador no puede recuperar la lista de copias de seguridad un número excesivo de veces en el transporte \Device\NetBT_Tcpip_{3CF74161-D910-4E70-9757-6AB748DD9449}.
      El examinador auxiliar está detenido.

      Error: (01/02/2018 11:48:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (01/02/2018 11:48:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (01/02/2018 11:47:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.


      CodeIntegrity:
      ===================================
      Date: 2018-01-02 13:34:53.459
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 13:31:42.342
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 13:31:39.487
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 13:25:00.011
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 13:15:24.193
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 12:47:59.499
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 12:44:15.508
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 12:44:15.351
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 12:41:22.387
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-01-02 12:41:22.215
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
      Percentage of memory in use: 25%
      Total physical RAM: 8102.36 MB
      Available physical RAM: 6044.39 MB
      Total Virtual: 16202.9 MB
      Available Virtual: 13894.71 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:148.95 GB) (Free:74.46 GB) NTFS
      Drive e: (Elements) (Fixed) (Total:931.48 GB) (Free:750.32 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5D90FCBE)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 06D19DA1)
      Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    7. #7
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      9.018

      Re: Ayuda con ordenador infectado

      Una vez que termines el paso indicado haz un análisis con Malwarebytes en modo personalizado y pega el reporte.


      En el equipo con los demas programas cerrados:
      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      () C:\Windows\Temp\g3E19.tmp.exe
      KLM-x32\...\Run: [bit4id csp store register (M)] => "C:\Windows\SysWOW64\RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RunImportServer
      HKLM\...\RunOnce: [D31_CZC204B54S] => C:\Windows\Temp\g3E18.tmp.exe [207360 2018-01-02] () <==== ATTENTION
      HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
      HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
      HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
      HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
      HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
      HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
      HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
      HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
      HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
      HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
      HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
      HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
      HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
      HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
      HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
      HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
      HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [121688 2017-09-08] (johnsadventures.com)
      FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2017-03-09] [Legacy] [not signed]
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      2017-12-14 13:42 - 2017-12-14 13:42 - 003700615 _____ ( ) C:\Users\DGGC\AppData\Roaming\pq0gvunons3.exe
      017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\k3di1mfvci1
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\hj3bmlhdjtx
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\3kxzgyhl2lw
      2017-12-14 13:41 - 2017-12-14 13:41 - 002585088 _____ C:\Users\DGGC\AppData\Roaming\owjncqvxbwx.exe
      2017-12-14 13:41 - 2017-12-14 13:41 - 000000000 ____D C:\Program Files (x86)\nHSLyOcX7wlo
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\ChromeHTML: -> <==== ATTENTION
      Task: {BD578D1D-9814-46BE-8005-776A2A9AE2B3} - System32\Tasks\Microsoft\Windows\Application Experience\Threat Base Loader => C:\Users\DGGC\AppData\Roaming\\threatdatabase\\tdget.exe
      C:\Windows\system32\rundll32.exe "C:\Program Files\Network Administration\Network Administration.dll",CkCIZfuEIzI <==== ATTENTION
      
      
      
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /alluser CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END

      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.


      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de luverto
      Registrado
      feb 2007
      Ubicación
      DONDEYO
      Mensajes
      26

      Re: Ayuda con ordenador infectado

      Perdón por el retraso. He intentado pasar el Malwarebytes, pero el ordenador no me lo deja ejecutar. Me lo bloquea el control de cuentas de usuario de Windows y aunque he bajado la protección al mínimo, no consigo hacerlo correr.

      Copio el reporte del FRST.exe

      Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
      Ran by DGGC (02-01-2018 14:14:13) Run:1
      Running from C:\Users\DGGC\Desktop
      Loaded Profiles: DGGC (Available Profiles: DGGC)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      tart
      CreateRestorePoint:
      CloseProcesses:
      () C:\Windows\Temp\g3E19.tmp.exe
      KLM-x32\...\Run: [bit4id csp store register (M)] => "C:\Windows\SysWOW64\RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RunImportServer
      HKLM\...\RunOnce: [D31_CZC204B54S] => C:\Windows\Temp\g3E18.tmp.exe [207360 2018-01-02] () <==== ATTENTION
      HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
      HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
      HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
      HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
      HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
      HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
      HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
      HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
      HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
      HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
      HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
      HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
      HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
      HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
      HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
      HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
      HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
      HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
      HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
      HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
      HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
      HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
      HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
      HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [121688 2017-09-08] (johnsadventures.com)
      FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2017-03-09] [Legacy] [not signed]
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      2017-12-14 13:42 - 2017-12-14 13:42 - 003700615 _____ ( ) C:\Users\DGGC\AppData\Roaming\pq0gvunons3.exe
      017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\k3di1mfvci1
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\hj3bmlhdjtx
      2017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\3kxzgyhl2lw
      2017-12-14 13:41 - 2017-12-14 13:41 - 002585088 _____ C:\Users\DGGC\AppData\Roaming\owjncqvxbwx.exe
      2017-12-14 13:41 - 2017-12-14 13:41 - 000000000 ____D C:\Program Files (x86)\nHSLyOcX7wlo
      HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\...\ChromeHTML: -> <==== ATTENTION
      Task: {BD578D1D-9814-46BE-8005-776A2A9AE2B3} - System32\Tasks\Microsoft\Windows\Application Experience\Threat Base Loader => C:\Users\DGGC\AppData\Roaming\\threatdatabase\\tdget.exe
      C:\Windows\system32\rundll32.exe "C:\Program Files\Network Administration\Network Administration.dll",CkCIZfuEIzI <==== ATTENTION



      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /alluser CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END
      *****************

      tart => Error: No automatic fix found for this entry.
      Restore point was successfully created.
      Processes closed successfully.
      C:\Windows\Temp\g3E19.tmp.exe => No running process found
      KLM-x32\...\Run: [bit4id csp store register (M)] => "C:\Windows\SysWOW64\RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RunImportServer => Error: No automatic fix found for this entry.
      "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\D31_CZC204B54S" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A" => removed successfully
      "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138" => removed successfully
      "HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundSwitcher" => removed successfully

      "C:\Program Files (x86)\Common Files\McAfee\SystemCore" folder move:

      Could not move "C:\Program Files (x86)\Common Files\McAfee\SystemCore" => Scheduled to move on reboot.

      "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
      C:\Users\DGGC\AppData\Roaming\pq0gvunons3.exe => moved successfully
      017-12-14 13:41 - 2017-12-14 14:27 - 000000000 ____D C:\Users\DGGC\AppData\Roaming\k3di1mfvci1 => Error: No automatic fix found for this entry.
      C:\Users\DGGC\AppData\Roaming\hj3bmlhdjtx => moved successfully
      C:\Users\DGGC\AppData\Roaming\3kxzgyhl2lw => moved successfully
      C:\Users\DGGC\AppData\Roaming\owjncqvxbwx.exe => moved successfully
      C:\Program Files (x86)\nHSLyOcX7wlo => moved successfully
      "HKU\S-1-5-21-2995789703-3386369415-2822681129-1000_Classes\ChromeHTML" => removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD578D1D-9814-46BE-8005-776A2A9AE2B3} => could not remove key. ErrorCode1: 0x00000002
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD578D1D-9814-46BE-8005-776A2A9AE2B3}" => removed successfully
      C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Threat Base Loader => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Threat Base Loader" => removed successfully
      "C:\Windows\system32\rundll32.exe C:\Program Files\Network Administration\Network Administration.dll",CkCIZfuEIzI <==== ATTENTION" => not found
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
      "HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\S-1-5-21-2995789703-3386369415-2822681129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::444d:c010:d9f5:b107%14
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.137
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de Ethernet Conexi¢n de red Bluetooth:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{299CC6A9-0790-4FFB-9B20-C020D78D7C6D}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{3CF74161-D910-4E70-9757-6AB748DD9449}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{0E7B5BD4-A00A-4AA2-BD4C-D54A0CA0667C}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /alluser CMD: netsh advfirewall reset =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unknown option '/alluser'.

      ========= End of CMD: =========


      ========= netsh advfirewall set allprofiles state ON =========

      Aceptar


      ========= End of CMD: =========


      ========= netsh int ipv4 reset =========

      Global se restableci¢ correctamente.
      Interfaz se restableci¢ correctamente.
      Reinicie el equipo para completar esta acci¢n.


      ========= End of CMD: =========


      ========= netsh int ipv6 reset =========

      Interfaz se restableci¢ correctamente.
      Reinicie el equipo para completar esta acci¢n.


      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3149194 B
      Java, Flash, Steam htmlcache => 492 B
      Windows/system/drivers => 7236963 B
      Edge => 0 B
      Chrome => 63516007 B
      Firefox => 0 B
      Opera => 211276 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 424499 B
      systemprofile32 => 128 B
      LocalService => 0 B
      NetworkService => 0 B
      DGGC => 7639049 B

      RecycleBin => 389953212 B
      EmptyTemp: => 458.3 MB temporary data Removed.

      ================================

      Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-01-2018 14:20:00)

      C:\Program Files (x86)\Common Files\McAfee\SystemCore => Could not move

      ==== End of Fixlog 14:20:08 ====

    9. #9
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      9.018

      Re: Ayuda con ordenador infectado

      Descarga en el escritorio >> IFS (InfoSpyware First Steps).

      • Cierra todos los programas que tengas abiertos ( Internet explorer, mozilla,ares, emule, incluso al lado del reloj, excepto el del antivirus)
      • Ejecuta IFS.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Analizar, y espera a que se realice el proceso.
      • Al terminar se abrirá un informe, que debes copiar y pegar(entero) en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\IFS.log"


      Y luego


      Descarga Windows Repair all in one. , hazlo con la versión portable suele estar la ultima de todas pulsa en el botón donde veas que pone "Direct Download".

      Es un fichero ZIP con este nombre "tweaking.com_windows_repair_aio.zip", lo descomprimes y ejecutas desde la carpeta que se habrá generado.

      Haces doble clic sobre el archivo Repair_Windows.exe.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      Veras la pantalla inicial del programa y pulsas en :

      1.- Start Repairs.
      2.- Start.
      3.- Al salir la pregunta de "Crear un punto de Restauración" pulsas en "Si".

      Veras otra pantalla mientras se realiza el proceso de copia/backup del registro de windows.

      Inmediatamente aparecerá esta nueva ventana, donde sigues pulsando en :


      4.- Select All.
      5.- Start.





      El proceso ira realizando todos los pasos establecidos y cuando termine ya Reinicias Tu el equipo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de luverto
      Registrado
      feb 2007
      Ubicación
      DONDEYO
      Mensajes
      26

      Re: Ayuda con ordenador infectado

      Bufff....
      Cuando intento descargar el programa IFS de vuestra pagina... me sale una pestaña de 404 pagina no encontrada....

      Estoy pasando el programa de reparación de Windows. Cuando acabe te digo


    Página 1 de 2 12 ÚltimoÚltimo