• Registrarse
  • Iniciar sesión


  • Página 2 de 2 PrimeroPrimero 12
    Resultados 11 al 13 de 13

    Keylogger

    ...

    1. #11
      Usuario Avatar de WarningL
      Registrado
      feb 2018
      Ubicación
      Colombia
      Mensajes
      10

      Re: Keylogger

      2018-02-21 18:30 - 2018-02-21 18:30 - 000026157 _____ C:\Windows\system32\nvinfo.pb
      2018-02-21 18:28 - 2018-02-21 18:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
      2018-02-21 18:28 - 2018-02-21 18:28 - 001515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
      2018-02-21 18:28 - 2018-02-21 18:28 - 000197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
      2018-02-21 18:28 - 2018-02-21 18:28 - 000031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
      2018-02-21 18:25 - 2018-02-21 18:25 - 000302464 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1e6232e.sys
      2018-02-21 18:25 - 2018-02-21 18:25 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-02-21 18:25 - 2018-02-21 18:25 - 000101216 _____ (Intel Corporation) C:\Windows\system32\NicInE6.dll
      2018-02-21 18:25 - 2018-02-21 18:25 - 000036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-02-21 18:25 - 2018-02-21 18:25 - 000002716 _____ C:\Windows\system32\e1e6232e.din
      2018-02-21 18:25 - 2018-02-21 18:25 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-02-21 18:25 - 2018-02-21 18:25 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
      2018-02-21 18:25 - 2012-07-25 23:55 - 000054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-02-21 18:25 - 2012-07-25 21:36 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-02-21 18:25 - 2012-06-02 09:35 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-02-21 18:24 - 2018-02-21 18:24 - 001804688 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
      2018-02-21 18:24 - 2018-02-21 18:24 - 000051808 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
      2018-02-21 18:24 - 2018-02-21 18:24 - 000000000 ____D C:\Program Files\Synaptics
      2018-02-21 18:00 - 2018-02-21 18:34 - 000000000 ____D C:\ProgramData\ProductData
      2018-02-21 18:00 - 2018-02-21 18:00 - 000000000 ____D C:\Windows\IObit
      2018-02-21 17:59 - 2018-02-21 18:10 - 000000000 ____D C:\ProgramData\IObit
      2018-02-21 17:59 - 2018-02-21 18:00 - 000000000 ____D C:\Users\Harold\AppData\Roaming\IObit
      2018-02-21 17:59 - 2018-02-21 18:00 - 000000000 ____D C:\Users\Harold\AppData\LocalLow\IObit
      2018-02-21 17:59 - 2018-02-21 17:59 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
      2018-02-21 17:59 - 2018-02-21 17:59 - 000000000 ____D C:\Program Files (x86)\IObit
      2018-02-21 17:58 - 2018-02-21 17:58 - 000000000 ____D C:\Users\Harold\AppData\Roaming\Google
      2018-02-21 17:56 - 2018-02-22 10:12 - 000000430 __RSH C:\ProgramData\ntuser.pol
      2018-02-21 17:52 - 2018-02-21 19:30 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-02-21 17:51 - 2018-02-21 20:04 - 000003564 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-02-21 17:51 - 2018-02-21 20:04 - 000003436 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-02-21 17:51 - 2018-02-21 19:46 - 000000000 ____D C:\Users\Harold\AppData\Local\Google
      2018-02-21 17:51 - 2018-02-21 17:52 - 000000000 ____D C:\Program Files (x86)\Google
      2018-02-21 17:50 - 2018-02-21 17:51 - 000000000 ____D C:\Users\Harold\AppData\Local\Deployment
      2018-02-21 17:50 - 2018-02-21 17:50 - 000000000 ____D C:\Users\Harold\AppData\Local\Apps\2.0
      2018-02-21 17:49 - 2018-02-21 17:49 - 000001427 _____ C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-02-21 17:49 - 2018-02-21 17:49 - 000001393 _____ C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      2018-02-21 17:48 - 2018-02-21 17:49 - 000000000 ____D C:\Users\Harold
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000020 ___SH C:\Users\Harold\ntuser.ini
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Public\Documents\Mis vídeos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Public\Documents\Mis imágenes
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Public\Documents\Mi música
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Reciente
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Plantillas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Mis documentos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Menú Inicio
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Impresoras
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Entorno de red
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Documents\Mis vídeos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Documents\Mis imágenes
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Documents\Mi música
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Datos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\Configuración local
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\AppData\Local\Historial
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\AppData\Local\Datos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Harold\AppData\Local\Archivos temporales de Internet
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Reciente
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Plantillas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Mis documentos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Menú Inicio
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Impresoras
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Entorno de red
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Documents\Mis vídeos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Documents\Mis imágenes
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Documents\Mi música
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Datos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\Configuración local
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historial
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\Documents\Mi música
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historial
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Plantillas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Menú Inicio
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Favoritos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Escritorio
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Documentos
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\ProgramData\Datos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Program Files\Archivos comunes
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 _SHDL C:\Archivos de programa
      2018-02-21 17:48 - 2018-02-21 17:48 - 000000000 ____D C:\Users\Harold\AppData\Local\VirtualStore
      2018-02-21 17:48 - 2009-07-14 05:10 - 000000000 ____D C:\Users\Harold\AppData\Roaming\Media Center Programs
      2018-02-21 17:45 - 2018-02-21 17:45 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-02-21 17:45 - 2018-02-21 17:45 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-02-21 17:44 - 2018-02-21 17:44 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      2018-02-21 11:41 - 2018-02-22 16:16 - 000000000 ____D C:\Windows\Panther

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-03-03 15:49 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-03-03 15:49 - 2009-07-13 23:45 - 000009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-03-03 15:49 - 2009-07-13 23:45 - 000009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-03-03 15:03 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
      2018-03-02 13:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
      2018-02-27 10:25 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
      2018-02-26 19:54 - 2009-07-14 00:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
      2018-02-26 18:55 - 2009-07-13 18:55 - 000332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
      2018-02-26 18:55 - 2009-07-13 18:54 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
      2018-02-23 16:49 - 2009-07-14 04:31 - 000746992 _____ C:\Windows\system32\perfh00A.dat
      2018-02-23 16:49 - 2009-07-14 04:31 - 000158464 _____ C:\Windows\system32\perfc00A.dat
      2018-02-23 16:49 - 2009-07-14 00:13 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-02-22 11:48 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Defender
      2018-02-22 11:48 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Defender
      2018-02-22 11:48 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-02-22 11:48 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\System
      2018-02-21 19:26 - 2009-07-14 05:11 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
      2018-02-21 19:26 - 2009-07-14 05:11 - 000000000 ____D C:\Program Files\Windows Journal
      2018-02-21 19:26 - 2009-07-14 04:30 - 000000000 ____D C:\Windows\SysWOW64\es
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Portable Devices
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\DVD Maker
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
      2018-02-21 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\oobe
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\migwiz
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\manifeststore
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\oobe
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\migwiz
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\manifeststore
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Dism
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
      2018-02-21 19:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\servicing
      2018-02-21 19:23 - 2009-07-13 21:36 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
      2018-02-21 19:23 - 2009-07-13 21:36 - 000152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
      2018-02-21 18:38 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-02-21 18:31 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
      2018-02-21 17:55 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
      2018-02-21 17:48 - 2009-07-13 22:20 - 000000000 __RHD C:\Users\Public\Libraries
      2018-02-21 17:48 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Windows NT
      2018-02-21 17:45 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-02-21 17:45 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\sysprep
      2018-02-21 17:42 - 2009-07-14 05:11 - 000000000 ____D C:\Windows\CSC
      2018-02-21 11:41 - 2009-07-14 00:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template

      Some files in TEMP:
      ====================
      2018-03-03 14:38 - 2018-03-03 14:38 - 000086861 _____ () C:\Users\Harold\AppData\Local\Temp\JNativeHook-7425755024135007375.x86_64.dll
      2018-03-03 14:26 - 2018-03-03 14:26 - 000086861 _____ () C:\Users\Harold\AppData\Local\Temp\JNativeHook-D32E6B1128407A7E59EFF481C8643A116AA2F56A.x86_64.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2018-02-27 10:16

      ==================== End of FRST.txt ============================

    2. #12
      Usuario Avatar de WarningL
      Registrado
      feb 2018
      Ubicación
      Colombia
      Mensajes
      10

      Re: Keylogger

      Addition.txt


      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
      Ran by Harold (03-03-2018 15:54:38)
      Running from C:\Users\Harold\Desktop
      Windows 7 Ultimate Service Pack 1 (X64) (2018-02-21 22:48:35)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-2475033051-4002293849-922967691-500 - Administrator - Disabled)
      Harold (S-1-5-21-2475033051-4002293849-922967691-1001 - Administrator - Enabled) => C:\Users\Harold
      HomeGroupUser$ (S-1-5-21-2475033051-4002293849-922967691-1002 - Limited - Enabled)
      Invitado (S-1-5-21-2475033051-4002293849-922967691-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
      Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)
      Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
      JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
      JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
      Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
      MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
      NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
      Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
      Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
      WhatsApp (HKU\S-1-5-21-2475033051-4002293849-922967691-1001\...\WhatsApp) (Version: 0.2.8361 - WhatsApp)
      WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0AB54BCE-F1A3-4080-B3F6-A04E646B31A3} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
      Task: {2DC5AF4B-DCF6-4118-A78A-6ECBD4F46B77} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
      Task: {7B79E5FD-9832-4BD5-B7C2-70FE84D39258} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-21] (Google Inc.)
      Task: {A6B435D4-21F8-41CD-9A71-9B9A95E083F8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-12-15] ()
      Task: {DA4497E0-ECA4-407A-83E5-1E75801DF919} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-21] (Google Inc.)
      Task: {FA625554-2F91-4B29-B3DE-85D40E171B86} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============


      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-2475033051-4002293849-922967691-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\Services: WSearch => 2
      MSCONFIG\Services: wuauserv => 3

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{4BE45449-76F7-46B4-A95B-ED2E73EBA33D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{E2C51F31-A7A4-4B56-9116-83D712126739}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
      FirewallRules: [UDP Query User{93680022-3B6E-4C2E-BE62-9C0F71DB2507}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

      ==================== Restore Points =========================

      22-02-2018 10:53:08 Windows Update
      22-02-2018 10:54:21 Windows Update
      22-02-2018 10:56:17 Windows Update
      22-02-2018 10:56:59 Windows Update
      22-02-2018 10:58:18 Windows Update
      22-02-2018 11:00:14 Windows Update
      22-02-2018 11:01:23 Windows Update
      22-02-2018 11:02:25 Windows Update
      22-02-2018 11:05:29 Windows Update
      22-02-2018 11:08:03 Windows Update
      22-02-2018 11:09:10 Windows Update
      22-02-2018 1135 Windows Update
      22-02-2018 11:15:35 Windows Update
      22-02-2018 11:16:49 Windows Update
      22-02-2018 11:18:08 Windows Update
      22-02-2018 11:20:03 Windows Update
      22-02-2018 11:21:10 Windows Update
      22-02-2018 11:26:12 Windows Update
      22-02-2018 11:27:09 Windows Update
      22-02-2018 11:28:42 Windows Update
      22-02-2018 11:30:06 Windows Update
      22-02-2018 11:31:21 Windows Update
      22-02-2018 11:32:28 Windows Update
      22-02-2018 11:33:47 Windows Update
      22-02-2018 11:34:58 Windows Update
      22-02-2018 11:40:36 Windows Update
      22-02-2018 11:41:52 Windows Update
      22-02-2018 11:44:02 Windows Update
      22-02-2018 11:46:11 Windows Update
      22-02-2018 12:53:33 Installed Minecraft

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (03/03/2018 02:37:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa javaw.exe, versión 8.0.25.18, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: 4a8

      Hora de inicio: 01d3b32700e61b78

      Hora de finalización: 51

      Ruta de acceso de la aplicación: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

      Identificador de informe: 4cc82feb-1f1a-11e8-846e-001d09953d81

      Error: (02/26/2018 02:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: nvcplui.exe, versión: 7.8.840.0, marca de tiempo: 0x58299858
      Nombre del módulo con errores: NVCPL.DLL, versión: 8.17.13.4201, marca de tiempo: 0x58298d87
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000000000005d813
      Id. del proceso con errores: 0x298
      Hora de inicio de la aplicación con errores: 0x01d3af34a18a59dd
      Ruta de acceso de la aplicación con errores: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
      Ruta de acceso del módulo con errores: C:\Windows\system32\NVCPL.DLL
      Id. del informe: df3f31e5-1b27-11e8-ba60-001d09953d81

      Error: (02/26/2018 02:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: nvcplui.exe, versión: 7.8.840.0, marca de tiempo: 0x58299858
      Nombre del módulo con errores: NVCPL.DLL, versión: 8.17.13.4201, marca de tiempo: 0x58298d87
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000000000005d813
      Id. del proceso con errores: 0x938
      Hora de inicio de la aplicación con errores: 0x01d3af349b45f33f
      Ruta de acceso de la aplicación con errores: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
      Ruta de acceso del módulo con errores: C:\Windows\system32\NVCPL.DLL
      Id. del informe: da15dc5c-1b27-11e8-ba60-001d09953d81

      Error: (02/22/2018 12:53:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
      Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

      Details:
      AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV.

      System Error:
      El sistema no puede encontrar el archivo especificado.
      .

      Error: (02/22/2018 12:53:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
      Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

      Details:
      AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.

      System Error:
      El sistema no puede encontrar el archivo especificado.
      .

      Error: (02/22/2018 12:53:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
      Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

      Details:
      AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.

      System Error:
      El sistema no puede encontrar el archivo especificado.
      .

      Error: (02/22/2018 11:48:33 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mscorsvw.exe, versión: 4.0.30319.17929, marca de tiempo: 0x4ffa55d9
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x742871fc
      Id. del proceso con errores: 0x1320
      Hora de inicio de la aplicación con errores: 0x01d3abfb8fb313b5
      Ruta de acceso de la aplicación con errores: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      Ruta de acceso del módulo con errores: unknown
      Id. del informe: 374cfa29-17f0-11e8-832f-001d09953d81

      Error: (02/21/2018 10:48:36 PM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
      No se encontró el ensamblado dependiente Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
      Use sxstrace.exe para obtener un diagnóstico detallado.


      System errors:
      =============
      Error: (03/03/2018 02:39:00 PM) (Source: DCOM) (EventID: 10010) (User: )
      Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (03/02/2018 02:11:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 40.

      Error: (03/02/2018 02:11:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (03/02/2018 02:11:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 40.

      Error: (03/02/2018 02:11:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (03/02/2018 01:42:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (03/02/2018 01:42:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
      Description: Se recibió la siguiente alerta irrecuperable: 70.

      Error: (03/02/2018 01:42:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.


      CodeIntegrity:
      ===================================

      Date: 2018-02-21 22:12:31.070
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-02-21 22:12:31.038
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-02-21 22:12:31.007
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-02-21 22:12:30.960
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-02-21 22:03:11.523
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-02-21 22:02:30.537
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
      Percentage of memory in use: 26%
      Total physical RAM: 4094.18 MB
      Available physical RAM: 3025.8 MB
      Total Virtual: 10233.36 MB
      Available Virtual: 9085.48 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:232.73 GB) (Free:186.89 GB) NTFS

      \\?\Volume{69439eba-1758-11e8-b3b4-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: F8A74311)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    3. #13
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      19.401

      Re: Keylogger

      Parece bien...como va el pc??
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 2 de 2 PrimeroPrimero 12