Este es el informe de malwarebytes
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 26/1/22
Hora del análisis: 14:36
Archivo de registro: 3bf24022-7edf-11ec-bdaf-089798bb374f.json
-Información del software-
Versión: 4.5.2.157
Versión de los componentes: 1.0.1562
Versión del paquete de actualización: 1.0.50325
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 19042.1052)
CPU: x64
Sistema de archivos: NTFS
Usuario: LAPTOP-PKMCITN5\CESAR AUGUSTO
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 487503
Amenazas detectadas: 164
Amenazas en cuarentena: 161
Tiempo transcurrido: 16 min, 54 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 14
PUP.Optional.Reimage, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Fixer - Windows Problem Relief., En cuarentena, 385, 709541, 1.0.50325, , ame, , ,
Spyware.PasswordStealer.E, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\BowwSoftwar, En cuarentena, 3793, 947581, 1.0.50325, , ame, , ,
Spyware.PasswordStealer, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\ffdroider, En cuarentena, 537, 954910, 1.0.50325, , ame, , ,
Trojan.Dropper, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\iwwggaa2, En cuarentena, 548, 954912, 1.0.50325, , ame, , ,
Trojan.Dropper, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\LandAppInstall, En cuarentena, 548, 964938, 1.0.50325, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\MICROSOFT\e7b5ba67, En cuarentena, 497, 821174, 1.0.50325, , ame, , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PowerControl LG, En cuarentena, 2821, 982508, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E570C63-DA72-4927-9FC5-C9A6B669A971}, En cuarentena, 2821, 982508, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2E570C63-DA72-4927-9FC5-C9A6B669A971}, En cuarentena, 2821, 982508, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PowerControl HR, En cuarentena, 2821, 982507, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E81DC4DA-6E6F-4326-8FBB-BDDBFE17E2BB}, En cuarentena, 2821, 982507, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E81DC4DA-6E6F-4326-8FBB-BDDBFE17E2BB}, En cuarentena, 2821, 982507, , , , , ,
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, En cuarentena, 393, -1, 0.0.0, , action, , ,
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, En cuarentena, 393, -1, 0.0.0, , action, , ,
Valor del registro: 5
Trojan.Agent, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PRUN, En cuarentena, 495, 945897, 1.0.50325, , ame, , ,
Trojan.Agent, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINFLOW, En cuarentena, 495, 945899, 1.0.50325, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-2694221440-3033398545-1844018541-1001\SOFTWARE\MICROSOFT\e7b5ba67|CAMPAIGNID, En cuarentena, 497, 821174, 1.0.50325, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{2BC6A62E-7386-4A4B-9990-E850111DCD60}, Error durante la eliminación, 497, 795081, 1.0.50325, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{0CFC398F-2A6A-4662-9336-50815882A604}, Error durante la eliminación, 497, 795081, 1.0.50325, , ame, , ,
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 65
Backdoor.Bifrose, C:\PROGRAM FILES (X86)\COMPANY\NEWPRODUCT, En cuarentena, 1048, 172663, 1.0.50325, , ame, , ,
PUP.Optional.FindIt, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\meejmcfbiapijdfaadackoblffmidlig, En cuarentena, 197, 595105, , , , , ,
PUP.Optional.FindIt, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Sustituido, 197, 595105, , , , , ,
PUP.Optional.FindIt, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\System Profile\EXTENSIONS\meejmcfbiapijdfaadackoblffmidlig, En cuarentena, 197, 595105, 1.0.50325, , ame, , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_locales\en, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_locales\ru, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_metadata, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_locales, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\icons, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\js, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0, En cuarentena, 197, 595106, , , , , ,
PUP.Optional.FindIt, C:\USERS\CESAR AUGUSTO\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\EXTENSIONS\MEEJMCFBIAPIJDFAADACKOBLFFMIDLIG, En cuarentena, 197, 595106, 1.0.50325, , ame, , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\ElectronCash, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\ElectrumLTC, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\MultiDoge, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\Electrum, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\Binance, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\Coinomi, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\Atomic, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\Exodus, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\Monero, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\60JJKERYYBO5BTQJMQK5NXCBT\files\Wallets\JAXX, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\PROGRAMDATA\60JJKERYYBO5BTQJMQK5NXCBT\FILES\Wallets, En cuarentena, 971, 697276, 1.0.50325, , ame, , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\ElectronCash, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\ElectrumLTC, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MultiDoge, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Electrum, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Jaxx_New, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Binance, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Coinomi, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Atomic, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Exodus, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\Monero, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\JAXX, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\PROGRAMDATA\7YE8AN0UE5TZ673Y8HJVUF0KF\FILES\Wallets, En cuarentena, 971, 697276, 1.0.50325, , ame, , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\ElectronCash, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\ElectrumLTC, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\MultiDoge, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\Electrum, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\Binance, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\Coinomi, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\Atomic, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\Exodus, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\Monero, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\9IMRLLTFAKFIPBHYSODZRSF6M\files\Wallets\JAXX, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\PROGRAMDATA\9IMRLLTFAKFIPBHYSODZRSF6M\FILES\Wallets, En cuarentena, 971, 697276, 1.0.50325, , ame, , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\ElectronCash, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\ElectrumLTC, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\MultiDoge, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\Electrum, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\Binance, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\Coinomi, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\Atomic, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\Exodus, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\Monero, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\LY96I7QIGURIWEWWNQH2788N8\files\Wallets\JAXX, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\PROGRAMDATA\LY96I7QIGURIWEWWNQH2788N8\FILES\Wallets, En cuarentena, 971, 697276, 1.0.50325, , ame, , ,
Adware.Neoreklami.Generic.TskLnk, C:\PROGRAMDATA\vRjWVZiFJDjxVXVB, En cuarentena, 3540, 771910, 1.0.50325, , ame, , ,
Trojan.Agent, C:\USERS\CESAR AUGUSTO\APPDATA\ROAMING\NAILEDP, En cuarentena, 495, 954908, 1.0.50325, , ame, , ,
Trojan.Dropper, C:\USERS\CESAR AUGUSTO\APPDATA\ROAMING\PROFCLEANER, En cuarentena, 548, 1016029, 1.0.50325, , ame, , ,
Adware.Neoreklami.ChrPRST, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, En cuarentena, 393, 878860, , , , , ,
Adware.Neoreklami.ChrPRST, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, En cuarentena, 393, 878860, , , , , ,
Archivo: 80
Backdoor.Bifrose, C:\Program Files (x86)\Company\NewProduct\d.INTEG.RAW, En cuarentena, 1048, 172663, , , , , 33DD13E7103C2887073DFF601335B3B0, 25E5CEDEA62AEDA42F9137CBB96B1FE63CAE6886821FF2E41240CAA6451310DA
Backdoor.Bifrose, C:\Program Files (x86)\Company\NewProduct\d.jfm, En cuarentena, 1048, 172663, , , , , 8223A36E1C380CCDF0DEDF766D4594DC, 5468883A3DAC4B44538DFA2C7ACB17EEE74D01764005AC9EC0065F466A33C250
Backdoor.Bifrose, C:\Program Files (x86)\Company\NewProduct\p, En cuarentena, 1048, 172663, , , , , A8D6B55890CD01E8EEF696FEEF9B013E, 905CB3B153AE8C53770EB22B549F347AA5278CD828042326B6815C50BE0A11C9
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\meejmcfbiapijdfaadackoblffmidlig\LOCK, En cuarentena, 197, 595105, , , , , ,
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\meejmcfbiapijdfaadackoblffmidlig\LOG, En cuarentena, 197, 595105, , , , , ,
Legit.MisusedLegit, C:\PROGRAMDATA\60\freebl3.dll, En cuarentena, 3674, 965931, 1.0.50325, , ame, , EF2834AC4EE7D6724F255BEAF527E635, A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
Legit.MisusedLegit, C:\PROGRAMDATA\66\freebl3.dll, En cuarentena, 3674, 965931, 1.0.50325, , ame, , EF2834AC4EE7D6724F255BEAF527E635, A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\fB9oV\mozglue.dll, En cuarentena, 3674, 965519, 1.0.50325, , ame, , EAE9273F8CDCF9321C6C37C244773139, A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\icons\icon128.png, En cuarentena, 197, 595106, , , , , DC1D7C7D3695ED5EFCA6A1AE77DE21BD, 30EF30CB1D36B61C1458C2D72FF2A7B749B32016D66B390049764C02E4C8D014
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\icons\icon16.png, En cuarentena, 197, 595106, , , , , AAB51AA38659FE483B8416E497E06750, 276A7255058B9EA836ACF9B8839120E807D63A88A7FDED8C2EEA82C6CA4CC0C1
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\icons\icon48.png, En cuarentena, 197, 595106, , , , , 9405D950576B1FEEDF43F9D385AC97BC, BE0943A4EFA53655D38B48710049027831EE420426B76435449F540414861A19
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\icons\icon64.png, En cuarentena, 197, 595106, , , , , C2811F392CB253ACFE667FED15ABFFA0, 07618600150610139BFBF3C9DC1113DBDF2A0FC184F363DA868134B578F906C7
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\js\background.js, En cuarentena, 197, 595106, , , , , 6CFF22B7CDF95806FFA35FC3B813F007, 8B5278FF63974D90E679C80087C2DF09BF7FC3E6A2FCD35521BE3132CA3FEC43
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_locales\en\messages.json, En cuarentena, 197, 595106, , , , , ED6EDA47C3B92153E4AF93BC8F4E7DDA, 15A9580F21BFDEB529FFF6EDEEE92EEA7D33EE5CD63D19A86B161BD28242E45D
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_locales\ru\messages.json, En cuarentena, 197, 595106, , , , , 532F335700DDFF29EA80DF00C1E4E529, C135CC37FB8A04BE491A1BE14A57697B29E51E11A4CDE15E6FC787EACBDFA47E
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\_metadata\verified_contents.json, En cuarentena, 197, 595106, , , , , A2FA39713D3874FAE67C8E0DAE074C0B, B77700DEDFAB299962B3B2FA170E47ADD904DBAD0D174BF94F62466D5B88E69F
PUP.Optional.FindIt, C:\Users\CESAR AUGUSTO\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig\1.0.0.6_0\manifest.json, En cuarentena, 197, 595106, , , , , DAE52412B8426076DD99669141647137, A7DAECB547108B451E0E9B9B60A3A1533B753E9750FC56EEB954D663D8E3C413
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\000005.ldb, En cuarentena, 971, 697276, , , , , 339E0B1BDED06BB402E47BEB87834FCF, E2D20ECB0CCCAF6974DCE9AE1333FB4265B8034E1F7D1C26F01CEA3725DC2249
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\000256.ldb, En cuarentena, 971, 697276, , , , , 70F9CC51D5963DD8FF8BAC172EFE4DF7, A2648930E8B73AEE558250312116F7CE8A3D4844BD9B4070100D0F4130F6A4C8
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\000258.ldb, En cuarentena, 971, 697276, , , , , 2F367F760DF5C3A484E56C243187B953, 7F8527710772B9EC179F1BB308AB7563AC8F17E6836BE941F918DE69E8DDEF03
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\000260.ldb, En cuarentena, 971, 697276, , , , , 8B8D25DEB3A3A5A31C77A0EE07271B7B, 0C83731ED415C2FA602B0C86FF9DD8A6747BDF682670458BE25D63133CBDB581
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\000261.log, En cuarentena, 971, 697276, , , , , EE09C1870DBA5B571239E9E3C2BEF0A7, EB7468586D088B7CA91D1F0AA4CB1FA091C388146BBEF29DF5D0A137588C3EE9
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\000262.ldb, En cuarentena, 971, 697276, , , , , 92047F4097E4D90BEC7979008E280B91, 5ED9EE18F6C8AED667D9FCA571D9BBE07753614D2C6FBAC4030DA0766314457C
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\CURRENT, En cuarentena, 971, 697276, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\LOCK, En cuarentena, 971, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\LOG, En cuarentena, 971, 697276, , , , , 050B473CAB27CED91328AA5B25B993A7, 1D39727DC641A7D112D1F2F35D538780092524BED530D6DB598853768B148D0F
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\LOG.old, En cuarentena, 971, 697276, , , , , 8B65994D8953A3147FF4E78036B37D16, 06ABB3C41553EF064CAD3F459885E61166E8DE89F53252E3E823483BE653C935
Spyware.StolenData.E, C:\ProgramData\7YE8AN0UE5TZ673Y8HJVUF0KF\files\Wallets\MetaMask\Google Chrome\Default\MANIFEST-000001, En cuarentena, 971, 697276, , , , , D5841E3399B625BD77D7D143861574AC, AA2F8034762CE85E4082BF374750670974BD4D909D7228BA9201BCAA20A5F846
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\nW6mI-7yS1k\mozglue.dll, En cuarentena, 3674, 965519, 1.0.50325, , ame, , EAE9273F8CDCF9321C6C37C244773139, A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
Legit.MisusedLegit, C:\PROGRAMDATA\60\softokn3.dll, En cuarentena, 3674, 965934, 1.0.50325, , ame, , A2EE53DE9167BF0D6C019303B7CA84E5, 43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
Legit.MisusedLegit, C:\PROGRAMDATA\66\softokn3.dll, En cuarentena, 3674, 965934, 1.0.50325, , ame, , A2EE53DE9167BF0D6C019303B7CA84E5, 43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
Spyware.FickerStealer.E, C:\PROGRAMDATA\KAOSDMA.TXT, En cuarentena, 3945, 954907, 1.0.50325, , ame, , B71119E41C74731CB78D5119AD5E86FC, 4BD12395697E7FF1A2A94B326E203F70A094243080549E9B16A0E05AE38C3812
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\fB9oV\freebl3.dll, En cuarentena, 3674, 965515, 1.0.50325, , ame, , 60ACD24430204AD2DC7F148B8CFE9BDC, 9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
Legit.MisusedLegit, C:\PROGRAMDATA\60\mozglue.dll, En cuarentena, 3674, 965932, 1.0.50325, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
Legit.MisusedLegit, C:\PROGRAMDATA\60\nss3.dll, En cuarentena, 3674, 965933, 1.0.50325, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
Legit.MisusedLegit, C:\PROGRAMDATA\66\mozglue.dll, En cuarentena, 3674, 965932, 1.0.50325, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\fB9oV\nss3.dll, En cuarentena, 3674, 965520, 1.0.50325, , ame, , 02CC7B8EE30056D5912DE54F1BDFC219, 1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
Legit.MisusedLegit, C:\PROGRAMDATA\66\nss3.dll, En cuarentena, 3674, 965933, 1.0.50325, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\nW6mI-7yS1k\nss3.dll, En cuarentena, 3674, 965520, 1.0.50325, , ame, , 02CC7B8EE30056D5912DE54F1BDFC219, 1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
Legit.MisusedLegit, C:\PROGRAMDATA\60\vcruntime140.dll, En cuarentena, 3674, 965935, 1.0.50325, , ame, , 7587BF9CB4147022CD5681B015183046, C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
Legit.MisusedLegit, C:\PROGRAMDATA\66\vcruntime140.dll, En cuarentena, 3674, 965935, 1.0.50325, , ame, , 7587BF9CB4147022CD5681B015183046, C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
Legit.MisusedLegit, C:\PROGRAMDATA\60\msvcp140.dll, En cuarentena, 3674, 975349, 1.0.50325, , ame, , 109F0F02FD37C84BFC7508D4227D7ED5, 334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
Legit.MisusedLegit, C:\PROGRAMDATA\66\msvcp140.dll, En cuarentena, 3674, 975349, 1.0.50325, , ame, , 109F0F02FD37C84BFC7508D4227D7ED5, 334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\fB9oV\softokn3.dll, En cuarentena, 3674, 965521, 1.0.50325, , ame, , 4E8DF049F3459FA94AB6AD387F3561AC, 25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
Legit.MisusedLegit, C:\USERS\CESAR AUGUSTO\APPDATA\LOCALLOW\nW6mI-7yS1k\softokn3.dll, En cuarentena, 3674, 965521, 1.0.50325, , ame, , 4E8DF049F3459FA94AB6AD387F3561AC, 25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
Legit.MisusedLegit, C:\PROGRAMDATA\60\sqlite3.dll, En cuarentena, 3674, 965937, 1.0.50325, , ame, , E477A96C8F2B18D6B5C27BDE49C990BF, 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
Legit.MisusedLegit, C:\PROGRAMDATA\66\sqlite3.dll, En cuarentena, 3674, 965937, 1.0.50325, , ame, , E477A96C8F2B18D6B5C27BDE49C990BF, 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
Trojan.Agent, C:\Users\CESAR AUGUSTO\AppData\Roaming\nailedp\edspolishpp.exe, En cuarentena, 495, 954908, , , , , A11BF5F21D62A168D06B80CF4A7B72AD, 794E774752EF1D81019438FE773ADB9CD23794AD1D34EC8DF14042AF8515BF6F
Trojan.Downloader.E, C:\WINDOWS\SYSTEM32\TASKS\PowerControl LG, En cuarentena, 2821, 982508, 1.0.50325, , ame, , CDA2DA1D16A2A3FAEFD8ED823BA02C13, C03307E7C99E31B62C383C038FB532CA1E0DBF1EF73D64FF95472FF480D37AC0
Trojan.Downloader.E, C:\WINDOWS\SYSTEM32\TASKS\PowerControl HR, En cuarentena, 2821, 982507, 1.0.50325, , ame, , 46CECBB0FB02BC4A323337D78E7AADE6, 1B5092C77ABFED4A6AE70E5145A52ABE153FABB85ECE9444CA690208B122F35B
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MSVCP140.DLL, En cuarentena, 3798, 820423, 1.0.50325, , ame, , 109F0F02FD37C84BFC7508D4227D7ED5, 334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, En cuarentena, 3798, 820421, 1.0.50325, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, En cuarentena, 3798, 820422, 1.0.50325, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\VCRUNTIME140.DLL, En cuarentena, 3798, 820419, 1.0.50325, , ame, , 7587BF9CB4147022CD5681B015183046, C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\FREEBL3.DLL, En cuarentena, 3798, 820418, 1.0.50325, , ame, , EF2834AC4EE7D6724F255BEAF527E635, A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\SOFTOKN3.DLL, En cuarentena, 3798, 820420, 1.0.50325, , ame, , A2EE53DE9167BF0D6C019303B7CA84E5, 43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
Rootkit.Agent, C:\WINDOWS\SYSTEM32\DRIVERS\FR44C6KL6.SYS, En cuarentena, 494, 954997, 1.0.50325, , ame, , CCAB60F7E008939FE05E10275F73EEF3, C0CF73B4842071DAC991A051FA2FB247E4A1F3FF039DD48ADED8ED9B65ACC73E
PUP.Optional.Reimage, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\42QPLLLL\REIMAGEPACKAGE1956X64B[1].EXE, En cuarentena, 385, 331559, 1.0.50325, , ame, , 6AE8E3CB1003000D0063A5AAD77BE2E4, 32C33B0D27A3441C09119FEA7F730034EF1DFCCD430E6E1695F202550E732F77
Trojan.Dropper, C:\PROGRAM FILES\COMMON FILES\RJXHDPBSQE\FOLDERSHARE.EXE, En cuarentena, 548, 1014973, 1.0.50325, , ame, , E7A2F7B067BB8E44FEF25AA24B633EF8, AD355C44E250D35A70D61C5C46A21E1825EAAC8A4D99E2264D568FE277A21FA9
PUP.Optional.Reimage, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\L84HDXGG\PROTECTORPACKAGE2027X64A[1].EXE, En cuarentena, 385, 726642, 1.0.50325, , ame, , 0A21DAB75A58F818ABAE4B824087A1E8, 99EBCDEAB3F755F402BCE0D8B59A736056B64E0DB96D486466735D23EC856B86
Malware.Heuristic.1003, C:\PROGRAM FILES\STELLAR DATA RECOVERY\STELLARREPAIRFORVIDEO.EXE, En cuarentena, 1000001, 980983, 1.0.50325, 0000000000000000000003EB, dds, 01615156, 38DBB71952F1340A5BF599D7E1A8F8C7, 14523C094FA652FE9E30CA05BAA6F681571A52B3CFABC85D1540054F05F9A45B
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, En cuarentena, 393, 878860, , , , , C9053401528B19CCC3621A8F18FDF611, 66F0A7CA28F5C83EFCDE7557AC5EB942D2BA710D93009E7FC0D25D67F43C401C
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000512.ldb, En cuarentena, 393, 878860, , , , , 0CD67C0743295870BAAB92DE95B8877B, D7E957DD45AC0AFE10A52EA52C8058C894CCAB7365F2949252D625B740C41C42
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000515.ldb, En cuarentena, 393, 878860, , , , , 674D28E609FEE37953C31E608BA35174, BE5648A3751A3ACFCC3237A2B6213EF8C26229B7DF3AA3D034C4A87DD9B06C2A
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000517.log, En cuarentena, 393, 878860, , , , , C3C9DF9547A73E3308382C04674A5078, 746163188A51ED895F98F6083B8E95E8A879F463BA16EE5CC2398D27035E9EED
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000518.ldb, En cuarentena, 393, 878860, , , , , 8150A6FEC782FE0BE9A1E6ACC1A0913E, F198D1F3F13D2D4ED85C48B0AF1BEDF02D30C1D3E0451948D52B3718AB5541F0
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000520.ldb, En cuarentena, 393, 878860, , , , , 29AA45A54232DE87FC7D5DECE1C4D66E, 0D8D177EC8EC561CF09350CC36F059FA37F8FDFA962A42563021F479EA744561
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000521.log, En cuarentena, 393, 878860, , , , , ,
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, En cuarentena, 393, 878860, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, En cuarentena, 393, 878860, , , , , ,
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, En cuarentena, 393, 878860, , , , , 154BD27E0FB12B8A12B1AF5CA06B3610, D6ED4AA8E45D2971916A41036BC838A10BD411838F84163114242F09F6C969CF
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, En cuarentena, 393, 878860, , , , , 0DC2BD08239C0615427B2FA2538C3C1A, 5C218A8F5EF1D05492FFA0276DEC70E0A1737907ABA037A4B002268837DA5676
Adware.Neoreklami.ChrPRST, C:\Users\CESAR AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, En cuarentena, 393, 878860, , , , , 550ACD3A3875D6EA3B0CB6717B924246, 02352E77F6BD51FDA517984FE9B28B2CF8F3A639AE0B871004924040CB0A29FB
Adware.Neoreklami.ChrPRST, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\System Profile\Secure Preferences, Sustituido, 393, 878860, 1.0.50325, , ame, , 1D8003ABC862CE814EA6332CE2EB27F3, E994A9C23D96AADEA1947CAA2F028DB28F0FD7A96624FA9BFDA3C0CEA234E9D6
Adware.Neoreklami.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Error durante la eliminación, 393, -1, 0.0.0, , action, , 4FE6F1596072795582BBEB5C4EA551FD, 694509DA2DE4248AE7E19FBC6D11D6B923BD7EF40915C2EE9933AB2E6F0ABD3F
Adware.Neoreklami.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, En cuarentena, 393, -1, 0.0.0, , action, , BFAB7DF9DD0385868251E0B3E9D4C14D, 018431558B54ECC2064C7FF023D799A6E9067DE366599365BBCD6C805D695B79
PUP.Optional.ForcedNotifications, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, 298, 1005179, 1.0.50325, , ame, , E8799796F17404B244825649636AC997, 8F7A11D6A10295FB5AD9D1DEA44CCE41B5AFC5782C8DFED0AA53CA47D4C8BF83
Adware.Neoreklami.ChrPRST, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\System Profile\Secure Preferences, Sustituido, 393, 878860, 1.0.50325, , ame, , 1D8003ABC862CE814EA6332CE2EB27F3, E994A9C23D96AADEA1947CAA2F028DB28F0FD7A96624FA9BFDA3C0CEA234E9D6
Malware.Heuristic.1003, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\SYSTEMADVANCE\AZETEXZRA\UPC.EXE, En cuarentena, 1000001, 0, 1.0.50325, 0000000000000000000003EB, dds, 01615156, F1D95A2FAABC5E6EAC0A7051B5F69375, CEAA3EC2863A6A130AD31266A8C17105147FB86D7C4F50863A6BA8353C3D474E
Malware.Heuristic.1001, C:\USERS\CESAR AUGUSTO\APPDATA\LOCAL\SYSTEMADVANCE\AZETEXZRA\LIBCEF.DLL, En cuarentena, 1000001, 0, 1.0.50325, 0000000000000000000003E9, dds, 01615156, 9B0399AAD231969C99125E0A5434666A, 5368612EB213BD1FB90E7350AB29F0103EEFD173B112E2B701A46C727AF0B608
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
Para en el caso del adwcleaner me votó dos informes, uno de limpieza y otro de analisis, pasaré primero el de limpieza:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-26-2022
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 48
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\Users\CESAR AUGUSTO\AppData\Local\Host App Service
Deleted C:\Users\CESAR AUGUSTO\Desktop\Hola
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Public\App Explorer
***** [ Files ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Deleted C:\Users\CESAR AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Deleted C:\Windows\Reimage.ini
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\Reimage
Deleted HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4972598F-390F-41C6-9024-3362E1F8F654}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted HKLM\Software\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Reimage
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Reimage
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
***** [ Chromium (and derivatives) ] *****
Deleted __MSG_appName__ - meejmcfbiapijdfaadackoblffmidlig
***** [ Chromium URLs ] *****
Deleted https://find-it.pro/?utm_source=distr_m
Deleted https://find-it.pro/?utm_source=distr_m
Deleted https://find-it.pro/?utm_source=distr_m
Deleted https://find-it.pro/?utm_source=distr_m
***** [ Firefox (and derivatives) ] *****
Deleted Amazon Assistant for Firefox - [email protected]
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [9694 octets] - [26/01/2022 14:22:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Y este es el informe de analisis:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-26-2022
# Duration: 00:00:17
# OS: Windows 10 Home
# Scanned: 32018
# Detected: 80
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.pokki C:\Users\CESAR AUGUSTO\AppData\Local\Host App Service
Adware.pokki C:\Users\Default\AppData\Local\Host App Service
Adware.pokki C:\Users\Public\App Explorer
PUP.Optional.Legacy C:\Users\CESAR AUGUSTO\Desktop\Hola
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
***** [ Files ] *****
Adware.pokki C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Adware.pokki C:\Users\CESAR AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Reimage C:\Windows\Reimage.ini
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
Adware.pokki C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Adware.pokki HKCU\Software\App Host Service
Adware.pokki HKCU\Software\Host App Service
Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4972598F-390F-41C6-9024-3362E1F8F654}
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Reimage HKCU\Software\Reimage
PUP.Optional.Reimage HKLM\Software\Classes\REI_AxControl.ReiEngine
PUP.Optional.Reimage HKLM\Software\Classes\REI_AxControl.ReiEngine.1
PUP.Optional.Reimage HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Reimage
PUP.Optional.Reimage HKLM\Software\Reimage
PUP.Optional.ReviverSoft HKLM\Software\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
PUP.Optional.ReviverSoft HKLM\Software\Wow6432Node\\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
PUP.Optional.BrowserHijack __MSG_appName__ - meejmcfbiapijdfaadackoblffmidlig
***** [ Chromium URLs ] *****
PUP.Optional.BrowserHijack https://find-it.pro/?utm_source=distr_m
PUP.Optional.BrowserHijack https://find-it.pro/?utm_source=distr_m
PUP.Optional.LockHomepage https://find-it.pro/?utm_source=distr_m
PUP.Optional.LockHomepage https://find-it.pro/?utm_source=distr_m
***** [ Firefox (and derivatives) ] *****
PUP.Optional.Assistant Amazon Assistant for Firefox - [email protected]
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A383A7F-8E4D-4115-9ADC-5084E1D5ABCF}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A383A7F-8E4D-4115-9ADC-5084E1D5ABCF}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F9ED5F0-31B2-491E-882E-9AA16815C330}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerConfigurationManager Folder C:\Program Files (x86)\ACER\AMUNDSEN\2.1.16258
Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C86CD53-AE7E-45AC-9569-31E277B3A2B5}
Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCMUpdateTask2.1.16258
Preinstalled.AcerConfigurationManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}
Preinstalled.AcerConfigurationManager Task C:\Windows\System32\Tasks\ACERCMUPDATETASK2.1.16258
Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAC2E6E7-89A9-4640-A8D5-C51499FA08D2}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01A2ECD-FB7B-4C94-AAF3-06B4EE97383A}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\POWER BUTTON
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS
Preinstalled.AcerQuickAccessService Folder C:\Program Files\ACER\QUICK ACCESS SERVICE
Preinstalled.AcerQuickAccessService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1349AF54-8542-482E-8DF6-1468CE1A9F7A}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{249BF8D8-C803-4EBE-B814-D83184833351}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UEIPINVITATION
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.UserExperienceImprovementProgramService Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK
Preinstalled.UserExperienceImprovementProgramService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Espero lo haya hecho bien, quedo atento a cualquier novedad