Bicho ventana al inicio Autolt v3:5ff9e5d3.exe

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

• Para hacerlo descarga Delfix en tu escritorio.

• Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

• Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:

Start
CreateRestorePoint:
CloseProcesses:

(EnigmaSoft Limited) C:\Archivos de programa\EnigmaSoft\SpyHunter\ShKernel.exe
C:\Archivos de programa\EnigmaSoft
HKU\S-1-5-21-329068152-1326574676-1177238915-1003\...\Run: [5ff9e5d3] => C:\ProgramData\5ff9e5d3\5ff9e5d3.exe [937776 2018-08-10] (AutoIt Team)
C:\ProgramData\5ff9e5d3
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S4 IntelIde; no ImagePath
S1 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
2018-09-28 14:25 - 2018-10-06 12:27 - 000054456 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2014-03-04 19:34 - 2014-03-04 19:34 - 000212992 _____ (Realtek Semiconductor Corp.) C:\Documents and Settings\Administrador.EQUIPO-A70B2DD8\Configuración local\temp\RtkBtMnt.exe
2018-10-05 20:50 - 2018-10-05 20:50 - 000001536 _____ () C:\Documents and Settings\Usuario\Configuración local\temp\NEventMessages.dll
2018-03-25 11:34 - 2018-03-25 11:34 - 000001536 ____N () C:\Documents and Settings\Usuario\Configuración local\temp\NOSEventMessages.dll
ContextMenuHandlers6: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File
Task: C:\WINDOWS\Tasks\Sepasclonuly System.job => C:\Archivos de programa\Andsepherjosh\xliluck.exe
C:\Archivos de programa\Andsepherjosh
Shortcut: C:\Documents and Settings\Usuario\Favoritos\Sitio para descargas de NCH Software.lnk
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Bayer HealthCare\GLUCOFACTS Deluxe\GLUCOFACTS Deluxe v3.05.lnk -> C:\Archivos de programa\Bayer HealthCare\GLUCOFACTS Deluxe\run.bat ()
ShortcutWithArgument: C:\Documents and Settings\Usuario\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-infobars
AlternateDataStreams: C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:1CE11B51 [98]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:373E1720 [118]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:DBC416F8 [144]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:1CE11B51 [98]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:373E1720 [118]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:DBC416F8 [144]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

• Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

• Ejecutas Frst.exe.

• Presionas el botón Fix y aguardas a que termine.

• La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema

Fix result of Farbar Recovery Scan Tool (x86) Version: 06.10.2018

Ran by Usuario (08-10-2018 11:35:34) Run:1
Running from C:\Documents and Settings\Usuario\Escritorio
Loaded Profiles: Usuario (Available Profiles: Usuario & NeroMediaHomeUser.4 & Administrador)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

(EnigmaSoft Limited) C:\Archivos de programa\EnigmaSoft\SpyHunter\ShKernel.exe
C:\Archivos de programa\EnigmaSoft
HKU\S-1-5-21-329068152-1326574676-1177238915-1003\...\Run: [5ff9e5d3] => C:\ProgramData\5ff9e5d3\5ff9e5d3.exe [937776 2018-08-10] (AutoIt Team)
C:\ProgramData\5ff9e5d3
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S4 IntelIde; no ImagePath
S1 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
2018-09-28 14:25 - 2018-10-06 12:27 - 000054456 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2014-03-04 19:34 - 2014-03-04 19:34 - 000212992 _____ (Realtek Semiconductor Corp.) C:\Documents and Settings\Administrador.EQUIPO-A70B2DD8\Configuracin local\temp\RtkBtMnt.exe
2018-10-05 20:50 - 2018-10-05 20:50 - 000001536 _____ () C:\Documents and Settings\Usuario\Configuracin local\temp\NEventMessages.dll
2018-03-25 11:34 - 2018-03-25 11:34 - 000001536 ____N () C:\Documents and Settings\Usuario\Configuracin local\temp\NOSEventMessages.dll
ContextMenuHandlers6: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File
Task: C:\WINDOWS\Tasks\Sepasclonuly System.job => C:\Archivos de programa\Andsepherjosh\xliluck.exe
C:\Archivos de programa\Andsepherjosh
Shortcut: C:\Documents and Settings\Usuario\Favoritos\Sitio para descargas de NCH Software.lnk
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Men Inicio\Programas\Bayer HealthCare\GLUCOFACTS Deluxe\GLUCOFACTS Deluxe v3.05.lnk -> C:\Archivos de programa\Bayer HealthCare\GLUCOFACTS Deluxe\run.bat ()
ShortcutWithArgument: C:\Documents and Settings\Usuario\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-infobars
AlternateDataStreams: C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:1CE11B51 [98]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:373E1720 [118]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:DBC416F8 [144]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:1CE11B51 [98]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:373E1720 [118]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp:DBC416F8 [144]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Archivos de programa\EnigmaSoft\SpyHunter\ShKernel.exe
C:\Archivos de programa\EnigmaSoft\SpyHunter\ShKernel.exe => No running process found
C:\Archivos de programa\EnigmaSoft => moved successfully
"HKU\S-1-5-21-329068152-1326574676-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\5ff9e5d3" => removed successfully.
C:\ProgramData\5ff9e5d3 => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\mbamchameleon => removed successfully.
mbamchameleon => service removed successfully.
HKLM\System\CurrentControlSet\Services\VComm => removed successfully.
VComm => service removed successfully.
HKLM\System\CurrentControlSet\Services\VcommMgr => removed successfully.
VcommMgr => service removed successfully.
C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys => moved successfully
"C:\Documents and Settings\Administrador.EQUIPO-A70B2DD8\Configuracin local\temp\RtkBtMnt.exe" => not found
"C:\Documents and Settings\Usuario\Configuracin local\temp\NEventMessages.dll" => not found
"C:\Documents and Settings\Usuario\Configuracin local\temp\NOSEventMessages.dll" => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\_Movavivc11 => removed successfully.
HKLM\Software\Classes\CLSID\{1C604495-4D32-476e-8D7E-FBF50F6C80BF} => not found
C:\WINDOWS\Tasks\Sepasclonuly System.job => moved successfully
"C:\Archivos de programa\Andsepherjosh" => not found
Shortcut: C:\Documents and Settings\Usuario\Favoritos\Sitio para descargas de NCH Software.lnk => not found.
C:\Documents and Settings\All Users.WINDOWS\Men Inicio\Programas\Bayer HealthCare\GLUCOFACTS Deluxe\GLUCOFACTS Deluxe v3.05.lnk => not found.
C:\Documents and Settings\Usuario\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\WINDOWS\system32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp => ":1CE11B51" ADS removed successfully.
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp => ":DBC416F8" ADS removed successfully.
"C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp" => ":1CE11B51" ADS not found.
"C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp" => ":373E1720" ADS not found.
"C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp" => ":5C321E34" ADS not found.
"C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Temp" => ":DBC416F8" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
HKU\S-1-5-21-329068152-1326574676-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-329068152-1326574676-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-329068152-1326574676-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


Restablecer satisfactoriamente el cat logo Winsock.
Debe reiniciar el equipo para finalizar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========



Configuración IP de Windows



Error interno: Solicitud no compatible.

 

Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.


========= End of CMD: =========


========= ipconfig /flushdns =========



Configuración IP de Windows



Error interno: Solicitud no compatible.

 

Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

"bitsadmin" no se reconoce como un comando interno o externo,
programa o archivo por lotes ejecutable.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 402265 B
Java, Flash, Steam htmlcache => 16458570 B
Windows/system/dllcache/drivers => 340519 B
Edge => 0 B
Chrome => 6591609 B
Firefox => 77409497 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User.WINDOWS => 66164 B
All Users.WINDOWS => 0 B
systemprofile => 527531127 B
LocalService.NT AUTHORITY => 131644 B
NetworkService.NT AUTHORITY => 2180803 B
Usuario => 7496972 B
NeroMediaHomeUser.4 => 2463550 B
Administrador.EQUIPO-A70B2DD8 => 69801747 B

RecycleBin => 60411 B
EmptyTemp: => 678 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:37:11 ====

Pues Miguelgrado, ya no salta el error al reiniciar. Supongo que el informe confirmará lo que te digo. muchísimas gracias por tu interés, crack. Volveré cuando tenga otro problemilla, espero tardar. Lo dicho, mil gracias compañer@.

@ventana11,Antes de finalizar vamos a ver que no qude nada.

Realiza un analisis y me pegas logs con:

Database version:
  main:    v2018.10.11.03
  rootkit: v2018.10.11.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Usuario :: EQUIPO-A70B2DD [administrator]

2018/10/11 11:52:19
mbar-log-2018-10-11 (11-52-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File 
System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 315949
Time elapsed: 39 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)



Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 3146555392, free: 1077981184

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 3146555392, free: 657694720

Downloaded database version: v2018.10.11.03
Downloaded database version: v2018.10.11.03
Downloaded database version: v2018.01.20.01
=======================================
Driver version: 4.3.0.15
------------ Kernel report ------------
     10/11/2018 11:51:11
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
AiCharger.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
aswRvrt.sys
aswVmm.sys
Mup.sys
BtHidBus.sys
aswbunivx.sys
aswblogx.sys
aswbidshx.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ts_athw.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\ahda6crk.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\Drivers\btnetBus.sys
\SystemRoot\System32\Drivers\btcombus.sys
\SystemRoot\System32\Drivers\IvtBtBus.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\drivers\pbsaudrv.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\aswHdsKe.sys
\SystemRoot\system32\drivers\aswbidsdriverx.sys
\SystemRoot\system32\drivers\aswArPot.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\Archivos de programa\BlueStacks\HD-Hypervisor-x86.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\Archivos de programa\BlueStacks\BstkDrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\Archivos de programa\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
\SystemRoot\system32\drivers\aswStmXP.sys
\SystemRoot\system32\DRIVERS\btcomport.sys
\SystemRoot\system32\DRIVERS\btnetdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\8621A572.sys
\WINDOWS\system32\ntdll.dll
\Archivos de programa\DAEMON Tools Lite\Engine.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\usbstor points to an unknown module
Unhooking enabled.

Scan started
Database versions:
  main:    v2018.10.11.03
  rootkit: v2018.10.11.03

<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a1a8828
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000ba\
Lower Device Object: 0xffffffff8ac5d030
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aed0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8aed1b00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aed0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aeb8660, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aed0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aed1b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1c95ff0, 0xffffffff8aed0ab8, 0xffffffff88a02040
Lower DeviceData: 0xffffffffe55a7110, 0xffffffff8aed1b00, 0xffffffff89fdb430
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9DDEEFB5

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 20450745
    Partition is not bootable

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20482048  Numsec = 302346240
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 322828288  Numsec = 302311424
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a1a8828, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8adaf5c8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1a8828, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ac5d030, DeviceName: \Device\000000ba\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe55c2538, 0xffffffff8a1a8828, 0xffffffff8949b040
Lower DeviceData: 0xffffffffe790f978, 0xffffffff8ac5d030, 0xffffffff88cc2610
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8192  Numsec = 15716352
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 8050966528 bytes
Sector size: 512 bytes

Done!
Infected: C:\WINDOWS\$NtUninstallKB23567$\3903636092 --> [Backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\VBR-0-0-16065-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20482048-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\VBR-0-2-322828288-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\VBR-1-0-8192-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

Para eliminar las herramientas usadas en la desinfección, realizas:

• Descargas y Ejecutas >> Delfix, en tu escritorio.

• Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

• Marca solamente la casilla Remove disinfection tools

• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar!

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.