Borro las amenazas con el Malwarebytes y vuelven a aparecer


#1

Hola, muy buenas, tengo un problema y quisiera saber si me pueden ayudar, resulta que analizando mi PC con el programa Malwarebytes encontré varias amenazas en la misma. Y pues, las borré y todo muy normal. Luego volví a analizar la PC y me encontré con la sorpresa de que las amenazas seguían en mi PC, entonces no sé qué hacer, aquí dejo el resumen del análisis:

resumen analisis.txt (2,8 KB)

Aquí una captura donde aparecen las amenazas que tiene mi PC (están en cuarentena)


#2

Hola @storkiv:

Bienvenido a esta nueva etapa de InfoSpyware…!!!

Realiza los siguientes pasos, sin cambiar el orden:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga a tu escritorio las siguientes herramientas:

3.- Luego respetando el orden:

Malwarebytes Anti - Rootkits

Instalalo y actualizalo. Realiza un Análisis Completo de acuerdo a su Manual.

AdwCleaner

Ejecutalo.(Clic derecho y selecciona Ejecutar como Administrador). Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar. Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas. Guardas el reporte que te aparecerá para copiarlo y pegarlo en tu próxima respuesta. El informe también se puede encontrar en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

Siguiendo su manual, lo instalas y ejecutas. Cuando termine, eliminas todo lo que encuentre.

Nota Importante:

En tu próxima respuesta debes pegar los reportes de Malwarebytes, AdwCleaner y ZHPCleaner.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reportes.

Salu2


#4
www.malwarebytes.org

Database version:
  main:    v2017.10.25.11
  rootkit: v2017.10.14.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Anthony :: ANTHONY-PC [administrator]

30/12/2018 22:52:45
mbar-log-2018-12-30 (22-52-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 256050
Time elapsed: 14 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Autorun (Backdoor.Messa) -> Data: C:\ProgramData\loader.exe -> Delete on reboot. [7c33637c406949ed5252a022956d3cc4]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\loader.exe (Backdoor.Messa) -> Delete on reboot. [7c33637c406949ed5252a022956d3cc4]
C:\Windows\System32\drivers\etc\hosts (RiskWare.DontStealOurSoftware) -> Bad: (0.0.0.0 keystone.mwbsys.com) Good: () -> Replace on reboot. [2e81da05cadfd85e7064e372e61a768a]

Physical Sectors Detected: 0
(No malicious items detected)

(end) 

````# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-30-2018
# Duration: 00:00:07
# OS:       Windows 7 Ultimate
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Anthony\AppData\Roaming\DRPSu

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1747 octets] - [30/12/2018 22:59:27]
AdwCleaner[S01].txt - [1808 octets] - [30/12/2018 23:07:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

````~ ZHPCleaner v2018.12.28.214 by Nicolas Coolman (2018/12/28)
~ Run by Anthony (Administrator)  (30/12/2018 23:02:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Anthony\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Anthony\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Archivo hosts (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Internet Explorer)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 0
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h00mn00s
ZHPCleaner-[S]-30122018-23_02_24.txt

#5

Hola @storkiv:

Las herramientas te detectan un loader como Backdoor. Que activaste con el ?

Tu Malwarebytes Premium es comprado a pirata?

Reinicia el equipo y luego:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2


#6
Ran by Anthony (administrator) on ANTHONY-PC (31-12-2018 00:31:42)
Running from C:\Users\Anthony\Downloads
Loaded Profiles: Anthony (Available Profiles: Anthony & Mcx1-ANTHONY-PC)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TB Labs) C:\Program Files\Hot Keyboard Pro\hotkeyb.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16557512 2018-08-15] (Realtek Semiconductor)
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\Run: [Hot Keyboard] => C:\Program Files\Hot Keyboard Pro\hotkeyb.exe [614400 2005-07-21] (TB Labs)
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd)
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4056176 2018-11-16] (Tonec Inc.)
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\RunOnce: [Autorun] => C:\ProgramData\loader.exe [28672 2018-12-31] () <==== ATTENTION
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\MountPoints2: F - F:\Install.exe
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\MountPoints2: {df3cc1d2-ad4d-11e8-bd37-90e6ba77f927} - F:\Install.exe
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsvid.dll [94208 2017-12-21] (Beepa P/L)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.xtor] => C:\Windows\system32\DxtoryCodec.dll [8300544 2013-02-15] (Dxtory Software)
HKLM\...\Drivers32: [vidc.x264] => C:\Program Files\x264vfw\x264vfw.dll [4102656 2012-07-01] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( )
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-12] (Google Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:2cb21027 /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{56833DBD-86C3-40DC-BC53-D4337D68850B}: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{72F75EEE-95B9-4255-A4A7-C38D63C3E8ED}: [DhcpNameServer] 200.109.78.12 200.44.32.12

Internet Explorer:
==================
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-11-15] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-30] (Oracle Corporation)

FireFox:
========
FF HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Anthony\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Anthony\AppData\Roaming\IDM\idmmzcc5 [2018-12-09] [Legacy] [not signed]
FF HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-30] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR StartupUrls: Profile 2 -> "hxxp://google.co.ve/"
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-12-31]
CHR Extension: (Presentaciones) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-09]
CHR Extension: (Documentos) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-09]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-09]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-09]
CHR Extension: (Hojas de cálculo) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-09]
CHR Extension: (Authy) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2018-10-09]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-10]
CHR Extension: (AdBlock) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-10]
CHR Extension: (IDM Integration Module) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-12-20]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-09]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04]
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2018-11-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
S2 ICEsoundService; C:\Windows\system32\ICEsoundService.exe [513000 2018-08-15] (ICEpower a/s)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2018-08-31] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [175024 2018-12-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101688 2018-12-31] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [51696 2018-12-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229472 2018-12-31] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [81600 2018-12-31] (Malwarebytes)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Corporation)
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-31 00:31 - 2018-12-31 00:32 - 000011535 _____ C:\Users\Anthony\Downloads\FRST.txt
2018-12-31 00:31 - 2018-12-31 00:31 - 001781760 _____ (Farbar) C:\Users\Anthony\Downloads\FRST.exe
2018-12-31 00:31 - 2018-12-31 00:31 - 000000000 ____D C:\FRST
2018-12-31 00:07 - 2018-12-31 00:28 - 000028672 _____ C:\ProgramData\loader.exe
2018-12-31 00:06 - 2018-12-31 00:06 - 000229472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-31 00:06 - 2018-12-31 00:06 - 000101688 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-31 00:06 - 2018-12-31 00:06 - 000081600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-31 00:06 - 2018-12-31 00:06 - 000051696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-30 23:56 - 2018-12-30 23:56 - 000175024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-30 23:56 - 2018-12-30 23:56 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-30 23:56 - 2018-12-30 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-30 23:56 - 2018-09-11 13:18 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-30 23:55 - 2018-12-30 23:55 - 000000000 ____D C:\ProgramData\MicrosoftCorporation
2018-12-30 23:13 - 2018-12-30 23:13 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\3234C234.sys
2018-12-30 22:52 - 2018-12-30 23:55 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-12-30 22:52 - 2018-12-30 22:52 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\672681BD.sys
2018-12-30 22:51 - 2018-12-30 22:51 - 000000000 ____D C:\Users\Anthony\AppData\Local\ZHP
2018-12-30 21:42 - 2018-12-30 21:42 - 000002866 _____ C:\Users\Anthony\Downloads\resumen analisis.txt
2018-12-30 21:26 - 2018-12-30 23:56 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-30 20:59 - 2018-10-07 11:03 - 000000000 ____D C:\Users\Anthony\Downloads\Malwarebytes Premium 3.6.1 [WinDroTutosPC]
2018-12-30 18:33 - 2018-12-30 19:32 - 000000000 ____D C:\Program Files\Minecraft
2018-12-30 18:30 - 2018-12-30 18:32 - 039333888 _____ C:\Users\Anthony\Downloads\MinecraftInstaller.msi
2018-12-27 21:44 - 2018-12-27 21:44 - 000007989 _____ C:\Windows\unins000.dat
2018-12-27 21:44 - 2018-12-27 21:43 - 001203753 _____ C:\Windows\unins000.exe
2018-12-27 21:43 - 2018-12-27 21:43 - 000894691 _____ (Seemann, Deji, Alien ) C:\Users\Anthony\Downloads\CLEO4_setup.exe
2018-12-27 21:42 - 2018-12-27 21:42 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-12-27 21:42 - 2018-12-27 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-12-27 09:43 - 2018-12-27 10:05 - 080871613 _____ C:\Users\Anthony\Downloads\Malwarebytes Premium 3.6.1 [WinDroTutosPC].zip
2018-12-26 12:07 - 2018-12-26 12:08 - 000546304 _____ C:\Users\Anthony\Downloads\SAMPFUNCS.asi
2018-12-26 11:44 - 2018-12-26 11:44 - 000000000 ____D C:\Users\Anthony\AppData\Local\modloader
2018-12-24 11:40 - 2018-12-24 14:10 - 000000000 ____D C:\Windows\system32\18122404_stream
2018-12-23 07:42 - 2018-12-23 07:42 - 000272304 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-21 20:07 - 2018-12-21 20:08 - 000000000 ____D C:\Users\Anthony\Downloads\playlist de mandatico
2018-12-21 16:21 - 2018-12-21 16:21 - 230591917 _____ C:\Users\Anthony\Downloads\playlist de mandatico.rar
2018-12-21 12:43 - 2018-12-28 19:24 - 000000000 ____D C:\Users\Anthony\AppData\Local\CrashDumps
2018-12-20 17:59 - 2018-12-20 17:59 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-12-20 17:59 - 2018-12-20 17:59 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-20 16:43 - 2018-12-27 09:25 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-17 15:07 - 2018-12-17 15:07 - 000715038 _____ C:\Windows\unins001.exe
2018-12-17 15:07 - 2018-12-17 15:07 - 000001788 _____ C:\Windows\unins001.dat
2018-12-17 15:07 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\system32\lagarith.dll
2018-12-17 15:06 - 2018-12-17 15:06 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264vfw
2018-12-17 15:06 - 2018-12-17 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
2018-12-17 15:06 - 2018-12-17 15:06 - 000000000 ____D C:\Program Files\x264vfw
2018-12-17 15:04 - 2018-12-17 15:04 - 000001144 _____ C:\Users\Anthony\Desktop\Dxtory.lnk
2018-12-17 15:04 - 2018-12-17 15:04 - 000000000 ____D C:\Users\Anthony\AppData\Local\Dxtory Software
2018-12-17 15:04 - 2018-12-17 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2018-12-17 15:04 - 2013-02-15 22:44 - 008300544 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec.dll
2018-12-17 15:03 - 2018-12-17 15:03 - 000000000 ____D C:\Program Files\Dxtory Software
2018-12-16 21:14 - 2018-12-30 23:52 - 000000000 ____D C:\Users\Anthony\Desktop\mods
2018-12-16 21:07 - 2018-12-16 21:07 - 000000000 ____D C:\Program Files\Rockstar Games
2018-12-16 20:55 - 2018-12-30 23:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-16 18:56 - 2018-12-28 19:15 - 000000472 _____ C:\Users\Anthony\Desktop\pass.txt
2018-12-11 16:37 - 2018-12-11 16:37 - 000000000 ____D C:\Users\Anthony\AppData\Local\mbam
2018-12-11 16:36 - 2018-12-11 16:36 - 000000000 ____D C:\Users\Anthony\AppData\Local\mbamtray
2018-12-09 23:28 - 2018-12-09 23:28 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-12-09 23:28 - 2018-12-09 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-12-08 11:35 - 2018-12-08 11:35 - 000000000 ____D C:\Users\Anthony\Documents\Activision
2018-12-08 09:00 - 2018-12-16 18:36 - 000000174 _____ C:\Windows\game.ini
2018-12-03 20:27 - 2018-12-03 23:57 - 4231110656 ____R C:\Users\Anthony\Downloads\hlm-gtasa.iso
2018-12-03 20:25 - 2018-12-03 20:25 - 004767481 _____ C:\Users\Anthony\Downloads\GTA San Andreas.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-31 00:05 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-31 00:04 - 2018-11-26 21:00 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\DMCache
2018-12-31 00:03 - 2009-07-14 00:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-31 00:03 - 2009-07-14 00:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-30 23:49 - 2018-09-22 22:15 - 000000000 ____D C:\Program Files\Steam
2018-12-30 21:00 - 2018-10-12 16:35 - 000000000 ____D C:\Users\Anthony\Documents\GTA San Andreas User Files
2018-12-30 16:58 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-12-28 19:24 - 2018-11-26 21:00 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\IDM
2018-12-28 19:24 - 2018-09-09 17:51 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\uTorrent
2018-12-28 19:24 - 2018-08-31 15:42 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\DAEMON Tools Lite
2018-12-27 21:31 - 2018-11-12 13:05 - 000000000 ____D C:\Users\Anthony\Documents\Bandicam
2018-12-27 21:22 - 2018-09-12 22:01 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-12-26 13:35 - 2018-09-08 03:10 - 000007641 _____ C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
2018-12-23 08:24 - 2018-11-11 14:09 - 000000386 __RSH C:\ProgramData\ntuser.pol
2018-12-22 17:55 - 2011-04-11 21:30 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2018-12-22 17:55 - 2011-04-11 21:30 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2018-12-22 17:55 - 2010-11-20 17:01 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-21 13:35 - 2018-11-28 18:59 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Sony
2018-12-21 13:35 - 2018-08-30 15:17 - 000000000 ____D C:\Windows\Panther
2018-12-21 13:34 - 2018-11-26 20:59 - 000000000 ____D C:\Program Files\Internet Download Manager
2018-12-20 23:23 - 2018-08-31 00:23 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-20 23:23 - 2018-08-31 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-20 23:22 - 2018-08-31 01:24 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-20 23:22 - 2018-08-31 01:24 - 000000000 ____D C:\Program Files\CCleaner
2018-12-20 23:22 - 2018-08-31 00:23 - 000000000 ____D C:\Program Files\WinRAR
2018-12-19 12:48 - 2009-07-14 00:53 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-12 17:29 - 2018-09-08 02:14 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 17:29 - 2018-09-08 02:14 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-11 23:55 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-08 08:48 - 2018-08-30 20:55 - 000000000 ____D C:\Users\Anthony\AppData\Local\VirtualStore
2018-12-06 12:58 - 2018-10-27 23:08 - 000001065 _____ C:\Users\Anthony\AppData\Roaming\downloads.json
2018-12-06 12:58 - 2018-08-31 00:46 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\discord
2018-12-03 17:05 - 2018-08-30 20:55 - 000000000 ____D C:\Users\Anthony
2018-12-01 21:22 - 2018-08-30 22:54 - 000060352 _____ C:\Users\Anthony\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2018-12-31 00:07 - 2018-12-31 00:28 - 000028672 _____ () C:\ProgramData\loader.exe
2018-10-27 23:08 - 2018-12-06 12:58 - 000001065 _____ () C:\Users\Anthony\AppData\Roaming\downloads.json
2018-09-08 03:10 - 2018-12-26 13:35 - 000007641 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\ProgramData\loader.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\d3dx9_39.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 000811520 _____ (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 20:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29.12.2018
Ran by Anthony (31-12-2018 00:32:24)
Running from C:\Users\Anthony\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-31 00:55:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1286528818-3224820591-2498979734-500 - Administrator - Disabled)
Anthony (S-1-5-21-1286528818-3224820591-2498979734-1000 - Administrator - Enabled) => C:\Users\Anthony
HomeGroupUser$ (S-1-5-21-1286528818-3224820591-2498979734-1002 - Limited - Enabled)
Invitado (S-1-5-21-1286528818-3224820591-2498979734-501 - Limited - Disabled)
Mcx1-ANTHONY-PC (S-1-5-21-1286528818-3224820591-2498979734-1003 - Limited - Enabled) => C:\Users\Mcx1-ANTHONY-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
Adobe Photoshop CS6 versión 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Audacity 2.3.0 (HKLM\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
CLEO 4.3 (HKLM\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dxtory version 2.0.122 (HKLM\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hot Keyboard Pro 2.8 (HKLM\...\Hot Keyboard Pro_is1) (Version: 2.8 - TB Labs)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24516 (HKLM\...\{B4EB15A2-6582-346E-8501-B6E907F23B80}) (Version: 14.0.24516 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24516 (HKLM\...\{7B82F823-A226-3463-B438-AF4DDDE2B810}) (Version: 14.0.24516 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\{DB70246D-50D3-3A3D-A3F5-DA825C063990}) (Version: 10.0.60830 - Microsoft Corporation)
Movie Studio Platinum 13.0 (HKLM\...\{C07796C0-7C69-11E3-8E39-F04DA23A5C58}) (Version: 13.0.878 - Sony)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8514 - Realtek Semiconductor Corp.)
SHOUTcast Source DSP Plug-in v2 (HKLM\...\SHOUTcast Source DSP) (Version: 2.3.3 - Nullsoft, Inc)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
WinRAR 5.61 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2018-05-12] (Tonec Inc.)
ContextMenuHandlers1: [HotKeyboard] -> {9493BF10-6A0A-11D3-AFB2-00C06C397814} => C:\Program Files\Hot Keyboard Pro\hkshext.dll [2003-10-10] (TB Labs)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-13] (Intel Corporation)
ContextMenuHandlers6: [HotKeyboard] -> {9493BF10-6A0A-11D3-AFB2-00C06C397814} => C:\Program Files\Hot Keyboard Pro\hkshext.dll [2003-10-10] (TB Labs)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F435CEA-56ED-484B-84F2-D7FDACA12A5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-09-08] (Google Inc.)
Task: {20A87C4C-0961-4803-9A0D-2741D818637A} - System32\Tasks\{6065061F-72F6-4E21-A448-1B25BEA64A26} => C:\Windows\system32\pcalua.exe -a "C:\Users\Anthony\Downloads\Gta SA.exe" -d C:\Users\Anthony\Downloads
Task: {2E9CBA4B-1122-44C3-9076-85CE68979A87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {491C9317-CC56-4D65-A6EC-2784D1D7D4D1} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ANTHONY-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {614317E9-ED7B-49BB-ACA5-D13A8AC501FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-20] (AVAST Software)
Task: {97F853BD-FD66-4C8C-83CD-4C7C7C986585} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-09-08] (Google Inc.)
Task: {AF0EAECC-F544-4FDB-9145-8D13226CC0C5} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe
Task: {D7011326-5C12-4F92-A13F-037A702A2844} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {E974AD66-4F0C-47B9-B796-26DAAF6C5611} - System32\Tasks\bandicam_start => C:\Program Files\Bandicam\bdcam.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Authy.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb
ShortcutWithArgument: C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-10-20 00:15 - 2003-03-17 17:09 - 000008736 _____ () C:\Program Files\Hot Keyboard Pro\hkhook21.dll
2018-04-30 07:20 - 2018-04-30 07:20 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-12-30 23:56 - 2018-09-12 17:57 - 002281640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-12-30 23:56 - 2018-09-12 11:35 - 002230048 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-12 17:29 - 2018-12-12 00:58 - 002260960 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-12 17:29 - 2018-12-12 00:58 - 000128480 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [650]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [650]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [650]
AlternateDataStreams: C:\ProgramData\Datos de programa:NT [40]
AlternateDataStreams: C:\ProgramData\Datos de programa:NT2 [650]
AlternateDataStreams: C:\Users\Anthony\Datos de programa:NT [40]
AlternateDataStreams: C:\Users\Anthony\Datos de programa:NT2 [650]
AlternateDataStreams: C:\Users\Anthony\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Anthony\AppData\Roaming:NT2 [650]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-16 12:07 - 2018-12-30 23:56 - 000000253 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0                   telemetry.malwarebytes.com
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-1286528818-3224820591-2498979734-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.109.78.12 - 200.44.32.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CF4742A1-CB34-481A-BF60-BFEAEDC8307C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{33DF1700-1779-4006-B417-524DC0005174}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7AE35F14-5DCD-482E-9AAD-823624591F6D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{F4E2636D-4508-4B54-A6F2-6FBA9C30A2E3}] => (Allow) C:\Users\Anthony\AppData\Local\Temp\7ZipSfx.007\bin\tools\aria2c.exe No File
FirewallRules: [{83009017-9E03-4F2A-8DDA-E3D9A5EC2503}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe No File
FirewallRules: [{3E22622D-9DCD-440F-94DC-AE4FF9A9B175}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe No File
FirewallRules: [TCP Query User{EC72E0E2-38A8-4BCA-93D2-9BBCB1D8376D}C:\games\counter-strike warzone\hl.exe] => (Allow) C:\games\counter-strike warzone\hl.exe No File
FirewallRules: [UDP Query User{21E1B5F0-C94A-4D8F-AEED-19561184D305}C:\games\counter-strike warzone\hl.exe] => (Allow) C:\games\counter-strike warzone\hl.exe No File
FirewallRules: [TCP Query User{FA2C5DB5-D1A9-4840-8DFB-425037EB3638}C:\program files\minecraft\runtime\jre-x32\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\minecraft\runtime\jre-x32\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{50F55699-C47C-433C-9CE3-0CDB89C9932E}C:\program files\minecraft\runtime\jre-x32\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\minecraft\runtime\jre-x32\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{A21B6053-E8BE-4F43-A3CB-B876FCD38418}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{C7860282-591A-49C9-80D6-5A32F34A7C3D}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{940C5151-BC14-4BD7-8F57-EFB237CEC0B7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{AF10804B-71C2-4405-932A-4726E5809D14}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [TCP Query User{C4D41C24-0540-40DB-8088-AFE84CB6CA60}C:\warzone\counter strike source warzone\hl2.exe] => (Allow) C:\warzone\counter strike source warzone\hl2.exe No File
FirewallRules: [UDP Query User{03B9F5F9-1B86-459D-819F-C6052154BC4E}C:\warzone\counter strike source warzone\hl2.exe] => (Allow) C:\warzone\counter strike source warzone\hl2.exe No File
FirewallRules: [TCP Query User{CFCF3D61-B6E9-45D9-B9B3-E198CDE26482}C:\games\counter-strike warzone\hlds.exe] => (Allow) C:\games\counter-strike warzone\hlds.exe No File
FirewallRules: [UDP Query User{D1C5C13A-9C2E-4487-A789-556D59AE76D4}C:\games\counter-strike warzone\hlds.exe] => (Allow) C:\games\counter-strike warzone\hlds.exe No File
FirewallRules: [{71191C4C-8766-4233-AF9C-8377B0DF5A89}] => (Allow) C:\games\counter-strike warzone\hl.exe No File
FirewallRules: [{060DFD36-8BDE-41C6-95D3-324CA1F0375C}] => (Allow) C:\games\counter-strike warzone\hl.exe No File
FirewallRules: [{102C8326-B469-40EF-9AAE-1F4BABCF485B}] => (Allow) C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
FirewallRules: [TCP Query User{5FBF53D3-188C-4FF6-B3E0-B9060A22F03C}C:\users\anthony\desktop\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\anthony\desktop\samp037_svr_r2-1-1_win32\samp-server.exe No File
FirewallRules: [UDP Query User{0E619DB0-213B-4192-B6DD-3A78E0D3EF6F}C:\users\anthony\desktop\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\anthony\desktop\samp037_svr_r2-1-1_win32\samp-server.exe No File
FirewallRules: [{0E036A38-C2D3-42FE-8624-8CE053543159}] => (Allow) C:\Users\Anthony\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{944C9B68-B71B-47F7-86B7-4CF2A6372B39}] => (Allow) C:\Users\Anthony\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{AC3FFE97-31DE-44F2-992B-E1E77F83556C}C:\program files\rockstar games\gta san andreas\gta_sa.exe] => (Allow) C:\program files\rockstar games\gta san andreas\gta_sa.exe ()
FirewallRules: [UDP Query User{C65DB6DD-5FB3-44C1-B4FB-D6A0BF9D04FD}C:\program files\rockstar games\gta san andreas\gta_sa.exe] => (Allow) C:\program files\rockstar games\gta san andreas\gta_sa.exe ()
FirewallRules: [{C3D8EFDA-04C8-4B28-8FC1-AA46C9960146}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{6B6C677A-0A15-4B19-91C6-0EDFBBE53A3E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{A7F000D8-F4E5-4C02-BDB1-450F17D6FB02}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{5C9F4743-0734-432F-911D-FFC6CE878652}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{87975D28-6D65-4C09-85B6-BF1F389CA6EB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{8CE9EE3F-F327-4C3A-AB14-0AB3A85AD4C2}] => (Allow) C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe No File
FirewallRules: [{57640F1D-6649-4565-B9D1-DED92656E684}] => (Allow) C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe No File

==================== Restore Points =========================

26-12-2018 13:01:19 Instalado GTA San Andreas
27-12-2018 21:15:22 Eliminado GTA San Andreas
27-12-2018 21:22:31 Instalado GTA San Andreas
30-12-2018 18:33:02 Installed Minecraft
30-12-2018 19:31:39 Removed Minecraft
30-12-2018 23:07:29 Malwarebytes Anti-Rootkit Restore Point
30-12-2018 23:31:53 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Módem PCI
Description: Módem PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2018 12:05:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/31/2018 12:05:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (12/31/2018 12:05:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9

Error: (12/31/2018 12:04:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/31/2018 12:03:34 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (12/31/2018 12:03:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9

Error: (12/31/2018 12:02:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acc47
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000061
Id. del proceso con errores: 0xda8
Hora de inicio de la aplicación con errores: 0x01d4a0bcd96f20b5
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: f3e983b6-0cb0-11e9-8ac8-90e6ba77f927

Error: (12/30/2018 11:56:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (12/31/2018 12:05:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio ICEsound Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/31/2018 12:05:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio ICEsound Service.

Error: (12/31/2018 12:03:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio ICEsound Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/31/2018 12:03:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio ICEsound Service.

Error: (12/30/2018 11:55:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio ICEsound Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/30/2018 11:55:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio ICEsound Service.

Error: (12/30/2018 11:09:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio ICEsound Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/30/2018 11:09:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio ICEsound Service.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 65%
Total physical RAM: 2013.24 MB
Available physical RAM: 684.92 MB
Total Virtual: 4026.48 MB
Available Virtual: 2636.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:194.05 GB) NTFS
Drive f: (GTA_SAN_ANDREAS) (CDROM) (Total:3.94 GB) (Free:0 GB) UDF

\\?\Volume{f3fe8888-ac80-11e8-bbf4-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#7

El ordenador es de un amigo, no tengo idea de qué cosas habrá descargado por allí, entonces le estoy ayudando a eliminar esos virus de su pc


#8

Hola @storkiv

Ejecutaste Farbar desde un lugar incorrecto:

C:\Users\Anthony\ Downloads

FRST tiene que ser descargada y ejecutada desde el escritorio.

Corta el ejecutable de tu carpeta descargas y lo pegas en el escritorio.

Al reporte de Farbar le falta unas lineas de arriba, y también falta que pegues el reporte del Adittion.

Salu2.