Checkpoint SandBlast agent...¿probable infección?


#1

Buenas noches: Me apena regresar con un problema al foro, pero necesito ayuda y Uds son especiales en esto. Hace cerca de 2 meses instalé el firewall de ZoneAlarm para probar como iba (deshabilitando el de Windows). Todo bien hasta hace varios dias que el pc comenzó a ponerse lento, bastante lento y observé que el led del HD se quedaba fijo constantemente. Primero chequeé el disco -sin problemas- y luego verifiqué en el Monitor de Recursos qué era lo que desbordaba el HD. Resultó ser que -parece- la instalación del Zone Alarm venía “premiada”: Se me ha instalado un software de Checkpoint con los siguientes servicios corriendo—TESvc [Checkpoint Sandblast Agent Threat Emulation], Remediation Service [Checkpoint Endpoint Remediation], CpSbaUpdater [Checkpoint Sandblast Agent Updater] y CpSbaCipolla [Checkpoint Sandblast Agent Cipolla]. Por supuesto que concientemente no he instalado nada de este programa. No aparece Checkpoint en la lista de programas instalados, pero en C me aparece una carpeta Checkpoint tanto en Program Files como en Program Data. Tambien me han aparecido en las bibliotecas del usuario principal y de acceso público (Docus, Imagenes, música y videos) dos carpetas con nombres “Check-Point Security Folder Do not remove”, “0Check-Point0Security0Data Do not Discard”. He pasado el Farbar Recovery para adelantar el trabajo y aquí les pego los informes, por favor estaré inmensamente agradecido si pueden darme soluciones y desvelar este “misterio” de malware:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
Ran by Chall (administrator) on CHALL-PC (03-11-2018 09:38:04)
Running from C:\Users\Chall\Desktop\ULTIMATE KILLERS
Loaded Profiles: Chall (Available Profiles: Chall)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CANON INC.) C:\Windows\System32\CAP3RSK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CAP3SWK.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-22] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{9F8CFC05-B512-4BE1-9087-6DFCE53C001B}: [DhcpNameServer] 80.58.61.254 80.58.61.250

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-323702564-4217161790-1439062527-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-323702564-4217161790-1439062527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2018-03-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKU\S-1-5-21-323702564-4217161790-1439062527-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR Profile: C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default [2018-10-30]
CHR Extension: (Presentaciones) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-01]
CHR Extension: (Documentos) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-01]
CHR Extension: (Google Drive) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-01]
CHR Extension: (YouTube) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-01]
CHR Extension: (Hojas de cálculo) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-01]
CHR Extension: (Avast Online Security) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-01]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-01]
CHR Extension: (Gmail) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\Chall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6800144 2018-10-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-22] (AVAST Software)
S2 CPEFR; C:\Program Files\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 CpSbaUpdater; C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 RemediationService; C:\Program Files\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.)
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 TESvc; C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167648 2018-10-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188952 2018-10-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165552 2018-10-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284424 2018-10-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [58072 2018-10-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [139008 2018-10-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42912 2018-10-22] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40864 2018-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135368 2018-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101152 2018-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72968 2018-10-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784728 2018-10-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397136 2018-10-22] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [157112 2018-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310880 2018-10-22] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2018-04-20] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173496 2018-10-29] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-10-29] (Malwarebytes)
S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [14936 2013-01-25] (Scott)
R1 vcdrom; D:\Appls\IMG_reader\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\Users\Chall\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2018-04-20] (Huawei Technologies Co., Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-02 10:41 - 2018-11-03 09:38 - 000000000 ____D C:\FRST
2018-11-01 21:23 - 2018-11-01 21:30 - 000000000 ____D C:\Users\Chall\Desktop\INFOSPYware
2018-11-01 20:01 - 2018-11-01 20:01 - 000000000 ____D C:\KVRT_Data
2018-11-01 11:12 - 2018-11-01 11:12 - 000000000 ____D C:\Windows\Standalone System Sweeper
2018-10-31 16:56 - 2018-10-31 17:21 - 000205016 _____ C:\TDSSKiller.3.1.0.17_31.10.2018_16.56.22_log.txt
2018-10-31 16:38 - 2018-10-31 16:52 - 000002124 _____ C:\Users\Chall\Desktop\Rkill.txt
2018-10-31 15:57 - 2018-11-02 10:43 - 000000000 ____D C:\Users\Chall\Desktop\ULTIMATE KILLERS
2018-10-30 23:17 - 2018-11-02 10:38 - 000104372 _____ C:\Windows\ntbtlog.txt
2018-10-29 20:47 - 2018-10-29 20:47 - 000173496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-29 20:46 - 2018-10-29 20:46 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-28 21:46 - 2018-10-28 21:46 - 006985848 _____ (ESET spol. s r.o.) C:\Users\Chall\Downloads\esetonlinescanner_esn (1).exe
2018-10-28 20:29 - 2018-10-28 20:30 - 080022264 _____ (Malwarebytes ) C:\Users\Chall\Downloads\mb3-setup-2005.2005-3.6.1.2711-1.0.463-1.0.6913.exe
2018-10-28 16:30 - 2018-10-28 16:31 - 018072104 _____ (Piriform Ltd) C:\Users\Chall\Downloads\ccsetup548.exe
2018-10-26 14:01 - 2018-10-26 14:01 - 000000000 ____D C:\Users\Chall\AppData\Local\Acronis_International_Gmb
2018-10-26 13:55 - 2018-10-28 16:10 - 000000000 ____D C:\ProgramData\Acronis
2018-10-26 13:44 - 2018-10-26 13:44 - 000000000 _____ C:\Windows\cpepmon.mlf
2018-10-25 11:33 - 2018-10-25 11:33 - 000000000 ____D C:\Users\Chall\AppData\Local\Foxit Reader
2018-10-24 12:21 - 2018-10-24 12:21 - 002969488 _____ (BitTorrent Inc.) C:\Users\Chall\Downloads\uTorrent.exe
2018-10-24 09:49 - 2018-10-24 10:00 - 000000000 ____D C:\Program Files\Solvusoft
2018-10-24 09:49 - 2018-10-24 09:59 - 000000000 ____D C:\Users\Chall\AppData\Roaming\Solvusoft
2018-10-23 20:18 - 2018-10-23 20:18 - 000143505 _____ C:\Users\Chall\Downloads\Extracto_Movimientos_Tarjeta (5).pdf
2018-10-23 20:01 - 2018-10-23 20:01 - 000019696 _____ C:\Users\Chall\Downloads\SEAL_Team_1x15.torrent
2018-10-23 20:00 - 2018-10-23 20:00 - 000022729 _____ C:\Users\Chall\Downloads\SEAL_Team_1x22.torrent
2018-10-23 20:00 - 2018-10-23 20:00 - 000021429 _____ C:\Users\Chall\Downloads\SEAL_Team_1x21.torrent
2018-10-23 20:00 - 2018-10-23 20:00 - 000020065 _____ C:\Users\Chall\Downloads\SEAL_Team_1x20.torrent
2018-10-23 20:00 - 2018-10-23 20:00 - 000019765 _____ C:\Users\Chall\Downloads\SEAL_Team_1x19.torrent
2018-10-23 20:00 - 2018-10-23 20:00 - 000019044 _____ C:\Users\Chall\Downloads\SEAL_Team_1x18.torrent
2018-10-23 19:59 - 2018-10-23 19:59 - 000019894 _____ C:\Users\Chall\Downloads\SEAL_Team_1x13.torrent
2018-10-23 19:59 - 2018-10-23 19:59 - 000019862 _____ C:\Users\Chall\Downloads\SEAL_Team_1x12.torrent
2018-10-23 19:59 - 2018-10-23 19:59 - 000019574 _____ C:\Users\Chall\Downloads\SEAL_Team_1x14.torrent
2018-10-23 19:59 - 2018-10-23 19:59 - 000019497 _____ C:\Users\Chall\Downloads\SEAL_Team_1x17.torrent
2018-10-23 19:59 - 2018-10-23 19:59 - 000019497 _____ C:\Users\Chall\Downloads\SEAL_Team_1x16.torrent
2018-10-23 19:59 - 2018-10-23 19:59 - 000016355 _____ C:\Users\Chall\Downloads\SEAL_Team_1x15_720p.torrent
2018-10-23 19:58 - 2018-10-23 19:58 - 000019923 _____ C:\Users\Chall\Downloads\SEAL_Team_1x11.torrent
2018-10-23 19:58 - 2018-10-23 19:58 - 000019923 _____ C:\Users\Chall\Downloads\SEAL_Team_1x10.torrent
2018-10-23 19:58 - 2018-10-23 19:58 - 000019642 _____ C:\Users\Chall\Downloads\SEAL_Team_1x09.torrent
2018-10-23 19:58 - 2018-10-23 19:58 - 000019502 _____ C:\Users\Chall\Downloads\SEAL_Team_1x08.torrent
2018-10-22 08:37 - 2018-10-22 08:34 - 000040864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-10-22 08:36 - 2018-10-22 08:34 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-10-18 14:16 - 2018-10-18 14:18 - 000000000 ___RD C:\Users\Chall\Desktop\EXPENCES
2018-10-18 10:19 - 2018-10-18 10:21 - 000000777 _____ C:\Users\Chall\Desktop\CALIBRE BOOKS.lnk
2018-10-18 10:05 - 2018-10-18 10:06 - 000000000 ____D C:\Calibre Portable
2018-10-18 09:42 - 2018-10-18 09:42 - 000000000 ____D C:\Users\Chall\AppData\Local\calibre-cache
2018-10-18 09:40 - 2018-10-18 09:42 - 000000000 ____D C:\Users\Chall\AppData\Roaming\calibre
2018-10-17 18:38 - 2001-12-19 10:45 - 000008576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VCdRom.sys
2018-10-17 18:19 - 2018-10-17 18:19 - 000061064 _____ C:\Users\Chall\Documents\winxpvirtualcdcontrolpanel_21.exe
2018-10-13 09:03 - 2018-10-13 09:03 - 000490553 _____ C:\Users\Chall\Downloads\2018_10_182811000476215.pdf
2018-10-10 18:19 - 2018-10-10 18:19 - 004638800 _____ C:\Users\Chall\Downloads\286410-IRAN.pdf
2018-10-10 12:49 - 2018-10-10 12:50 - 000000000 ____D C:\Users\Chall\Documents\Jama -como hacer
2018-10-09 20:41 - 2018-10-25 14:53 - 000000000 ____D C:\Users\Chall\AppData\Roaming\MPC-HC
2018-10-09 20:25 - 2018-10-09 20:38 - 000000000 ____D C:\ProgramData\Vso
2018-10-09 20:25 - 2018-10-09 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2018-10-09 20:25 - 2018-10-09 20:25 - 000000000 ____D C:\Program Files\VSO
2018-10-09 20:24 - 2018-10-09 20:25 - 000000000 ____D C:\Users\Chall\AppData\Roaming\VSO
2018-10-09 20:24 - 2018-10-09 20:23 - 002225624 _____ C:\Users\Chall\Documents\WebInstall_vmp.exe
2018-10-09 20:23 - 2018-10-09 20:23 - 002225624 _____ C:\Users\Chall\Downloads\WebInstall_vmp.exe
2018-10-08 20:53 - 2018-10-08 20:53 - 000000000 ____D C:\Program Files\GRETECH
2018-10-08 16:39 - 2018-10-30 21:39 - 000000000 ____D C:\Users\Chall\AppData\Roaming\vlc
2018-10-08 16:27 - 2018-10-08 16:27 - 040210008 _____ C:\Users\Chall\Downloads\vlc-3.0.4-win32 (2).exe
2018-10-08 14:29 - 2018-10-08 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-10-07 20:27 - 2018-10-07 20:27 - 000000000 ____D C:\Program Files\MPC-HC
2018-10-07 19:50 - 2018-10-07 19:49 - 018737949 _____ C:\Users\Chall\Documents\MPC-HC.1.7.13.x86.zip
2018-10-07 12:29 - 2018-10-10 07:44 - 000000000 ____D C:\Program Files\DVDVideoSoft
2018-10-07 12:29 - 2018-10-10 07:43 - 000000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2018-10-07 12:29 - 2018-10-07 12:29 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2018-10-07 12:29 - 2018-10-07 12:29 - 000000000 ____D C:\Program Files\FreeCodecPack
2018-10-07 12:28 - 2018-10-10 07:43 - 000000000 ____D C:\Users\Chall\AppData\Roaming\DVDVideoSoft
2018-10-06 22:41 - 2018-10-06 22:41 - 004047008 _____ (SOSVirus) C:\Users\Chall\Downloads\UsbFix_11.002.exe
2018-10-06 08:04 - 2018-10-06 08:04 - 000000000 ___SD C:\Users\Public\Documents\0Check-Point0Security0DataDo NotDiscard
2018-10-06 08:04 - 2018-10-06 08:04 - 000000000 ___SD C:\Users\Chall\Documents\ Check Point Security FolderDo not Remove
2018-10-05 21:22 - 2018-10-15 07:53 - 000000000 ____D C:\Program Files\UsbFix
2018-10-05 21:11 - 2018-10-05 21:12 - 000000000 ____D C:\Users\Chall\Downloads\FightersNEW
2018-10-05 20:56 - 2018-10-05 20:56 - 000415378 _____ C:\Users\Chall\Downloads\04-10-2018_Facturacion_AB5ZU0010011.pdf
2018-10-05 15:31 - 2018-10-05 15:31 - 006985848 _____ (ESET spol. s r.o.) C:\Users\Chall\Downloads\esetonlinescanner_esn.exe
2018-10-05 15:15 - 2018-10-05 15:15 - 000000000 ____D C:\Users\Chall\AppData\Local\mbamtray
2018-10-05 15:15 - 2018-10-05 15:15 - 000000000 ____D C:\Users\Chall\AppData\Local\mbam
2018-10-05 15:14 - 2018-10-29 20:44 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-10-05 15:14 - 2018-10-05 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-05 03:38 - 2018-11-01 11:21 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-03 09:04 - 2017-08-02 13:40 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-03 09:04 - 2017-08-02 13:40 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-03 08:41 - 2009-07-14 04:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-01 00:11 - 2018-02-22 21:34 - 000007670 _____ C:\Users\Chall\AppData\Local\resmon.resmoncfg
2018-10-31 17:44 - 2017-08-02 12:51 - 000006188 _____ C:\Windows\system32\PerfStringBackup.TMP
2018-10-31 17:44 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf
2018-10-31 09:21 - 2018-08-14 15:30 - 000000000 ____D C:\ProgramData\CheckPoint
2018-10-30 23:19 - 2018-08-14 15:36 - 000000000 ____D C:\Program Files\CheckPoint
2018-10-30 23:06 - 2018-01-22 12:12 - 000000000 ____D C:\Users\Chall\Desktop\TECHIES
2018-10-30 21:06 - 2018-04-08 16:07 - 000000000 ____D C:\Users\Chall\Documents\FIGHTERS
2018-10-28 21:47 - 2017-08-31 18:13 - 000000000 ____D C:\Users\Chall\AppData\Local\ESET
2018-10-28 20:27 - 2018-08-13 09:45 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-10-28 16:35 - 2017-07-29 20:12 - 000000000 ____D C:\Program Files\CCleaner
2018-10-28 16:26 - 2017-07-28 09:12 - 000000000 ____D C:\Users\Chall
2018-10-28 16:22 - 2018-08-27 15:37 - 000000000 ____D C:\Users\Chall\AppData\Roaming\Foxit Software
2018-10-28 16:20 - 2018-08-27 15:38 - 000000000 ____D C:\ProgramData\Foxit Software
2018-10-28 16:10 - 2018-08-14 15:56 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-26 14:24 - 2017-09-09 11:25 - 000000000 ____D C:\Users\Chall\AppData\Local\CrashDumps
2018-10-26 07:39 - 2018-10-01 16:30 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-25 14:53 - 2018-02-18 20:28 - 000000000 ____D C:\Windows\Minidump
2018-10-25 14:53 - 2017-10-13 17:38 - 000000000 ____D C:\Users\Chall\AppData\Roaming\uTorrent
2018-10-24 12:27 - 2018-08-06 10:00 - 000000000 ____D C:\Users\Chall\Downloads\APPL's
2018-10-24 09:50 - 2009-07-14 02:04 - 000000466 _____ C:\Windows\win.ini
2018-10-23 20:18 - 2018-01-11 20:57 - 000000000 ____D C:\Users\Chall\Documents\3-BBVA-Extractos Mensuales
2018-10-23 09:23 - 2017-07-28 18:28 - 000000000 ____D C:\Windows\system32\MRT
2018-10-23 09:20 - 2017-07-28 09:11 - 133674168 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-22 08:35 - 2017-11-10 11:43 - 000167648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000397136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000310880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000157112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000135368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000072968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-10-22 08:35 - 2017-07-28 13:21 - 000042912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-10-22 08:34 - 2017-07-28 13:21 - 000784728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-10-22 08:33 - 2017-12-22 11:00 - 000139008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-10-22 08:33 - 2017-07-28 13:21 - 000284424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-10-22 08:33 - 2017-07-28 13:21 - 000188952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-10-22 08:33 - 2017-07-28 13:21 - 000165552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-10-22 08:33 - 2017-07-28 13:21 - 000058072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-10-19 17:58 - 2017-07-29 18:37 - 000000000 ____D C:\Users\Chall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-19 17:58 - 2017-07-29 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-19 17:57 - 2017-07-29 18:37 - 000000000 ____D C:\Program Files\WinRAR
2018-10-14 19:58 - 2017-08-28 14:48 - 000000000 ____D C:\Users\Chall\AppData\Roaming\dvdcss
2018-10-12 10:40 - 2009-07-14 04:53 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-10-08 16:48 - 2018-05-22 12:06 - 000000886 _____ C:\Users\Chall\Desktop\H-THE BRAVE.lnk
2018-10-07 11:49 - 2017-07-29 20:10 - 000000000 ____D C:\Users\Chall\Downloads\Appls
2018-10-05 15:14 - 2018-08-29 12:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-04 17:25 - 2018-07-20 14:57 - 000000000 ____D C:\Program Files\Hard Disk Sentinel

==================== Files in the root of some directories =======

2018-04-23 19:06 - 2018-04-23 19:06 - 000000337 _____ () C:\Users\Chall\AppData\Local\Perfmon.PerfmonCfg
2018-02-22 21:34 - 2018-11-01 00:11 - 000007670 _____ () C:\Users\Chall\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-25 12:05

==================== End of FRST.txt ============================

NOTA: Tengo un segundo informe adicional que creó FSRT pero no me cabe en el mensaje, ¿como se los envio? Muchas Gracias por adelantado, esperando vuestro contacto les saluda…Rebin


#2

Hola @Rebin

Has desinstalado ZoneAlarm.??

Sigue estos pasos para adjuntar el ainforme/archivo que no puedes :arrow_right: Adjuntar archivos en un tema


#3

Hola Javier (saludos y gracias Daniela): En cuanto comenzó la lentitud del pc lo primero que hice fué desinstalar el Zone Alarm (tuve que usar la herramienta de ellos (CLEAN)) porque desde el desinstalador de windows se quedaba colgado. Me he fijado que en la carpeta Checkpoint que está en C://Programs Files hay una subcarpeta ICM vinculada a ZoneAlarm.

Les dejo el otro informe de FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Chall (03-11-2018 09:54:43)
Running from C:\Users\Chall\Desktop\ULTIMATE KILLERS
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2017-07-28 09:11:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-323702564-4217161790-1439062527-500 - Administrator - Disabled)
Chall (S-1-5-21-323702564-4217161790-1439062527-1000 - Administrator - Enabled) => C:\Users\Chall
Guest (S-1-5-21-323702564-4217161790-1439062527-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-323702564-4217161790-1439062527-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
Apple Application Support (32 bits) (HKLM\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3EF2AB0E-A0BD-42CE-BF5E-D817527C9B6F}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon LASER SHOT LBP-1120 (HKLM\...\Canon LASER SHOT LBP-1120) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Evernote v. 6.11.2 (HKLM\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.30 - Janos Mathe)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iCloud (HKLM\...\{625E52CB-61F3-4FC0-916A-4E144948A023}) (Version: 7.3.0.20 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{E8984F32-20C5-41C7-898E-FBFA15B21C09}) (Version: 12.9.0.167 - Apple Inc.)
LibreOffice 5.4.0.3 (HKLM\...\{A58CEA35-2B5F-4720-B5BE-D0B6A1E645FB}) (Version: 5.4.0.3 - The Document Foundation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110C0A-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Security Task Manager 2.3 (HKLM\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO Media Player 1.6.19.528 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.6.19.528 - VSO Software)
WinRAR 5.61 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-10-22] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-10-22] (AVAST Software)
ContextMenuHandlers1: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-10-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
ContextMenuHandlers4: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-10-22] (AVAST Software)
ContextMenuHandlers6: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C9A938-7585-4BB7-A294-F726190C3503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-01] (Google Inc.)
Task: {2140DE2C-1CEE-499B-8219-76EB1E9A591F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-22] (AVAST Software)
Task: {3EFD2413-511C-4A89-94D3-E74612B62108} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-28] (AVAST Software)
Task: {58439362-4E85-4E57-AE2D-46BC1D9D27F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-10-23] (Piriform Ltd)
Task: {69A6FEC2-481D-4B53-B215-CFBD3C36F1A9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B3C59338-BB51-4102-9223-A27B6374A333} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-01] (Google Inc.)
Task: {DAED3452-D66F-492E-93DC-011BF9212ED1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-10-23] (Piriform Ltd)
Task: {E67CC5BB-DD5A-44D1-8AB6-9465D67F2077} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {F1E52FA0-B287-4A6C-AF33-283E4A51CC61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-22 08:34 - 2018-10-22 08:34 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-10-22 08:34 - 2018-10-22 08:34 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-10-22 08:34 - 2018-10-22 08:34 - 000496856 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-10-22 08:33 - 2018-10-22 08:33 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-10-22 08:34 - 2018-10-22 08:34 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-11-03 08:42 - 2018-11-03 08:42 - 005713040 _____ () C:\Program Files\AVAST Software\Avast\defs\18110300\algo.dll
2018-03-13 13:27 - 2018-03-13 13:27 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-10-23 11:22 - 2018-10-23 11:22 - 000098376 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-03-20 07:49 - 2018-03-20 07:49 - 000035064 _____ () C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
2018-03-22 18:42 - 2018-03-22 18:42 - 000063224 _____ () C:\Program Files\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2018-03-22 18:42 - 2018-03-22 18:42 - 000059128 _____ () C:\Program Files\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\google.es -> hxxps://www.google.es
IE trusted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2018-11-01 19:47 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-323702564-4217161790-1439062527-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LASER SHOT LBP-1120 Status Window.LNK => 
MSCONFIG\startupfolder: C:^Users^Chall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => 
MSCONFIG\startupreg: CAP3ON => C:\Windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: vidnotifier.exe => C:\Program Files\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [RVM-VDS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\vds.exe
FirewallRules: [RVM-VDSLDR-In-TCP-NoScope] => (Block) %SystemRoot%\system32\vdsldr.exe
FirewallRules: [RVM-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-VDS-In-TCP] => (Block) %SystemRoot%\system32\vds.exe
FirewallRules: [RVM-VDSLDR-In-TCP] => (Block) %SystemRoot%\system32\vdsldr.exe
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [FPS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteSvcAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\services.exe
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteSvcAdmin-In-TCP] => (Block) %SystemRoot%\system32\services.exe
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [RemoteDesktop-UserMode-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{F969FC11-386E-4642-8915-D528ED8FF087}] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [{472B9BB8-DEB1-430F-88FA-3332B27A3BD4}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{A0F0B39B-9121-44E3-9FC0-9F44DE61066C}] => (Allow) C:\Users\Chall\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C19AD6E2-45DD-4B97-8916-F4024401705C}] => (Allow) C:\Users\Chall\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CD6D1F1-35DA-4076-99AB-050E09B5345F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FC2BFD1C-6B64-44E1-9B33-D71BC5D581CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C47CAEF9-90BA-47DB-8883-F522AA69FECA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F66855F4-F65C-44F8-8E9B-BD35A70AFC3D}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{EFA1D925-EB4F-4373-AD8A-B50C6625501D}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{42BD2460-3191-4E71-9DA9-F573233C4694}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4746B600-DD1B-40CF-8DE8-553AC6ED24FD}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EC6201FF-012A-4D7C-8A99-1AAD2EC8E219}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{D55B5C73-5892-445D-A8CF-88E968899350}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CAA6C7AE-8FE4-4081-8178-F7CE11FE1AAE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F9A528DF-2F41-4291-83E1-354F24EC6DEA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B68ADC5B-8155-42EF-B489-337C1123B2E5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B812DEF7-33B1-4131-8D64-BC8E93C735D2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{CCDE801D-3385-42AE-94D7-E6D059DB6D3C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6F467A1F-36E7-42DE-95FA-41B153911850}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D0BCC192-92D4-4466-8495-54F1D8334624}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4F5E9174-407A-4C02-95E7-CBA22B313EAE}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{CA8DF502-9797-4546-9909-DB15FB4F568B}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{8FADCD4F-E0FE-40A1-9311-DFEAC0B1F663}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{7666F996-4297-4F9D-B735-4ACCBDE88F09}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{D27D3E76-FA90-4DCB-8FFD-D76C972B5C07}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{C1A87AD7-497E-44EF-84F3-57E5D4205FF4}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{2CBFED26-9A1E-43C7-B69E-A38A2FD7773A}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

30-10-2018 22:04:01 Revo Uninstaller's restore point - ZoneAlarm Free Firewall
31-10-2018 16:12:59 Revo Uninstaller's restore point - ZoneAlarm Free Firewall

==================== Faulty Device Manager Devices =============

Name: Controlador de teclado de Terminal Server
Description: Controlador de teclado de Terminal Server
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Dispositivos de sistema estándar)
Service: TermDD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Controlador de mouse de Terminal Server
Description: Controlador de mouse de Terminal Server
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Dispositivos de sistema estándar)
Service: TermDD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Controlador de enumerador de unidades virtuales de Microsoft
Description: Controlador de enumerador de unidades virtuales de Microsoft
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Dispositivos de sistema estándar)
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Adaptador ISATAP de Microsoft
Description: Adaptador ISATAP de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #2
Description: Adaptador ISATAP de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (L2TP)
Description: Minipuerto WAN (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (Monitor de red)
Description: Minipuerto WAN (Monitor de red)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (IP)
Description: Minipuerto WAN (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (IPv6)
Description: Minipuerto WAN (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (PPPOE)
Description: Minipuerto WAN (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (PPTP)
Description: Minipuerto WAN (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Minipuerto WAN (SSTP)
Description: Minipuerto WAN (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2018 09:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TESvc.exe, versión: 8.60.4.9051, marca de tiempo: 0x5addcfd7
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0x80131623
Desplazamiento de errores: 0x0459b3e7
Id. del proceso con errores: 0xab0
Hora de inicio de la aplicación con errores: 0x01d4735bb4d94de0
Ruta de acceso de la aplicación con errores: C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: fb554a4e-df4e-11e8-b981-d0509936c52a

Error: (11/03/2018 09:58:16 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: TESvc.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Time: 2018-11-03 09:58:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't connect to cpepmon: -2147024894
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean psmonEnabled, Boolean cpepmonEnabled, Int32 maxFileSize, List`1 signatures, List`1 processExclusions)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at EPNetUtils.Helper.FailureHandling.UnhandledExceptionHelper.WriteCrashEventLogAndExit(System.String, System.Exception)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.UnhandledExceptionCallback(System.Object, System.UnhandledExceptionEventArgs)
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean, Boolean, Int32, System.Collections.Generic.List`1<CheckPoint.ThreatEmulation.Infrastructure.FileType.Signature>, System.Collections.Generic.List`1<CheckPoint.ThreatEmulation.Infrastructure.File.ExclusionEntry>)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (11/03/2018 09:58:03 AM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2018-11-03 09:58:03Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't connect to cpepmon: -2147024894
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean psmonEnabled, Boolean cpepmonEnabled, Int32 maxFileSize, List`1 signatures, List`1 processExclusions)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()
'

Error: (11/03/2018 09:57:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TESvc.exe, versión: 8.60.4.9051, marca de tiempo: 0x5addcfd7
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0x80131623
Desplazamiento de errores: 0x0459ae7f
Id. del proceso con errores: 0xa10
Hora de inicio de la aplicación con errores: 0x01d4735baed7811e
Ruta de acceso de la aplicación con errores: C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: f116af96-df4e-11e8-b981-d0509936c52a

Error: (11/03/2018 09:57:58 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: TESvc.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Time: 2018-11-03 09:57:53Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't connect to cpepmon: -2147024894
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean psmonEnabled, Boolean cpepmonEnabled, Int32 maxFileSize, List`1 signatures, List`1 processExclusions)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at EPNetUtils.Helper.FailureHandling.UnhandledExceptionHelper.WriteCrashEventLogAndExit(System.String, System.Exception)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.UnhandledExceptionCallback(System.Object, System.UnhandledExceptionEventArgs)
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean, Boolean, Int32, System.Collections.Generic.List`1<CheckPoint.ThreatEmulation.Infrastructure.FileType.Signature>, System.Collections.Generic.List`1<CheckPoint.ThreatEmulation.Infrastructure.File.ExclusionEntry>)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (11/03/2018 09:57:53 AM) (Source: TESvc) (EventID: 1000) (User: )
Description: TESvc crashed with the following message: 'Time: 2018-11-03 09:57:53Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't connect to cpepmon: -2147024894
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean psmonEnabled, Boolean cpepmonEnabled, Int32 maxFileSize, List`1 signatures, List`1 processExclusions)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()
'

Error: (11/03/2018 09:57:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TESvc.exe, versión: 8.60.4.9051, marca de tiempo: 0x5addcfd7
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0x80131623
Desplazamiento de errores: 0x045db1a7
Id. del proceso con errores: 0xd08
Hora de inicio de la aplicación con errores: 0x01d4735ba7288d14
Ruta de acceso de la aplicación con errores: C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: e948bcfa-df4e-11e8-b981-d0509936c52a

Error: (11/03/2018 09:57:45 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: TESvc.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Time: 2018-11-03 09:57:40Z
HResult: -2146233088
Is Terminating: True
Exception: System.Exception: Can't connect to cpepmon: -2147024894
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean psmonEnabled, Boolean cpepmonEnabled, Int32 maxFileSize, List`1 signatures, List`1 processExclusions)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at EPNetUtils.Helper.FailureHandling.UnhandledExceptionHelper.WriteCrashEventLogAndExit(System.String, System.Exception)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.UnhandledExceptionCallback(System.Object, System.UnhandledExceptionEventArgs)
   at CheckPoint.ThreatEmulation.Service.Engine.CpepmonBridge.KickStart()
   at CheckPoint.ThreatEmulation.Service.Engine.FSEventHandler.Configure(Boolean, Boolean, Int32, System.Collections.Generic.List`1<CheckPoint.ThreatEmulation.Infrastructure.FileType.Signature>, System.Collections.Generic.List`1<CheckPoint.ThreatEmulation.Infrastructure.File.ExclusionEntry>)
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.ConfigureDynamicSettings()
   at CheckPoint.ThreatEmulation.Service.Engine.Engine.InitializeAndStart()
   at CheckPoint.ThreatEmulation.Service.EntryPoint.ServiceKickStarter()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (11/03/2018 09:58:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 326 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:58:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 325 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:57:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 324 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:57:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 323 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:57:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 322 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:57:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 321 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:57:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 320 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.

Error: (11/03/2018 09:56:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SandBlast Agent Threat Emulation terminó inesperadamente. Esto se ha repetido 319 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Restart the service.


CodeIntegrity:
===================================

Date: 2018-02-21 09:31:54.823
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:54.651
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:54.136
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:53.902
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:53.715
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:53.497
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:53.294
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-02-21 09:31:53.029
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume8\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.9200.16384_none_12052c96a9a44938\LaunchTM.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 51%
Total physical RAM: 3062.3 MB
Available physical RAM: 1494.05 MB
Total Virtual: 6120.88 MB
Available Virtual: 5001.44 MB

==================== Drives ================================

Drive c: (SYS) (Fixed) (Total:80.28 GB) (Free:22.76 GB) NTFS
Drive d: (DATA_) (Fixed) (Total:152.5 GB) (Free:27.92 GB) NTFS
Drive e: (HBCD-15.1) (CDROM) (Total:2.64 GB) (Free:0 GB) CDFS
Drive j: () (Fixed) (Total:436.43 GB) (Free:33.96 GB) NTFS

\\?\Volume{a3e8491d-736d-11e7-8ef6-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{bc385a84-b122-4f8c-a519-800327946af7}\ (Windows RE tools) (Fixed) (Total:1.44 GB) (Free:0.74 GB) NTFS
\\?\Volume{6c2e6293-8582-4fa5-bb47-274a56c01417}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{f1222bed-c336-43e7-bd5b-c46f93237de7}\ (Recovery) (Fixed) (Total:26.82 GB) (Free:3.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 9074089D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=152.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 312496C3)

Partition: GPT.

==================== End of Addition.txt ============================

Muchas gracias por la prontitud y el interés que se toman en este Foro, seguimos en contacto :+1:


#4

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers4: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => -> No File
ContextMenuHandlers6: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {69A6FEC2-481D-4B53-B215-CFBD3C36F1A9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-323702564-4217161790-1439062527-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
S2 CPEFR; C:\Program Files\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 CpSbaUpdater; C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 RemediationService; C:\Program Files\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.)
R2 TESvc; C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.)
S3 catchme; \??\C:\Users\Chall\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-31 09:21 - 2018-08-14 15:30 - 000000000 ____D C:\ProgramData\CheckPoint
2018-10-30 23:19 - 2018-08-14 15:36 - 000000000 ____D C:\Program Files\CheckPoint
2018-10-28 21:47 - 2017-08-31 18:13 - 000000000 ____D C:\Users\Chall\AppData\Local\ESET
2018-04-23 19:06 - 2018-04-23 19:06 - 000000337 _____ () C:\Users\Chall\AppData\Local\Perfmon.PerfmonCfg
2018-02-22 21:34 - 2018-11-01 00:11 - 000007670 _____ () C:\Users\Chall\AppData\Local\resmon.resmoncfg
C:\Users\Public\Documents\0Check-Point0Security0DataDo NotDiscard
C:\Users\Chall\Documents\ Check Point Security FolderDo not Remove
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#5

Hola JavierHF! He seguido al pié de la letra las instrucciones y el ordenador ha recobrado su estado anterior a la infección…GRACIAS!!! Ya no tiene el disco del sistema colapsado -el led solo enciende cuando hay actividad de modo normal- y las aplicaciones funcionan correctamente con excepción de 2 pegas: 1- Internet explorer no se abre (Chrome sí funciona ok) y 2- los ficheros que Checkpoint creó en las carpetas de Biblioteca se mantienen en Imagenes, Musica y Videos, solo se borraron en Documentos. Esto sucede tanto en el Usuario principal (Chall) como en Acceso Publico. No sé si los puedo borrar manualmente sin consecuencias ó si me puedes decir qué hacer. Aquí inserto el FixLog final:

Fix result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Chall (04-11-2018 13:09:11) Run:1
Running from C:\Users\Chall\Desktop
Loaded Profiles: Chall (Available Profiles: Chall)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers4: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => -> No File
ContextMenuHandlers6: [CopyToCD] -> [CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {69A6FEC2-481D-4B53-B215-CFBD3C36F1A9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
HKU\S-1-5-21-323702564-4217161790-1439062527-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-323702564-4217161790-1439062527-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
S2 CPEFR; C:\Program Files\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 CpSbaUpdater; C:\Program Files\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 RemediationService; C:\Program Files\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.)
R2 TESvc; C:\Program Files\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.)
S3 catchme; \??\C:\Users\Chall\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-31 09:21 - 2018-08-14 15:30 - 000000000 ____D C:\ProgramData\CheckPoint
2018-10-30 23:19 - 2018-08-14 15:36 - 000000000 ____D C:\Program Files\CheckPoint
2018-10-28 21:47 - 2017-08-31 18:13 - 000000000 ____D C:\Users\Chall\AppData\Local\ESET
2018-04-23 19:06 - 2018-04-23 19:06 - 000000337 _____ () C:\Users\Chall\AppData\Local\Perfmon.PerfmonCfg
2018-02-22 21:34 - 2018-11-01 00:11 - 000007670 _____ () C:\Users\Chall\AppData\Local\resmon.resmoncfg
C:\Users\Public\Documents\0Check-Point0Security0DataDo NotDiscard
C:\Users\Chall\Documents\ Check Point Security FolderDo not Remove
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CopyToCD" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PhotoStreamsExt" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\CopyToCD" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\CopyToCD" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{39F0FA09-4451-4477-9D23-4B9ADDEEF838} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69A6FEC2-481D-4B53-B215-CFBD3C36F1A9}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69A6FEC2-481D-4B53-B215-CFBD3C36F1A9}" => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"HKU\S-1-5-21-323702564-4217161790-1439062527-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKU\S-1-5-21-323702564-4217161790-1439062527-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp" => removed successfully.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf" => removed successfully.
"HKLM\System\CurrentControlSet\Services\CPEFR" => removed successfully.
CPEFR => service removed successfully.
"HKLM\System\CurrentControlSet\Services\CpSbaCipolla" => removed successfully.
CpSbaCipolla => service removed successfully.
"HKLM\System\CurrentControlSet\Services\CpSbaUpdater" => removed successfully.
CpSbaUpdater => service removed successfully.
"HKLM\System\CurrentControlSet\Services\RemediationService" => removed successfully.
RemediationService => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TESvc" => removed successfully.
TESvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully.
VGPU => service removed successfully.
C:\ProgramData\CheckPoint => moved successfully
C:\Program Files\CheckPoint => moved successfully
C:\Users\Chall\AppData\Local\ESET => moved successfully
C:\Users\Chall\AppData\Local\Perfmon.PerfmonCfg => moved successfully
C:\Users\Chall\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Public\Documents\0Check-Point0Security0DataDo NotDiscard => moved successfully
C:\Users\Chall\Documents\ Check Point Security FolderDo not Remove => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-323702564-4217161790-1439062527-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-323702564-4217161790-1439062527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-323702564-4217161790-1439062527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Local Area Connection:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.36
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de t£nel isatap.{9F8CFC05-B512-4BE1-9087-6DFCE53C001B}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23570870 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 40496 B
Edge => 0 B
Chrome => 13894344 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
LocalService => 1551166 B
NetworkService => 0 B
Chall => 780281 B

RecycleBin => 1430 B
EmptyTemp: => 38 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:10:20 ==== 

Muchísimas gracias por las respuestas tan inmediatas y certeras :muscle: Se comprueba que hay mucho “power” en el Staff :wink:, Un saludo y seguimos en contacto, vale?


#6

Hola @Rebin

Nos alegra que todo vaya mejorando. :clap:

Las carpetas que siguen en esas ubicaciones inténtalas eliminar tu directamente, en caso de que te den algún problema me lo dices y me das la ruta exacta para que te las ponga yo en un script a eliminar.

En cuanto a Internet Explorer imagino que lo estarás arrancando/ejecutando desde algún icono/acceso que tengas en el escritorio/barra de tareas o similar…has probado a ejecutarlo desde su ubicación original :arrow_right: C:\Program Files\internet explorer\iexplore.exe. :face_with_monocle:

Nos comentas resultados.

Saludos.


#7

Hola Javier: He borrado sin percances los archivos Checkpoint de las bibliotecas y ya los eliminé de la papelera, así que…resuelto!. Lo de IE 11 está un poco raro: ni siquiera me deja ejecutarlo desde la ubicación raíz en modo normal de usuario. Sin embargo si lo ejecuto como administrador, siempre me sale primero el aviso “desea permitir que este programa realice cambios en el equipo”? y cuando acepto se abre el navegador…un detalle adicional (que no sé si tiene que ver con el problema que tenía el pc): tanto en IE como en Chrome, cuando trato de acceder a la página de configuracion del router 192.168.1.1, me dice que la conexión no es segura y que el certificado de la página no es válido. Tengo 2 capturas de pantalla pero no sé si se las puedo enviar por esta via…¿habrá algún otro problema? Por favor dime si es seguro enviarte las capturas y si hay algo que se pueda hacer…Saludos y muchas gracias …:sunglasses:


#8

Hola.

Perfecto. :+1:

Que te salga el aviso de “No seguro” es absolutamente normal, desde hace tiempo con las nuevas versiones de Chrome/firefox y otros navegadores se incluye esa advertencia en TODAS aquellas paginas que NO sean o lleven la “S” httpS, nos ocurre a todos.

Que versión de IE tienes instalada en tu equipo.??

Tienes todas las actualizaciones de windows al día.??


#9

Hola Javier: El problema es que el IE 11 (11.0.9600.19129 vers que tengo instalada) no se abre normalmente, o sea no se inicia cuando picas en él, ya sea en Inicio, en Todos los Programas, o directamente en la raiz de C Program Files. Solo se abre cuando lo inicio como Administrador. Eso es raro. De ahi, cuando entro en diferentes paginas todas https se abren normal y navego en ellas. La dirección 192.168.1.1 es https me da el aviso de conexión insegura y me advierte de posible fraude del certificado. Esto tambien me lo avisa Chrome. Tengo las actualizaciones “casi” al dia. Me faltan 2 de este mes que voy a actualizar ahora mismo. Ya luego te cuento, ok? Muchas gracias de nuevo y perdona por mi insistencia, pero temo que me hayan “birlado” el acceso al router…un saludo


#10

Cuanto tu escribes en el navegdor(el que sea) pones explicitamente esto :

https://192.168.1.1

:thinking:

Si yo pongo eso mismo me sale este error :

Como se debería poner es así, sin nada mas :

192.168.1.1


#11

ok Javier, desde el navegador IE11 abierto como administrador accede a la pagina del router sin errores poniendo la dirección ip en la barra como dices. Con Chrome me sigue dando el problema de certificado no confiable (conexión insegura) con 192.168.1.1. La intención es cambiar las contraseñas de acceso del router por si acaso, teniendo en cuenta los problemas de seguridad que ha tenido el pc, así que lo haré desde IE. Por lo demás todo va viento en popa, gracias a Uds y a la solución que aportaste. Ya guardé todo el caso -y como se resolvió- en un fichero para tenerlo como referencia futura. Lo único que me queda por dentro es que no sé como se pudo instalar solo ese Checkpoint Sandblaster Agent, porque la página de donde descargué el instalador de Zone Alarm era la homepage verificada del fabricante. Nada, cosas de la informática :thinking:…De nuevo, mil gracias por toda la ayuda y el tiempo que han dedicado, y aquí me tienen para cualquier cosa en que pueda ayudar al foro -cuenten conmigo- Un saludo bien fuerte para tí y todo el equipo…Rebin :slightly_smiling_face:


#12

Antes de que te vayas…@Rebin :smile: te debo dar algunos pasos más para eliminar las herramientas utilizadas, pero primero una pregunta…que versión de Chrome tienes instalada.??

Compruébalo escribiendo en la barra de direcciones de Chrome :

chrome://settings/help


#13

Buenos dias Javier. Perdona que ayer después de hablar, dejé el ordenador actualizando y no vi tu mensaje :confused:. Ahora por la mañana lo he encontrado y te contesto. La version de Chrome que tengo instalada es vers 70.0.3538.77 build oficial 32b…dime qué más necesitas por favor…


#14

Hola.

Pon una imagen del mensaje que te sale en Chrome, por favor.

Saludos.


#15

Hola Javier, aquí va…

…saludos


#16

Hola.

Ese mensaje que sale en Chrome, ya te dije, que es absolutamente normal desde las ultimas versiones de este navegador al igual que pasa con Mozilla Firefox u otros navegadores.

Precisamente el motivo de que salga ese aviso es porque para acceder a un router(en general) no se accede con protocolo httpS y Chrome avisa de ello con ese mensaje.

Puedes quedarte tranquilo que ese mensaje NO significa, en si mismo, que hayan comprometido tu equipo o tu router.

Puedes revisar estos temas :

Espero que esto aclare tus dudas, nos comentas.

Saludos.


#17

Hola Javier, me quitas un peso tremendo de encima porque estaba preocupado por la seguridad de mi router. Ahora puedo respirar tranquilo :slightly_smiling_face: …me dijiste en mensaje anterior que tenías que dar algunos pasos para borrar las herramientas usadas…dime que tenemos que hacer para concluir el trabajo…gracias mil, un saludo


#18

Perfecto @Rebin :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


#19