Hola @Elvio_Bottazzi
Ejecutaste FRST desde un ligar incorrecto:
- Running from C:\Users\Fabri\Downloads
Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.
Luego sigue estos pasos:
1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.
- Descarga DelFix en el escritorio de Windows.
- Clic Derecho, “Ejecutar como Administrador”.
- En la ventana principal, marca solamente la casilla “Create Registry Backup”.
- Clic en Run.
Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…
2.- Desactiva Temporalmente tu antivirus.
3.- Abre un nuevo archivo Notepad y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {62947e0d-ecf0-11e8-909b-94de80c5ff1a} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {77d876e1-8df9-11e9-9101-94de80c5ff1a} - "G:\autorun.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {82554cf9-f507-11e8-90a0-94de80c5ff1a} - "I:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {a05e8d26-2a0d-11e9-90bf-94de80c5ff1a} - "G:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {a7e91ee8-f34a-11e8-909f-94de80c5ff1a} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {aabe15d8-1c33-11e9-90b3-94de80c5ff1a} - "G:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {e3927cc1-1907-11e9-90b0-94de80c5ff1a} - "H:\RunGame.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MountPoints2: {fc608a8d-264e-11e9-90b4-94de80c5ff1a} - "J:\HiSuiteDownLoader.exe"
BF15-2C2B11260CE4}-07202019234601011\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {62947e0d-ecf0-11e8-909b-94de80c5ff1a} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {77d876e1-8df9-11e9-9101-94de80c5ff1a} - "G:\autorun.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {82554cf9-f507-11e8-90a0-94de80c5ff1a} - "I:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {a05e8d26-2a0d-11e9-90bf-94de80c5ff1a} - "G:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {a7e91ee8-f34a-11e8-909f-94de80c5ff1a} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {aabe15d8-1c33-11e9-90b3-94de80c5ff1a} - "G:\setup.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {e3927cc1-1907-11e9-90b0-94de80c5ff1a} - "H:\RunGame.exe"
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MountPoints2: {fc608a8d-264e-11e9-90b4-94de80c5ff1a} - "J:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Tcpip\..\Interfaces\{5465d4c7-b0c3-4387-81f8-1bf5ee7de78a}: [NameServer] 45.86.180.227,185.162.93.213,185.4.65.4,116.203.6.218,185.130.104.222,
Tcpip\..\Interfaces\{8ed3a0e4-0889-498b-a181-2b683b5b3714}: [NameServer] 45.86.180.227,185.162.93.213,185.4.65.4,116.203.6.218,185.130.104.222,
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-259461801-381198537-3780377535-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-259461801-381198537-3780377535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-259461801-381198537-3780377535-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-259461801-381198537-3780377535-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10454__181118&q={searchTerms}
SearchScopes: HKU\S-1-5-21-259461801-381198537-3780377535-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10454__181118&q={searchTerms}
SearchScopes: HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.ar/","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/"
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [obcnimnkkpdkbfnnoagjogdollcfnidj] - hxxps://clients2.google.com/service/update2/crx
U4 napagent; no ImagePath
2019-06-30 21:45 - 2019-06-30 21:47 - 000000000 ____D C:\ProgramData\yh3qzJxj2eMjMapu
2019-06-30 21:45 - 2019-06-30 21:45 - 000000000 ____D C:\ProgramData\Padur
2019-06-30 21:44 - 2019-07-20 23:42 - 000000000 ____D C:\Users\Fabri\AppData\Roaming\prunld8365
2019-06-30 21:43 - 2019-06-30 21:45 - 000000000 ____D C:\Users\Fabri\AppData\Local\Mail.Ru
2019-06-30 21:43 - 2019-06-30 21:45 - 000000000 ____D C:\ProgramData\Mail.Ru
Служба автоматического обновления программ (HKU\S-1-5-21-259461801-381198537-3780377535-1001\...\MailRuUpdater) (Version: - Mail.Ru) <==== ATTENTION
Служба автоматического обновления программ (HKU\S-1-5-21-259461801-381198537-3780377535-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07202019234601011\...\MailRuUpdater) (Version: - Mail.Ru) <==== ATTENTION
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [119]
FirewallRules: [TCP Query User{F05B5A53-FF6E-4EEA-9D90-522D1B7C9836}D:\instalacion juegos\half life 2 by luis93mk\hl2.exe] => (Allow) D:\instalacion juegos\half life 2 by luis93mk\hl2.exe No File
FirewallRules: [UDP Query User{18D3DDA2-9C6C-462E-80E4-E3A950604589}D:\instalacion juegos\half life 2 by luis93mk\hl2.exe] => (Allow) D:\instalacion juegos\half life 2 by luis93mk\hl2.exe No File
FirewallRules: [TCP Query User{53D1254F-F685-42FD-9418-02220B7EAEF0}D:\instalacion juegos\half life 2 by luis93mk\hl2.exe] => (Block) D:\instalacion juegos\half life 2 by luis93mk\hl2.exe No File
FirewallRules: [UDP Query User{8CC56BF3-52F0-4698-B15E-C5BE6C53CFAA}D:\instalacion juegos\half life 2 by luis93mk\hl2.exe] => (Block) D:\instalacion juegos\half life 2 by luis93mk\hl2.exe No File
FirewallRules: [TCP Query User{8B1A8674-BEAE-44BE-966C-918DFA4441FA}D:\instalacion juegos\carshow\carshow\rfactor.exe] => (Allow) D:\instalacion juegos\carshow\carshow\rfactor.exe No File
FirewallRules: [UDP Query User{0AB554F7-4042-4546-B474-D41BCCBD4A41}D:\instalacion juegos\carshow\carshow\rfactor.exe] => (Allow) D:\instalacion juegos\carshow\carshow\rfactor.exe No File
FirewallRules: [TCP Query User{568CC517-B89B-46CF-9CCE-C22026693149}D:\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\the sims 4\game\bin\ts4_x64.exe No File
FirewallRules: [UDP Query User{527E5FC8-4BFE-430D-8D58-6394ED27C25D}D:\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\the sims 4\game\bin\ts4_x64.exe No File
FirewallRules: [{054419D0-9A76-4514-8424-16E60E980AE1}] => (Allow) D:\FIFA 19\FIFASetup\fifaconfig.exe No File
FirewallRules: [{C67D17C7-9F70-4AAA-ADEA-23965253C1FB}] => (Allow) D:\FIFA 19\FIFASetup\fifaconfig.exe No File
FirewallRules: [TCP Query User{7A2F5C3A-F440-49BF-87CD-54DB23816720}D:\fifa 19\fifa19.exe] => (Block) D:\fifa 19\fifa19.exe No File
FirewallRules: [UDP Query User{1C48D45E-33C1-4749-9771-215161CF4AB8}D:\fifa 19\fifa19.exe] => (Block) D:\fifa 19\fifa19.exe No File
FirewallRules: [TCP Query User{7AC62451-DB1A-4EA1-ACB7-5A1CAAC77786}D:\instalacion juegos\maxis\simcity 3000 world edition\apps\updater\updater.exe] => (Allow) D:\instalacion juegos\maxis\simcity 3000 world edition\apps\updater\updater.exe No File
FirewallRules: [UDP Query User{070F9E64-6AE0-412D-B54D-34E3762D51C0}D:\instalacion juegos\maxis\simcity 3000 world edition\apps\updater\updater.exe] => (Allow) D:\instalacion juegos\maxis\simcity 3000 world edition\apps\updater\updater.exe No File
FirewallRules: [{01A53E27-BF76-419B-8F51-9C5C655A9757}] => (Allow) D:\EL MEJOR PES DE LA HISTORIA\pes2013.exe No File
FirewallRules: [{91E83087-D630-4366-A77B-7DA408287624}] => (Allow) D:\EL MEJOR PES DE LA HISTORIA\pes2013.exe No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
- Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
- Ejecutas Frst.exe.
- Presionas el botón Fix y aguardas a que termine.
- La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
- Lo pegas en tu próxima respuesta.
Luego de reiniciar:
Actualizas Malwarebytes y vuelves a realizar un Análisis de la siguiente manera:
- No olvides actualizarlo.
- Lee detenidamente su Manual
- Realiza un Análisis Personalizado marcando todas las unidades
- Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
- Reinicias el Sistema.
- En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.
4.- Nota Importante:
En tu próxima respuesta debes pegar ambos reportes.
Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]
Nos comentas.
Salu2.