Hola @gich
1.- Necesitamos el Log de Eset , para ver el reporte te deje su Manual revisa especialmente donde dice Informe de análisis
Este Equipo\Disco C\Usuarios\ Tu Nombre de Usuario\AppData\Local\Temp\ Log.txt
Para poder ver esa ubicación, debe Mostrar archivos ocultos
2.- Ejecutaste FRST desde un ligar incorrecto:
- Running from C:\Users\gladys\A PSICOLOGIA UBA\Downloads
Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.
Luego sigue estos pasos:
3.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.
- Descarga DelFix en el escritorio de Windows.
- Clic Derecho, “Ejecutar como Administrador”.
- En la ventana principal, marca solamente la casilla “Create Registry Backup”.
- Clic en Run.
Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…
4.- Desactiva Temporalmente tu antivirus.
5.- Abre un nuevo archivo Notepad y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2264253706-1617791975-327108488-1000\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [vidc.DIVX] => C:\windows\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\windows\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2264253706-1617791975-327108488-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0A35AB5C-2085-4805-A50E-D25364D49D9B} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {15F6BA87-812E-4FCA-B19A-FCDDBE7A17FA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {15F6BA87-812E-4FCA-B19A-FCDDBE7A17FA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe [288768 [2015-09-30]] (Microsoft Windows -> Microsoft Corporation)
Task: {196C7CE8-36DF-4CFF-804E-E92DF3162BE4} - System32\Tasks\{1D8C6E9F-395C-4D44-A01D-06DC3E09992D} => C:\windows\system32\pcalua.exe -a "F:\Adobecs4\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent
Task: {1DEC4C1E-D206-4D13-A03E-F648B359EAB3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {1DEC4C1E-D206-4D13-A03E-F648B359EAB3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe [288768 [2015-09-30]] (Microsoft Windows -> Microsoft Corporation)
Task: {33C0B20F-84BD-40B1-AFF1-703DFEF2ED16} - System32\Tasks\{478D288D-D7EE-43D2-8CAB-330DB5C79F4B} => C:\windows\system32\pcalua.exe -a "C:\Users\gladys\Desktop\SetupNokiaMusic (1).exe" -d C:\Users\gladys\Desktop
Task: {3B5D80E0-8FE9-402E-B05E-1E21E0C80E95} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\gladys\A PSICOLOGIA UBA\Downloads\ESETOnlineScanner_ESL.exe [7986200 2019-08-04] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {5FDBFEBB-B57B-4CB9-A9F1-B2A5E68A40B1} - System32\Tasks\{CA656F7D-908B-4BC1-A663-6883BA83AD9A} => C:\windows\system32\pcalua.exe -a C:\Users\gladys\Pictures\EBOOK\qxp93_win\QuickTime7.0\QuickTimeInstaller.exe -d C:\Users\gladys\Pictures\EBOOK\qxp93_win\QuickTime7.0
Task: {845788B1-FB44-4F28-ADE3-16521A81884E} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\gladys\A PSICOLOGIA UBA\Downloads\ESETOnlineScanner_ESL.exe [7986200 2019-08-04] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {F71AEE59-8304-40A9-802E-A760E533219F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F71AEE59-8304-40A9-802E-A760E533219F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {F71AEE59-8304-40A9-802E-A760E533219F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\windows\system32\GWX\GWXDetector.exe [288768 [2015-09-30]] (Microsoft Windows -> Microsoft Corporation)
Hosts: 0.0.0.1 mssplus.mcafee.com
HKU\S-1-5-21-2264253706-1617791975-327108488-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2264253706-1617791975-327108488-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_es___AR398
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-2264253706-1617791975-327108488-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2264253706-1617791975-327108488-1000 -> No Name - {9C905B42-976E-43C1-BC30-FC5937017909} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa => not found
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-06-18] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S1 SASDIFSV; \??\C:\Users\gladys\Desktop\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Users\gladys\Desktop\SASKUTIL.SYS [X]
2019-07-29 18:19 - 2018-03-25 16:35 - 000000000 ____D C:\Program Files\Lavasoft
2019-07-29 18:19 - 2018-03-25 16:34 - 000000000 ____D C:\ProgramData\Lavasoft
2013-10-12 16:02 - 2013-10-12 16:02 - 050053120 _____ () C:\Program Files\GUTE37C.tmp
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => -> No File
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> [CC]{C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [ZIPProcessor] -> {E5C972BD-3890-4427-ABEA-A2AD8D88E7A6} => C:\Program Files\Eazel\ZPShellExt.dll -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [144]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [248]
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39 [276]
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE [250]
AlternateDataStreams: C:\ProgramData\Temp:DA868A70 [306]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [140]
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
FirewallRules: [TCP Query User{F05B9587-7EFB-45F8-B377-01FB9CD00ED0}C:\users\gladys\desktop\programas y antivirus\ares\ares.exe] => (Block) C:\users\gladys\desktop\programas y antivirus\ares\ares.exe No File
FirewallRules: [UDP Query User{CC408DAE-37A8-46D0-B5C0-1135737BB1F2}C:\users\gladys\desktop\programas y antivirus\ares\ares.exe] => (Block) C:\users\gladys\desktop\programas y antivirus\ares\ares.exe No File
FirewallRules: [{0A83174C-5FA8-4339-BFE2-435B46B68B70}] => (Allow) C:\Program Files\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{D5ACABB2-CDF8-4DA8-A6D3-D98FE0BF90D4}] => (Allow) C:\Program Files\GoforFiles\goforfilesdl.exe No File
FirewallRules: [{266CBDC4-1EB3-42F4-B2C8-47CAF7E5404F}] => (Allow) C:\Program Files\GoforFiles\GoforFiles.exe No File
FirewallRules: [{35E93612-1EC8-48B0-81C4-61CC460E0E3C}] => (Allow) C:\Program Files\GoforFiles\GoforFiles.exe No File
FirewallRules: [TCP Query User{21360DC8-5097-4249-A5B5-83FDD61F7C12}C:\users\gladys\desktop\programas y antivirus\ares\ares.exe] => (Allow) C:\users\gladys\desktop\programas y antivirus\ares\ares.exe No File
FirewallRules: [UDP Query User{FF123547-31B7-4ADD-A5B4-7465F6AC026C}C:\users\gladys\desktop\programas y antivirus\ares\ares.exe] => (Allow) C:\users\gladys\desktop\programas y antivirus\ares\ares.exe No File
FirewallRules: [TCP Query User{31E67AD0-D925-4B82-8448-07C899D58835}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe No File
FirewallRules: [UDP Query User{DBB4B610-CB87-4B3D-B1A3-567F87318AF7}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe No File
FirewallRules: [TCP Query User{6AFF188B-8373-40A2-82C2-A38DB349375A}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe No File
FirewallRules: [UDP Query User{81A3774E-42A1-48C2-90C7-441F94C9591B}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe No File
FirewallRules: [{439C257B-03EE-4101-9192-39659BBE8A38}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{60EDC12D-A059-43EA-BFD5-63E65168AB52}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
- Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
- Ejecutas Frst.exe.
- Presionas el botón Fix y aguardas a que termine.
- La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
- Lo pegas en tu próxima respuesta.
**6.- ** Actualiza Java a su ultima versión.
7.- Se ve que eres muy usuario de P2P, imagino que sabes que son un coladero de virus, pero al margen de gustos te hago una pregunta tu antivirus Avast lo descargaste de Ares??
Nos comentas como sigue el problema
Salu2.