Comportamiento extraño w7

Bueno, he vuelto a internet luego de muchos años. Veo que el tiempo ha pasado. Básicamente letras que desaparecen en el chat de facebook. O de repente funciona muuuuuy lento mi conexión. O un día la carpeta de mis documentos dejó de abrir. Abre, pero tarde millllllllll años. No aparecen todas las locaclizaciones (afortunadamente conozco bien la ruta). Cuando intento analizarla con diferentes programas tarda millones de años, se cuelga o no me permite. A su vez cada vez que desactivo el uso compartido de archivos se vuelve a activar. Y tambien el sensor de ubicación no me permite modificarlo. Pasé la aplicación esta del francés y me preguntó si instalé un proxy y un par de server pèro no he sido y siguen sin repararse.

les pego aquí los difrentes reportes que salieron en mis intentos por hacerlo sola, pero es evidente que no puedo. muchas gracias! Quise pegar los reportes pero me dice que x ser usuario nuevo no puedo poner enlaces


Platform:  x32 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time:      28.07.2019 - 13:10 (UTC-03:00)
Language:  OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0xC0A)
Elevated:  Yes
Ran by:    MERCE	(group: Administrator) on MERCE-PC, FirstRun: no

Chrome:  75.0.3770.142
Firefox: 68.0.1.7137
Internet Explorer: 8.0.7601.17514
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Users\MERCE\Downloads\HiJackThis.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
  13  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskeng.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\explorer.exe

O17 - DHCP DNS 1: 201.251.3.130
O17 - DHCP DNS 2: 201.251.3.131


--
End of file - Time spent: 11,1 sec. - 3030 bytes, CRC32: FFFFFFFF. ````

````Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x32 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time:      28.07.2019 - 13:10 (UTC-03:00)
Language:  OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0xC0A)
Elevated:  Yes
Ran by:    MERCE	(group: Administrator) on MERCE-PC, FirstRun: no

Chrome:  75.0.3770.142
Firefox: 68.0.1.7137
Internet Explorer: 8.0.7601.17514
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Users\MERCE\Downloads\HiJackThis.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
  13  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskeng.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\explorer.exe

O17 - DHCP DNS 1: 201.251.3.130
O17 - DHCP DNS 2: 201.251.3.131


--
End of file - Time spent: 11,1 sec. - 3030 bytes, CRC32: FFFFFFFF. ````
Autostart scan 2019-07-28 16:15:40
Windows 6.1.7601 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Services\[email protected] = "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\[email protected] = 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{1B96FAD8-1C10-416E-8027-6EFF94045F6F} /*Foxit PDF Preview Provider (XP)*/(null) = 
@{44176360-2BBF-4EC1-93CE-384B8681A0BC} /*SDECon32*/C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll = C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
[email protected]{A94757A0-0226-426F-B4F1-4DF381C630D3} = C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll
[email protected]{44176360-2BBF-4EC1-93CE-384B8681A0BC} = C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
[email protected]{A94757A0-0226-426F-B4F1-4DF381C630D3} = C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll
[email protected]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
[email protected]{44176360-2BBF-4EC1-93CE-384B8681A0BC} = C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected] = fmcodec.dll

HKLM\Software\Microsoft\Internet Explorer\[email protected] Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/
[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\[email protected] = %SystemRoot%\system32\mswsock.dll] /*file not found*/

---- EOF - GMER 2.2 ----
 ````

intenté restaurar al punto más viejo y cuando reinicia me dice que no sepudo por un error en archivo de mis documentos

a su vez pude ver pero luego desapareció una carpeta llamada “procalyzer dups” y muchos

agradezco muchísimo su colaboración formatearía la pc pero tiene dos teclas fantasmas y la uso con un teclado usb.

~ Run by MERCE (Administrator)  (28/07/2019 20:56:22)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : 
~ Certificate ZHPCleaner: Illegal
~ Type : Reparar
~ Report : C:\Users\MERCE\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\MERCE\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO carpeta: C:\Windows\Temp\DMI17F2.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Windows\Temp\fox4AC6.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta^: C:\Windows\Temp\~DF19E5AFBB7A1B1A3A.TMP    =>.SUP.Temporary.Other


---\\  Registro ( Claves, Valores, Datos) (3)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Mozilla Firefox\firefox.exe [Firefox]  =>.SUP.Orphan.MUICache


---\\  Resumen de elementos en su estación de trabajo (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache


---\\ Limpieza adicional. (9)
~ Clave de registro Tracing borrados (9)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Opera Software)
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 700
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/13
~ Ahorro de espacio (bytes) : 32768


~ End of clean in 00h01mn52s

---\\  Reporte (2)
ZHPCleaner-[S]-28072019-20_53_08.txt
ZHPCleaner-[R]-28072019-20_58_14.txt

jluego de mucho trabajo pude hacer que esto salga limpio. j ahora el problema sigue siendo lo de los archivos que xsolo puedo ver con gmer que se llaman archivo.pdf.zone.identifier puede ser pdf jpg exe… y no es en cualquier archivo. en algunos sí y en otros no.

Hola @Mercedes_Rasemer

Se ven varios problemas por allí.

Los tiempos han cambiado, ya no usamos Hijackthis y Gmer casi no es necesario.


1.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Spybot

Manual de Revo Uninstaller.

Esto es Muy Importante, ya que sino el programa nos bloquea la desinfección ademas ha quedado obsoleto ya.

2.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

3.- Descarga a tu escritorio:

(Renombrada bajo el nombre de “iExplore.exe”) para evitar el bloqueo de los malwares. Una vez que esta fue ejecutada, es importante no reiniciar el sistema hasta que se le solicite.

4.- Recién aquí intentar ejecutar Malwarebytes ya que veo que lo tienes instalado de la siguiente manera:

  • Lo actualizas…
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Cuando termine pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • Luego de reiniciar, en el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

5.- Vuelve a desactiva temporalmente tu antivirus y cualquier programa de seguridad.

6.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

7.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola! muchas gracias por su ayuda y respuesta. Aquí van los logs:

Ran by MERCE (30-07-2019 00:34:12)
Running from C:\Users\MERCE\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-11-11 18:49:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1436006365-1081912264-1087991425-500 - Administrator - Enabled) => C:\Users\Administrador
Invitado (S-1-5-21-1436006365-1081912264-1087991425-501 - Limited - Disabled)
MERCE (S-1-5-21-1436006365-1081912264-1087991425-1000 - Administrator - Enabled) => C:\Users\MERCE

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Argente Utilities 1.0.6.5 (HKLM\...\Argente Utilities_is1) (Version: 1.0.6.5 - Raúl Argente)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.99 - Google Inc.) Hidden
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x86 es-AR) (HKLM\...\Mozilla Firefox 68.0.1 (x86 es-AR)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.121.815.2018 - Realtek)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UnHackMe 10.80 (HKLM\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\scrfile\shell\open\command: "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12762 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2019-07-27 23:44 - 000000828 ____N C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MERCE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: gusvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C6B7D8E-39F5-4C2D-9677-DBDE1108FA75}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files\UnHackMe\wu.exe (Greatis Software LLC -> Greais Software)
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files\UnHackMe\wu.exe (Greatis Software LLC -> Greais Software)
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files\UnHackMe\regruninfo.exe (Greatis Software LLC -> Greatis Software)
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files\UnHackMe\regruninfo.exe (Greatis Software LLC -> Greatis Software)

==================== Restore Points =========================

22-07-2019 22:35:33 Instalador de Módulos de Windows
27-07-2019 00:36:25 ZHPcleaner
28-07-2019 13:38:03 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
28-07-2019 13:38:34 Quitado Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
28-07-2019 13:51:54 Software Intel® PROSet/Wireless
28-07-2019 18:12:07 Operación de restauración
28-07-2019 20:30:44 Instalador de Módulos de Windows
28-07-2019 21:19:25 me
29-07-2019 00:43:36 UnHackMe Malware Removal
29-07-2019 01:02:32 UnHackMe Malware Removal
29-07-2019 11:32:28 Operación de restauración
29-07-2019 21:40:34 Revo Uninstaller's restore point - GIMP 2.8.14

==================== Faulty Device Manager Devices =============

Name: Controladora de bus SM
Description: Controladora de bus SM
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Controladora de red
Description: Controladora de red
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controladora simple de comunicaciones PCI
Description: Controladora simple de comunicaciones PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2019 09:40:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {efdddc0c-8c51-44ce-8f4a-b88dcccfb1cf}

Error: (07/29/2019 11:30:02 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C736C431-6D78-4A0F-AC02-4DD0EA4604E0}: El usuario COMPU\MERCE marcó una conexión denominada Conexión de banda ancha, que no se realizó correctamente. El código de motivo devuelto es 651.

Error: (07/29/2019 11:29:29 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F50B6D0D-D76C-4DDC-A78A-8E07AD6E7EC5}: El usuario COMPU\MERCE marcó una conexión denominada Conexión de banda ancha, que no se realizó correctamente. El código de motivo devuelto es 651.

Error: (07/29/2019 06:37:38 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={AAC5057B-6293-444D-8264-4B2F06090DF0}: El usuario COMPU\MERCE marcó una conexión denominada Conexión de banda ancha, que no se realizó correctamente. El código de motivo devuelto es 651.

Error: (07/29/2019 06:37:13 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={6DE43902-E569-459C-A1B5-7D80624DA589}: El usuario COMPU\MERCE marcó una conexión denominada Conexión de banda ancha, que no se realizó correctamente. El código de motivo devuelto es 0.

Error: (07/29/2019 12:32:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/29/2019 12:28:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/28/2019 09:04:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (07/30/2019 12:34:06 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 11:33:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 11:33:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 11:29:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 10:29:00 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 10:28:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 09:48:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/29/2019 08:24:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.


Windows Defender:
===================================
Date: 2019-07-28 17:08:32.473
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{C02E9E1F-3908-4D22-B045-C7E786A2FEB8}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:MERCE-PC\MERCE

CodeIntegrity:
===================================

Date: 2019-07-28 17:01:33.728
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 17:01:33.728
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 17:01:33.712
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 17:01:33.650
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 16:06:54.972
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 16:06:54.972
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 16:06:54.956
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-28 16:06:54.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: Phoenix Technologies Ltd. 09QA 11/02/2012
Motherboard: SAMSUNG ELECTRONICS CO., LTD. 300E4A/300E5A/300E7A/3430EA/3530EA
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 2731.55 MB
Available physical RAM: 891.5 MB
Total Virtual: 5461.38 MB
Available Virtual: 3620.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.48 GB) (Free:70.96 GB) NTFS

\\?\Volume{c7f5a643-e5e0-11e8-914f-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 85C11557)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================  ````

qué mal que se presente públicamente mis archivos! ¬¬

acá un reporte que no me pidió, pero aún así detectó un par de cosas que los otros no

~ Run by MERCE (Administrator)  (30/07/2019 00:51:45)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : 
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\MERCE\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\MERCE\AppData\Roaming\ZHP\ZHPCleaner_Reg.txtx
~ System Restore Point : 
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (5)
ENCONTRADOS carpeta: C:\Windows\Temp\%%%3CA5.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Windows\Temp\74AA.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Windows\Temp\foxCACF.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Windows\Temp\~DF1B8A59C6468BA1E4.TMP    =>.SUP.Temporary.Other
ENCONTRADOS carpeta: C:\Windows\Temp\~DFB0191D476D086420.TMP    =>.SUP.Temporary.Other


---\\  Registro ( Claves, Valores, Datos) (5)
ENCONTRADOS dados: HKLM\SOFTWARE\Classes\scrfile\Shell\Open\Command\\Default [Bad : [scr] "%1"]  =>Broken.OpenCommand
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\WinRAR\WinRAR.exe [WinRAR archiver]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\MERCE\Desktop\jjbueno.exe [ZHPCleaner]  =>.SUP.Orphan.MUICache


---\\  Resumen de elementos en su estación de trabajo (5)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Broken.OpenCommand
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 46668
~ Items encontrado : 12
~ artículos cancelados : 0
~ Items opciones : 12/13
~ Ahorro de espacio (bytes) : 49152


~ End of search in 00h07mn03s

---\\  Reporte (0)
ZHPCleaner-[S]-30072019-00_58_48.txt
~ Run by MERCE (Administrator)  (30/07/2019 00:59:32)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : 
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\MERCE\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\MERCE\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (5)
MOVIDO carpeta: C:\Windows\Temp\%%%3CA5.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Windows\Temp\74AA.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Windows\Temp\foxCACF.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Windows\Temp\~DF1B8A59C6468BA1E4.TMP    =>.SUP.Temporary.Other
MOVIDO carpeta^: C:\Windows\Temp\~DFB0191D476D086420.TMP    =>.SUP.Temporary.Other


---\\  Registro ( Claves, Valores, Datos) (5)
BORRADOS dados: HKLM\SOFTWARE\Classes\scrfile\Shell\Open\Command\\Default [Bad : [scr] "%1"]  =>Broken.OpenCommand
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\WinRAR\WinRAR.exe [WinRAR archiver]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\MERCE\Desktop\jjbueno.exe [ZHPCleaner]  =>.SUP.Orphan.MUICache


---\\  Resumen de elementos en su estación de trabajo (5)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Broken.OpenCommand
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache


---\\ Limpieza adicional. (14)
~ Clave de registro Tracing borrados (14)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Opera Software)
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 714
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/13
~ Ahorro de espacio (bytes) : 49152


~ End of clean in 00h02mn09s

---\\  Reporte (2)
ZHPCleaner-[S]-30072019-00_58_48.txt
ZHPCleaner-[R]-30072019-01_01_41.txt

GRACIAS!

Hola @Mercedes_Rasemer

Recuerda que no debes hacer pasos que no te pedimos.

ZHPCleaner te encuentra las mismas infecciones y es evidente que no puede eliminarlas.

En cuanto a los reportes tanto de FRST como de Addition te falta la primera linea y para nosotros es muy importante.

Es algo similar a esto:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01

Edita tus dos reportes y agrega esas lineas o si no puedes, las colocas en tu próxima respuesta y yo las edito.

Salu2.

Hola @Mercedes_Rasemer

1.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • UnHackMe software y Partizan antirootkit or Partizan

Manual de Revo Uninstaller.


2.- Ejecutaste FRST desde un ligar incorrecto:

  • Running from C:\Users\MERCE\Downloads

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.


3.- Luego sigue estos pasos:

Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

4.- Desactiva Temporalmente tu antivirus.

5.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-20] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {04B64741-6D6F-40DD-8B1F-F1751080055D} - \WPD\SqmUpload_S-1-5-21-1436006365-1081912264-1087991425-1000 -> No File <==== ATTENTION
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {18E6D428-D26C-4169-BEDF-3B5BDDC952F6} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {1EC9510D-A439-4950-9399-B6399EDF9EA7} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5C2C622F-70E9-4194-A7DA-033E827365AD} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - \Microsoft\Windows\SystemRestore\SR -> No File <==== ATTENTION
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
Task: {C7058C41-7F20-4885-A47A-CF1E50E2E54A} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {C90440A0-6D8F-423F-8F42-83EEF05CE708} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {E8164C0D-216C-4B6B-9EB8-31BF958B8014} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {EE6C5CD7-55D6-482A-B0C3-67596D1B6D0E} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> No File <==== ATTENTION
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - \Microsoft\Windows\Location\Notifications -> No File <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 201.251.3.130 201.251.3.131
Tcpip\..\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}: [DhcpNameServer] 201.251.3.130 201.251.3.131
Toolbar: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2019-07-29 04:44 - 2019-07-29 11:33 - 000000000 ____D C:\ProgramData\RogueKiller
2019-07-29 04:44 - 2019-07-29 11:33 - 000000000 ____D C:\Program Files\RogueKiller
2019-07-28 15:04 - 2019-07-28 15:04 - 000000000 ____D C:\Program Files\Safer Networking
2019-07-27 22:43 - 2016-03-11 14:53 - 000380928 _____ C:\Users\MERCE\Downloads\gmer.exe
2019-07-26 21:13 - 2019-07-28 19:42 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2019-07-26 21:13 - 2019-07-28 18:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-26 20:11 - 2019-07-26 20:58 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\MERCE\Downloads\spybotsd-2.7.64.0.exe
2019-07-21 20:28 - 2019-07-27 23:46 - 000000000 ____D C:\ProgramData\AVG
HKLM\...\scrfile\shell\open\command: "%1" <==== ATTENTION
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files\UnHackMe\wu.exe (Greatis Software LLC -> Greais Software)
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files\UnHackMe\wu.exe (Greatis Software LLC -> Greais Software)
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files\UnHackMe\regruninfo.exe (Greatis Software LLC -> Greatis Software)
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files\UnHackMe\regruninfo.exe (Greatis Software LLC -> Greatis Software)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Luego de reiniciar, nos comentas como sigue el equipo y que problemas persisten.

Salu2.

esjto esra lo que faltaba

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-07-2019 y Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-07-2019

el zhp cleaner es el único software que veo que haya encontrado algo. me asusta eso de los serverrs

aun asi seguire con sus pasos, muchas gracias

jjpartizan antirookit no recuerdo haberlo instalado y nofigura entre los programas de revo

proseguiré con los pasos y leugo copiare los reportes

jchasgracias

Ran by MERCE (30-07-2019 12:24:07) Run:1
Running from C:\Users\MERCE\Desktop
Loaded Profiles: MERCE (Available Profiles: MERCE & Administrador)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-20] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {04B64741-6D6F-40DD-8B1F-F1751080055D} - \WPD\SqmUpload_S-1-5-21-1436006365-1081912264-1087991425-1000 -> No File <==== ATTENTION
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {18E6D428-D26C-4169-BEDF-3B5BDDC952F6} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {1EC9510D-A439-4950-9399-B6399EDF9EA7} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5C2C622F-70E9-4194-A7DA-033E827365AD} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - \Microsoft\Windows\SystemRestore\SR -> No File <==== ATTENTION
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
Task: {C7058C41-7F20-4885-A47A-CF1E50E2E54A} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {C90440A0-6D8F-423F-8F42-83EEF05CE708} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {E8164C0D-216C-4B6B-9EB8-31BF958B8014} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {EE6C5CD7-55D6-482A-B0C3-67596D1B6D0E} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> No File <==== ATTENTION
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - \Microsoft\Windows\Location\Notifications -> No File <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 201.251.3.130 201.251.3.131
Tcpip\..\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}: [DhcpNameServer] 201.251.3.130 201.251.3.131
Toolbar: HKU\S-1-5-21-1436006365-1081912264-1087991425-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2019-07-29 04:44 - 2019-07-29 11:33 - 000000000 ____D C:\ProgramData\RogueKiller
2019-07-29 04:44 - 2019-07-29 11:33 - 000000000 ____D C:\Program Files\RogueKiller
2019-07-28 15:04 - 2019-07-28 15:04 - 000000000 ____D C:\Program Files\Safer Networking
2019-07-27 22:43 - 2016-03-11 14:53 - 000380928 _____ C:\Users\MERCE\Downloads\gmer.exe
2019-07-26 21:13 - 2019-07-28 19:42 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2019-07-26 21:13 - 2019-07-28 18:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-26 20:11 - 2019-07-26 20:58 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\MERCE\Downloads\spybotsd-2.7.64.0.exe
2019-07-21 20:28 - 2019-07-27 23:46 - 000000000 ____D C:\ProgramData\AVG
HKLM\...\scrfile\shell\open\command: "%1" <==== ATTENTION
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files\UnHackMe\wu.exe (Greatis Software LLC -> Greais Software)
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files\UnHackMe\wu.exe (Greatis Software LLC -> Greais Software)
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files\UnHackMe\regruninfo.exe (Greatis Software LLC -> Greatis Software)
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files\UnHackMe\regruninfo.exe (Greatis Software LLC -> Greatis Software)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04B64741-6D6F-40DD-8B1F-F1751080055D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04B64741-6D6F-40DD-8B1F-F1751080055D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1436006365-1081912264-1087991425-1000" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05EE699F-AB25-42D8-8781-558C5D1D2FAD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EE699F-AB25-42D8-8781-558C5D1D2FAD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D9B5D92-3A22-486D-A887-3AA21597CF27}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9B5D92-3A22-486D-A887-3AA21597CF27}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Synchronization\SynchronizeTime" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E12083C-0335-49DB-9542-BA1EC6D83ECC}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E12083C-0335-49DB-9542-BA1EC6D83ECC}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18E6D428-D26C-4169-BEDF-3B5BDDC952F6}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18E6D428-D26C-4169-BEDF-3B5BDDC952F6}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\ProgramDataUpdater" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1EC9510D-A439-4950-9399-B6399EDF9EA7}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Autochk\Proxy" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2C59ECAF-3A27-4640-9F4B-519B05BDD70F}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C59ECAF-3A27-4640-9F4B-519B05BDD70F}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C2C622F-70E9-4194-A7DA-033E827365AD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C2C622F-70E9-4194-A7DA-033E827365AD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60158C7A-6808-42CD-95EE-AFD9A57925DB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60158C7A-6808-42CD-95EE-AFD9A57925DB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\PolicyConverter" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AEF0C98-2CB4-4B67-8C70-4C977C7355CC}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AEF0C98-2CB4-4B67-8C70-4C977C7355CC}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9334C323-F100-4656-9BA0-E4AA69C0F9C2}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9334C323-F100-4656-9BA0-E4AA69C0F9C2}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6394592-54CE-4E93-8D64-1A068F462632}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6394592-54CE-4E93-8D64-1A068F462632}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9BEE219-C29E-4310-819C-147A5A0E045E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9BEE219-C29E-4310-819C-147A5A0E045E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7058C41-7F20-4885-A47A-CF1E50E2E54A}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7058C41-7F20-4885-A47A-CF1E50E2E54A}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C90440A0-6D8F-423F-8F42-83EEF05CE708}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C90440A0-6D8F-423F-8F42-83EEF05CE708}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D622195C-D680-4FEA-9C56-59660C7C9E94}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D622195C-D680-4FEA-9C56-59660C7C9E94}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE8699D2-8A05-42F7-8A85-5162AF47D26A}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE8699D2-8A05-42F7-8A85-5162AF47D26A}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8164C0D-216C-4B6B-9EB8-31BF958B8014}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8164C0D-216C-4B6B-9EB8-31BF958B8014}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace\GatherNetworkInfo" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE6C5CD7-55D6-482A-B0C3-67596D1B6D0E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE6C5CD7-55D6-482A-B0C3-67596D1B6D0E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93C7104-998A-4A38-B935-775A3138B3C3}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93C7104-998A-4A38-B935-775A3138B3C3}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}\\DhcpNameServer" => removed successfully.
"HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
C:\ProgramData\RogueKiller => moved successfully
C:\Program Files\RogueKiller => moved successfully
C:\Program Files\Safer Networking => moved successfully
C:\Users\MERCE\Downloads\gmer.exe => moved successfully
C:\Program Files\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Users\MERCE\Downloads\spybotsd-2.7.64.0.exe => moved successfully
C:\ProgramData\AVG => moved successfully
HKLM\Software\Classes\scrfile\shell\open\command\\Default => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85B34758-97A3-4a63-832A-9825D8777935}}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85B34758-97A3-4a63-832A-9825D8777934}}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}" => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{4A26A369-8B13-4FD0-854A-FDD8DBC66B33} canceled.
{0D3C84BB-39BF-4823-8755-EF7C9A6F23F0} canceled.
{CCF8158D-FDA8-45CE-AFCE-E4B485A53F3B} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1436006365-1081912264-1087991425-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25358959 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 14298753 B
Edge => 0 B
Chrome => 0 B
Firefox => 462837388 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 217513 B
LocalService => 66228 B
NetworkService => 0 B
MERCE => 105118 B
Administrador => 221987 B

RecycleBin => 58840419 B
EmptyTemp: => 544 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:24:31 ==== ````

Hola @Mercedes_Rasemer

Perfecto, faltaría que comentes cómo va el equipo.

Salu2

si entro a recursos compartdos se comparte c y admin si lo desactivo se sigue compartiendo en la proxima sesión

y esos dos servidores siguen apareciendo

y aun no puedo entrar modificar o borrar mis documentos. las rutas están rotas y tarda mil años o se cuelga o me deniega los permisos si intento abrir el menu conttual o eliminar o modificar desde cualquier programa.

el sensor de ubicación se encuentra hablilitado y las opciones del panel de control están grises, no se puede modificar.

podria por favor explicarme el asunto de los servers?

gracias

Hola @Mercedes_Rasemer

Tu Sistema Operativo es original? Y mas importante hace cuanto que no actualizas Windows?

Se puede ver Internet Explorer Versión 8 cuando en Windows 7 va por el 11.

Aunque tu no lo uses el sistema si por lo cual es muy importante tener todo actualizado.

No entiendo a que te refieres.

Puedes subirnos una imagen del error:

Como subir imágenes al Foro?


Debes detallar tu mas precisamente a que Server te refieres, tu no tienes un SO Server instalado.

Salu2

usted no leyó el reporte que le mostré?

si realmente desea asistirme podría leer el reporte del programita de nicolas colmann. ahí está todo.

si no logro limpiar el disco rígido. voy a tirarlo a la salamandra!!! si se metieron en la bios…desarmo la pc, vendo las partes y el resto se lo mando por correo. don sanmar. san martin de los andes?

googlee esos servers.

Hola @Mercedes_Rasemer

Leí y entiendo perfectamente el reporte de ZPH Cleaner, pero no tiene nada que ver con Servers, tu no te explicaste bien.

Como ya te comente se repetía la detección lo que quiere decir que no podía eliminarla.

Si es que te refieres a estas:

BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131]  =>Hijacker.Browser

Las entradas se vieron en FRST y fueron eliminadas.

El punto ahora es que vuelvas a ejecutar ZPHCleaner como ya lo hiciste y veamos si lo sigue detectando.

Limpiar un equipo es cuestión de solo paciencia, no es tan grave la infección.

No es una infección en la Bios te lo puedo asegurar.

Doña…:joy: Sandra Marcela aunque si de la Patagonia Argentina.

Que no son Servers es una infección en DhcpNameServer

Que aparentemente FRST eliminó:

“HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer” => removed successfully. “HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{05DF79A5-5E43-4AD4-B97F-A1C84056D1BB}\DhcpNameServer” => removed successfully.

Para el daño en el Sistema sería necesario que o bien actualizaras el Sistema o lo repararas.

Tienes el DVD de tu Sistema Operativo?

Salu2

pasé varias veces el amado nicolas coolman, y seguian apareciendo. se volvian a generar. si ese tcpip y dhcpname

ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Classes\KVBrowserAppMgr.ISAllmytubechrome [] =>Adware.CrossRider ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{39C9D2E5-62C3-480B-816E-3FCE6890205F}\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131] =>Hijacker.Browser ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{A7ACBBD3-EC38-4DFD-972A-44ADF1BFC5B1}\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131] =>Hijacker.Browser ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer [Bad : 201.251.3.130 201.251.3.131] =>Hijacker.Browser

aca en otra pc que me prestaron.

me podria explicar por favor, qué es esto?

voy a formatearlo. no me importan los archivos. lo que me importa es este tema que le consulto. si es tan amable de explicarme. luego de que haya seguido los pasos que usted me dijo, aun siguió apareciendo en los reportes. como le digo.

voy a pasar este programita en todas las computadoras que me cruce. a ver qué me dicen

ahi está, sandra marcela

ni hablar que esta pc está hecha un desastre xP

Hola @Mercedes_Rasemer

1.- Elimina el ejecutable de ZHPCleaner y descarga una nueva versión.

2.- Lo ejecutas y si te sale esa ventana con la pregunta de si instalaste esos Server presionas en NO

Y en tu proxima respuesta pega el reporte completo que parcial no me sirve

3.- Luego realiza lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

  • Este no da reporte cuando te encuentre si es que lo hace con alguna infección, tomas una imagen y la subes.

4.- Luego de reiniciar vuelve a ejecutar FRST como la primera vez y colocas los reportes frescos de FRST y Addition.

Salu2