Buenos días.
Hace unas semanas me robaron la cuenta de Steam, Microsoft, email…he logrado recuperarlas y he formateado el PC (menos un HDD de almacenamiento).
Me gustaría asegurarme que de que no sigue infectado aún habiendo formateado (los famosos Keyloggers). Si alguien me podría ayudar estaría agradecida.
Gracias.
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2022 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/27/2022 05:53:17 PM in x64 mode.
Windows Version: Windows 10 Pro
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\geekt\AppData\Roaming\Elgato\StreamDeck\Plugins\tv.twitch.studio.sdPlugin\twitchstudiostreamdeck.exe (PID: 10904) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 10/27/2022 05:53:34 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)
C:\Users\geekt\AppData\Local\Temp\~nsuA.tmp\Un_A.exe - deleted
Total 197741164923 bytes in 384701 files scanned (407835 objects)
Total 384705 files (407661 objects) are clean
Total 1 file (2 objects) are infected
Total 1 file are neutralized
Total 170 files are raised error condition
Scan time is 00:23:05.501
=============================================================================
Dr.Web Scanner SE for Windows v9.1.6.04261
(c) Doctor Web, Ltd., 1992-2021
Scan session started 2022/10/27 18:49:53
Module location : C:\Users\geekt\AppData\Local\Temp\EFE55E48-F4DE14E8-89A9F118-61F9ABF8\
He pasado el Kapersky Virus Removal:
He pasado el Kapersky TDSSKiller: no ha encontrado nada
Por último he pasado el Ccleaner (limpieza y registro).
Voy actualizando el tema mientras voy paso por paso, ya que no me deja editar el último post. Sigo pasando programas.
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : geekt
User is Admin : Yes
Date : 2022/10/27 19:26:10
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 68
Found items : 1
Total scanned : 45390
Signatures Version : 20221024_084649
Truesight Driver : Yes
Updates Count : 1
************************* Warnings *************************
************************* Removal *************************
[PUM.Policies (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Reemplazado (2)
[+] scan_what : 1
[+] vendors : PUM.Policies
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 0
[+] status : 3
[+] status_str : Reemplazado (2)
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by geekt (Administrator) on 27/10/2022 at 21:32:45,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\190d048d (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/10/2022 at 21:33:25,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~