Perdon por la demora estos son los reportes
# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-25-2020
# Duration: 00:00:19
# OS: Windows 10 Home Single Language
# Cleaned: 51
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Tencent
Deleted C:\Users\Equipo\AppData\Local\Tencent
Deleted C:\Users\Equipo\AppData\Roaming\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackjack +.lnk
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\csastats
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{09CE1F09-FDFC-4DD0-BD73-B9E12FE8087A}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B20E7501-432D-4084-A8BB-8A544822BBEA}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C9147A5D-2C1D-4B37-9EF1-80CA4EE25C3E}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DB7D7850-FDB7-4654-9D49-B45F915A5F3C}
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\Hola
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{237C0E97-E9FC-4D4B-842B-C7321ECE2014}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB1AECDE-1415-48DC-B8C7-EE93A507BC4E}
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Equipo\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Equipo\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B7053964-E2C7-4BA9-84DE-D3A98B5FBA24}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}
Not Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [7180 octets] - [25/06/2020 19:36:02]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Informe de ZHPCleaner
~ ZHPCleaner v2020.6.23.207 by Nicolas Coolman (2020/06/23)
~ Run by Equipo (Administrator) (25/06/2020 19:44:54)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Equipo\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Equipo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 18362)
---\ Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)
---\ Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)
---\ Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)
---\ Hosts carpeta (1)
~ El archivo hosts es legítimo (23)
---\ Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)
---\ Explorador ( Archivos, Carpetas ) (9)
ENCONTRADOS carpeta: C:\Users\Equipo\AppData\Roaming\Mozilla\Firefox\Profiles\4hdtuusr.default\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
ENCONTRADOS carpeta: C:\Users\Equipo\Desktop\µTorrent.lnk [Bad : C:\Users\Equipo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Equipo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Equipo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Equipo\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Equipo\Desktop\µTorrent.lnk =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Equipo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Public\Desktop\ScpToolkit Settings Manager.lnk =>PUP.Optional.SettingsManager
ENCONTRADOS carpeta: C:\Users\Equipo\AppData\Local\MSfree Inc\kmsauto.ini =>HackTool.WinActivator
ENCONTRADOS archivo: C:\Users\Equipo\AppData\Local\MSfree Inc =>HackTool.WinActivator
---\ Registro ( Claves, Valores, Datos) (7)
ENCONTRADOS clave: HKU\.DEFAULT\Software\ByteFence [AdditionalScan 8] =>SUP.Optional.ByteFence
ENCONTRADOS clave: HKU\S-1-5-18\Software\ByteFence [AdditionalScan 17] =>SUP.Optional.ByteFence
ENCONTRADOS clave: HKCU\Software\undefined [AdditionalScan 148] =>.SUP.Downloader
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe [AdditionalScan 517] =>SUP.Optional.ByteFence
ENCONTRADOS clave: HKEY_USERS\.DEFAULT\Software\ByteFence [] =>SUP.Optional.ByteFence
ENCONTRADOS clave: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTPL-fabulousangelashsr [] =>Adware.CrossRider
---\ Resumen de elementos en su estación de trabajo (7)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.BDYahoo
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.SettingsManager
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>SUP.Optional.ByteFence
https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider
---\ Resultado de la reparación.
~ ninguna reparación hecha
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Opera OK
---\ STATISTIQUES
~ Items escaneado : 115630
~ Items encontrado : 19
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 8/15
---\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ End of search in 00h20mn25s
---\ Reporte (0)
ZHPCleaner-[S]-25062020-20_05_19.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Informe de ZHPCleaner
~ ZHPCleaner v2020.6.23.207 by Nicolas Coolman (2020/06/23)
~ Run by Equipo (Administrator) (25/06/2020 20:10:10)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Equipo\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Equipo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 18362)
---\ Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)
---\ Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)
---\ Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)
---\ Hosts carpeta (1)
~ El archivo hosts es legítimo (23)
---\ Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)
---\ Explorador ( Archivos, Carpetas ) (5)
MOVIDO carpeta: C:\Users\Equipo\Desktop\µTorrent.lnk [Bad : C:\Users\Equipo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Equipo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Equipo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Equipo\AppData\Roaming\Mozilla\Firefox\Profiles\4hdtuusr.default\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
MOVIDO carpeta: C:\Users\Public\Desktop\ScpToolkit Settings Manager.lnk =>PUP.Optional.SettingsManager
MOVIDO archivo: C:\Users\Equipo\AppData\Local\MSfree Inc =>HackTool.WinActivator
---\ Registro ( Claves, Valores, Datos) (7)
BORRADOS clave*: HKU\.DEFAULT\Software\ByteFence [AdditionalScan 8] =>SUP.Optional.ByteFence
BORRADOS clave**: HKU\S-1-5-18\Software\ByteFence [AdditionalScan 17] =>SUP.Optional.ByteFence
BORRADOS clave*: HKCU\Software\undefined [AdditionalScan 148] =>.SUP.Downloader
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe [AdditionalScan 517] =>SUP.Optional.ByteFence
BORRADOS clave**: HKEY_USERS\.DEFAULT\Software\ByteFence [] =>SUP.Optional.ByteFence
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTPL-fabulousangelashsr [] =>Adware.CrossRider
---\ Resumen de elementos en su estación de trabajo (7)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.BDYahoo
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.SettingsManager
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>SUP.Optional.ByteFence
https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider
---\ Limpieza adicional. (6)
~ Clave de registro Tracing borrados (6)
~ Quitar los antiguos informes de ZHPCleaner. (0)
---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Opera OK
---\ STATISTIQUES
~ Items escaneado : 2116
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 8/15
---\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ End of clean in 00h00mn44s
---\ Reporte (2)
ZHPCleaner-[S]-25062020-20_05_19.txt
ZHPCleaner-[R]-25062020-20_10_54.txt
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 25/6/20
Hora del análisis: 20:16
Archivo de registro: a01e5774-b74a-11ea-ba28-b4b686e5e9ee.json
-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.955
Versión del paquete de actualización: 1.0.26031
Licencia: Gratis
-Información del sistema-
SO: Windows 10 (Build 18362.900)
CPU: x64
Sistema de archivos: NTFS
Usuario: BRYAN19504\Equipo
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 771095
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 2 hr, 29 min, 1 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 4
Malware.Generic.839992614, C:\PROGRAM FILES (X86)\ROCKSTAR GAMES\MANHUNT 2\MANHUNT2.EXE, En cuarentena, 1000000, 0, 1.0.26031, 3DE469A20FF6C98432114526, dds, 00780492
Malware.Generic.3179138367, C:\USERS\EQUIPO\3D OBJECTS\OFFICE 2013-2019\OINSTALL.EXE, En cuarentena, 1000000, 0, 1.0.26031, 62DCA56267ECA3A8BD7DCD3F, dds, 00780492
Generic.Malware/Suspicious, C:\USERS\EQUIPO\DESKTOP\NELLY\ACTIVADOR W10\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.26031, , shuriken,
Trojan.Dropper, C:\WINDOWS\RESOURCES\THEMES\ICSYS.ICN.EXE, En cuarentena, 846, 509225, 1.0.26031, 000000000000000000000001, dds, 00780492
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)