Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 17/4/19
Hora del análisis: 17:23
Archivo de registro: 05dca6d8-6157-11e9-a4f2-047d7b0ddb38.json
-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10216
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 17134.706)
CPU: x64
Sistema de archivos: NTFS
Usuario: JESUSSAAVEDRAPC\Jes\u00c3\u00bas I. Saavedra
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 515141
Amenazas detectadas: 24
Amenazas en cuarentena: 24
Tiempo transcurrido: 48 min, 48 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 11
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, En cuarentena, [98], [535908],1.0.10216
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6113413E-AFE9-425F-808C-9FB2834A05A0}, En cuarentena, [98], [535908],1.0.10216
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{6113413E-AFE9-425F-808C-9FB2834A05A0}, En cuarentena, [98], [535908],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, En cuarentena, [2818], [572664],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, En cuarentena, [2818], [572665],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, En cuarentena, [2818], [572666],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, En cuarentena, [2818], [572667],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, En cuarentena, [2818], [572668],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, En cuarentena, [2818], [572669],1.0.10216
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, En cuarentena, [2818], [572670],1.0.10216
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\DMUNVERSION, En cuarentena, [459], [518477],1.0.10216
Valor del registro: 2
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6113413E-AFE9-425F-808C-9FB2834A05A0}|PATH, En cuarentena, [98], [535907],1.0.10216
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\DMUNVERSION|VERSION, En cuarentena, [459], [518477],1.0.10216
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 1
Trojan.SmokeLoader, C:\PROGRAMDATA\DAHJSERVICE, En cuarentena, [1013], [509066],1.0.10216
Archivo: 10
Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, En cuarentena, [98], [535908],1.0.10216
Adware.HiRu, C:\USERS\JESúS SAAVEDRA\APPDATA\ROAMING\HUI.EXE, En cuarentena, [3045], [537036],1.0.10216
Adware.FileTour, C:\USERS\JESúS SAAVEDRA\DOWNLOADS\CPU-Z_1.63-SETUP-EN.EXE, En cuarentena, [447], [591373],1.0.10216
Generic.Malware/Suspicious, C:\USERS\JESúS SAAVEDRA\DOWNLOADS\YOUTUBE_DOWNLOADER_HD_SETUP.EXE, En cuarentena, [0], [392686],1.0.10216
PUP.Optional.Reimage, C:\USERS\JESúS SAAVEDRA\DOWNLOADS\REIMAGEREPAIR.EXE, En cuarentena, [341], [331559],1.0.10216
MachineLearning/Anomalous.100%, C:\USERS\JESúS SAAVEDRA\DOWNLOADS\ELIPUPS.EXE, En cuarentena, [0], [392687],1.0.10216
PUP.Optional.InstallCore, C:\USERS\JESúS SAAVEDRA\APPDATA\LOCAL\JDOWNLOADER 2.0\JDOWNLOADER2.EXE.TMP, En cuarentena, [431], [542680],1.0.10216
HackTool.Agent, C:\USERS\JESúS SAAVEDRA\DESKTOP\ADOBE ACROBAT XI\AMTEMU.V0.9.1-PAINTER.EXE, En cuarentena, [3934], [448498],1.0.10216
HackTool.Agent, C:\USERS\JESúS SAAVEDRA\DESKTOP\ADOBE ACROBAT XI PRO 11.0.20 + CRACK [TECH-TOOLS.ME]\CRACK\AMTEMU.V0.9.1-PAINTER.EXE, En cuarentena, [3934], [448498],1.0.10216
HackTool.Agent, C:\USERS\JESúS SAAVEDRA\DESKTOP\ADOBE ACROBAT XI\ADOBE ACROBAT XI\AMTEMU.V0.9.1-PAINTER.EXE, En cuarentena, [3934], [448498],1.0.10216
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
del AdwCleaner
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-17-2019
# Duration: 00:00:21
# OS: Windows 10 Home
# Cleaned: 42
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Enigma Software Group
Deleted C:\Program Files (x86)\avg web tuneup
Deleted C:\Program Files\Hola
Deleted C:\Users\Jesús Saavedra\AppData\LocalLow\avg web tuneup
Deleted C:\Users\Jesús Saavedra\AppData\Local\avg web tuneup
Deleted C:\Users\Jesús Saavedra\AppData\Local\slimware utilities inc
Deleted C:\Users\Jesús Saavedra\AppData\Roaming\Hola
Deleted C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
Deleted C:\Users\Jesús Saavedra\Downloads\Hola-Setup.exe
Deleted C:\Windows\System32\drivers\swdumon.sys
Deleted C:\spyhunter.fix
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{600516AB-4E78-436E-B539-71A2F30A925}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DADDFE-E220-4903-8E14-4C1517F95A45}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF0E626-22E6-4210-93A2-92EC08942BF}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FFEB109-CD16-4344-8119-62D87D68E74}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACFC3051-A62F-4131-8316-AB3346F21021}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE17EDE6-E4DE-41B1-9EBE-CCD5BCBF48B8}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCB78154-6EF-4BDA-B258-583A53E656AF}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2EBC450-BE12-4AF7-B24B-197704BCD77}
Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AdVantage
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Seviler
Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Hola
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B351D155-F565-4E71-9B34-7EBFD4C442F8}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|DiskPower
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola
Deleted HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted HKLM\Software\Wow6432Node\AVG Tuneup
Deleted HKLM\Software\Wow6432Node\EnigmaSoftwareGroup
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\avgsh
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{B351D155-F565-4E71-9B34-7EBFD4C442F8}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5498 octets] - [17/04/2019 21:08:49]
AdwCleaner[S01].txt - [5559 octets] - [17/04/2019 21:19:54]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########