Buenas,
Aquí traigo los reportes:
**Malwarebytes**
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 20/5/20
Hora del análisis: 14:06
Archivo de registro: 647eb9f4-9a92-11ea-9485-3497f6b94cd2.json
-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.920
Versión del paquete de actualización: 1.0.24144
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 18362.836)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-KHB98NI\Soraya
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Cancelado
Objetos analizados: 707866
Amenazas detectadas: 16
Amenazas en cuarentena: 16
Tiempo transcurrido: 7 hr, 57 min, 16 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 4
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, 194, 236865, , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, 194, 236865, , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-471368242-4144064203-3053542568-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En cuarentena, 194, 236865, 1.0.24144, , ame,
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, En cuarentena, 323, 550469, 1.0.24144, , ame,
Valor del registro: 2
PUP.Optional.Conduit, HKU\S-1-5-21-471368242-4144064203-3053542568-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, 194, 236865, 1.0.24144, , ame,
PUP.Optional.Conduit, HKU\S-1-5-21-471368242-4144064203-3053542568-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, En cuarentena, 194, 236865, 1.0.24144, , ame,
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 2
PUP.Optional.DefaultSearch, C:\USERS\SILVIA Y AITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, En cuarentena, 323, 550469, , , ,
PUP.Optional.DefaultSearch, C:\USERS\SORAYA(SOLMICRO)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, En cuarentena, 323, 550469, , , ,
Archivo: 8
PUP.Optional.DefaultSearch, C:\USERS\SILVIA Y AITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, 323, 550469, , , ,
PUP.Optional.DefaultSearch, C:\USERS\SORAYA(SOLMICRO)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, 323, 550469, , , ,
PUP.Optional.DefaultSearch, C:\USERS\SILVIA Y AITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, 323, 550469, , , ,
PUP.Optional.DefaultSearch, C:\USERS\SORAYA(SOLMICRO)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, 323, 550469, , , ,
Trojan.Injector, C:\PROGRAM FILES (X86)\WONDERSHARE\VIDEO CONVERTER ULTIMATE\PATCH.EXE, En cuarentena, 691, 495393, 1.0.24144, , ame,
PUP.Optional.DefaultSearch, C:\USERS\SILVIA Y AITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ\1.3.11.6_0\MANIFEST.JSON, En cuarentena, 323, 475454, 1.0.24144, , ame,
HackTool.FilePatch, C:\USERS\SORAYA\DESKTOP\DRIVER BOOSTER\PATCH-IOBIT.DRIVER.BOOSTER.PRO.5.X.RAR, En cuarentena, 7519, 281135, 1.0.24144, , ame,
PUP.Optional.DefaultSearch, C:\USERS\SORAYA(SOLMICRO)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ\1.3.7.6_0\MANIFEST.JSON, En cuarentena, 323, 475454, 1.0.24144, , ame,
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
# -------------------------------
# **Malwarebytes AdwCleaner 8.0.4.0**
# -------------------------------
# Build: 04-03-2020
# Database: 2020-05-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-24-2020
# Duration: 00:00:24
# OS: Windows 10 Home
# Cleaned: 41
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\Users\Soraya\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Soraya\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Soraya\AppData\Roaming\Lavasoft\Web Companion
***** [ Files ] *****
Deleted C:\END
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Vittalia
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
***** [ Chromium (and derivatives) ] *****
Deleted Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Deleted Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Deleted Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\GIFTBOX
Deleted Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX
Deleted Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CA3FA69-7B3B-4A95-B478-2A573C22A5B0}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CA3FA69-7B3B-4A95-B478-2A573C22A5B0}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{957CDE7E-D7B8-497D-9DAF-17793BAA2275}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
Deleted Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\ASUS LIVE UPDATE1
Deleted Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER
Deleted Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP
Deleted Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0422C44-24DA-4B51-B36C-59388CA876F1}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Deleted Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{862D1876-A224-4D5A-BD89-748615FB4D44}
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON
Deleted Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Deleted Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5769 octets] - [24/05/2020 10:02:27]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Esto sería todo.
De momento parece que ha mejorado algo. ¿Hay algo mas que deba hacer?