Rasomware me cambio las extensiones de los archivos a .GIF (GlobeImposter 2.0)

Buenas tardes, tengo un problema le entro un virus al pc Win32/Tofsee.AX, le pase eset smart security y malwarebytes, al parecer lo elimino porque ya no me aparece más. Pero me cambio de extensión a los accesos directos y los archivos a .GIF. Saludos.

Hola @Martin_Luna

Bienvenido a esta nueva etapa de InfoSpyware.

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

USBFix:

  • Conecte todos sus dispositivos extraibles, USB/Pendrive\Micro SD, etc.
  • Ejecute USBFix.exe
  • Una vez conectados todos sus dispositivos presione en "Ejecutar análisis."
  • Posteriormente seleccione “Full Análisis” y espere a que termine.
  • En caso de detectar amenazas, seleccione todo los elementos detectados y presione "Limpiar todo"
  • Si le pidiera reiniciar el sistema, Acepte .
  • Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado.
  • Copie y pegue entero dicho reporte en su próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio)

Una vez terminado el análisis, con todas las unidades conectadas, vuelva a ejecutar USBFix como Administrador, y vacune los mismos, siguiendo los pasos del Manual.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado. Selecciona todas las unidades.
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de Malwarebytes y USBFix.

Ademas de el Log anterior de Eset Online y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

Hola @SanMar muchas gracias por responder, aca te dejo los registros. USBFix

# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.012
# Base de datos : 2019.01.29 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Salta Game (Administrador)
# Dispositivo : SALTAGAME-PC
# Comenzó : 23/03/2019 22:20:23
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(22GB/98GB)	[Fixed] 
D:\	NTFS	(54GB/135GB)	[Fixed] 

------------ | Elemento(s) infectado(s) |

~ Ningún elemento detectado ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET Security\ecmds.exe" /launch /hide /proxy

------------ | Tasks |

Task - AutoKMS --> C:\Windows\AutoKMS\AutoKMS.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - KMS_VL_ALL --> C:\Users\Salta Game\AppData\Local\Temp\WinActiveData\KMS_VL_ALL.cmd -renewalonly
Task - {0AC6A361-F1A9-4CA1-810B-3B7F16E8778E} --> C:\Windows\system32\pcalua.exe -a "C:\Users\Salta Game\Downloads\ghosts-n-goblins-0-4-en (1).exe" -d "C:\Users\Salta Game\Downloads"
Task - {C897FB8E-B695-4F0F-B089-29CF623ACA9E} --> C:\Windows\system32\pcalua.exe -a C:\Users\SALTAG~1\AppData\Local\Temp\jre-8u191-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[04/11/2017 - 18:37:03 | A | 0 Ko] - AiOLog.txt
[20/03/2019 - 21:41:45 | A | 35 Ko] - url_setting_definitions.txt
[20/03/2019 - 21:42:18 | A | 312 Ko] - active_protection.txt
[20/03/2019 - 21:51:42 | A | 0 Ko] - DelFix.txt
[20/03/2019 - 22:19:32 | A | 17 Ko] - ComboFix.txt
[10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys
[19/10/2018 - 20:39:27 | RASH | 0 Ko] - MSDOS.SYS
[19/10/2018 - 20:39:27 | RASH | 0 Ko] - IO.SYS
[23/03/2019 - 19:23:55 | ASH | 1474012 Ko] - hiberfil.sys
[23/03/2019 - 19:24:00 | ASH | 1965352 Ko] - pagefile.sys
[12/02/2019 - 22:25:53 | A | 13 Ko] - PDOXUSRS.NET
[23/03/2019 - 22:19:31 | RASHD] - autorun.inf
[20/03/2019 - 22:19:41 | SHD] - $RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat
[23/03/2019 - 21:44:04 | D] - gestionpro.530T
[13/07/2009 - 23:37:05 | D] - PerfLogs
[14/07/2009 - 01:53:55 | SHD] - Documents and Settings
[04/11/2017 - 17:49:35 | SHD] - Archivos de programa
[04/11/2017 - 17:49:35 | D] - Recovery
[04/11/2017 - 18:21:10 | RD] - MSOCache
[07/11/2017 - 20:33:17 | D] - GDS Punto de Ventas PLUS 5
[23/12/2017 - 19:31:26 | RD] - Users
[03/12/2018 - 20:12:35 | D] - DMC Devil May Cry 2xDVD5 [STEAM] [IC+SREP+LZMA] [Updates+DLCs]
[19/03/2019 - 19:20:13 | D] - Senior
[19/03/2019 - 20:26:21 | D] - CopiaSeguridad
[19/03/2019 - 20:26:23 | D] - DB Super
[19/03/2019 - 20:29:34 | D] - dentis
[20/03/2019 - 22:19:36 | D] - Qoobox
[20/03/2019 - 22:26:27 | D] - ComboFix
[23/03/2019 - 18:25:26 | HD] - ProgramData
[23/03/2019 - 18:52:54 | D] - AdwCleaner
[23/03/2019 - 18:54:56 | RD] - Program Files
[23/03/2019 - 18:56:34 | D] - Windows
[23/03/2019 - 19:14:00 | D] - FRST
[23/03/2019 - 22:07:29 | D] - JDownloader

------------ | D:\ - Disco fijo (NTFS) |

[19/03/2019 - 20:25:37 | A | 2 Ko] - Restore-My-Files.txt
[23/03/2019 - 22:19:31 | RASHD] - autorun.inf
[19/03/2019 - 20:25:36 | A | 45 Ko] - atum 7.jpg.gif
[19/03/2019 - 20:25:37 | A | 20 Ko] - comprobante.docx.gif
[19/03/2019 - 20:25:38 | A | 11341 Ko] - microsoft-security-essentials-4-8-204-0-32-bit-es-win.exe.gif
[19/03/2019 - 20:25:40 | A | 443521 Ko] - Proyecto_06-15(1)_HD.mp4.gif
[19/03/2019 - 20:25:41 | A | 273442 Ko] - Proyecto_06-15_HD.mp4.gif
[19/03/2019 - 20:25:42 | A | 56 Ko] - sega.jpg.gif
[19/03/2019 - 20:25:42 | A | 11 Ko] - Tarjeta.xlsx.gif
[04/11/2017 - 17:56:24 | D] - $RECYCLE.BIN
[19/03/2019 - 20:46:30 | D] - Punto de Ventas Plus 5.83 Español
[19/03/2019 - 20:54:27 | D] - Microsoft Toolkit 2.6.4
[19/03/2019 - 20:56:01 | D] - FlowItaliano.com presenta Flow Argentino vol.1 (2018)
[04/11/2017 - 17:52:20 | D] - Activador Win7 (32-64)
[12/11/2018 - 18:20:16 | D] - MP3
[15/02/2019 - 19:29:54 | D] - JUEGOS PS2
[19/03/2019 - 20:25:45 | D] - W7AIOx86x64
[19/03/2019 - 20:26:05 | D] - VIDEOS
[19/03/2019 - 20:26:11 | D] - TIENDA PS3
[19/03/2019 - 20:26:12 | D] - SmartData
[19/03/2019 - 20:26:14 | D] - ROSADIN
[19/03/2019 - 20:46:37 | D] - PROGRAMAS
[19/03/2019 - 20:47:28 | D] - PELIS HD
[19/03/2019 - 20:54:28 | D] - MEGA
[19/03/2019 - 20:54:28 | D] - Left 4 Dead 2 CPTutorialesHD
[19/03/2019 - 20:55:17 | D] - ICOM en Multimedia
[19/03/2019 - 20:55:21 | D] - iCOM
[19/03/2019 - 20:55:44 | D] - Gestiòn Pro 2012 Español Full Version
[19/03/2019 - 20:56:03 | D] - EBP Punto de Venta Español 2014
[19/03/2019 - 20:57:12 | D] - Caratulas
[19/03/2019 - 20:57:17 | D] - Armus-Rebirth-S13

Elemento(s) infectado(s) : 0
Elementos analizados : 54139 en 00h 00m 07s

# UsbFix-Report-02.txt [5294B]

------------ | E.O.F  |

Registo Malwarebytes


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 23/3/19
Hora del análisis: 17:41
Archivo de registro: fecfafe8-4dab-11e9-a05f-00248cd29c3c.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.9816
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 201213
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 14 min, 10 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

y este es del 20/03/19 con Malwarebytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/3/19
Hora del análisis: 19:41
Archivo de registro: 44dd5e61-4b61-11e9-9e0b-00248cd29c3c.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.9772
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: SaltaGame-PC\Salta Game

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 216544
Amenazas detectadas: 126
Amenazas en cuarentena: 125
Tiempo transcurrido: 1 hr, 33 min, 14 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 1
PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE, En cuarentena, [337], [327202],1.0.9772

Módulo: 1
PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE, En cuarentena, [337], [327202],1.0.9772

Clave del registro: 16
PUP.Optional.Reimage, HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\Reimage, En cuarentena, [337], [357494],1.0.9772
PUP.Optional.DriverPack, HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su, En cuarentena, [988], [472299],1.0.9772
PUP.Optional.Reimage, HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\REIMAGE\PC REPAIR, En cuarentena, [337], [327204],1.0.9772
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BEE6754B-6B7A-47D1-B21E-3AE0F0A15F4C}, En cuarentena, [337], [332365],1.0.9772
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, En cuarentena, [451], [584322],1.0.9772
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, En cuarentena, [451], [518478],1.0.9772
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, En cuarentena, [451], [518476],1.0.9772
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BEE6754B-6B7A-47D1-B21E-3AE0F0A15F4C}, En cuarentena, [337], [332364],1.0.9772
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ReimageUpdater, En cuarentena, [337], [332364],1.0.9772
Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YjMxZGRjZTEwZjYz, En cuarentena, [499], [533738],1.0.9772
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En cuarentena, [499], [-1],0.0.0
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{59000FBF-9748-4EC1-883C-795F0ECD89DE}, En cuarentena, [253], [239939],1.0.9772
PUP.Optional.Reimage, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ReimageRealTimeProtector, En cuarentena, [337], [327202],1.0.9772
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, En cuarentena, [337], [332504],1.0.9772
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, En cuarentena, [7131], [252393],1.0.9772
PUP.Optional.MailRu, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, En cuarentena, [250], [655213],1.0.9772

Valor del registro: 14
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1404873637-3125058992-18802451-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, En cuarentena, [802], [259988],1.0.9772
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, [802], [-1],0.0.0
PUP.Optional.Reimage, HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, En cuarentena, [337], [327204],1.0.9772
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BEE6754B-6B7A-47D1-B21E-3AE0F0A15F4C}|PATH, En cuarentena, [337], [332365],1.0.9772
RiskWare.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TNOD UP, En cuarentena, [3927], [382498],1.0.9772
Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YjMxZGRjZTEwZjYz|DISPLAYNAME, En cuarentena, [499], [533738],1.0.9772
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [499], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Error durante la eliminación, [499], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [499], [-1],0.0.0
Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YjMxZGRjZTEwZjYz|PUBLISHER, En cuarentena, [499], [533738],1.0.9772
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{59000FBF-9748-4EC1-883C-795F0ECD89DE}|PUBLISHER, En cuarentena, [253], [239939],1.0.9772
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, En cuarentena, [337], [332504],1.0.9772
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, En cuarentena, [7131], [252393],1.0.9772
PUP.Optional.MailRu, HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, En cuarentena, [250], [655213],1.0.9772

Datos del registro: 5
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1404873637-3125058992-18802451-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Sustituido, [802], [293486],1.0.9772
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1404873637-3125058992-18802451-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [802], [293485],1.0.9772
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1404873637-3125058992-18802451-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Sustituido, [802], [293485],1.0.9772
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1404873637-3125058992-18802451-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Sustituido, [802], [293485],1.0.9772
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1404873637-3125058992-18802451-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Sustituido, [802], [293485],1.0.9772

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 22
PUP.Optional.Reimage, C:\ProgramData\ReimageRepair\Results, En cuarentena, [337], [651074],1.0.9772
PUP.Optional.Reimage, C:\ProgramData\ReimageRepair, En cuarentena, [337], [651074],1.0.9772
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results, En cuarentena, [337], [332488],1.0.9772
PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR, En cuarentena, [337], [332488],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\[email protected], En cuarentena, [250], [481853],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\[email protected], En cuarentena, [250], [481852],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}, En cuarentena, [250], [482296],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Temp\20190320_1850\DownloaderTemp, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Temp\20190320_1850, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Temp, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\REI, En cuarentena, [337], [327187],1.0.9772
Adware.Wajam, C:\WINDOWS\SYSTEM32\SSL, En cuarentena, [499], [533889],1.0.9772
Adware.Linkury.TskLnk, C:\PROGRAM FILES\COMMON FILES\MATHLUX, En cuarentena, [14561], [444930],1.0.9772
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\AUPPMFRHCS, En cuarentena, [3696], [357599],1.0.9772
PUP.Optional.MailRu, C:\Program Files\Mail.Ru\Update Service, En cuarentena, [250], [384138],1.0.9772
PUP.Optional.MailRu, C:\Program Files\Mail.Ru\MailRuUpdater, En cuarentena, [250], [384138],1.0.9772
PUP.Optional.MailRu, C:\Program Files\Mail.Ru, En cuarentena, [250], [384138],1.0.9772
Adware.Wajam, C:\PROGRAM FILES\YJMXZGRJZTEWZJYZ, En cuarentena, [499], [556539],1.0.9772

Archivo: 67
Adware.Zdengo, C:\Windows\System32\drivers\YjBiZDU1NjNiYTg4, En cuarentena, [500], [648650],0.0.0
PUP.Optional.Reimage, C:\WINDOWS\SYSTEM32\TASKS\REIMAGEUPDATER, En cuarentena, [337], [332364],1.0.9772
PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE, En cuarentena, [337], [327202],1.0.9772
PUP.Optional.MailRu, C:\USERS\SALTA GAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [250], [655213],1.0.9772
PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR\RESULTS\PROTECTORUPDATER.LOG, En cuarentena, [337], [332488],1.0.9772
PUP.Optional.Reimage, C:\USERS\PUBLIC\DESKTOP\PC SCAN & REPAIR BY REIMAGE.LNK, En cuarentena, [337], [327183],1.0.9772
Adware.IStartSurf, C:\USERS\SALTA GAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_01AFB4, Se eliminará al reiniciar, [517], [653268],1.0.9772
PUP.Optional.Reimage, C:\USERS\SALTA GAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_01B03F, Se eliminará al reiniciar, [337], [331559],1.0.9772
PUP.Optional.Reimage, C:\USERS\SALTA GAME\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\HWJYUMXV\PROTECTORPACKAGERR2023B[1].EXE, En cuarentena, [337], [614728],1.0.9772
PUP.Optional.Reimage, C:\USERS\SALTA GAME\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\U2NTAE79\REIMAGEPACKAGE1891[1].EXE, En cuarentena, [337], [331559],1.0.9772
PUP.Optional.Reimage, C:\USERS\SALTA GAME\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, En cuarentena, [337], [331559],1.0.9772
Trojan.Agent.Generic, C:\USERS\SALTA GAME\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\IUGECEJG.LNK, En cuarentena, [3700], [536200],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\[email protected]\Restore-My-Files.txt, En cuarentena, [250], [481853],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\[email protected]\storage.js.gif, En cuarentena, [250], [481853],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\[email protected]\Restore-My-Files.txt, En cuarentena, [250], [481852],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\[email protected]\storage.js.gif, En cuarentena, [250], [481852],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\Restore-My-Files.txt, En cuarentena, [250], [482296],1.0.9772
PUP.Optional.MailRu, C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\4t9dc4qz.default-1513950538169\browser-extension-data\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\storage.js.gif, En cuarentena, [250], [482296],1.0.9772
PUP.Optional.Reimage, C:\USERS\SALTA GAME\DOWNLOADS\REIMAGEREPAIR.EXE, En cuarentena, [337], [331559],1.0.9772
PUP.Optional.MailRu, C:\USERS\SALTA GAME\FAVORITES\MAIL.RU.URL.GIF, En cuarentena, [250], [471428],1.0.9772
PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\cacert.crt, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\msvcr120.dll, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\productname.dat, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\savapi.exe, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\savapi_restart.exe, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\savapi_stub.exe, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\AV\xbvRei.vdf, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\debug-repair-2.log, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\debug-repair.log, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\Info_EnvironmentVars.res, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\Info_Installed.rec, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\JunkScanRes.xml, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\out.log, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\RegistryScanRes.xml, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.9.1\RUN20190320_1850\StabilityScanRes.xml, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\Temp\20190320_1850\ApplicationList.ini, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\About.txt, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\cfl.rei, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\rei1891nvt.ini, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\reimage.qsr, En cuarentena, [337], [327187],1.0.9772
PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, En cuarentena, [337], [327187],1.0.9772
Adware.Wajam, C:\WINDOWS\SYSTEM32\SSL\CERT.DB, En cuarentena, [499], [533889],1.0.9772
Adware.Wajam, C:\Windows\System32\SSL\ZmU0YzhmYjUzY2Qx 2.cer, En cuarentena, [499], [533889],1.0.9772
PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, En cuarentena, [337], [334717],1.0.9772
PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, En cuarentena, [337], [412667],1.0.9772
Adware.Linkury.TskLnk, C:\PROGRAM FILES\COMMON FILES\MATHLUX\INSTALLATIONCONFIGURATION.XML, En cuarentena, [14561], [444930],1.0.9772
Adware.Linkury.TskLnk, C:\Program Files\Common Files\Mathlux\uninstall.dat, En cuarentena, [14561], [444930],1.0.9772
Adware.Linkury.TskLnk, C:\Program Files\Common Files\Mathlux\uninstall.ico, En cuarentena, [14561], [444930],1.0.9772
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\AUPPMFRHCS\CAST.CONFIG, En cuarentena, [3696], [357599],1.0.9772
Adware.Tuto4PC.Generic, C:\Program Files\AUPPMFRHCS\UMKQUIT25.exe.config, En cuarentena, [3696], [357599],1.0.9772
Adware.Tuto4PC.Generic, C:\Program Files\AUPPMFRHCS\uninstaller.exe.config, En cuarentena, [3696], [357599],1.0.9772
PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\PROTECTORUPDATER.EXE, En cuarentena, [337], [614728],1.0.9772
PUP.Optional.MailRu, C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, En cuarentena, [250], [384138],1.0.9772
PUP.Optional.MailRu, C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe, En cuarentena, [250], [384138],1.0.9772
Adware.Wajam, C:\PROGRAM FILES\YJMXZGRJZTEWZJYZ\WBE_UNINSTALL.DAT, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\mozcrt19.dll, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\NGJjYTBjM.ico, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\nspr4.dll, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\nss3.dll, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\plc4.dll, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\plds4.dll, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\service.dat, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\softokn3.dll, En cuarentena, [499], [556539],1.0.9772
Adware.Wajam, C:\Program Files\YjMxZGRjZTEwZjYz\ZjE2NGUzMmZlMmI3MWRm, En cuarentena, [499], [556539],1.0.9772

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Reporte ESET.txt (112,9 KB)

Reporte ESET Smart Security.

Saludos

Hola @Martin_Luna

El reporte de Eset esta fatal te pescaste una buena.

Realiza lo siguiente respetando el orden de los pasos:

1.- En los reportes de las herramientas que ejecutaste se ve que usaste Combofix por tu cuenta, pega su reporte también en tu próxima respuesta.

2.- Descarga y ejecuta TDSSKiller siguiendo los pasos de su Manual:

Manual de TDSSKiller.

3.- Desactive temporalmente su antivirus y cualquier programa de seguridad.

4.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abriran dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

5.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2.

1 me gusta

Hola @SanMar. Disculpa la demora, pero este pc es el del trabajo y no estuve el fin de semana. acá te paso los reportes.

Reporte TDSSKiller.

reporte tdskiller.txt (92,9 KB)

Reporte FRST.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-03-2019
Ran by Salta Game (administrator) on SALTAGAME-PC (25-03-2019 19:20:27)
Running from C:\Users\Salta Game\Desktop
Loaded Profiles: Salta Game (Available Profiles: Salta Game & UpdatusUser)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [170128 2019-02-27] (ESET, spol. s r.o. -> ESET)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-22] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{406BA73E-C63A-47F6-8B24-1C6A035184F0}: [DhcpNameServer] 192.168.100.5
Tcpip\..\Interfaces\{E17B98A7-9C73-416B-9F44-42B978D8618F}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1404873637-3125058992-18802451-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6hq9oq2w.default
FF ProfilePath: C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\6hq9oq2w.default [2019-03-23]
FF Extension: (uBlock Origin) - C:\Users\Salta Game\AppData\Roaming\Mozilla\Firefox\Profiles\6hq9oq2w.default\Extensions\[email protected] [2019-03-20]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google Inc -> Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc -> Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc -> Google Inc.)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)

Chrome: 
=======
CHR Profile: C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default [2019-03-25]
CHR Extension: (Presentaciones) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-04]
CHR Extension: (Documentos) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-04]
CHR Extension: (Google Drive) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-04]
CHR Extension: (YouTube) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-04]
CHR Extension: (uBlock Origin) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-03-23]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-01-08]
CHR Extension: (Hojas de cálculo) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Salta Game\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-23]
CHR HKLM\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [beliehdniadoecbonbhlcgbdldccfigp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-02-27] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-02-27] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 symsrv; C:\Program Files\windows nt\symsrv.exe [145168 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-07-21] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 DLMFENC; C:\Windows\System32\DRIVERS\DLMFENC.sys [142408 2018-02-27] (DESlock Limited -> DESlock Ltd.)
R0 DLPCRYPT; C:\Windows\System32\DRIVERS\dlpcrypt.sys [109824 2017-11-02] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\Windows\System32\DRIVERS\dlpvdisk.sys [84984 2017-11-02] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [125056 2019-02-27] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [91720 2019-02-27] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [147288 2019-02-27] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43952 2019-02-27] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [72480 2019-02-27] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53808 2019-02-27] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [94856 2019-02-27] (ESET, spol. s r.o. -> ESET)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-03-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [240440 2019-03-25] (Malwarebytes Corporation -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] (ASUSTeK Computer Inc. -> )
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1583136 2013-01-24] (Ralink Technology Corporation -> Ralink Technology Corp.)
R0 VDLPToken2; C:\Windows\System32\DRIVERS\vdlptkn2.sys [125432 2017-11-02] (DESlock Limited -> DESlock Ltd.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 catchme; \??\C:\Users\SALTAG~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S1 MpKsld8c8093b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7E8DA2F-F263-4332-81A8-9B56B2511FD6}\MpKsld8c8093b.sys [X]
S1 YjBiZDU1NjNiYTg4; \??\C:\Windows\system32\drivers\YjBiZDU1NjNiYTg4 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 19:20 - 2019-03-25 19:21 - 000011424 _____ C:\Users\Salta Game\Desktop\FRST.txt
2019-03-25 19:19 - 2019-03-25 19:19 - 001793024 _____ (Farbar) C:\Users\Salta Game\Desktop\FRST.exe
2019-03-25 19:18 - 2019-03-25 19:18 - 000095166 _____ C:\Users\Salta Game\Desktop\reporte tdskiller.txt
2019-03-25 19:12 - 2019-03-25 19:19 - 000190422 _____ C:\TDSSKiller.3.1.0.26_25.03.2019_19.12.17_log.txt
2019-03-25 19:11 - 2019-03-25 19:12 - 000004752 _____ C:\TDSSKiller.3.1.0.26_25.03.2019_19.11.21_log.txt
2019-03-25 19:02 - 2019-03-25 19:03 - 005072904 _____ (AO Kaspersky Lab) C:\Users\Salta Game\Desktop\tdsskiller.exe
2019-03-25 18:45 - 2019-03-25 18:45 - 000240440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-23 22:53 - 2019-03-23 22:53 - 000000691 _____ C:\Users\Salta Game\Desktop\esettt.txt
2019-03-23 22:45 - 2019-03-23 22:46 - 000115628 _____ C:\Users\Salta Game\Desktop\Reporte ESET.txt
2019-03-23 22:20 - 2019-03-23 22:20 - 000005353 _____ C:\Users\Salta Game\Desktop\UsbFix_Report.txt
2019-03-23 22:17 - 2019-03-23 22:18 - 004576600 _____ (SOSVirus) C:\Users\Salta Game\Desktop\UsbFix_2019_11.012.exe
2019-03-23 19:14 - 2019-03-23 19:14 - 000044637 _____ C:\Users\Salta Game\Desktop\Shortcut.txt
2019-03-23 18:26 - 2019-03-23 18:26 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\6351F956.sys
2019-03-23 18:25 - 2019-03-23 18:49 - 000000000 ____D C:\Users\Salta Game\Desktop\mbar
2019-03-23 18:25 - 2019-03-23 18:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-03-23 18:23 - 2019-03-23 18:24 - 000002320 _____ C:\Users\Salta Game\Desktop\Rkill.txt
2019-03-23 18:23 - 2019-03-23 18:23 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Salta Game\Desktop\mbar-1.10.3.1001.exe
2019-03-23 18:19 - 2019-03-23 18:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Salta Game\Desktop\rkill.exe
2019-03-22 21:45 - 2019-03-23 17:59 - 000000000 ____D C:\Users\Salta Game\Desktop\CCleaner v5.55.7108 + Portable Full Español
2019-03-22 21:11 - 2019-03-22 21:11 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-03-22 20:56 - 2019-03-23 18:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-22 20:56 - 2019-03-22 21:11 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-03-22 20:56 - 2019-03-22 20:56 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-22 20:56 - 2019-03-22 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-22 19:41 - 2019-03-22 19:41 - 000000000 _____ C:\Windows\system32\gui.json
2019-03-22 18:05 - 2019-03-22 18:05 - 001394636 _____ C:\Users\Salta Game\Desktop\TeslaDecoder (1).zip
2019-03-22 18:02 - 2019-03-22 18:02 - 001394636 _____ C:\Users\Salta Game\Desktop\TeslaDecoder.zip
2019-03-20 22:48 - 2019-03-20 22:49 - 088036509 _____ C:\Users\Salta Game\Desktop\GATS431-MW.rar
2019-03-20 22:37 - 2019-03-20 22:37 - 000001028 _____ C:\Users\Public\Desktop\Argente Utilities.lnk
2019-03-20 22:37 - 2019-03-20 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argente Utilities
2019-03-20 22:36 - 2019-03-23 17:38 - 000000000 ____D C:\Program Files\Argente Utilities
2019-03-20 22:36 - 2019-03-20 22:36 - 007316688 _____ (Malwarebytes) C:\Users\Salta Game\Desktop\adwcleaner_7.2.7.0.exe
2019-03-20 22:35 - 2019-03-20 22:35 - 008169074 _____ (Raúl Argente ) C:\Users\Salta Game\Desktop\AUtilities-old.exe
2019-03-20 22:27 - 2019-03-23 22:19 - 000001833 _____ C:\Users\Salta Game\Desktop\UsbFix Anti-Malware.lnk
2019-03-20 22:25 - 2019-03-20 22:26 - 000000000 ____D C:\Users\Salta Game\Desktop\Backups
2019-03-20 22:25 - 2019-03-20 22:25 - 000000000 ____D C:\Windows\ABR
2019-03-20 22:22 - 2019-03-20 22:22 - 007241296 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Salta Game\Desktop\HiJackThis.exe
2019-03-20 22:19 - 2019-03-20 22:19 - 000017320 _____ C:\ComboFix.txt
2019-03-20 22:00 - 2019-03-20 22:26 - 000000000 ____D C:\ComboFix
2019-03-20 22:00 - 2011-06-26 03:45 - 000256000 _____ C:\Windows\PEV.exe
2019-03-20 22:00 - 2010-11-07 14:20 - 000208896 _____ C:\Windows\MBR.exe
2019-03-20 22:00 - 2009-04-20 01:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2019-03-20 22:00 - 2000-08-30 21:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2019-03-20 22:00 - 2000-08-30 21:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2019-03-20 22:00 - 2000-08-30 21:00 - 000098816 _____ C:\Windows\sed.exe
2019-03-20 22:00 - 2000-08-30 21:00 - 000080412 _____ C:\Windows\grep.exe
2019-03-20 22:00 - 2000-08-30 21:00 - 000068096 _____ C:\Windows\zip.exe
2019-03-20 21:59 - 2019-03-20 22:19 - 000000000 ____D C:\Qoobox
2019-03-20 21:58 - 2019-03-20 22:17 - 000000000 ____D C:\Windows\erdnt
2019-03-20 21:57 - 2019-03-20 21:58 - 005660510 ____R (Swearware) C:\Users\Salta Game\Desktop\ComboFix.exe
2019-03-20 21:54 - 2019-02-23 13:19 - 000000330 _____ C:\Users\Salta Game\Desktop\README.txt
2019-03-20 21:51 - 2019-03-20 21:51 - 000000268 _____ C:\DelFix.txt
2019-03-20 21:51 - 2019-03-20 21:51 - 000000000 ____D C:\Windows\ERUNT
2019-03-20 21:50 - 2019-03-20 21:50 - 000797760 _____ C:\Users\Salta Game\Desktop\delfix.exe
2019-03-20 21:42 - 2019-03-20 21:42 - 000319024 _____ C:\active_protection.txt
2019-03-20 19:26 - 2019-03-20 21:41 - 000035928 _____ C:\url_setting_definitions.txt
2019-03-20 19:12 - 2019-03-20 19:12 - 000001230 _____ C:\Users\Salta Game\Desktop\Revo Uninstaller Pro.lnk
2019-03-20 19:12 - 2019-03-20 19:12 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2019-03-20 19:12 - 2019-03-20 19:12 - 000000000 ____D C:\Users\Salta Game\AppData\Local\VS Revo Group
2019-03-20 19:12 - 2019-03-20 19:12 - 000000000 ____D C:\ProgramData\VS Revo Group
2019-03-20 19:11 - 2019-03-20 19:11 - 016431492 _____ C:\Users\Salta Game\Desktop\Revo.Uninstaller.Pro.v4.0.5.zip
2019-03-20 19:11 - 2019-03-20 19:11 - 000000000 ____D C:\Program Files\VS Revo Group
2019-03-20 19:11 - 2018-12-11 08:15 - 000000743 _____ C:\Users\Salta Game\Desktop\Portable.cmd
2019-03-20 19:11 - 2018-12-11 08:15 - 000000743 _____ C:\Users\Salta Game\Desktop\Install.cmd
2019-03-20 19:11 - 2018-12-11 08:14 - 016429540 _____ (VS Revo Group) C:\Users\Salta Game\Desktop\Revo.Uninstaller.Pro.v4.0.5.exe
2019-03-20 19:07 - 2019-03-20 19:07 - 000000000 ____D C:\Users\Salta Game\AppData\Local\mbam
2019-03-20 19:03 - 2019-03-20 19:03 - 000000000 ____D C:\Users\Salta Game\AppData\Local\mbamtray
2019-03-20 19:03 - 2019-03-20 19:03 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-20 19:00 - 2019-03-20 19:00 - 062177776 _____ (Malwarebytes ) C:\Users\Salta Game\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9712.exe
2019-03-20 18:57 - 2019-03-23 19:14 - 000023549 _____ C:\Users\Salta Game\Desktop\Addition1.txt
2019-03-20 18:56 - 2019-03-23 19:14 - 000082698 _____ C:\Users\Salta Game\Desktop\FRST1.txt
2019-03-20 18:55 - 2019-03-25 19:20 - 000000000 ____D C:\FRST
2019-03-20 18:06 - 2019-03-23 19:28 - 000003329 _____ C:\Users\Salta Game\Desktop\JRT.txt
2019-03-19 21:45 - 2019-03-19 21:45 - 000109208 _____ C:\Users\Salta Game\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-19 21:45 - 2019-03-19 21:45 - 000000020 ___SH C:\Users\Salta Game\ntuser.ini
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Downloads\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Documents\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\ProgramData\Restore-My-Files.txt
2019-03-19 21:38 - 2019-03-19 21:38 - 000000000 ____D C:\Users\Salta Game\AppData\Local\DESlock+
2019-03-19 21:36 - 2019-03-23 18:52 - 000000000 ____D C:\AdwCleaner
2019-03-19 21:35 - 2019-03-19 21:35 - 000001943 _____ C:\Users\Public\Desktop\ESET Protección de banca y pagos en línea.lnk
2019-03-19 21:32 - 2019-03-19 21:32 - 007316688 _____ (Malwarebytes) C:\Users\Salta Game\Downloads\adwcleaner_7.2.7.0.exe
2019-03-19 21:27 - 2019-03-19 21:28 - 001790024 _____ (Malwarebytes) C:\Users\Salta Game\Downloads\JRT.exe
2019-03-19 21:27 - 2019-03-19 21:28 - 001790024 _____ (Malwarebytes) C:\Users\Salta Game\Desktop\JRT.exe
2019-03-19 21:19 - 2019-03-19 21:19 - 000000000 ____D C:\Users\Salta Game\AppData\Local\ESET
2019-03-19 21:02 - 2019-03-19 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
2019-03-19 21:01 - 2019-03-19 21:38 - 000000000 ____D C:\Program Files\ESET
2019-03-19 21:01 - 2019-03-19 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-03-19 21:01 - 2019-03-19 21:01 - 000000000 ____D C:\ProgramData\ESET
2019-03-19 20:44 - 2019-03-19 20:44 - 000001648 _____ C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt
2019-03-19 20:38 - 2019-03-19 20:38 - 000001648 _____ C:\Users\Salta Game\Desktop\Restore-My-Files.txt
2019-03-19 20:38 - 2019-03-19 20:38 - 000001648 _____ C:\Users\Salta Game\AppData\Roaming\Restore-My-Files.txt
2019-03-19 20:37 - 2019-03-19 20:37 - 000001648 _____ C:\Users\Salta Game\Documents\Restore-My-Files.txt
2019-03-19 20:28 - 2019-03-19 20:28 - 000000000 ____D C:\Windows\pss
2019-03-19 20:27 - 2019-03-19 20:27 - 000001648 _____ C:\Users\Salta Game\Downloads\Restore-My-Files.txt
2019-03-19 20:25 - 2019-03-19 20:25 - 000001648 _____ C:\Users\Salta Game\Restore-My-Files.txt
2019-03-19 20:25 - 2019-03-19 20:25 - 000001026 _____ C:\Users\Public\2720DE842C148E18C1E0270ABEF877C91C879E2B7AB4070B193C1EFF3F1AC1CA
2019-03-19 20:24 - 2019-03-22 18:17 - 000000000 ____D C:\ProgramData\{1C5CB847-36DB-4B88-A32B-0BC7A3CC5296}
2019-03-19 20:24 - 2019-03-20 17:51 - 000000000 ____D C:\Windows\system32\evtghkou
2019-03-19 20:24 - 2019-03-19 21:41 - 000000000 ____D C:\Users\Salta Game\AppData\Local\App
2019-03-19 20:23 - 2019-03-22 18:17 - 000000000 ____D C:\ProgramData\{CC8296D9-1845-9B56-3D05-D5173DE28C46}
2019-03-19 20:23 - 2019-03-19 20:39 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\my12jgyhep4
2019-03-19 20:22 - 2019-03-19 21:40 - 000000000 ____D C:\Users\Salta Game\AppData\Local\Mail.Ru
2019-03-19 20:22 - 2019-03-19 20:22 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-03-19 20:22 - 2019-03-19 20:22 - 000000000 ____D C:\Program Files\TigerTrade
2019-03-19 20:21 - 2019-03-19 21:39 - 000000000 ____D C:\Program Files\bsoi
2019-03-19 19:48 - 2019-03-19 19:48 - 000253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2019-03-19 19:48 - 2019-03-19 19:48 - 000074240 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2019-03-19 19:13 - 2019-03-19 19:20 - 000000000 ____D C:\Senior
2019-03-19 19:13 - 2019-03-19 19:13 - 000000590 _____ C:\Users\Public\Desktop\Senior Conta.lnk
2019-03-19 19:13 - 2019-03-19 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senior
2019-03-19 19:13 - 2007-04-11 11:11 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\capicom.dll
2019-03-18 18:57 - 2019-03-18 18:57 - 000108474 _____ C:\Windows\uninstaller.dat
2019-03-12 19:35 - 2019-02-26 18:47 - 000348984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-03-12 19:35 - 2019-02-26 04:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-03-12 19:35 - 2019-02-26 04:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-03-12 19:35 - 2019-02-26 04:07 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-03-12 19:35 - 2019-02-26 04:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-03-12 19:35 - 2019-02-26 04:06 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-03-12 19:35 - 2019-02-26 04:06 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-03-12 19:35 - 2019-02-26 04:05 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-03-12 19:35 - 2019-02-26 04:04 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-03-12 19:35 - 2019-02-26 04:01 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-03-12 19:35 - 2019-02-26 04:00 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-03-12 19:35 - 2019-02-26 03:58 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-03-12 19:35 - 2019-02-26 03:57 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-03-12 19:35 - 2019-02-26 03:57 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-03-12 19:35 - 2019-02-26 03:57 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-03-12 19:35 - 2019-02-26 03:57 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-03-12 19:35 - 2019-02-26 03:51 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-03-12 19:35 - 2019-02-26 03:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-03-12 19:35 - 2019-02-26 03:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-03-12 19:35 - 2019-02-26 03:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-03-12 19:35 - 2019-02-26 03:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-03-12 19:35 - 2019-02-26 03:41 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-03-12 19:35 - 2019-02-26 03:41 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-03-12 19:35 - 2019-02-26 03:39 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-03-12 19:35 - 2019-02-26 03:38 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-03-12 19:35 - 2019-02-26 03:35 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-03-12 19:35 - 2019-02-26 03:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-03-12 19:35 - 2019-02-26 03:31 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-03-12 19:35 - 2019-02-26 03:31 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-03-12 19:35 - 2019-02-26 03:31 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-03-12 19:35 - 2019-02-26 03:30 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-03-12 19:35 - 2019-02-26 03:29 - 013681664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-03-12 19:35 - 2019-02-26 03:12 - 004386304 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-03-12 19:35 - 2019-02-26 03:09 - 001332224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-03-12 19:35 - 2019-02-26 03:07 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-03-12 19:34 - 2019-03-06 00:04 - 004055784 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-03-12 19:34 - 2019-03-06 00:04 - 003960552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-03-12 19:34 - 2019-03-06 00:04 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-03-12 19:34 - 2019-03-06 00:04 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-03-12 19:34 - 2019-03-06 00:04 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-03-12 19:34 - 2019-03-06 00:04 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-03-12 19:34 - 2019-03-06 00:04 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-03-12 19:34 - 2019-03-06 00:02 - 001310520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000556032 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-03-12 19:34 - 2019-03-06 00:01 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-03-12 19:34 - 2019-03-06 00:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-03-12 19:34 - 2019-03-05 23:41 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-03-12 19:34 - 2019-03-05 23:41 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-03-12 19:34 - 2019-03-05 23:41 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-03-12 19:34 - 2019-03-05 23:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-03-12 19:34 - 2019-03-05 23:41 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-03-12 19:34 - 2019-03-05 23:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-03-12 19:34 - 2019-03-05 23:39 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-03-12 19:34 - 2019-03-05 23:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-03-12 19:34 - 2019-03-05 23:39 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-03-12 19:34 - 2019-03-05 23:39 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-03-12 19:34 - 2019-03-05 23:37 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-03-12 19:34 - 2019-03-05 23:37 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-03-12 19:34 - 2019-03-05 23:37 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-03-12 19:34 - 2019-03-05 23:37 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-03-12 19:34 - 2019-03-05 23:37 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-03-12 19:34 - 2019-03-05 23:37 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-03-12 19:34 - 2019-03-05 23:36 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-03-12 19:34 - 2019-03-05 23:36 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-03-12 19:34 - 2019-03-05 23:36 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-03-12 19:34 - 2019-03-05 23:36 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-03-12 19:34 - 2019-03-05 23:36 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-03-12 19:34 - 2019-03-05 23:36 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-03-12 19:34 - 2019-03-05 23:36 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-03-12 19:34 - 2019-03-05 23:36 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-03-12 19:34 - 2019-03-04 23:40 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2019-03-12 19:34 - 2019-03-04 23:40 - 000026368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-03-12 19:34 - 2019-03-04 23:40 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2019-03-12 19:34 - 2019-02-26 04:25 - 020281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-03-12 19:34 - 2019-02-21 23:56 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-03-12 19:34 - 2019-02-21 23:55 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-03-12 19:34 - 2019-02-21 23:35 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2019-03-12 19:34 - 2019-02-16 02:50 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-03-12 19:34 - 2019-02-16 02:50 - 000781824 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-03-12 19:34 - 2019-02-16 02:50 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-03-12 19:34 - 2019-02-16 02:50 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-03-12 19:34 - 2019-02-16 02:50 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-03-12 19:34 - 2019-02-16 02:50 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-03-12 19:34 - 2019-02-16 02:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-03-12 19:34 - 2019-02-15 12:58 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-03-12 19:34 - 2019-02-15 12:58 - 000320512 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-03-12 19:34 - 2019-02-15 12:38 - 000360960 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-03-12 19:34 - 2019-02-15 12:38 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-03-12 19:34 - 2019-02-15 12:38 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-03-12 19:34 - 2019-02-15 12:38 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-03-12 19:34 - 2019-02-10 13:43 - 001214176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-03-12 19:34 - 2019-02-10 13:18 - 000247296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2019-03-12 19:34 - 2019-02-10 13:18 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2019-03-12 19:34 - 2019-02-10 13:18 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2019-03-12 19:34 - 2019-02-10 13:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys
2019-03-12 19:34 - 2019-02-08 12:59 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-03-12 19:34 - 2019-02-08 12:59 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-03-12 19:34 - 2019-02-08 12:59 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2019-03-12 19:34 - 2019-02-08 12:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-03-12 19:34 - 2019-02-08 12:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2019-03-12 19:34 - 2019-02-07 12:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\bridgeres.dll
2019-03-12 19:34 - 2019-02-07 12:53 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2019-03-12 19:34 - 2019-02-07 12:42 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\brdgcfg.dll
2019-03-12 19:34 - 2019-02-07 12:42 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\bridgeunattend.exe
2019-03-12 19:34 - 2019-02-03 12:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys
2019-03-12 19:34 - 2019-01-04 13:00 - 000122600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-03-12 19:34 - 2019-01-04 12:56 - 000593408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-03-12 19:34 - 2019-01-04 11:04 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 000524800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 000377856 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-03-12 19:34 - 2019-01-04 11:04 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-03-12 19:34 - 2019-01-03 12:55 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-03-12 19:11 - 2019-02-16 02:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-03-12 19:11 - 2019-02-10 13:43 - 000078560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-03-12 19:11 - 2019-02-10 13:41 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 003207168 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 001177088 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-03-12 19:11 - 2019-02-10 13:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-03-12 19:11 - 2019-02-10 13:37 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-03-12 19:10 - 2019-02-10 13:41 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-03-12 19:10 - 2019-02-10 13:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-03-12 19:10 - 2019-02-10 13:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-03-12 19:10 - 2019-02-10 13:41 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-03-12 19:10 - 2019-02-10 13:41 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-03-12 19:10 - 2019-02-10 13:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-03-12 19:10 - 2019-02-10 13:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-03-12 19:10 - 2019-02-10 13:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-03-12 19:10 - 2019-02-10 13:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-03-12 19:10 - 2019-02-10 13:28 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-03-12 19:10 - 2019-02-10 13:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-03-12 19:10 - 2019-02-10 13:28 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-03-12 19:10 - 2019-02-10 13:24 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-03-12 19:10 - 2019-02-10 13:19 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-03-12 19:10 - 2019-02-10 13:19 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-03-12 19:10 - 2019-02-10 13:19 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-02-28 21:46 - 2019-02-28 21:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-28 21:45 - 2019-03-19 21:41 - 000000000 ____D C:\Users\Salta Game\AppData\Local\GlobalMapper
2019-02-28 21:45 - 2019-02-28 21:45 - 000000000 ____D C:\Users\Salta Game\AppData\Local\SafeNet Sentinel
2019-02-28 21:45 - 2019-02-28 21:45 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2019-02-28 21:43 - 2019-03-19 21:41 - 000000000 ____D C:\Users\Salta Game\AppData\Local\IIIQF
2019-02-27 03:59 - 2019-02-27 03:59 - 000147288 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2019-02-27 03:59 - 2019-02-27 03:59 - 000125056 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2019-02-27 03:59 - 2019-02-27 03:59 - 000094856 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2019-02-27 03:59 - 2019-02-27 03:59 - 000091720 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2019-02-27 03:59 - 2019-02-27 03:59 - 000072480 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2019-02-27 03:59 - 2019-02-27 03:59 - 000053808 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2019-02-27 03:59 - 2019-02-27 03:59 - 000043952 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 18:44 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-23 23:01 - 2009-07-14 01:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-23 23:01 - 2009-07-14 01:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-23 22:19 - 2018-02-02 19:59 - 000000000 ____D C:\Program Files\UsbFix
2019-03-23 22:07 - 2017-12-23 19:06 - 000000000 ____D C:\JDownloader
2019-03-23 21:44 - 2017-11-07 21:20 - 000000000 ____D C:\gestionpro.530T
2019-03-23 18:52 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-03-23 18:00 - 2017-11-04 18:10 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-23 18:00 - 2017-11-04 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-23 18:00 - 2017-11-04 18:10 - 000000000 ____D C:\Program Files\CCleaner
2019-03-23 17:39 - 2018-08-13 11:39 - 000000000 ____D C:\Windows\AutoKMS
2019-03-22 18:21 - 2017-11-04 18:02 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-22 18:21 - 2017-11-04 18:02 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-22 18:19 - 2017-04-11 13:42 - 000000000 ____D C:\Windows\Panther
2019-03-22 18:19 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\Msdtc
2019-03-22 18:17 - 2019-01-12 21:30 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier
2019-03-22 17:53 - 2018-11-10 21:04 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\vlc
2019-03-20 22:26 - 2019-01-12 21:30 - 000000000 ____D C:\Program Files\Ultracopier
2019-03-20 22:17 - 2009-07-13 23:04 - 000000215 _____ C:\Windows\system.ini
2019-03-20 19:19 - 2019-02-22 19:23 - 000000000 ____D C:\Program Files\Seagate
2019-03-20 19:18 - 2019-02-22 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2019-03-20 19:11 - 2017-11-04 17:54 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\WinRAR
2019-03-20 18:45 - 2017-11-04 18:04 - 000000000 ____D C:\Users\Salta Game\AppData\LocalLow\Mozilla
2019-03-19 21:45 - 2017-11-04 18:03 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-03-19 21:45 - 2017-11-04 18:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-19 21:45 - 2017-11-04 17:49 - 000000000 ____D C:\Users\Salta Game
2019-03-19 21:43 - 2017-11-04 17:49 - 000001397 _____ C:\Users\Salta Game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-03-19 21:42 - 2018-06-15 20:30 - 000000000 ____D C:\ProgramData\VSO
2019-03-19 21:42 - 2017-11-04 17:49 - 000000000 ____D C:\Users\Salta Game\AppData\Local\VirtualStore
2019-03-19 21:42 - 2009-07-13 23:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-03-19 21:41 - 2017-11-07 19:37 - 000000000 ____D C:\Users\Salta Game\AppData\Local\Help
2019-03-19 21:13 - 2019-02-22 19:18 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\Hard Disk Sentinel
2019-03-19 20:44 - 2019-02-12 18:36 - 000000000 ____D C:\Users\Salta Game\AppData\LocalLow\VisualOn
2019-03-19 20:44 - 2018-11-28 18:36 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\dvdcss
2019-03-19 20:39 - 2019-01-24 21:16 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\uTorrent
2019-03-19 20:39 - 2018-06-15 20:30 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\VSO
2019-03-19 20:39 - 2018-02-08 18:43 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\TeamViewer
2019-03-19 20:39 - 2018-01-27 19:09 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\Psiphon3
2019-03-19 20:39 - 2017-11-07 19:15 - 000000000 ____D C:\Users\Salta Game\AppData\Roaming\MPC-HC
2019-03-19 20:37 - 2018-06-15 20:30 - 000000000 ____D C:\Users\Salta Game\Documents\PcSetup
2019-03-19 20:37 - 2018-06-15 20:30 - 000000000 ____D C:\Users\Salta Game\Documents\ConvertXToDVD
2019-03-19 20:37 - 2018-06-15 20:29 - 000000000 ____D C:\Users\Salta Game\Downloads\7.0.0.59-PVP
2019-03-19 20:36 - 2018-08-13 11:41 - 000000000 ____D C:\Users\Salta Game\Downloads\Microsoft Toolkit 2.6.4
2019-03-19 20:36 - 2018-04-17 17:55 - 000000000 ____D C:\Users\Salta Game\Downloads\God Of Pes 2014 - PS2
2019-03-19 20:36 - 2018-04-07 21:11 - 000000000 ____D C:\Users\Salta Game\Downloads\Double Dragon Collections v2.0 By MaMeDiMiTriS
2019-03-19 20:36 - 2018-04-07 20:11 - 000000000 ____D C:\Users\Salta Game\Downloads\Snow Bros Collections v2.0 By MaMeDiMiTriS
2019-03-19 20:36 - 2018-04-07 19:36 - 000000000 ____D C:\Users\Salta Game\Downloads\Ghost'n Goblins Collections v2.0 By MaMeDiMiTriS
2019-03-19 20:36 - 2018-02-08 19:36 - 000000000 ____D C:\Users\Salta Game\Downloads\AdjProg_L380_win7 y8.1
2019-03-19 20:36 - 2018-02-08 19:26 - 000000000 ____D C:\Users\Salta Game\Downloads\LATINOAMERICA RESET-20180208T221747Z-001
2019-03-19 20:36 - 2017-12-30 11:29 - 000000000 ____D C:\Users\Salta Game\Downloads\9.7.0.3476-PVP
2019-03-19 20:29 - 2018-10-19 20:40 - 000000000 ____D C:\dentis
2019-03-19 20:26 - 2018-11-06 20:28 - 000000000 ____D C:\DB Super
2019-03-19 20:26 - 2017-11-07 20:26 - 000000000 ____D C:\CopiaSeguridad
2019-03-19 20:23 - 2018-12-22 20:06 - 000000282 __RSH C:\ProgramData\ntuser.pol
2019-03-19 20:23 - 2009-07-13 23:37 - 000000000 ____D C:\Program Files\Windows NT
2019-03-14 18:35 - 2011-04-11 22:30 - 000747336 _____ C:\Windows\system32\perfh00A.dat
2019-03-14 18:35 - 2011-04-11 22:30 - 000158772 _____ C:\Windows\system32\perfc00A.dat
2019-03-14 18:35 - 2010-11-20 18:01 - 001676734 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-14 18:28 - 2009-07-14 01:33 - 000418056 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-14 18:27 - 2018-02-14 19:22 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-03-14 18:27 - 2018-02-14 19:22 - 000000000 ____D C:\Windows\system32\appraiser
2019-03-14 18:27 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\Dism
2019-03-07 18:30 - 2017-12-23 19:31 - 000000000 ____D C:\Users\UpdatusUser
2019-03-01 19:00 - 2017-12-24 10:28 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-23 20:20 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2019-03-19 20:23 - 2019-03-19 20:38 - 000001216 _____ () C:\Users\Salta Game\AppData\Roaming\7XKP6JE267Y.txt.gif
2018-06-15 20:30 - 2019-03-19 20:38 - 000088560 _____ () C:\Users\Salta Game\AppData\Roaming\inst.exe.gif
2018-06-15 20:30 - 2019-03-19 20:39 - 000008832 _____ () C:\Users\Salta Game\AppData\Roaming\pcouffin.cat.gif
2018-06-15 20:30 - 2019-03-19 20:39 - 000002096 _____ () C:\Users\Salta Game\AppData\Roaming\pcouffin.inf.gif
2018-06-15 20:30 - 2019-03-19 20:39 - 000001008 _____ () C:\Users\Salta Game\AppData\Roaming\pcouffin.log.gif
2018-06-15 20:30 - 2019-03-19 20:39 - 000048304 _____ () C:\Users\Salta Game\AppData\Roaming\pcouffin.sys.gif
2019-03-19 20:38 - 2019-03-19 20:38 - 000001648 _____ () C:\Users\Salta Game\AppData\Roaming\Restore-My-Files.txt
2019-03-19 20:24 - 2019-03-19 20:44 - 007897520 _____ () C:\Users\Salta Game\AppData\Local\agent.dat.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 000279453 _____ () C:\Users\Salta Game\AppData\Local\Betatom.bin.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 000071840 _____ () C:\Users\Salta Game\AppData\Local\Config.xml.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 001896327 _____ () C:\Users\Salta Game\AppData\Local\Dongtax.bin.gif
2019-03-19 20:23 - 2019-03-19 20:44 - 000017024 _____ () C:\Users\Salta Game\AppData\Local\InstallationConfiguration.xml.gif
2019-03-19 20:23 - 2019-03-19 20:44 - 000141744 _____ () C:\Users\Salta Game\AppData\Local\installer.dat.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 000019376 _____ () C:\Users\Salta Game\AppData\Local\Main.dat.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 000006512 _____ () C:\Users\Salta Game\AppData\Local\md.xml.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 000127408 _____ () C:\Users\Salta Game\AppData\Local\noah.dat.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 001633200 _____ () C:\Users\Salta Game\AppData\Local\Rehold.exe.gif
2019-03-19 20:24 - 2019-03-19 20:44 - 002037360 _____ () C:\Users\Salta Game\AppData\Local\Rehold.tst.gif
2019-03-19 20:44 - 2019-03-19 20:44 - 000001648 _____ () C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt
2019-03-19 20:23 - 2019-03-19 20:44 - 000723888 _____ () C:\Users\Salta Game\AppData\Local\sha.db.gif
2019-03-19 20:25 - 2019-03-19 20:44 - 000032982 _____ () C:\Users\Salta Game\AppData\Local\uninstall_temp.ico.gif

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-14 20:40

==================== End of FRST.txt ============================

Reporte Audition.

Addition.txt (25,4 KB)

Reporte ComboFix.

ComboFix.txt (16,9 KB)

Saludos.

Hola @Martin_Luna

El equipo esta en red? Deberías notificar al personal de Sistemas, ya que el problema podría replicarse por toda la red.

Y ser ellos quien te resuelvan el problema, ya que no damos soporte a empresas.

De todas maneras falta el reporte que vi que ejecutaste Combofix y ademas el Adittion.

Salu2

Hola @Martin_Luna

Alli vi los dos reportes.

Una consulta te suena este archivo?

Salu2

Si ese archivo esta en el escritorio. No es una empresa, es un pequeño local que tengo y no esta en red es la única pc.

Hola:

Perfecto.

Pero lo reconoces, es tuyo o te apareció allí?

Si no lo reconoces, pegalo en tu próxima respuesta mientras analizo los reportes.

Salu2

Hola. te adjunto el archivo. Restore-My-Files.txt (1,6 KB)

Saludos.

Hola @Martin_Luna:

Pues tus archivos fueron encriptados por un Rasomware

Sube la nota de rescate (el archivo Restore-My-Files.txt) y uno de tus archivos encriptados al siguiente enlace:

ID Ransomware.

Te dará un resultado, nos pegas el enlace en tu próxima respuesta, allí podremos saber si existe a la fecha algún desencriptador que pueda salvar tus archivos.

Nos comentas.

Salu2

1 me gusta

Hola @SanMar

Ahora revise un poco mas y ese archivo Restore-My-Files.txt esta en casi todas las carpetas del pc. este es el link del resultado.

ID Ransomware

Saludos

Hola @Martin_Luna

GlobeImposter 2.0 ese el nombre de tu Ransomware, y lamentablemente como has leído no hay desencriptador aún.

La recomendación:

… hacer una copia de seguridad de sus archivos cifrados, con la esperanza de una solución a futuro.

En breve te doy los pasos para terminar de desinfectar el equipo que aun quedan algunas cosas.

Salu2

Muchas gracias @SanMar , espero los siguientes pasos. Saludos

Hola @Martin_Luna

De mas esta decirte que toda esta infección es causada por la gran cantidad de software pirata que usan en ese ordenador. Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1404873637-3125058992-18802451-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [beliehdniadoecbonbhlcgbdldccfigp] - hxxps://clients2.google.com/service/update2/crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S1 MpKsld8c8093b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7E8DA2F-F263-4332-81A8-9B56B2511FD6}\MpKsld8c8093b.sys [X]
S1 YjBiZDU1NjNiYTg4; \??\C:\Windows\system32\drivers\YjBiZDU1NjNiYTg4 [X]
S3 catchme; \??\C:\Users\SALTAG~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Downloads\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Documents\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\ProgramData\Restore-My-Files.txt
2019-03-19 20:44 - 2019-03-19 20:44 - 000001648 _____ C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt
2019-03-19 20:27 - 2019-03-19 20:27 - 000001648 _____ C:\Users\Salta Game\Downloads\Restore-My-Files.txt
2019-03-19 20:22 - 2019-03-19 21:40 - 000000000 ____D C:\Users\Salta Game\AppData\Local\Mail.Ru
2019-03-19 20:22 - 2019-03-19 20:22 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-03-19 20:38 - 2019-03-19 20:38 - 000001648 _____ () C:\Users\Salta Game\AppData\Roaming\Restore-My-Files.txt
2019-03-19 20:44 - 2019-03-19 20:44 - 000001648 _____ () C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {0FEF8AC5-67C8-4594-AFDC-A549B830E9A9} - System32\Tasks\{0AC6A361-F1A9-4CA1-810B-3B7F16E8778E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Salta Game\Downloads\ghosts-n-goblins-0-4-en (1).exe" -d "C:\Users\Salta Game\Downloads"
Task: {67E79771-8935-411D-A762-4DC8964D3D8E} - System32\Tasks\{C897FB8E-B695-4F0F-B089-29CF623ACA9E} => C:\Windows\system32\pcalua.exe -a C:\Users\SALTAG~1\AppData\Local\Temp\jre-8u191-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {EDA914E1-DBBA-4B0A-A00C-D0117FEA2707} - System32\Tasks\KMS_VL_ALL => C:\Users\Salta [Argument = Game\AppData\Local\Temp\WinActiveData\KMS_VL_ALL.cmd -renewalonly] <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6040198]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Hola @SanMar.

Este es el reporte de Fixlog.

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by Salta Game (25-03-2019 22:10:02) Run:1
Running from C:\Users\Salta Game\Desktop
Loaded Profiles: Salta Game (Available Profiles: Salta Game & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************

Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1404873637-3125058992-18802451-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [beliehdniadoecbonbhlcgbdldccfigp] - hxxps://clients2.google.com/service/update2/crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S1 MpKsld8c8093b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7E8DA2F-F263-4332-81A8-9B56B2511FD6}\MpKsld8c8093b.sys [X]
S1 YjBiZDU1NjNiYTg4; \??\C:\Windows\system32\drivers\YjBiZDU1NjNiYTg4 [X]
S3 catchme; \??\C:\Users\SALTAG~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Downloads\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\Users\Public\Documents\Restore-My-Files.txt
2019-03-19 21:42 - 2019-03-19 21:42 - 000001648 _____ C:\ProgramData\Restore-My-Files.txt
2019-03-19 20:44 - 2019-03-19 20:44 - 000001648 _____ C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt
2019-03-19 20:27 - 2019-03-19 20:27 - 000001648 _____ C:\Users\Salta Game\Downloads\Restore-My-Files.txt
2019-03-19 20:22 - 2019-03-19 21:40 - 000000000 ____D C:\Users\Salta Game\AppData\Local\Mail.Ru
2019-03-19 20:22 - 2019-03-19 20:22 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-03-19 20:38 - 2019-03-19 20:38 - 000001648 _____ () C:\Users\Salta Game\AppData\Roaming\Restore-My-Files.txt
2019-03-19 20:44 - 2019-03-19 20:44 - 000001648 _____ () C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {0FEF8AC5-67C8-4594-AFDC-A549B830E9A9} - System32\Tasks\{0AC6A361-F1A9-4CA1-810B-3B7F16E8778E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Salta Game\Downloads\ghosts-n-goblins-0-4-en (1).exe" -d "C:\Users\Salta Game\Downloads"
Task: {67E79771-8935-411D-A762-4DC8964D3D8E} - System32\Tasks\{C897FB8E-B695-4F0F-B089-29CF623ACA9E} => C:\Windows\system32\pcalua.exe -a C:\Users\SALTAG~1\AppData\Local\Temp\jre-8u191-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {EDA914E1-DBBA-4B0A-A00C-D0117FEA2707} - System32\Tasks\KMS_VL_ALL => C:\Users\Salta [Argument = Game\AppData\Local\Temp\WinActiveData\KMS_VL_ALL.cmd -renewalonly] <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6040198]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully.
HKU\S-1-5-21-1404873637-3125058992-18802451-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\bdlhpbalhdjobabgbacbgclpjjelainj => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\beliehdniadoecbonbhlcgbdldccfigp => removed successfully.
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully.
AppMgmt => service removed successfully.
HKLM\System\CurrentControlSet\Services\MpKsld8c8093b => removed successfully.
MpKsld8c8093b => service removed successfully.
HKLM\System\CurrentControlSet\Services\YjBiZDU1NjNiYTg4 => removed successfully.
YjBiZDU1NjNiYTg4 => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => removed successfully.
catchme => service removed successfully.
C:\Users\Public\Restore-My-Files.txt => moved successfully
C:\Users\Public\Downloads\Restore-My-Files.txt => moved successfully
C:\Users\Public\Documents\Restore-My-Files.txt => moved successfully
C:\ProgramData\Restore-My-Files.txt => moved successfully
C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt => moved successfully
C:\Users\Salta Game\Downloads\Restore-My-Files.txt => moved successfully
C:\Users\Salta Game\AppData\Local\Mail.Ru => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
C:\Users\Salta Game\AppData\Roaming\Restore-My-Files.txt => moved successfully
"C:\Users\Salta Game\AppData\Local\Restore-My-Files.txt" => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FEF8AC5-67C8-4594-AFDC-A549B830E9A9}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FEF8AC5-67C8-4594-AFDC-A549B830E9A9}" => removed successfully.
C:\Windows\System32\Tasks\{0AC6A361-F1A9-4CA1-810B-3B7F16E8778E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0AC6A361-F1A9-4CA1-810B-3B7F16E8778E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67E79771-8935-411D-A762-4DC8964D3D8E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E79771-8935-411D-A762-4DC8964D3D8E}" => removed successfully.
C:\Windows\System32\Tasks\{C897FB8E-B695-4F0F-B089-29CF623ACA9E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C897FB8E-B695-4F0F-B089-29CF623ACA9E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDA914E1-DBBA-4B0A-A00C-D0117FEA2707}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA914E1-DBBA-4B0A-A00C-D0117FEA2707}" => removed successfully.
C:\Windows\System32\Tasks\KMS_VL_ALL => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS_VL_ALL" => removed successfully.
C:\Windows\system32\config\systemprofile => ":.repos" ADS removed successfully.

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::98cf:34a6:5794:598f%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.100.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::1%11
                                       192.168.100.1

Adaptador de t£nel isatap.{E17B98A7-9C73-416B-9F44-42B978D8618F}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1404873637-3125058992-18802451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5697603 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4671224 B
Edge => 0 B
Chrome => 271045957 B
Firefox => 37417638 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
LocalService => 0 B
NetworkService => 5818 B
Salta Game => 429087 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 312.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:11:09 ====

Saludos.

Hola @Martin_Luna:

Por el momento guarda el archivo Restore-My-Files.txt (en rar o zip) que tienes en el escritorio, los demás los he eliminado con el script.

Si tus archivos encriptados eran importantes, puedes guardarlos en una unidad externa por si a futuro sale algún desencriptador.

Por el resto comenta como sientes actualmente el equipo.

Salu2.

1 me gusta

Hola @SanMar

Muchas gracias por tu ayuda, el equipo esta funcionando bien, estaré pendiente si sale algún desencriptador porque hay unos archivos que necesito recuperar.

Saludos.

Hola @Martin_Luna

1.- Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

2.- En cuanto a la infección damos el Tema como Solucionado, tu equipo ya esta limpio.

En cuanto a tus archivos por el momento nada podemos hacer solo esperar que oportunamente se consiga un desencriptador.

Salu2.

2 me gusta