Win32/CoinMiner.DQ


#1

hola, el ESET internet security me saca Win32/CoinMiner.DQ y no puede desinfectarlo ni borrarlo.he pasado el malwarebytes y el hitmanpro pero nada , me sigue apareciendo. ¿Qué puedo hacer? muchas gracias


#2

Hola winken

Pon los reportes de los programas que has utilizado.

Un saludo


#3

gracias Daniela por responder.no se como van las etiquetas te podría mandar una foto del móvil del eset pero tampoco se como subirla.gracias


#4

Hola

Sobre las debes escribir antes del reporte [code] y al terminar el reporte escribe [ /code] sin espacios.

No pongas los reportes que tengas, vamos a realizar de nuevo algunos pasos.

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo


#5

hola, no tenia el portapapeles activado, pero me salio negativo con el

malwarebytes anti-malware,# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-22.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-23-2018
# Duration: 00:08:01
# OS:       Windows 10 Home
# Cleaned:  88
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Pokki
Deleted       C:\Users\Public\Pokki
Deleted       C:\Users\Manuel\AppData\Local\Pokki
Deleted       C:\Users\NeroMediaHomeUser.4.Manolo\AppData\Local\Pokki
Deleted       C:\Users\UpdatusUser\AppData\Local\Pokki
Deleted       C:\ProgramData\308BC600
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼä¯ÀÀ
Deleted       C:\Users\Manuel\AppData\Local\SweetLabs App Platform
Deleted       C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted       C:\_acestream_cache_
Deleted       C:\Users\Manuel\AppData\LocalLow\.acestream
Deleted       C:\Users\Manuel\AppData\Roaming\.acestream
Deleted       C:\Users\Manuel\AppData\Roaming\acestream
Deleted       C:\Users\Manuel\AppData\Roaming\Search Protection

***** [ Files ] *****

Deleted       C:\Users\Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Deleted       C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Deleted       C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
Deleted       C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
Deleted       C:\Users\NeroMediaHomeUser.4.Manolo\Favorites\Booking.com.url
Deleted       C:\Users\UpdatusUser\Favorites\Booking.com.url
Deleted       C:\END
Deleted       C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
Deleted       C:\Windows\System32\Tasks_Migrated\SweetLabs App Platform
Deleted       C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted       HKU\S-1-5-21-137577715-180173904-379872953-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Deleted       HKU\S-1-5-21-137577715-180173904-379872953-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Deleted       HKU\S-1-5-21-137577715-180173904-379872953-1006\Software\Pokki
Deleted       HKU\S-1-5-21-137577715-180173904-379872953-1001\Software\Pokki
Deleted       HKCU\Software\SweetLabs App Platform
Deleted       HKCU\Software\Classes\lnkfile\shell\pokki
Deleted       HKCU\Software\Classes\Drive\shell\pokki
Deleted       HKCU\Software\Classes\Directory\shell\pokki
Deleted       HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted       HKCU\Software\Classes\pokki
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_6dd6415c7ca59a3afaff86950eac7bceb240f3f1
Deleted       HKCU\Software\Classes\acestream
Deleted       HKCU\Software\RegisteredApplications|AceStream
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Gameo
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Selection Tools
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|lsas
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Bubble Dock
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Search Protection
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|MTView
Deleted       HKU\S-1-5-21-137577715-180173904-379872953-1006\Software\STA
Deleted       HKCU\Software\STA
Deleted       HKU\S-1-5-21-137577715-180173904-379872953-1001\Software\STA
Deleted       HKCU\Software\Microsoft\Tinstalls
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-137577715-180173904-379872953-1002\Software\AceStream
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted       HKCU\Software\AceStream
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted       HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted       HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted       HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted       HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted       HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8BB598AD-6B6A-4733-A776-861E756B4877}C:\users\manuel\appdata\roaming\acestream\engine\ace_engine.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F984E6AD-96D7-49DE-8B41-DFE2CE040F37}C:\users\manuel\appdata\roaming\acestream\engine\ace_engine.exe
Deleted       HKCU\Software\Classes\.acestream
Deleted       HKCU\Software\Classes\.tslive
Deleted       HKCU\Software\Classes\.acemedia
Deleted       HKCU\Software\Classes\.acelive
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C703803F-717B-444C-AD76-E4C707283A79} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Deleted       HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Deleted       HKCU\Software\Vittalia
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-137577715-180173904-379872953-1002\Software\Wooden Seal

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [10280 octets] - [23/10/2018 03:11:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-22.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-23-2018
# Duration: 00:00:19
# OS:       Windows 10 Home
# Scanned:  31969
# Detected: 88


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.pokki                    C:\ProgramData\Pokki
Adware.pokki                    C:\Users\Public\Pokki
Adware.pokki                    C:\Users\Manuel\AppData\Local\Pokki
Adware.pokki                    C:\Users\NeroMediaHomeUser.4.Manolo\AppData\Local\Pokki
Adware.pokki                    C:\Users\UpdatusUser\AppData\Local\Pokki
PUP.Adware.Heuristic            C:\ProgramData\308BC600
PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼä¯ÀÀ
PUP.Optional.Legacy             C:\Users\Manuel\AppData\Local\SweetLabs App Platform
PUP.Optional.Legacy             C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
PUP.Optional.Legacy             C:\_acestream_cache_
PUP.Optional.Legacy             C:\Users\Manuel\AppData\LocalLow\.acestream
PUP.Optional.Legacy             C:\Users\Manuel\AppData\Roaming\.acestream
PUP.Optional.Legacy             C:\Users\Manuel\AppData\Roaming\acestream
PUP.Optional.SearchProtect      C:\Users\Manuel\AppData\Roaming\Search Protection

***** [ Files ] *****

Adware.pokki                    C:\Users\Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Adware.pokki                    C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
PUP.Optional.Booking            C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Users\NeroMediaHomeUser.4.Manolo\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Users\UpdatusUser\Favorites\Booking.com.url
PUP.Optional.Legacy             C:\END
PUP.Optional.Legacy             C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
PUP.Optional.Legacy             C:\Windows\System32\Tasks_Migrated\SweetLabs App Platform
PUP.Optional.PCAppStore         C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki                    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Adware.pokki                    HKU\S-1-5-21-137577715-180173904-379872953-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Adware.pokki                    HKU\S-1-5-21-137577715-180173904-379872953-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Adware.pokki                    HKU\S-1-5-21-137577715-180173904-379872953-1006\Software\Pokki
Adware.pokki                    HKU\S-1-5-21-137577715-180173904-379872953-1001\Software\Pokki
Adware.pokki                    HKCU\Software\SweetLabs App Platform
Adware.pokki                    HKCU\Software\Classes\lnkfile\shell\pokki
Adware.pokki                    HKCU\Software\Classes\Drive\shell\pokki
Adware.pokki                    HKCU\Software\Classes\Directory\shell\pokki
Adware.pokki                    HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Adware.pokki                    HKCU\Software\Classes\pokki
PUP.Adware.Heuristic            HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_6dd6415c7ca59a3afaff86950eac7bceb240f3f1
PUP.Optional.ASMagicPlayer      HKCU\Software\Classes\acestream
PUP.Optional.AceStream          HKCU\Software\RegisteredApplications|AceStream
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Gameo
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Selection Tools
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|lsas
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Bubble Dock
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Search Protection
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|MTView
PUP.Optional.Legacy             HKU\S-1-5-21-137577715-180173904-379872953-1006\Software\STA
PUP.Optional.Legacy             HKCU\Software\STA
PUP.Optional.Legacy             HKU\S-1-5-21-137577715-180173904-379872953-1001\Software\STA
PUP.Optional.Legacy             HKCU\Software\Microsoft\Tinstalls
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-137577715-180173904-379872953-1002\Software\AceStream
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy             HKCU\Software\AceStream
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy             HKCU\Software\Classes\DVD\shell\PlayWithACEStream
PUP.Optional.Legacy             HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
PUP.Optional.Legacy             HKCU\SOFTWARE\Classes\Applications\ace_player.exe
PUP.Optional.Legacy             HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy             HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
PUP.Optional.Legacy             HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy             HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8BB598AD-6B6A-4733-A776-861E756B4877}C:\users\manuel\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F984E6AD-96D7-49DE-8B41-DFE2CE040F37}C:\users\manuel\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy             HKCU\Software\Classes\.acestream
PUP.Optional.Legacy             HKCU\Software\Classes\.tslive
PUP.Optional.Legacy             HKCU\Software\Classes\.acemedia
PUP.Optional.Legacy             HKCU\Software\Classes\.acelive
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C703803F-717B-444C-AD76-E4C707283A79} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Vittalia           HKCU\Software\Vittalia
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.Yontoo             HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-137577715-180173904-379872953-1002\Software\Wooden Seal

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

#6

espero que sea asi, la verdad es que no me entero mucho de informática.gracias


#7

Hola

Lo estás haciendo muy bien :+1:

Los reportes aunque salgan limpios hay que ponerlos, pero pero en lugar de este último, pon el reporte de Malwarebytes anterior, paea ver que detectó.

No olvides comentar cómo sigue el problema.

Un saludo


#8
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 23/10/18
Hora del análisis: 11:28
Archivo de registro: 71052608-d6ae-11e8-895e-f8a963e30114.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7483
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 17763.55)
CPU: x64
Sistema de archivos: NTFS
Usuario: Manolo\Manuel

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 374785
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 min, 28 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

[CODE] Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

solo me lo detecta el eset ,y no siempre al encender el ordenador. gracias


#9

Hola

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


#10

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Manuel (23-10-2018 23:53:18)
Running from C:\Users\Manuel\Desktop
Windows 10 Home Version 1809 17763.55 (X64) (2018-10-03 05:14:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-137577715-180173904-379872953-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-137577715-180173904-379872953-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-137577715-180173904-379872953-1004 - Limited - Enabled)
Invitado (S-1-5-21-137577715-180173904-379872953-501 - Limited - Disabled)
Manuel (S-1-5-21-137577715-180173904-379872953-1002 - Administrator - Enabled) => C:\Users\Manuel
NeroMediaHomeUser.4 (S-1-5-21-137577715-180173904-379872953-1006 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4.Manolo
UpdatusUser (S-1-5-21-137577715-180173904-379872953-1001 - Limited - Enabled) => C:\Users\UpdatusUser
WDAGUtilityAccount (S-1-5-21-137577715-180173904-379872953-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Cortafuegos (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-137577715-180173904-379872953-1002\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.06.2000 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Actualización de NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Aloha TriPeaks (HKLM-x32\...\WTA-8cf191b2-a67c-435e-afef-755778855bd4) (Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-fc929f39-f1f8-40b7-a75b-59e9db6a5971) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4314.05 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Farm to Fork Collector's Edition (HKLM-x32\...\WTA-3eb7a672-18b3-4cf4-9220-bbbe2d1b4241) (Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{2DF18CA8-86F2-4F3A-A1BF-A2A7D39B9161}) (Version: 7.0.49.127 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-93f6ec6c-4ab5-4e4a-b9a0-4c465f5afda4) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Match 3 (HKLM-x32\...\WTA-0db80174-f49f-4e0d-b74b-010daab2c125) (Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-afba9316-373f-48e3-9a55-cf9306ef9964) (Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-7629c3e0-81c4-4331-8d48-fea6aa86a243) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-e59a4c10-1ee0-4663-ad29-985ed06aa136) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-137577715-180173904-379872953-1002\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0.3 (x64 es-ES)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
Nero 8.3.2.1 (HKLM-x32\...\Nero8WinuE_is1) (Version: 8.3.2.1 - Bj @ WinuE)
Nero MediaHome 4 Essentials (HKLM-x32\...\{83adc141-2b7a-40c5-bd5d-0b3b8719ee44}) (Version:  - Nero AG)
NVIDIA Controlador de gráficos 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Panel de control de NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-89083f96-439b-40b7-94dd-184399db681d) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-b7be7ebf-5b65-4415-80ff-723610ba3440) (Version: 3.0.2.59 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-137577715-180173904-379872953-1001\...\Pokki) (Version: 0.269.2.471 - Pokki)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-9012a3af-2672-4f16-898d-6eb41a599dc0) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7589 - Realtek Semiconductor Corp.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Taquistoscopio (HKLM-x32\...\Taquistoscopio) (Version:  - )
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-1f9302ba-ad6c-4d95-adb3-3d317c47f6b9) (Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-36680bb4-a1ba-44ae-bc97-e8e69ef6d63f) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.31 - VSO Software)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9590 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wise Auto Shutdown 1.45 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.45 - WiseCleaner.com, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-0513b71e-fc05-4f5d-b314-c3f66985b033) (Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-10-03] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-27] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-10-03] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-10-03] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F5B6E78-0BAF-46E0-8DE9-C85A5139CFFC} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {13062452-0FBE-41CD-8481-2865BCB9DE0C} - no filepath
Task: {17FCF933-8529-4058-BB6B-509049A36932} - \WPD\SqmUpload_S-1-5-21-137577715-180173904-379872953-1002 -> No File <==== ATTENTION
Task: {24A3DA2B-3F76-49A6-B826-36E31288D7B6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2923779E-6EEB-48BE-A74D-8C074541E151} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {304A168F-3267-4FDC-88EF-D6152F249D79} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3A5F24FE-B416-4E19-A745-B80D6F26B68F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3D4C50AB-406E-450A-91E6-0DD763326348} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4621F24C-2B09-4415-A9B5-59E80B23B1ED} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {4D4A4054-F4B3-4175-8F50-0B826A9B5A1A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4E8618C4-D05A-440E-9F7A-E33E1601BE16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {5325899F-A8C3-4180-AA5A-58843157C531} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A6F2DDA-E57B-44D2-A8C6-E28CBF283C18} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {60CAD288-AA22-426C-8120-150CB75D1487} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {6525EE60-1E74-47C5-BC61-9B674F0C063D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {6627911F-D5E1-4F1E-B467-F25CE476FDAB} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {66B76AD0-EC6F-44D4-ADDF-BFD0A0A6D90D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {6DA8605C-1FAA-477D-95CE-FE38794725D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {788E604D-8381-44A6-A016-4019219FC98D} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {79D7172F-234A-4A01-A159-246650599A7D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {7A35A2E3-3CB4-4E28-B98D-832C02003592} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {7C12F48F-9CED-40E6-8F03-3196AE596436} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {80E1D7C8-2CD1-41FC-A361-3B08D5D75BC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93F54B66-423C-4A9A-B228-2631B7C532DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-31] (Google Inc.)
Task: {974E8C02-C71D-48F0-BAEA-576590515E49} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {9E3B4179-774F-4711-BEC3-8D8F9CE79AF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F315B49-091A-4566-A7F6-7F22F0E1204E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {A1795230-E983-46FC-939D-765CDE4E4817} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AA9F1F0F-147D-4013-A93A-B1C5D81C0680} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {AD1691A6-65DA-4485-BD0E-48DAFFE93B0B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {AD4E8AFB-A48C-4E13-BE83-B8D87600CFB4} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {AF73D8F4-AA04-44BB-9303-4C3A8D53106A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BB9D23BE-B167-4EC3-936C-9F9FE04F6DA4} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2017-09-28] ()
Task: {BD21C377-5B30-4E5A-B6F2-37D2086885E5} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
Task: {CF140ADB-193C-4976-A00F-B416D2236E07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-31] (Google Inc.)
Task: {D4ED41F6-94A5-4206-AAF5-7647062C2D74} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {D7418B88-FE0B-4761-ACE1-268FE910E657} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DBB490C1-90AA-47A6-B349-D6EB26BE76F1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
Task: {EBC45BBB-CFE5-4082-8758-AA010F3C6B45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F9C711C6-9FD5-4927-BD80-4C32F4154E68} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2015-07-07 11:44 - 2015-07-07 11:44 - 000088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2016-04-26 14:30 - 2016-04-26 14:30 - 000367824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2018-10-18 03:52 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-18 03:52 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-07-25 22:23 - 2012-04-24 11:43 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-09-25 04:52 - 2016-12-29 14:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2015-09-30 21:39 - 2015-09-30 21:39 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-09-15 08:28 - 2018-09-15 08:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-08-15 13:39 - 2013-12-10 00:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-22 16:14 - 2017-09-22 16:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 16:16 - 2017-09-22 16:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-10-03 05:54 - 2018-10-03 05:54 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 13:35 - 2017-09-26 13:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 13:34 - 2017-09-26 13:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

#11

no me deja mandar la segunda parte , me dice que los usuarios nuevos solo pueden mandar 2 post


#12

Hola

Pon las etiquetas “code” en líneas diferentes que el texto, ejemplo:

[code]

texto

[ /code]

o adjunta el archivo en el tema

Un saludo


#13

Addition.txt (42,7 KB)


#14

FRST.txt (58,1 KB)


#15

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-137577715-180173904-379872953-1002\...\Run: [308bc600] => C:\ProgramData\308bc600\308bc600.exe [0 ] (AutoIt Team)
HKU\S-1-5-21-137577715-180173904-379872953-1002\...\Run: [308bc6002] => C:\ProgramData\WfTbDw\308bc600.exe [937776 2018-10-23] (AutoIt Team)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b308bc6004a0193d79dd2eb422d9c028.lnk [2018-10-23]
ShortcutTarget: b308bc6004a0193d79dd2eb422d9c028.lnk -> C:\MANOLO\dqnxikrkcv.exe (AutoIt Team)
SearchScopes: HKLM -> DefaultScope {F27B97C1-B509-4401-9947-538D77DA4608} URL = 
SearchScopes: HKLM -> {F27B97C1-B509-4401-9947-538D77DA4608} URL = 
SearchScopes: HKU\S-1-5-21-137577715-180173904-379872953-1002 -> {23B30821-B369-4D47-B193-3D2CF8CE76D9} URL = 
SearchScopes: HKU\S-1-5-21-137577715-180173904-379872953-1002 -> {F27B97C1-B509-4401-9947-538D77DA4608} URL = 
FF HKU\S-1-5-21-137577715-180173904-379872953-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\Manuel\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-137577715-180173904-379872953-1002: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\Manuel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Ace Script) - C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-18]
CHR HKU\S-1-5-21-137577715-180173904-379872953-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-137577715-180173904-379872953-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
2018-10-08 08:05 - 2018-10-23 23:48 - 000000000 ____D C:\Users\Manuel\AppData\Roaming\3fea81258d2844d38df6f3ab2c969fd8
2018-10-03 06:13 - 2018-10-03 06:13 - 000002634 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2018-10-23 23:35 - 2017-09-25 04:51 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {13062452-0FBE-41CD-8481-2865BCB9DE0C} - no filepath
Task: {17FCF933-8529-4058-BB6B-509049A36932} - \WPD\SqmUpload_S-1-5-21-137577715-180173904-379872953-1002 -> No File <==== ATTENTION
Task: {24A3DA2B-3F76-49A6-B826-36E31288D7B6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {304A168F-3267-4FDC-88EF-D6152F249D79} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3A5F24FE-B416-4E19-A745-B80D6F26B68F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3D4C50AB-406E-450A-91E6-0DD763326348} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4D4A4054-F4B3-4175-8F50-0B826A9B5A1A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5325899F-A8C3-4180-AA5A-58843157C531} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6DA8605C-1FAA-477D-95CE-FE38794725D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {80E1D7C8-2CD1-41FC-A361-3B08D5D75BC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9E3B4179-774F-4711-BEC3-8D8F9CE79AF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A1795230-E983-46FC-939D-765CDE4E4817} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AF73D8F4-AA04-44BB-9303-4C3A8D53106A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7418B88-FE0B-4761-ACE1-268FE910E657} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EBC45BBB-CFE5-4082-8758-AA010F3C6B45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F9C711C6-9FD5-4927-BD80-4C32F4154E68} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo


#16
<a class="attachment" href="/uploads/default/original/2X/2/299bbd892814f4465f58f2747c15bf2cb2d9ee52.txt">Fixlog.txt</a> (21,6 KB)

#17

muchísimas gracias por la ayuda. cuando encendí el ordenador no me salto en ESET,despues de pasar esta ultima herramienta tampoco.mañana .lo volveré a encender mañana y veremos


#18

Hola

Sube de nuevo el archivo adjunto, no puedo descargar el reporte del Fixlist.

De acuerdo, pruébalo y nos comentas si ya no vuelve a aparecer.

Un saludo


#19

Fixlog.txt (21,6 KB)


#20

Hola

Has probado el funcionamiento? Ha vuelto a detectarlo Eset?

Un saludo