Windefender CMD

selohu · 22 Noviembre, 2018 18:03

Hola, me gustaría saber que comando si hay, tengo que poner para ver por donde va la exploración desde CMD. Sólo veo Scan Starting . También como se que es lo que analiza con mpcmdrun -scan -scantype 3 -File en local ej el disco duro o el escritorio.

Cual es más completoen Gráfico o en CMD?.

Resulta que escaneo un equipo y me detecta opencady como pup, y si lo miro desde el equipo no lo ve. Ni malwarebytes ni adwarecleaner ni ninguno. Y no se si puede tener algo más, por que le va muy lento. Por eso lo miro en local para mirarlo desde otro equipo. Le funciona extremadamente lento.

Gracias

Leosolari · 22 Noviembre, 2018 18:15

Hola

No se entiende cual es Tu consulta. Windefender se ejecuta como cualquier otro programa.

Opencandy es un adware

Esa parte no se entiende …

selohu · 22 Noviembre, 2018 18:28

He utilizado Windefender desde mi equipo analizando desde red local a otro equipo.pensaba que si se entendería. Si lo hago desde el equipo suyo no lo huele, además está muy tocado en cuanto a velocidad, se retiene mucho en todo. Tardaría horas en escanear algo que no tardaría tanto en otros momentos. Por eso he decidido hacerlo desde mi equipo analizar por red local al otro equipo.

Añadiendo que me gustaría saber más sobre Windefender desde CMD el cual no sabía que se podía utilizar hasta ahora que me he dado cuenta. Lo que querría saber es que tendría que poner como comando para poder ver el desenlace del análisis, como cualquier antivirus donde ves hasta el porcentaje de lo que le queda y ves por donde se encuentra el escaneo.

Lo de Open candi es por que desde el equipo desde se supone que estaría la infección adware, resulta que desde ese equipo si lo analizo con Microsoftt Esencial o Windefender en win 7, pues no lo detecta. pero desde mi win10 analizando desde el antivirus gráfico si lo detecta. Lo que desde cmd no lo se por que lo estoy terminando de ver con el gráfico (Windefender W10) y como tarda demasiado no me ha dado tiempo.

Si de hecho tarda con uno que indica por donde va y lo que le queda, si lo miro desde cmd nunca sabré cuándo termina hasta que pare.

Leosolari · 22 Noviembre, 2018 18:35

Hola

Para limpiar un equipo, lo ideal es ejecutar las herramientas desde el mismo. La limpieza externa se hace en casos de ultima, donde el equipo infectado no es capaz de ejecutar acciones por si mismo.

Windefender no es la herramienta ideal para atacar el adware Opencandy.

Comandos CMD para Windefender:

pero insisto, lo ideal sería trabajar con la maquina infectada. Si queres, con un par de analisis, podemos ver de que se trata el o los problemas que tiene.

Saludos

selohu · 22 Noviembre, 2018 18:38

voy a terminar el análisis y comento. Aunque lo he probado con varias formas desde ese equipo y no detectó nada. incluso con rescue arrancando desde usb.

Leosolari · 22 Noviembre, 2018 18:54

No es esa la forma de atacar a Opencandy …

selohu · 28 Noviembre, 2018 15:23

Hola, hice lo que te comenté pero nada, tambien lo probé con Spybot search y tampoco.

Envío un Farbar a ver si se ve algo

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.11.2018
Ran by Bin (administrator) on BIN-PC (28-11-2018 15:53:35)
Running from C:\Users\Bin\Desktop
Loaded Profiles: Bin (Available Profiles: Bin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Spotify Ltd) C:\Users\Bin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219888 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE                                                                                                                                                                                             (the data entry has 65 more characters).
HKLM\...\Run: [CTHelper] => CTHELPER.EXE                                                                                                                                                                                             (the data entry has 65 more characters).
HKLM\...\Run: [Argente Utilities] => C:\Program Files\Argente Utilities\ArgenteU.exe [2939904 2016-03-13] (Raúl Argente)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Run: [Google Update] => C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Run: [Spotify Web Helper] => C:\Users\Bin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-12-02] (Spotify Ltd)
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3369152 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1                                                                                                                                                              (the data entry has 65 more characters).
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
IFEO\argenteu.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\dtagent.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\dw20.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\lws.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\proflwiz.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Startup: C:\Users\Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{B68B3F72-AB28-4490-A63C-D084A7BC1AB7}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000 -> {E546B0FA-5D0B-4C3B-B1CB-5FF89431ABC8} URL = hxxps://es.search.yahoo.com/search?p={searchTerms}&intl=es&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-13] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-01] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-13] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-01] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-13] [Legacy] [not signed]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-13] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-03-13] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-03-13] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-2678508603-1682302942-1723537522-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Bin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2678508603-1682302942-1723537522-1000: @talk.google.com/O1DPlugin -> C:\Users\Bin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2678508603-1682302942-1723537522-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2678508603-1682302942-1723537522-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.es/
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default [2018-11-28]
CHR Extension: (Adblock Plus) - C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-17]
CHR Extension: (Protección de Internet 360) - C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2018-10-01]
CHR Extension: (AVG SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-11-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Descarga de música de Spotify) - C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefdcdmhklplgdmendjfnjeiijgcmabi [2018-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\Bin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR HKLM\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\avgSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\avgMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\avgSnx <==== ATTENTION (Rootkit!)

R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189832 2018-06-14] (AVG Technologies CZ, s.r.o.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1125568 2016-04-04] (Disc Soft Ltd)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5229408 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [38752 2018-10-10] (AVG Technologies CZ, s.r.o.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-04-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-04-12] (Disc Soft Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [618880 2006-03-02] (Intel Corporation)
S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2017-11-15] (AVG Netherlands B.V.)
U1 aswbdisk; no ImagePath
U1 avgbdisk; no ImagePath
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 hmpalert; \??\C:\Windows\system32\drivers\hmpalert.sys [X]
S3 hmpnet; \??\C:\Windows\system32\drivers\hmpnet.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Users\Bin\AppData\Local\Temp\tmp648C.tmp [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

selohu · 28 Noviembre, 2018 15:33

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27.11.2018
Ran by Bin (28-11-2018 16:02:52)
Running from C:\Users\Bin\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-10-30 14:04:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2678508603-1682302942-1723537522-500 - Administrator - Disabled)
Bin (S-1-5-21-2678508603-1682302942-1723537522-1000 - Administrator - Enabled) => C:\Users\Bin
HomeGroupUser$ (S-1-5-21-2678508603-1682302942-1723537522-1005 - Limited - Enabled)
Invitado (S-1-5-21-2678508603-1682302942-1723537522-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}) (Version:  - Microsoft) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{23509BF6-74F8-41B1-B6EE-8187D816813D}) (Version: 1.5 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 30.0.0.107 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{6649FF3E-5231-B481-3376-8108FDF1EAD3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32 bits) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Argente Utilities 1.0.7.0 (HKLM\...\Argente Utilities_is1) (Version: 1.0.7.0 - Raúl Argente)
AVG PC TuneUp (HKLM\...\{AE6EF87B-C5FF-4C07-AAB4-D8FA97AD1CAA}) (Version: 16.79.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.79.3.36215 - AVG Technologies)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM\...\{23B86600-BC3B-4D4E-8510-DF2E920C1957}) (Version: 1.13.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Dropbox (HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
FMW 1 (HKLM\...\{C22DCE85-A6B0-4D3D-81AC-460D7726CCA5}) (Version: 1.227.45 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) 537EP V9x DF PCI Modem (HKLM\...\Intel(R) 537EP V9x DF PCI Modem) (Version:  - )
iTunes (HKLM\...\{68A44604-5DBA-4DC1-8B4A-87881671374C}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Mecanografía 10 v2.8a (HKLM\...\Mecanografía 10) (Version: v2.8a - Zikitrake Soft)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110C0A-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
RealDownloader (HKLM\...\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}) (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2678508603-1682302942-1723537522-1000\...\Spotify) (Version: 1.0.68.407.g6864aaaf - Spotify AB)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Bin\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678508603-1682302942-1723537522-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Bin\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\ATI.ACE\Core-Static\atiacmxx.dll [2015-07-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5_S-1-5-21-2678508603-1682302942-1723537522-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Bin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0910D3EB-3071-4C0E-90FB-DC1EFF5E3C62} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0CA28BC8-AB06-4CFE-90AE-4DDBE1E147B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {2DA0A535-EC25-44CD-81A3-3BF0093F1414} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {32BCB117-F87E-4FFE-9FF8-50765779864A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2678508603-1682302942-1723537522-1000Core => C:\Users\Bin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {442C67B0-2937-438A-949F-25030C049D92} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2678508603-1682302942-1723537522-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {50A9F054-7DD5-4F50-BACC-EBE6F9C08159} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2678508603-1682302942-1723537522-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {598BAFA9-AC0D-4A86-989A-B18FC8A18775} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {5B73AA50-751A-4F5E-A973-354CBF83D830} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
Task: {5F862A11-228E-49A8-9FBD-755C0DE5923B} - System32\Tasks\adobe flash player updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {623E5FBD-FFC8-4733-B8DC-945DA1447188} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2678508603-1682302942-1723537522-1000UA => C:\Users\Bin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {7BE877EF-6DE5-4881-AAD7-51C3E0665DC8} - System32\Tasks\SafeZone scheduled Autoupdate 1487004433 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {8C7498E3-C35B-4856-9821-A464FE71A647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {AA840097-57AE-4A3B-9956-0F93634DF29D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2678508603-1682302942-1723537522-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {AF4A07CF-4D84-43B0-BDF5-7F5F16234A5D} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {B4BCCC00-B3E6-465A-8119-13F08A3284B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2678508603-1682302942-1723537522-1000Core => C:\Users\Bin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)
Task: {B593EE40-A8CC-473D-80C8-FC227965F458} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2018-10-06] (Oracle Corporation)
Task: {CBDDA135-DF43-429B-BB94-5C55732B9734} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {D5DEEE2D-E066-4E0D-91A7-CDE855606B4A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2678508603-1682302942-1723537522-1000
Task: {DF9DC670-48DB-4CFF-BE5E-A91CD4938B31} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2678508603-1682302942-1723537522-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)
Task: {EFC16D69-0669-4FED-BF24-0920F3FB6486} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2678508603-1682302942-1723537522-1000UA => C:\Users\Bin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)
Task: {F0F450DB-2A57-4CB9-8B47-402CB3C55F0E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-11-22] (AVG Technologies CZ, s.r.o.)
Task: {F2A6FA44-A3DD-4447-A3D9-75D7B1F86A44} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FECB7087-8F96-45C4-AA0C-B2C0D9E5AAA6} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files\Cybereason\RansomFree\CybereasonRansomFree.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Leosolari · 28 Noviembre, 2018 15:46

Explícame concretamente qué pasa y que queres hacer …

selohu · 28 Noviembre, 2018 15:50

Quería saber por qué va tan sumamente lento este equipo que te comento, no es mio. El mío por ahora funciona perféctamente. Como te comente desde el mio me detectaba opencandy, y sin poder terminar de analizar, cada vez que tengo que para aparece lo mismo, y lo tengo que apagar por que se tira horas … ,pero si lo analizo desde el mismo no detecta nada y se tira la mundial para analizar o hacer algo.

En los recursos del administrador lo veo cuando está haciendo algo como analizar al 100% hasta el kernel que sale en color rojo en la gráfica y se tira muchisimo tiempo, de vez en cuando baja algún pico pero sigue arriba del todo.

Leosolari · 28 Noviembre, 2018 17:51

Hola

Realiza los siguientes pasos, sin cambiar el orden:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descargá a Tu escritorio las siguientes herramientas:

3.- Seguí paso a paso las acciones …

Malwarebytes

Instalalo y actualizalo. Realiza un Análisis Completo. Pulsa en “Eliminar Seleccionados” para enviarlo a la cuarentena. Reinicias el sistema. En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

AdwCleaner

Ejecutalo. (Clic derecho y selecciona Ejecutar como Administrador). Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar. Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas. Guardas el reporte que te aparecerá para copiarlo y pegarlo en tu próxima respuesta. El informe también se puede encontrar en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

Siguiendo Su manual, lo instalas y ejecutas. Cuando termine, eliminas todo lo que encuentre.

CCleaner

Instalalo y ejecutalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

NOTA IMPORTANTE:

En Tu próxima respuesta debes pegar los reportes de Malwarebytes, AdwCleaner y ZHPCleaner.

Envuelve cada uno de los informes con una etiqueta escrita al inicio del informe y otra como este al final del mismo.

Nos comentas como sigue el problema original por el que abriste el tema.

Saludos

selohu · 29 Noviembre, 2018 13:03


Primera Muestra


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 29/11/18
Hora del análisis: 12:14
Archivo de registro: f8c96870-f3c7-11e8-b494-001111319db9.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.8077
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: \

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 222088
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 hr, 42 min, 36 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

selohu · 29 Noviembre, 2018 13:20


Segunda Muestra
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-11-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-29-2018
# Duration: 00:00:32
# OS:       Windows 7 Professional
# Scanned:  32232
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1882 octets] - [18/10/2018 22:00:10]
AdwCleaner[C00].txt - [1918 octets] - [18/10/2018 22:00:27]
AdwCleaner[S01].txt - [1379 octets] - [12/11/2018 14:48:04]
AdwCleaner[S02].txt - [1440 octets] - [13/11/2018 01:01:32]
AdwCleaner[S03].txt - [1501 octets] - [17/11/2018 12:59:57]
AdwCleaner[S04].txt - [1562 octets] - [29/11/2018 14:16:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########

selohu · 29 Noviembre, 2018 13:30


Tercera Muestra y no sale tampoco nada

~ ZHPCleaner v2018.11.24.199 by Nicolas Coolman (2018/11/24)
~ Run by Bin (Administrator)  (29/11/2018 14:29:39)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Bin\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bin\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Archivo hosts (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Google Chrome)
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Internet Explorer)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 0
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h00mn00s
ZHPCleaner-[S]-29112018-14_29_39.txt



CCLeaner Realizado Limpiado y guardado el registro.

Leosolari · 29 Noviembre, 2018 13:45

Hola

Descargá la herramienta Delfix a Tu escritorio.

Ejecutala, Tildá la casilla Remove disinfection tools y presioná Run

Al terminar Se abrirá un reporte llamado DelFix.txt, verifica que se hayan eliminado las herramientas usadas para desinfectar el Pc.

Como veras, NO hay malwares en el PC.

Comentanos como sigue …

selohu · 29 Noviembre, 2018 14:44

Pues seguir sigue igual, a diferecia de la limpieza de Ccleaner y la delfix, pero el equipo en sí igual en principio.

# DelFix v1.013 - Logfile created 29/11/2018 at 14:57:52
# Updated 17/04/2016 by Xplode
# Username : Bin - BIN-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\RogueKillerCMD.exe
Deleted : C:\Users\Bin\Desktop\ZHPCleaner.lnk
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

########## - EOF - ##########
Lo que no se es eso que se ha eliminado de c: Windows y registros
Las aplicaciones hay varios que si conozco.

Leosolari · 29 Noviembre, 2018 14:49

Hola

1. Descarga CCleaner a Tu escritorio. Siguiendo Su manual, lo instalas y ejecutas y utiliza las dos opciones del Uso Simple (Limpiador y Registro) del mismo, tal como se explican en el manual.

2. Realiza un análisis completo del Disco duro, siguiendo esta guía: Análisis y Escaneo del Disco Duro

3. Libera espacio de los discos siguiendo esta guía: Liberar espacios en Discos y Particiones

4. Desfragmenta el/los discos duros y particiones del PC, siguiendo esta guía: Desfragmentar Discos y Particiones

Con estos pasos, damos por sentado que el equipo esta limpio de malwares y optimizado.

Nos comentas como sigue el funcionamiento del PC.

Saludos

selohu · 29 Noviembre, 2018 16:26

Análisis de disco sin problemas, no me dice nada Espacio de disco liberado casi 2gb Fragmentado en 12%, analizando por si ha cambiado… Al final es un 10% lo fragmentado.

selohu · 4 Diciembre, 2018 21:58

Hola, parece que va ser de Hardware, tenía 15% fragmentado y ahora solo 2% y el equipo después de todo sigue igual de lento según me cuentan.

Leosolari · 4 Diciembre, 2018 22:04

Hola

No es un problema de Malwares. No es un problema de Optimización.

Quedan dos posibilidades. O un conflicto de Software (algunos programas instalados en conjunto pueden ovacionar alto consumo de recursos) o un problema de Hardware.

Podrías intentar deshabilitar el servicio de Windows Update, que aveces ocasiona estos problemas también.

Saludos