Malwarebytes www.malwarebytes.com -Detalles del registro- Fecha del análisis: 2/4/20 Hora del análisis: 14:31 Archivo de registro: d7be3d48-74dd-11ea-89d8-f83441c428f3.json -Información del software- Versión: 4.1.0.56 Versión de los componentes: 1.0.859 Versión del paquete de actualización: 1.0.21784 Licencia: Prueba -Información del sistema- SO: Windows 10 (Build 18362.720) CPU: x64 Sistema de archivos: NTFS Usuario: LAPTOP-EN9F06GH\scrau -Resumen del análisis- Tipo de análisis: Análisis de amenazas Análisis iniciado por:: Manual Resultado: Completado Objetos analizados: 316765 Amenazas detectadas: 170 Amenazas en cuarentena: 170 Tiempo transcurrido: 1 min, 41 seg -Opciones de análisis- Memoria: Activado Inicio: Activado Sistema de archivos: Activado Archivo: Activado Rootkits: Desactivado Heurística: Activado PUP: Detectar PUM: Detectar -Detalles del análisis- Proceso: 0 (No hay elementos maliciosos detectados) Módulo: 0 (No hay elementos maliciosos detectados) Clave del registro: 29 PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, 197, 236865, , , , PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, 197, 236865, , , , PUP.Optional.Conduit, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En cuarentena, 197, 236865, 1.0.21784, , ame, PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ONLINE_APPLICATION, En cuarentena, 3692, 391429, , , , PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{43C0501E-8CD1-4D67-9FFA-632A6323F171}, En cuarentena, 3692, 391429, , , , PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{43C0501E-8CD1-4D67-9FFA-632A6323F171}, En cuarentena, 3692, 391429, , , , PUP.Optional.1Bbot, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\1BTC Software, En cuarentena, 3507, 584329, 1.0.21784, , ame, Adware.DNSUnlocker.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, En cuarentena, 5216, 650308, , , , Trojan.FakeTool.E, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\DreamTrips, En cuarentena, 3113, 701670, 1.0.21784, , ame, Trojan.Agent, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\6b264507-ba91-4d85-86c9-1e827315cbe0, En cuarentena, 491, 714268, 1.0.21784, , ame, Adware.Tuto4PC, HKLM\SOFTWARE\Foldershare, En cuarentena, 2860, 536223, 1.0.21784, , ame, Adware.RunBooster, HKLM\SOFTWARE\RunBooster, En cuarentena, 5888, 368690, 1.0.21784, , ame, Trojan.Glupteba.E, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\TESTAPP, En cuarentena, 494, 781336, 1.0.21784, , ame, PUP.Optional.JetMedia, HKLM\SOFTWARE\WOW6432NODE\JETMEDIA\NativeDesktopMediaService, En cuarentena, 4012, 544579, 1.0.21784, , ame, Trojan.MalPack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RubusFund 2.0, En cuarentena, 550, 631644, 1.0.21784, , ame, Adware.NetAdapter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}, En cuarentena, 1126, 683132, 1.0.21784, , ame, PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, En cuarentena, 3692, 398592, 1.0.21784, , ame, Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\Machiner, En cuarentena, 3167, 676882, 1.0.21784, , ame, PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, En cuarentena, 6935, 252393, 1.0.21784, , ame, Adware.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\Microleaves, En cuarentena, 1317, 716215, 1.0.21784, , ame, Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtPolygen, En cuarentena, 904, 568554, 1.0.21784, , ame, PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, En cuarentena, 6935, 252393, 1.0.21784, , ame, PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, En cuarentena, 325, 550469, 1.0.21784, , ame, PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, En cuarentena, 922, 259928, 1.0.21784, , ame, Adware.Neoreklami.Generic.TskLnk, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, En cuarentena, 3589, -1, 0.0.0, , action, Adware.Neoreklami.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, En cuarentena, 3589, -1, 0.0.0, , action, Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KTQyJFOoTqsshFJ2, En cuarentena, 390, 698513, , , , Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0675C18E-4AC7-4889-AF83-11B280A8E32C}, En cuarentena, 390, 698513, , , , Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0675C18E-4AC7-4889-AF83-11B280A8E32C}, En cuarentena, 390, 698513, , , , Valor del registro: 13 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, 922, -1, 0.0.0, , action, PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, 922, -1, 0.0.0, , action, PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\ENVIRONMENT|SNF, En cuarentena, 922, -1, 0.0.0, , action, PUP.Optional.Conduit, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, En cuarentena, 197, 236865, 1.0.21784, , ame, PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\ENVIRONMENT|SNF, En cuarentena, 922, 259517, 1.0.21784, , ame, PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, En cuarentena, 922, 259988, 1.0.21784, , ame, Trojan.Glupteba.E, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\TESTAPP|DEFENDER, En cuarentena, 494, 781336, 1.0.21784, , ame, Rootkit.Agent, HKLM\SOFTWARE\MICROSOFT|MSVER1, En cuarentena, 490, 678869, 1.0.21784, , ame, PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, En cuarentena, 6935, 252393, 1.0.21784, , ame, PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{43C0501E-8CD1-4D67-9FFA-632A6323F171}|PATH, En cuarentena, 3692, 391427, 1.0.21784, , ame, PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, En cuarentena, 6935, 252393, 1.0.21784, , ame, PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, En cuarentena, 3692, 333852, 1.0.21784, , ame, PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, En cuarentena, 3692, 321304, 1.0.21784, , ame, Datos del registro: 5 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Sustituido, 922, 293485, 1.0.21784, , ame, PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Sustituido, 922, 293485, 1.0.21784, , ame, PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Sustituido, 922, 293485, 1.0.21784, , ame, PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1669873687-1421384683-3330660246-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Sustituido, 922, 293486, 1.0.21784, , ame, PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Sustituido, 266, 293477, 1.0.21784, , ame, Secuencia de datos: 0 (No hay elementos maliciosos detectados) Carpeta: 72 Adware.Csdimonetize.E, C:\PROGRAM FILES\rempl\U1I795HWGC9FRUQL7V5FAEJPTSDBSB, En cuarentena, 5069, 650310, 1.0.21784, , ame, PUP.Optional.JetMedia, C:\ProgramData\Jetmedia\NativeDesktopMediaService, En cuarentena, 4012, 690183, , , , PUP.Optional.JetMedia, C:\PROGRAMDATA\Jetmedia, En cuarentena, 4012, 690183, 1.0.21784, , ame, Adware.DNSUnlocker.E, C:\PROGRAM FILES\HOMEVILLE, En cuarentena, 5216, 650308, 1.0.21784, , ame, PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, En cuarentena, 3692, 391425, 1.0.21784, , ame, Adware.OnlineIO, C:\Users\scrau\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, En cuarentena, 1317, 399763, , , , Adware.OnlineIO, C:\Users\scrau\AppData\Roaming\Microleaves\Online Application 2.7.0\install, En cuarentena, 1317, 399763, , , , Adware.OnlineIO, C:\Users\scrau\AppData\Roaming\Microleaves\Online Application 2.7.0, En cuarentena, 1317, 399763, , , , Adware.OnlineIO, C:\USERS\SCRAU\APPDATA\ROAMING\MICROLEAVES, En cuarentena, 1317, 399763, 1.0.21784, , ame, Adware.Linkury.ACMB1, C:\ProgramData\Polygen\ondemand, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\PROGRAMDATA\POLYGEN, En cuarentena, 904, 568542, 1.0.21784, , ame, Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\ElectronCash, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\InfiniteCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\DigitalCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\ElectrumLTC, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\GoldCoinGLD, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\FlorinCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\MultiDoge, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\PrimeCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\TerraCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Anoncoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\DashCore, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Electrum, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Ethereum, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\FreiCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Litecoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\MegaCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\NameCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\BBQCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Bitcoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\DevCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\MinCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Exodus, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Franko, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\IOCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\IxCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\YACoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\Zcash, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\E1HS3OPPKW47EAKC0515TPWAX\files\Wallets\JAXX, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\PROGRAMDATA\E1HS3OPPKW47EAKC0515TPWAX\FILES\Wallets, En cuarentena, 900, 697276, 1.0.21784, , ame, Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\ElectronCash, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\InfiniteCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\DigitalCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\ElectrumLTC, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\GoldCoinGLD, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\FlorinCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\MultiDoge, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\PrimeCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\TerraCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Anoncoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\DashCore, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Electrum, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Ethereum, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\FreiCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Litecoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\MegaCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\NameCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\BBQCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Bitcoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\DevCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\MinCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Exodus, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Franko, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\IOCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\IxCoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\YACoin, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\Zcash, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\ProgramData\FBMJ08U06GEWAE5ME9ZC5XLSP\files\Wallets\JAXX, En cuarentena, 900, 697276, , , , Spyware.StolenData.E, C:\PROGRAMDATA\FBMJ08U06GEWAE5ME9ZC5XLSP\FILES\Wallets, En cuarentena, 900, 697276, 1.0.21784, , ame, Adware.Neoreklami.Generic.TskLnk, C:\PROGRAMDATA\XPEKMJRORGKCLNVB, En cuarentena, 3589, 771910, 1.0.21784, , ame, PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\POLYGENS, En cuarentena, 202, 380106, 1.0.21784, , ame, Adware.Linkury.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\DONBAM, En cuarentena, 15022, 444929, 1.0.21784, , ame, Archivo: 51 PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, En cuarentena, 922, 259512, 1.0.21784, , ame, PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, En cuarentena, 3692, 391430, 1.0.21784, , ame, PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, En cuarentena, 3692, 391429, 1.0.21784, , ame, PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, En cuarentena, 3692, 391431, 1.0.21784, , ame, Adware.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, En cuarentena, 1317, 527823, 1.0.21784, , ame, Adware.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, En cuarentena, 1317, 527823, 1.0.21784, , ame, Adware.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, En cuarentena, 1317, 527823, 1.0.21784, , ame, Adware.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, En cuarentena, 1317, 527823, 1.0.21784, , ame, Adware.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, En cuarentena, 1317, 527823, 1.0.21784, , ame, Adware.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, En cuarentena, 1317, 527823, 1.0.21784, , ame, Adware.Csdimonetize.E, C:\PROGRAM FILES\rempl\U1I795HWGC9FRUQL7V5FAEJPTSDBSB\Kenessey.txt, En cuarentena, 5069, 650310, 1.0.21784, , ame, Adware.Csdimonetize.E, C:\Program Files\rempl\U1I795HWGC9FRUQL7V5FAEJPTSDBSB\+EK+_m2SyV.exe.config, En cuarentena, 5069, 650310, , , , Adware.Csdimonetize.E, C:\Program Files\rempl\U1I795HWGC9FRUQL7V5FAEJPTSDBSB\2k5Mc8#jJ'.exe.config, En cuarentena, 5069, 650310, , , , Adware.Csdimonetize.E, C:\Program Files\rempl\U1I795HWGC9FRUQL7V5FAEJPTSDBSB\8IGVdS_fs2.exe.config, En cuarentena, 5069, 650310, , , , Adware.Csdimonetize.E, C:\Program Files\rempl\U1I795HWGC9FRUQL7V5FAEJPTSDBSB\UpdateInstall.exe.config, En cuarentena, 5069, 650310, , , , PUP.Optional.JetMedia, C:\PROGRAMDATA\Jetmedia\NATIVEDESKTOPMEDIASERVICE\comdata.dat, En cuarentena, 4012, 690183, 1.0.21784, , ame, Adware.DNSUnlocker, C:\WINDOWS\TASKS\Homeville Launcher.job, En cuarentena, 5837, 649827, 1.0.21784, , ame, Adware.DNSUnlocker, C:\WINDOWS\TASKS\Homeville.job, En cuarentena, 5837, 649827, 1.0.21784, , ame, Adware.DNSUnlocker.E, C:\PROGRAM FILES\HOMEVILLE\UNINS000.DAT, En cuarentena, 5216, 650308, 1.0.21784, , ame, Adware.DNSUnlocker.E, C:\Program Files\Homeville\unins000.exe, En cuarentena, 5216, 650308, , , , PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, En cuarentena, 3692, 391425, , , , PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, En cuarentena, 3692, 391425, , , , Adware.OnlineIO, C:\Users\scrau\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, En cuarentena, 1317, 399763, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\Aircof.bin, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\conf.config, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\Labruntouch.bin, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\md.xml, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\PhysLam.bin, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\Rela.exe.config, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\s1ikpjgr.xml, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\Stringcof.bin, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\Toptough.bin, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\WarmPhase.exe.config, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\X-stock.bin, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\YearEco.dat, En cuarentena, 904, 568542, , , , Adware.Linkury.ACMB1, C:\ProgramData\Polygen\Zimdex.bin, En cuarentena, 904, 568542, , , , Adware.Neoreklami.Generic.TskLnk, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, En cuarentena, 3589, -1, 0.0.0, , action, Adware.Neoreklami.Generic.TskLnk, C:\PROGRAMDATA\NTUSER.POL, En cuarentena, 3589, -1, 0.0.0, , action, Adware.Neoreklami.Generic.TskLnk, C:\USERS\SCRAU\NTUSER.POL, En cuarentena, 3589, -1, 0.0.0, , action, Adware.Neoreklami.Generic.TskLnk, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, En cuarentena, 3589, -1, 0.0.0, , action, Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Sustituido, 15342, 476110, 1.0.21784, , ame, Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Sustituido, 15342, 476110, 1.0.21784, , ame, Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Sustituido, 15342, 476110, 1.0.21784, , ame, PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\POLYGENS\FF.HP, En cuarentena, 202, 380106, 1.0.21784, , ame, PUP.Optional.Linkury.Generic, C:\ProgramData\Polygens\ff.NT, En cuarentena, 202, 380106, , , , PUP.Optional.Linkury.Generic, C:\ProgramData\Polygens\snp.sc, En cuarentena, 202, 380106, , , , Adware.Linkury.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\DONBAM\INSTALLATIONCONFIGURATION.XML, En cuarentena, 15022, 444929, 1.0.21784, , ame, Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Donbam\uninstall.dat, En cuarentena, 15022, 444929, , , , Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Donbam\uninstall.ico, En cuarentena, 15022, 444929, , , , Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\KTQyJFOoTqsshFJ2, En cuarentena, 390, 698513, 1.0.21784, , ame, MachineLearning/Anomalous.94%, C:\USERS\SCRAU\DOWNLOADS\SIN CONFIRMAR 263215.CRDOWNLOAD, En cuarentena, 0, 392687, 1.0.21784, , shuriken, Sector físico: 0 (No hay elementos maliciosos detectados) WMI: 0 (No hay elementos maliciosos detectados) (end) Malwarebytes www.malwarebytes.com -Detalles del registro- Fecha del análisis: 2/4/20 Hora del análisis: 14:35 Archivo de registro: 77bb9a98-74de-11ea-848e-f83441c428f3.json -Información del software- Versión: 4.1.0.56 Versión de los componentes: 1.0.859 Versión del paquete de actualización: 1.0.21784 Licencia: Prueba -Información del sistema- SO: Windows 10 (Build 18362.720) CPU: x64 Sistema de archivos: NTFS Usuario: LAPTOP-EN9F06GH\scrau -Resumen del análisis- Tipo de análisis: Análisis personalizado Análisis iniciado por:: Manual Resultado: Cancelado Objetos analizados: 685126 Amenazas detectadas: 1 Amenazas en cuarentena: 1 Tiempo transcurrido: 45 min, 43 seg -Opciones de análisis- Memoria: Activado Inicio: Activado Sistema de archivos: Activado Archivo: Activado Rootkits: Activado Heurística: Activado PUP: Detectar PUM: Detectar -Detalles del análisis- Proceso: 0 (No hay elementos maliciosos detectados) Módulo: 0 (No hay elementos maliciosos detectados) Clave del registro: 0 (No hay elementos maliciosos detectados) Valor del registro: 0 (No hay elementos maliciosos detectados) Datos del registro: 0 (No hay elementos maliciosos detectados) Secuencia de datos: 0 (No hay elementos maliciosos detectados) Carpeta: 0 (No hay elementos maliciosos detectados) Archivo: 1 PUP.Optional.MultiBar, C:\INTERICAD LITE TRIAL\CK2D\FURLIB.PLUGIN, En cuarentena, 8761, 403409, 1.0.21784, , ame, Sector físico: 0 (No hay elementos maliciosos detectados) WMI: 0 (No hay elementos maliciosos detectados) (end) # ------------------------------- # Malwarebytes AdwCleaner 8.0.3.0 # ------------------------------- # Build: 03-03-2020 # Database: 2020-03-23.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-02-2020 # Duration: 00:00:02 # OS: Windows 10 Home # Cleaned: 21 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\RunBooster Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion Deleted C:\ProgramData\CloudPrinter Deleted C:\ProgramData\Lavasoft\Web Companion Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted C:\Users\scrau\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG Deleted C:\Users\scrau\AppData\Roaming\Lavasoft\Web Companion ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Margin Trade Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PetGame Deleted HKCU\Software\SetupCompany Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Wow6432Node\Jetmedia Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} ***** [ Chromium (and derivatives) ] ***** Not Deleted nladljmabboanhihfkjacnnkgjhnokhj ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [8142 octets] - [02/04/2020 15:40:04] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Después de varios días decidí pasar el AdwCleaner y me detectó 1, lo puse en cuarentena, reinicié el equipo, lo volví a pasar y me volvió a detectar el mismo, lo volví a poner en cuarentena y vuelve a salir. Aquí está el último registro: # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-04-03.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-04-2020 # Duration: 00:00:18 # OS: Windows 10 Home # Scanned: 32067 # Detected: 44 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.DefaultSearch.ShrtCln nladljmabboanhihfkjacnnkgjhnokhj ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A47029F0-CFD8-42FF-8890-94997679B741} Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HP\HP COOLSENSE Preinstalled.HPCoolSense Folder C:\Users\scrau\AppData\Local\HP\HP COOLSENSE Preinstalled.HPCoolSense Folder C:\Windows\System32\Tasks\HP\HP COOLSENSE Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7} Preinstalled.HPJumpStartApps Folder C:\Program Files (x86)\HP\HP JUMPSTART APPS Preinstalled.HPJumpStartApps Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF75A71C-C7C1-4063-8230-D1DC97FD1EC5} Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH Preinstalled.HPOrbit File C:\Users\scrau\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Orbit.lnk Preinstalled.HPOrbit Folder C:\Program Files\HP\HP ORBIT Preinstalled.HPOrbit Folder C:\Program Files\HP\HP ORBIT SERVICE Preinstalled.HPOrbit Folder C:\ProgramData\HP\HP ORBIT Preinstalled.HPOrbit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{38B26B58-693D-4B55-9653-1E8D173A9F3B} Preinstalled.HPOrbit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DED1B811-5F83-451D-AFE6-F9AC351CB63B} Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\scrau\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\scrau\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05F81C27-62A5-4A0C-8519-60CB66CF87C6} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B2630333-677F-4F40-9625-7F76CFB02EA1} Preinstalled.HPSureConnect Folder C:\Program Files (x86)\HP INC\HP SURE CONNECT Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6} AdwCleaner[S00].txt - [8142 octets] - [02/04/2020 15:40:04] AdwCleaner[C00].txt - [3148 octets] - [02/04/2020 15:41:33] AdwCleaner[S01].txt - [6339 octets] - [04/04/2020 17:45:06] AdwCleaner[C01].txt - [1726 octets] - [04/04/2020 17:45:33] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########