Me apareció el siguiente mensaje del programa Malwarebytes:
- Dominio : sunlongo.info
- IP : 185.17.184.11
- Puerto: 50780
- Procesar: C\Windows\System32\Windowspoweshell\v1.0\Powershell.exe
Alguna vez aparece mi escritorio con una distribución distinta a la que había establecido.
Ejecuto Malwarebytes y me dice que no encuentra nada.
He ejecutado CDCleaner/Registro y el reporte es el siguiente:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\//NoRemove]
[HKEY_CLASSES_ROOT\//{]
[HKEY_CLASSES_ROOT\//}]
[HKEY_CLASSES_ROOT\//×¢²áÓÒ¼üÏÔʾµÄÎļþ]
[HKEY_CLASSES_ROOT\ShellEx]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithProgids]
[HKEY_CLASSES_ROOT\raidcall\DefaultIcon]
@="C:\\RaidCall\\raidcall.exe,1"
[HKEY_CLASSES_ROOT\raidcall\shell\open]
[HKEY_CLASSES_ROOT\raidcall\shell\open\command]
@="\"C:\\RaidCall\\StartRC.exe\",\"%1\""
[HKEY_CLASSES_ROOT\uplay\shell\Open]
[HKEY_CLASSES_ROOT\uplay\shell\Open\Command]
@="\"C:\\Program Files (x86)\\Ubisoft\\Ubisoft Game Launcher\\Uplay.exe\" \"%1\""
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}]
@="Uplay PC Plugin"
"AppID"="{B415CD14-B45D-4BCA-B552-B06175C38606}"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\Control]
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32]
@="C:\\Program Files (x86)\\Ubisoft\\The Settlers 7 - Los Caminos del Reino\\Data\\Base\\_Dbg\\Bin\\Release\\orbit\\npuplaypc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\ProgID]
@="Ubisoft.uplaypc.1"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\TypeLib]
@="{E652CE9D-1463-5095-89C1-B2EF3F92F92F}"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\Version]
@="1"
[HKEY_CLASSES_ROOT\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\VersionIndependentProgID]
@="Ubisoft.uplaypc"
[HKEY_CLASSES_ROOT\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}]
@="BlueBirdShell Class"
[HKEY_CLASSES_ROOT\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\ProgID]
@="BlueBirdShellExt.BlueBirdShell.1"
[HKEY_CLASSES_ROOT\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\TypeLib]
@="{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}"
[HKEY_CLASSES_ROOT\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\VersionIndependentProgID]
@="BlueBirdShellExt.BlueBirdShell"
[HKEY_CLASSES_ROOT\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}]
@="CExtMenu Class"
[HKEY_CLASSES_ROOT\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
@="C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID]
@="ASCExtMenu.CExtMenu.1"
[HKEY_CLASSES_ROOT\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib]
@="{60AD0991-ECD4-49dc-B170-8B7E7C60F51B}"
[HKEY_CLASSES_ROOT\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID]
@="ASCExtMenu.CExtMenu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files (x86)\\MyPlayCity.com\\Settlement - Colossus\\Settlement - Colossus.exe"="RUNASADMIN ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files (x86)\\Impressions Games\\Lords of the Realm III\\Lords3.exe"="WINXPSP3"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1025\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1028\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1029\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1030\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1031\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1032\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1033\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1035\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1036\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1037\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1038\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1040\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1041\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1042\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1043\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1044\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1045\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1046\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1049\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1053\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\1055\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\2052\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\2070\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\3082\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\Graphics\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
"DisplayIcon"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\\\DisplayIcon.ico"
"DisplayName"="Microsoft .NET Framework 4.5.2"
"DisplayVersion"="4.5.51209"
"EstimatedSize"=dword:00009b34
"UninstallString"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\\\Setup.exe /repair /x86 /x64"
"VersionMajor"="4"
"VersionMinor"="5"
"Publisher"="Microsoft Corporation"
"InstallLocation"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\"
"UninstallPath"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\"
"Readme"="
"URLInfoAbout"="
"URLUpdateInfo"="
[HKEY_CURRENT_USER\Software\WinRAR SFX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7F5EC011-CBF6-438F-88FE-BAD4AD7BB44B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DriverBooster.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E4F87FA-122C-4436-BF5A-2ACE86290B05}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DriverBooster.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BBCFFEE-CB6E-4600-A4A4-F1187BB5667C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DBDownloader.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8109DC60-9E20-4DE3-8FD7-6BA319C01AF4}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DBDownloader.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E08E425-30E9-4935-AC4B-7B25BBB44344}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\AutoUpdate.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C377EA73-D8E4-4EA8-BD0E-6DC5C6D009B8}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\AutoUpdate.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7F5EC011-CBF6-438F-88FE-BAD4AD7BB44B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DriverBooster.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E4F87FA-122C-4436-BF5A-2ACE86290B05}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DriverBooster.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BBCFFEE-CB6E-4600-A4A4-F1187BB5667C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DBDownloader.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8109DC60-9E20-4DE3-8FD7-6BA319C01AF4}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\DBDownloader.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E08E425-30E9-4935-AC4B-7B25BBB44344}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\AutoUpdate.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C377EA73-D8E4-4EA8-BD0E-6DC5C6D009B8}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\\Program Files (x86)\\IObit\\Driver Booster\\AutoUpdate.exe|Name=Driver Booster|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LiveUpdateSvc]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,00,78,00,38,00,36,00,29,00,\
5c,00,49,00,4f,00,62,00,69,00,74,00,5c,00,4c,00,69,00,76,00,65,00,55,00,70,\
00,64,00,61,00,74,00,65,00,5c,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,\
61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="LiveUpdate"
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
"Description"="LiveUpdate"
Vuelvo a ejecutarlo, también en registro, y sale lo siguiente:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ASCExtMenu.CExtMenu]
@="CExtMenu Class"
[HKEY_CLASSES_ROOT\ASCExtMenu.CExtMenu\CLSID]
@="{2803063F-4B8D-4dc6-8874-D1802487FE2D}"
[HKEY_CLASSES_ROOT\ASCExtMenu.CExtMenu\CurVer]
@="ASCExtMenu.CExtMenu.1"
[HKEY_CLASSES_ROOT\ASCExtMenu.CExtMenu.1]
@="CExtMenu Class"
[HKEY_CLASSES_ROOT\ASCExtMenu.CExtMenu.1\CLSID]
@="{2803063F-4B8D-4dc6-8874-D1802487FE2D}"
[HKEY_CLASSES_ROOT\BlueBirdShellExt.BlueBirdShell]
@="BlueBirdShell Class"
[HKEY_CLASSES_ROOT\BlueBirdShellExt.BlueBirdShell\CLSID]
@="{0BB81440-5F42-4480-A5F7-770A6F439FC8}"
[HKEY_CLASSES_ROOT\BlueBirdShellExt.BlueBirdShell\CurVer]
@="BlueBirdShellExt.BlueBirdShell.1"
[HKEY_CLASSES_ROOT\BlueBirdShellExt.BlueBirdShell.1]
@="BlueBirdShell Class"
[HKEY_CLASSES_ROOT\BlueBirdShellExt.BlueBirdShell.1\CLSID]
@="{0BB81440-5F42-4480-A5F7-770A6F439FC8}"
[HKEY_CLASSES_ROOT\Ubisoft.uplaypc]
@="Uplay PC Plugin"
[HKEY_CLASSES_ROOT\Ubisoft.uplaypc\CLSID]
@="{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}"
[HKEY_CLASSES_ROOT\Ubisoft.uplaypc\CurVer]
@="Ubisoft.uplaypc.1"
[HKEY_CLASSES_ROOT\Ubisoft.uplaypc.1]
@="Uplay PC Plugin"
[HKEY_CLASSES_ROOT\Ubisoft.uplaypc.1\CLSID]
@="{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}"
A la siguiente vez que lo ejecuto no aparece nada.
¡ Muchas gracias por adelantado!