• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 17

    Virus en Windows 10 (Solucionado)

    Hola, buenas. No sé qué virus/ troyano debo de tener, pero el ordenador no deja de abrir páginas web tanto en Microsoft Edge como en Chrome, se me instalan programas sin yo saberlo, Windows Defender ...

          
    1. #1
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Virus en Windows 10 (Solucionado)

      Hola, buenas.

      No sé qué virus/ troyano debo de tener, pero el ordenador no deja de abrir páginas web tanto en Microsoft Edge como en Chrome, se me instalan programas sin yo saberlo, Windows Defender me ha dejado de funcionar me pone que "la directiva de grupo desactivó esta aplicación" y el Word tampoco me funciona.

      ¿Alguien me puede decir qué hacer para eliminarlo?

      Gracias

    2. #2
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      17.359

      Re: Virus en Windows 10

      Saludos y bienvenid@....................






      Descarga en el escritorio >>IFS (InfoSpyware First Steps) | InfoSpyware

      1. Cierra todos los programas que tengas abiertos.
      2. Ejecuta IFS.exe (Si usas Windows Vista/7 / 8 o 10 ,presiona clic derecho y selecciona "Ejecutar como Administrador.")
      3. Pulsar en el botón Analizar, y espera a que se realice el proceso.
      4. Al terminar se abrirá un informe, que debes copiar y pegar(entero) en tu próxima respuesta.


      El informe también se puede encontrar en "C:\IFS.log"



      Descarga y ejecutas Rkill 2.6 | InfoSpyware en el escritorio

      • Rkill se disfraza bajo el nombre iExplore, cuando lo ejecute tendrá que esperar y aceptar un mensaje.
      • Rkill no se instala.
      • Después de ejecutar este, no reinicie el PC hasta que un programa se lo solicite.
      • Luego peganos el log que se encuentra en C: rkill.log



      Me pegas ambos logs
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Re: Virus en Windows 10

      Hola, gracias por contestar :)

      Ya he hecho lo que me has pedido y estos son los informes:

      Este es el de IFS

      Código:
      ~~~~~~~~~~~| Inicio: 
      
      *IFS (InfoSpyware First Steps) v 1.3
      *www.InfoSpyware.com | www.ForoSpyware.com
      *Iniciado: 11/01/2017 a las 18h.12m.12s
      
      ~~~~~~~~~~~|  Información del Sistema:
      
      OS: Microsoft Windows 10 Home x64 
      Idioma: Spanish (Spain, International Sort) (España|es-ES)
      Permisos de Administrador / ON
      Windows se Inició en   Modo Normal
      Drive: C:\WINDOWS (Install: \Device\HarddiskVolume4)
      
      ~~~~~~~~~~~| Arquitectura Fisica:
      
      CPU: Acer
      CPU Modelo: Aspire E1-571
      Procesador: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz (x64-BasedPC)
      Memoria RAM: 4 Gb. En Uso: 42 %
      Video: Intel(R) HD Graphics 3000
      Chip: Intel(R) HD Graphics Family Capacidad video:1827 MB (Internal)
      
      ~~~~~~~~~~~| Unidades
      
      C: [FIXED|NTFS|Acer] - [445.8 Gb][324.8 Gb][121.0 Gb]
      D: [CDROM]
      E: [CDROM]
      C:\ Fragmentación total 20.47% - Desfragmentar unidad 
      
      ~~~~~~~~~~~| Seguridad del SO
      
      SafeBoot: Inicio en Modo seguro Correcto
      Security Center: Correcto (Servicio Activo)
      Windows Update: El servicio no está activo 
      AV: Windows Defender *Protección Residente [OFF] / Actualizado*
      SP: Windows Defender *Protección Residente [OFF] / Actualizado*
      FW: Windows Firewall *Habilitado*
      
      ~~~~~~~~~~~|  Update Check
      
      Internet Explorer Versión Instalada 11
      Google Chrome Versión Instalada 55.0.2883.87
      
      ~~~~~~~~~~~| Process List 
      
      
      ~~~~~~~~~~~| Install Check 
      
      
      
      ~~~~~~~~~~~| Registry Check
      
      HKLM\Run(x64): [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
      HKLM\Run(x64): [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
      HKLM\Run(x64): [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
      HKLM\Run(x64): [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
      HKLM\Run(x64): [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
      HKLM\Run(x64): [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
      HKLM\Run: [LManager] 
      HKLM\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
      HKLM\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
      HKLM\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
      HKLM\Run: [vm6] C:\Users\Tamara\AppData\Roaming\M6 Processing\vm6.exe
      HKLM\Run: [OneDrive] "C:\Users\Tamara\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      HKLM\Run: [74PQ28W50T] "C:\Program Files\C58VFKOLRA\RYE76MLZG.exe"
      HKLM\Run: [VP3AFF75ZV] "C:\Program Files\9P0RNAOMXN\9P0RNAOMX.exe"
      HKLM\Run: [EJ5BT6ZYML] "C:\Users\Tamara\AppData\Local\Temp\S6BMPKEDF9.exe"
      Winlogon(x64): Shell = explorer.exe
      Winlogon: Shell = explorer.exe
      Userinit(x64): Userinit = C:\WINDOWS\system32\userinit.exe,
      Userinit: Userinit = C:\WINDOWS\system32\userinit.exe,
      
      [HKCR\.\.open\command] -> Navegador Preferido es Google Chrome
      
      ~~~~~~~~~~~| PUPs Check
      
      HKLM64\SOFTWARE\Partner
      
      C:\Program Files (x86)\baidu
      C:\Users\Tamara\AppData\Roaming\baidu
      
      ~~~~~~~~~~~| Listado 7 Días (Predeterminado)
      
      [10/01/2017 16:21] - C:\WINDOWS\SysWoW64\BestPractices
      [11/01/2017 17:01] - C:\WINDOWS\SysWoW64\data.bin
      [10/01/2017 16:21] - C:\WINDOWS\System32\BestPractices
      [11/01/2017 17:01] - C:\WINDOWS\System32\data.bin
      [05/01/2017 22:53] - C:\WINDOWS\4b4a28cd6f2637f63a38bdf95c6b2883.exe
      [10/01/2017 16:25] - C:\WINDOWS\iis.log
      [07/01/2017 19:23] - C:\AdwCleaner
      [11/01/2017 18:11] - C:\FSTool
      [11/01/2017 18:12] - C:\IFS.log
      [10/01/2017 16:21] - C:\inetpub
      [07/01/2017 19:03] - C:\Microsoft
      [11/01/2017 17:19] - C:\OneDriveTemp
      [07/01/2017 19:02] - C:\TOSTACK
      
      ~~~~~~~~~~~| C:\WINDOWS\Tasks:
      
      [05/07/2015 20:39] - C:\WINDOWS\Tasks\CountCalories.job
      [07/01/2017 19:09] - C:\WINDOWS\Tasks\UCBrowserUpdater.job
      
      ~~~~~~~~~~~| End Report
      *Finalizado 18:18:13
      *Se limpiaron los archivos temporales
      *[1599815] C:\Users\Tamara\Downloads\IFS.exe
      *Herramienta de Análisis e investigación

      Y este es el de Rkill:

      Rkill 2.8.4 by Lawrence Abrams (Grinler)
      http://www.bleepingcomputer.com/
      Copyright 2008-2017 BleepingComputer.com
      More Information about Rkill can be found at this link:
      http://www.bleepingcomputer.com/forums/topic308364.html

      Program started at: 01/11/2017 06:21:44 PM in x64 mode.
      Windows Version: Windows 10 Home

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * C:\Users\Tamara\AppData\Roaming\M6 Processing\vm6.exe (PID: 6668) [UP-HEUR]
      * C:\Users\Tamara\AppData\Local\Temp\S6BMPKEDF9.exe (PID: 6188) [UP-HEUR]

      2 proccesses terminated!

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * Windows Defender Disabled

      [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
      "DisableAntiSpyware" = dword:00000001

      Checking Windows Service Integrity:

      * gagp30kx [Missing Service]
      * IEEtwCollectorService [Missing Service]
      * IoQos [Missing Service]
      * nv_agp [Missing Service]
      * TimeBroker [Missing Service]
      * uagp35 [Missing Service]
      * uliagpkx [Missing Service]
      * WcsPlugInService [Missing Service]
      * wpcfltr [Missing Service]
      * WSService [Missing Service]

      * agp440 [Missing ImagePath]

      * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
      * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

      * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
      * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * HOSTS file entries found:

      127.0.0.1 down.baidu2016.com
      127.0.0.1 123.sogou.com
      127.0.0.1 www.czzsyzgm.com
      127.0.0.1 www.czzsyzxl.com
      127.0.0.1 union.baidu2019.com
      127.0.0.1 down.baidu2016.com
      127.0.0.1 123.sogou.com
      127.0.0.1 www.czzsyzgm.com
      127.0.0.1 www.czzsyzxl.com
      127.0.0.1 union.baidu2019.com
      34.195.153.94 Google Analytics Solutions - Web Analytics & Marketing Measurement ? Google
      34.195.153.94 google-analytics.com
      34.195.153.94 mc.yandex.ru
      34.195.153.94 top-fwz1.mail.ru
      34.195.153.94 site.yandex.net
      34.195.153.94 pagead2.googlesyndication.com
      34.195.153.94 ad.mail.ru
      34.195.153.94 ads.adfox.ru
      34.195.153.94 ads.pubmatic.com
      34.195.153.94 apis.google.com

      20 out of 86 HOSTS entries shown.
      Please review HOSTS file for further entries.

      Program finished at: 01/11/2017 06:24:04 PM
      Execution time: 0 hours(s), 2 minute(s), and 20 seconds(s)

      No me ha pedido reiniciar, no sé si era necesario, pero no lo he hecho.

      Muchas gracias.

    4. #4
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      17.359

      Re: Virus en Windows 10

      Tienes muchas infecciones.........


      Realizas en orden y ma pegas los logs, comentado como va el pc



      Instala y Realiza un escaneo online con ESET Online Scanner
      ESET Online Scanner | InfoSpyware.
      Abres el Eset Online Scanner y lo ejecutas de la siguiente manera:

      1. Dejamos marcada la casilla de Detección de aplicaciones potencialmente indeseables
      2. Haces click en Configuración adicional o Avanzada y marcamos las casillas:


      • Eliminar amenazas detectadas
      • Analizar Archivos
      • Analizar en busca de aplicaciones potencialmente peligrosas
      • Activar la tecnología Anti-Stealth.

      Objetos de análisis actual >> Cambiar >> Seleccionar todas las unidades del Pc
      • Pulsas en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      • Cuando acabe haz clic en Finalizar


      Localiza y pega el reporte ubicado en C:\Archivos de programa\ESET\ESET Online Scanner\log


      Descarga e instala Malwarebytes , si no lo tienes instalado/actualizado,>> Manual de Malwarebytes Anti-Malware 2

      NOTA: Justo en el momento de finalizar la instalación del programa, si dejamos marcada la casilla (opcional)"Activar la versión de prueba de Malwarebytes Anti-Malware PREMIUM" (como figura por defecto), tendremos en funcionamiento durante 14 días esta versión de prueba que incluye la protección residente del programa .Si no vamos a comprar o no queremos probar la versión pro ,desactivamos esa casilla y no pulsar en activar versión de prueba de la versión Premium ,posteriormente en la interfaz
      Abre el programa Malwarebytes :

      1. Vamos a la pestaña Analizar su pc
      2. Elegimos Análisis Personalizado >> Configurar >>Seleccionando Todas las unidades como indica el manual, marcando todas las casillas de la derecha y todas las de la izquierda
      3. Pulsamos Iniciar Analisis
      4. Si nos sale aviso de nuevas actualizaciones, pulsamos en Actualizar Ahora
      5. Una vez finalizado "elegir una acción para los posibles elementos detectados" >>Pulsamos Eliminar Seleccionados
      y asi se enviaran a Cuarentena.
      • El sistema pedirá Reiniciar para completar la limpieza.
      • Para acceder posteriormente al informe del análisis :
        - Historial >> Registros de aplicación >> Registro de análisis >>Pulsar en >> Exportar >>Copiar al Portapapeles, y lo pegas en tu respuesta



      Descarga AdwCleaner 3.0 | InfoSpyware y colócalo en el escritorio:


      - Ejecútalo con todos los programas cerrados y con el antivirus deshabilitado >>Cómo deshabilitar temporalmente su Antivirus.
      - Si usas Windows Vista/ W 7/W 8, ejecútalo como administrador. (Botón derecho >> Ejecutar como Administrador) , aceptas la licencia (j’acepte) ..


      Presionas y das en Escanear y esperas a que el programa haga lo suyo.
      Ejecutamos Limpiar para realizar la limpieza y si nos pide reiniciar el pc lo hacemos.

      - Al terminar se abrirá un reporte en un archivo de texto, cuyo contenido deberás copiar y pegar en tu próxima respuesta.


      El reporte se encuentra también en C:\AdwCleaner- AdwCleaner[CX].txt



      1-Descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • La guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas /ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.

      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Re: Virus en Windows 10

      Hola, acaba de terminar mi pc de hacer todo lo que me pediste, te cuento:

      - El escáner con ESET no me hizo ningún log, tenía unas 30 amenazas y las eliminé. Tampoco encuentro la carpeta ESET en mi pc.

      - El escáner con Malwarebytes me tardó casi un día y cuando terminó ponía que tenía unas 2300 amenazas pero no me dejó eliminarlas todas y solo me dejó eliminar unas 5, tampoco encuentro el log.

      - Este es el escáner de AdwCleaner:

      # AdwCleaner v6.042 - Archivo de registro creado 13/01/2017 en 09:36:15
      # Actualizado en 06/01/2017 por Malwarebytes
      # Base de datos : 2017-01-11.1 [Servidor]
      # Sistema Operativo : Windows 10 Home (X64)
      # Nombre de usuario : Tamara - TAMARA
      # Ejecutado desde : C:\Users\Tamara\Downloads\AdwCleaner.exe
      # Modo: Limpiar
      # Soporte : https://www.malwarebytes.com/support



      ***** [ Servicios ] *****

      [-] Servicio eliminado: WinSAPSvc
      [-] Servicio eliminado: Archer
      [-] Servicio eliminado: ed2kidle


      ***** [ Carpetas ] *****

      [-] Carpeta eliminada: C:\Users\Tamara\AppData\Roaming\aMule
      [-] Carpeta eliminada: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
      [-] Carpeta eliminada: C:\ProgramData\WinSAPSvc
      [#] Carpeta eliminada al reiniciar: C:\ProgramData\winsapsvc
      [-] Carpeta eliminada: C:\Program Files (x86)\WinArcher
      [#] Carpeta eliminada al reiniciar: C:\Program Files (x86)\winarcher
      [-] Carpeta eliminada: C:\Program Files (x86)\Gubed


      ***** [ Archivos ] *****

      [-] Archivo eliminado: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log


      ***** [ DLL ] *****



      ***** [ WMI ] *****



      ***** [ Accesos directos ] *****



      ***** [ Tareas programadas ] *****

      [-] Tarea eliminada: WinTOOL


      ***** [ Registro ] *****

      [-] Llave eliminada: HKLM\SOFTWARE\ScreenShot
      [-] Llave eliminada: HKLM\SOFTWARE\WinArcher
      [-] Llave eliminada: HKLM\SOFTWARE\amule-custom
      [-] Llave eliminada: HKLM\SOFTWARE\amisitesSoftware
      [-] Llave eliminada: [x64] HKLM\SOFTWARE\InterSect Alliance
      [-] Datos restaurados: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
      [-] Datos restaurados: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
      [-] Datos restaurados: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
      [-] Datos restaurados: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
      [-] Datos restaurados: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
      [-] Datos restaurados: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
      [-] Datos restaurados: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
      [-] Datos restaurados: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
      [-] Datos restaurados: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
      [-] Datos restaurados: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
      [-] Datos restaurados: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
      [-] Datos restaurados: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
      [-] Datos restaurados: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
      [-] Datos restaurados: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
      [-] Datos restaurados: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
      [-] Datos restaurados: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
      [-] Datos restaurados: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
      [-] Datos restaurados: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
      [-] Llave eliminada: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
      [-] Llave eliminada: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
      [-] Llave eliminada: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
      [-] Llave eliminada: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
      [#] Llave eliminada al reiniciar: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
      [#] Llave eliminada al reiniciar: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
      [#] Llave eliminada al reiniciar: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
      [#] Llave eliminada al reiniciar: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]


      ***** [ Navegadores ] *****

      [-] [C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Eliminado: hxxp://www.amisites.com/?type=hp&ts=1484150519&z=3fb1412eb6d5a0fd48dc485g7zdb7z8gfwde7w6g1m&from=archer1028&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX
      [-] [C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Eliminado: hxxp://www.oursurfing.com/webfavicon.ico
      [-] [C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Eliminado: hxxp://www.amisites.com/?type=hp&ts=1484150519&z=3fb1412eb6d5a0fd48dc485g7zdb7z8gfwde7w6g1m&from=archer1028&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX


      *************************

      :: Llaves "Tracing" eliminadas
      :: Se han borrado los ajustes de Winsock

      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [21111 Bytes] - [07/01/2017 19:46:18]
      C:\AdwCleaner\AdwCleaner[C2].txt - [2464 Bytes] - [08/01/2017 21:48:07]
      C:\AdwCleaner\AdwCleaner[C3].txt - [6362 Bytes] - [13/01/2017 09:36:15]
      C:\AdwCleaner\AdwCleaner[S0].txt - [19867 Bytes] - [07/01/2017 19:39:38]
      C:\AdwCleaner\AdwCleaner[S1].txt - [2579 Bytes] - [08/01/2017 21:46:58]
      C:\AdwCleaner\AdwCleaner[S2].txt - [8766 Bytes] - [13/01/2017 09:26:56]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [6655 Bytes] ##########

    6. #6
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Re: Virus en Windows 10

      - Este es el log de FRST.txt:

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
      Ran by Tamara (administrator) on TAMARA (13-01-2017 09:45:14)
      Running from C:\Users\Tamara\Desktop
      Loaded Profiles: Tamara (Available Profiles: Tamara & sataj_000 & Invitado & DefaultAppPool)
      Platform: Windows 10 Home Version 1607 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Edge)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
      (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
      (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
      (Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
      (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
      (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
      (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
      (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
      (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
      (Microsoft Corporation) C:\Windows\System32\snmp.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
      (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
      (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
      (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
      (Intel Corporation) C:\Windows\System32\igfxext.exe
      (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
      (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
      (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
      (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
      HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-03] (Microsoft Corporation)
      HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
      HKLM-x32\...\Run: [LManager] => [X]
      HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-02-18] (Dritek System Inc.)
      HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
      HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
      HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2007-04-27] (Apple Inc.)
      Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\Run: [vm6] => C:\Users\Tamara\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-04-03] ()
      HKLM\...\Providers\m2yz90po: C:\Program Files (x86)\Soting Mapper\local64spl.dll
      ShellExecuteHooks: No Name - {9F757126-D0F0-11E6-86F5-64006A5CFC23} - C:\Users\Tamara\AppData\Roaming\Noguyplolersp\Nkghtthundom.dll -> No File
      ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
      ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
      ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
      ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2015-09-04]
      ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 62.81.16.213 62.81.29.254
      Tcpip\..\Interfaces\{4b20ec62-8f1e-49ed-8a41-f456602366d3}: [DhcpNameServer] 62.81.16.213 62.81.29.254

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_6/DaumActiveX.cab?ver=2,0,1,6

      Edge:
      ======
      Edge HomeButtonPage: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001 -> hxxp://www.amisites.com/?type=hp&ts=1484150519&z=3fb1412eb6d5a0fd48dc485g7zdb7z8gfwde7w6g1m&from=archer1028&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX

      FireFox:
      ========
      FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
      FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2013-09-19] (Fortinet Inc.)
      FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2013-09-19] (Fortinet Inc.)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
      FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-19] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR DefaultProfile: ChromeDefaultData
      CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
      CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=ef65f6aab9e3e4d6117172eg0z3b2cfbcg1ofo7maq&from=clc&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX&type=sp
      CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
      CHR Profile: C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION
      CHR Extension: (Google Drive) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-15]
      CHR Extension: (YouTube) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
      CHR Extension: (Búsqueda de Google) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
      CHR Extension: (Kamaleon) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kgfccimghpiogmikeacpganekfakkacm [2015-10-05]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-15]
      CHR Extension: (Gmail) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
      S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-01-10] (Microsoft Corporation)
      R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-01-24] (Acer Incorporated)
      R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.)
      S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
      R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
      R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
      R2 FortiSslvpnDaemon; C:\WINDOWS\SysWOW64\FortiSSLVPNdaemon.exe [954080 2013-09-19] (Fortinet Inc.)
      R2 iprip; C:\WINDOWS\System32\iprip.dll [35328 2017-01-10] (Microsoft Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
      S3 LxssManager; C:\WINDOWS\system32\lxss\LxssManager.dll [327168 2017-01-10] (Microsoft Corporation)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
      R2 MSLN; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\3082\NonSDKAddonLangVer.dll [373760 2017-01-09] () [File not signed]
      R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
      R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
      R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
      R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-02-18] (Dritek System INC.)
      R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2017-01-10] (Microsoft Corporation)
      R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [47104 2017-01-10] (Microsoft Corporation)
      S2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
      S2 WinSnare; C:\Users\Tamara\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-01-10] (InterSect Alliance Pty Ltd) [File not signed]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
      R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2014-08-30] (DT Soft Ltd)
      R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
      R0 lxss; C:\WINDOWS\System32\drivers\lxss.sys [15712 2017-01-10] (Microsoft Corporation)
      R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-11] (Malwarebytes)
      R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-13] (Malwarebytes)
      R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-13] (Malwarebytes)
      R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-13] (Malwarebytes)
      R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-13] (Malwarebytes)
      S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
      R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
      R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-02-18] (Dritek System Inc.)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
      S3 dbx; system32\DRIVERS\dbx.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)

      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-01-13 09:45 - 2017-01-13 09:45 - 00017116 _____ C:\Users\Tamara\Desktop\FRST.txt
      2017-01-13 09:44 - 2017-01-13 09:45 - 00000000 ____D C:\FRST
      2017-01-13 09:44 - 2017-01-13 09:44 - 02419200 _____ (Farbar) C:\Users\Tamara\Desktop\FRST64.exe
      2017-01-13 09:43 - 2017-01-13 09:43 - 02419200 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe
      2017-01-13 09:40 - 2017-01-13 09:40 - 00006778 _____ C:\Users\Tamara\Desktop\AdwCleaner[C3].txt
      2017-01-13 09:20 - 2017-01-13 09:20 - 03988944 _____ C:\Users\Tamara\Desktop\AdwCleaner.exe
      2017-01-13 00:49 - 2017-01-13 00:50 - 00415900 _____ C:\WINDOWS\Minidump\011317-29484-01.dmp
      2017-01-13 00:49 - 2017-01-13 00:49 - 00000000 ____D C:\WINDOWS\Minidump
      2017-01-12 17:35 - 2017-01-12 17:35 - 00000000 ____D C:\ProgramData\wintools
      2017-01-12 17:34 - 2017-01-12 17:34 - 00000000 ____D C:\Program Files (x86)\amuleC2
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Reciente
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Plantillas
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Mis documentos
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Menú Inicio
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Impresoras
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Entorno de red
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mis vídeos
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mis imágenes
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mi música
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Datos de programa
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Configuración local
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Historial
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Datos de programa
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Archivos temporales de Internet
      2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 ____D C:\Users\DefaultAppPool
      2017-01-11 22:43 - 2016-11-22 15:49 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
      2017-01-11 22:43 - 2016-10-03 03:56 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Olacarita
      2017-01-11 21:48 - 2017-01-13 09:39 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
      2017-01-11 21:48 - 2017-01-13 09:39 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
      2017-01-11 21:48 - 2017-01-13 09:39 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2017-01-11 21:48 - 2017-01-11 21:48 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
      2017-01-11 21:47 - 2017-01-11 21:47 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-01-11 21:47 - 2017-01-11 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-01-11 21:47 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
      2017-01-11 21:45 - 2017-01-11 21:46 - 54199488 _____ (Malwarebytes ) C:\Users\Tamara\Downloads\mb3-setup-consumer-3.0.5.1299.exe
      2017-01-11 19:49 - 2017-01-11 19:49 - 06777472 _____ (ESET spol. s r.o.) C:\Users\Tamara\Downloads\ESETOnlineScanner_ESL.exe
      2017-01-11 19:49 - 2017-01-11 19:49 - 00000000 ____D C:\Users\Tamara\AppData\Local\ESET
      2017-01-11 18:21 - 2017-01-11 18:24 - 00005486 _____ C:\Users\Tamara\Desktop\Rkill.txt
      2017-01-11 18:21 - 2017-01-11 18:21 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tamara\Downloads\iExplore.exe
      2017-01-11 18:11 - 2017-01-11 18:18 - 00000000 ____D C:\FSTool
      2017-01-11 18:11 - 2017-01-11 18:11 - 01599815 _____ C:\Users\Tamara\Downloads\IFS.exe
      2017-01-11 17:53 - 2017-01-11 17:53 - 04071152 _____ C:\Users\Tamara\Downloads\Doc 2 BLISS.pdf
      2017-01-11 17:53 - 2017-01-11 17:53 - 00287154 _____ C:\Users\Tamara\Downloads\CasoAUC 3.pdf
      2017-01-11 17:19 - 2017-01-11 17:19 - 00000000 ___HD C:\OneDriveTemp
      2017-01-11 17:10 - 2017-01-11 17:10 - 00000040 _____ C:\Program Files (x86)\settings.dat
      2017-01-11 17:10 - 2017-01-11 17:10 - 00000000 ____D C:\Program Files (x86)\reports
      2017-01-11 17:10 - 2017-01-11 17:10 - 00000000 _____ C:\Program Files (x86)\metadata
      2017-01-11 17:08 - 2017-01-13 09:35 - 00000000 ____D C:\WINDOWS\system32\log
      2017-01-11 17:07 - 2017-01-11 17:07 - 00000000 _____ C:\Users\Public\Documents\report.dat
      2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\Users\Tamara\AppData\Local\Bigflat
      2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\Program Files (x86)\Bigflat
      2017-01-11 17:02 - 2017-01-13 09:38 - 00000136 _____ C:\Users\Public\Documents\temp.dat
      2017-01-11 17:01 - 2017-01-11 17:01 - 00000386 _____ C:\WINDOWS\SysWOW64\data.bin
      2017-01-10 22:11 - 2017-01-10 22:11 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Baidu
      2017-01-10 21:15 - 2017-01-10 22:11 - 00003694 _____ C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
      2017-01-10 21:15 - 2017-01-10 21:15 - 00075248 _____ (Baidu, Inc.) C:\WINDOWS\system32\bdhookx64.dll
      2017-01-10 21:15 - 2017-01-10 21:15 - 00032752 _____ (Baidu, Inc.) C:\WINDOWS\SysWOW64\bdhookx86.dll
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\Users\Tamara\AppData\LocalLow\BAVData
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\ProgramData\Baidu Security
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\Program Files (x86)\Baidu Security
      2017-01-10 21:12 - 2017-01-10 21:17 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\BavMini
      2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\Users\Public\Documents\Baidu
      2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\ProgramData\Baidu
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ___SD C:\WINDOWS\system32\lxss
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\system32\msmq
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\system32\BestPractices
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\Program Files\Windows Identity Foundation
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\inetpub
      2017-01-10 15:34 - 2017-01-10 15:34 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\WinSnare
      2017-01-10 15:33 - 2017-01-10 15:33 - 00000000 ____D C:\Program Files (x86)\xogt8pbn
      2017-01-07 20:33 - 2017-01-07 20:33 - 00003340 _____ C:\WINDOWS\System32\Tasks\GridinSoft Anti-Malware
      2017-01-07 20:32 - 2017-01-08 21:49 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
      2017-01-07 20:32 - 2017-01-07 20:32 - 00000000 ____D C:\ProgramData\GridinSoft
      2017-01-07 19:24 - 2017-01-13 09:38 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      2017-01-07 19:23 - 2017-01-13 09:36 - 00000000 ____D C:\AdwCleaner
      2017-01-07 19:23 - 2017-01-07 19:23 - 00000000 ____D C:\Program Files\Malwarebytes
      2017-01-07 19:09 - 2017-01-07 19:09 - 00000472 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
      2017-01-07 19:09 - 2017-01-07 19:09 - 00000000 ____D C:\Users\Tamara\AppData\Local\UCBrowser
      2017-01-07 19:06 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files (x86)\Soting Mapper
      2017-01-07 19:05 - 2017-01-07 19:09 - 00000000 ____D C:\Program Files (x86)\UCBrowser
      2017-01-07 19:05 - 2017-01-07 19:05 - 00006122 _____ C:\WINDOWS\System32\Tasks\Thizigethiveph Cloud
      2017-01-07 19:04 - 2017-01-07 19:49 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Noguyplolersp
      2017-01-07 19:03 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files\C58VFKOLRA
      2017-01-07 19:03 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files\9P0RNAOMXN
      2017-01-07 19:03 - 2017-01-11 20:18 - 00000000 ____D C:\Program Files (x86)\Doghtcerqesh
      2017-01-07 19:03 - 2017-01-11 20:16 - 00000000 ____D C:\Program Files (x86)\baidu
      2017-01-07 19:03 - 2017-01-07 19:11 - 00000000 ____D C:\Users\Tamara\AppData\Local\Ghtryfmertion
      2017-01-07 19:02 - 2017-01-07 19:16 - 00000000 ____D C:\WINDOWS\system32\SSL
      2017-01-07 19:02 - 2017-01-07 19:02 - 00000000 _____ C:\TOSTACK
      2017-01-07 19:01 - 2017-01-07 19:01 - 00001361 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhromе.lnk
      2017-01-02 20:02 - 2017-01-02 20:02 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
      2017-01-02 20:02 - 2017-01-02 20:02 - 00000000 ___HD C:\ProgramData\CanonBJ
      2017-01-02 20:02 - 2017-01-02 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
      2017-01-02 20:02 - 2009-04-03 16:01 - 01321984 _____ (CANON INC.) C:\WINDOWS\system32\CNC560C.dll
      2017-01-02 20:02 - 2009-04-03 16:00 - 00092672 _____ (CANON INC.) C:\WINDOWS\system32\CNC560I.dll
      2017-01-02 20:02 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC560U.dll
      2017-01-02 20:02 - 2009-03-19 14:39 - 00328192 _____ (CANON INC.) C:\WINDOWS\system32\CNC560L.dll
      2017-01-02 20:02 - 2009-03-19 14:38 - 00303104 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC560L.dll
      2017-01-02 20:02 - 2009-02-16 12:19 - 00012800 _____ C:\WINDOWS\system32\CNC173ED.TBL
      2017-01-02 20:02 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
      2017-01-02 20:01 - 2017-01-02 20:01 - 00000000 ___HD C:\Program Files\CanonBJ
      2017-01-02 20:01 - 2010-06-03 15:10 - 00104448 _____ (Canon Inc.) C:\WINDOWS\system32\CNC560O.dll
      2017-01-02 20:01 - 2009-03-18 09:10 - 00244736 _____ (CANON INC.) C:\WINDOWS\system32\CNMIUA0.DLL
      2016-12-29 10:33 - 2016-12-29 17:55 - 00028868 _____ C:\Users\Tamara\Desktop\LA INSOPORTABLE LEVEDAD DEL SER.docx
      2016-12-28 11:20 - 2016-12-28 11:20 - 00197226 _____ C:\Users\Tamara\Desktop\SANDRA.pdf
      2016-12-27 13:53 - 2016-12-27 13:53 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arasuite
      2016-12-27 13:52 - 2016-12-27 13:52 - 63941632 _____ (ARASAAC) C:\Users\Tamara\Downloads\arasuite_windows_2_2_3.exe
      2016-12-27 13:47 - 2016-12-27 13:47 - 03155243 _____ C:\Users\Tamara\Downloads\Manual_AraWord_v2_2.pdf
      2016-12-27 13:13 - 2016-12-27 13:52 - 00000000 ____D C:\AraSuite
      2016-12-27 13:10 - 2016-12-27 13:26 - 00022261 _____ C:\Users\Tamara\Downloads\myslide.es_trabajo-la-insoportable-levedad-del-ser-milan-kundera.docx
      2016-12-26 18:06 - 2016-12-26 18:06 - 00029456 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys
      2016-12-21 19:34 - 2016-12-21 22:14 - 00000000 ____D C:\Users\Tamara\Desktop\MOVIL MAMA
      2016-12-16 16:00 - 2016-12-12 00:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2016-12-16 16:00 - 2016-12-12 00:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
      2016-12-16 12:40 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
      2016-12-16 12:40 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
      2016-12-16 12:40 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
      2016-12-16 12:40 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
      2016-12-16 12:40 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
      2016-12-16 12:40 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
      2016-12-16 12:40 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2016-12-16 12:40 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
      2016-12-16 12:40 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
      2016-12-16 12:40 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2016-12-16 12:40 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
      2016-12-16 12:40 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
      2016-12-16 12:40 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
      2016-12-16 12:40 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
      2016-12-16 12:40 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
      2016-12-16 12:40 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
      2016-12-16 12:40 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
      2016-12-16 12:40 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
      2016-12-16 12:40 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
      2016-12-16 12:40 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2016-12-16 12:40 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
      2016-12-16 12:40 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
      2016-12-16 12:40 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
      2016-12-16 12:40 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
      2016-12-16 12:40 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
      2016-12-16 12:40 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
      2016-12-16 12:40 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
      2016-12-16 12:40 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
      2016-12-16 12:40 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
      2016-12-16 12:40 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
      2016-12-16 12:40 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
      2016-12-16 12:40 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
      2016-12-16 12:40 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
      2016-12-16 12:40 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
      2016-12-16 12:40 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
      2016-12-16 12:40 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
      2016-12-16 12:40 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
      2016-12-16 12:40 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
      2016-12-16 12:40 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
      2016-12-16 12:40 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
      2016-12-16 12:40 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
      2016-12-16 12:40 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
      2016-12-16 12:40 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
      2016-12-16 12:40 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
      2016-12-16 12:40 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
      2016-12-16 12:40 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
      2016-12-16 12:40 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
      2016-12-16 12:40 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
      2016-12-16 12:40 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
      2016-12-16 12:40 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
      2016-12-16 12:40 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
      2016-12-16 12:40 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
      2016-12-16 12:40 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
      2016-12-16 12:40 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
      2016-12-16 12:40 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
      2016-12-16 12:40 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
      2016-12-16 12:40 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2016-12-16 12:40 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
      2016-12-16 12:40 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
      2016-12-16 12:40 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2016-12-16 12:40 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
      2016-12-16 12:40 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
      2016-12-16 12:40 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
      2016-12-16 12:40 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
      2016-12-16 12:40 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
      2016-12-16 12:40 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2016-12-16 12:40 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
      2016-12-16 12:40 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
      2016-12-16 12:40 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
      2016-12-16 12:40 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2016-12-16 12:40 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
      2016-12-16 12:40 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
      2016-12-16 12:40 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
      2016-12-16 12:40 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
      2016-12-16 12:40 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
      2016-12-16 12:40 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
      2016-12-16 12:40 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
      2016-12-16 12:40 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
      2016-12-16 12:40 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
      2016-12-16 12:40 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
      2016-12-16 12:40 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
      2016-12-16 12:40 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
      2016-12-16 12:40 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
      2016-12-16 12:39 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
      2016-12-16 12:39 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
      2016-12-16 12:39 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2016-12-16 12:39 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
      2016-12-16 12:39 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
      2016-12-16 12:39 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
      2016-12-16 12:39 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
      2016-12-16 12:39 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
      2016-12-16 12:39 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2016-12-16 12:39 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
      2016-12-16 12:39 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
      2016-12-16 12:39 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
      2016-12-16 12:39 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
      2016-12-16 12:39 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
      2016-12-16 12:39 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
      2016-12-16 12:39 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
      2016-12-16 12:39 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
      2016-12-16 12:39 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2016-12-16 12:39 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
      2016-12-16 12:39 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
      2016-12-16 12:39 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2016-12-16 12:39 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
      2016-12-16 12:39 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2016-12-16 12:39 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2016-12-16 12:39 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
      2016-12-16 12:39 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
      2016-12-16 12:39 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
      2016-12-16 12:39 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
      2016-12-16 12:39 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
      2016-12-16 12:39 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-01-13 09:37 - 2016-10-03 04:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-01-13 09:37 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
      2017-01-13 09:35 - 2013-12-03 21:30 - 00000000 __RDO C:\Users\Tamara\SkyDrive
      2017-01-13 01:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
      2017-01-13 00:52 - 2016-10-03 03:40 - 00000000 ____D C:\Users\Tamara
      2017-01-13 00:49 - 2016-10-03 03:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-01-13 00:49 - 2016-01-03 13:21 - 591671983 _____ C:\WINDOWS\MEMORY.DMP
      2017-01-12 22:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
      2017-01-11 17:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
      2017-01-11 17:05 - 2015-09-04 20:16 - 00002176 ____H C:\Users\Public\Desktop\Google Chrome.lnk
      2017-01-11 17:05 - 2015-07-21 15:58 - 00002246 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-01-10 20:24 - 2016-11-01 20:12 - 00000000 ____D C:\Users\Tamara\AppData\Local\Deployment
      2017-01-10 17:02 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
      2017-01-10 16:28 - 2016-07-16 23:40 - 00783722 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-01-10 16:28 - 2016-07-16 23:40 - 00166898 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-01-10 16:28 - 2015-08-07 09:49 - 01990838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-01-10 16:26 - 2015-08-28 19:09 - 00000282 __RSH C:\ProgramData\ntuser.pol
      2017-01-10 16:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
      2017-01-10 16:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
      2017-01-10 16:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
      2017-01-10 16:21 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
      2017-01-10 15:57 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
      2017-01-10 15:50 - 2016-10-03 04:20 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
      2017-01-10 15:50 - 2016-10-03 04:20 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
      2017-01-10 15:50 - 2016-07-16 12:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
      2017-01-10 15:50 - 2016-07-16 12:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
      2017-01-10 15:50 - 2016-07-16 12:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
      2017-01-10 15:50 - 2016-07-16 12:44 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
      2017-01-10 15:50 - 2016-07-16 12:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
      2017-01-10 15:50 - 2016-07-16 12:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
      2017-01-10 15:50 - 2016-07-16 12:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
      2017-01-10 15:50 - 2016-07-16 12:43 - 00107882 _____ C:\WINDOWS\system32\mib_ii.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00048593 _____ C:\WINDOWS\system32\hostmib.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00034317 _____ C:\WINDOWS\system32\msiprip2.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00030448 _____ C:\WINDOWS\system32\mcastmib.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00026236 _____ C:\WINDOWS\system32\wins.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00026100 _____ C:\WINDOWS\system32\lmmib2.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00022462 _____ C:\WINDOWS\system32\rfc2571.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00021271 _____ C:\WINDOWS\system32\http.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
      2017-01-10 15:50 - 2016-07-16 12:43 - 00015799 _____ C:\WINDOWS\system32\ipforwd.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00015032 _____ C:\WINDOWS\system32\authserv.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00014032 _____ C:\WINDOWS\system32\accserv.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00013767 _____ C:\WINDOWS\system32\msipbtp.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
      2017-01-10 15:50 - 2016-07-16 12:43 - 00006179 _____ C:\WINDOWS\system32\ftp.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00004597 _____ C:\WINDOWS\system32\dhcp.mib
      2017-01-10 15:50 - 2016-07-16 12:43 - 00004411 _____ C:\WINDOWS\system32\smi.mib
      2017-01-10 15:49 - 2016-10-28 16:21 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
      2017-01-10 15:49 - 2016-10-28 16:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
      2017-01-10 15:49 - 2016-10-28 16:14 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe
      2017-01-10 15:49 - 2016-10-28 16:14 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
      2017-01-10 15:49 - 2016-10-12 11:05 - 00791904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys
      2017-01-10 15:49 - 2016-07-16 12:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
      2017-01-10 15:49 - 2016-07-16 12:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
      2017-01-10 15:49 - 2016-07-16 12:44 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
      2017-01-10 15:49 - 2016-07-16 12:44 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
      2017-01-10 15:49 - 2016-07-16 12:44 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
      2017-01-10 15:49 - 2016-07-16 12:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
      2017-01-10 15:49 - 2016-07-16 12:44 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
      2017-01-10 15:49 - 2016-07-16 12:44 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
      2017-01-10 15:49 - 2016-07-16 12:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
      2017-01-10 15:49 - 2016-07-16 12:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00107882 _____ C:\WINDOWS\SysWOW64\mib_ii.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
      2017-01-10 15:49 - 2016-07-16 12:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
      2017-01-10 15:49 - 2016-07-16 12:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
      2017-01-10 15:49 - 2016-07-16 12:43 - 00048593 _____ C:\WINDOWS\SysWOW64\hostmib.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
      2017-01-10 15:49 - 2016-07-16 12:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprip.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00034317 _____ C:\WINDOWS\SysWOW64\msiprip2.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00030448 _____ C:\WINDOWS\SysWOW64\mcastmib.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00026236 _____ C:\WINDOWS\SysWOW64\wins.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00026100 _____ C:\WINDOWS\SysWOW64\lmmib2.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00022462 _____ C:\WINDOWS\SysWOW64\rfc2571.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00021271 _____ C:\WINDOWS\SysWOW64\http.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
      2017-01-10 15:49 - 2016-07-16 12:43 - 00015799 _____ C:\WINDOWS\SysWOW64\ipforwd.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00015032 _____ C:\WINDOWS\SysWOW64\authserv.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00014032 _____ C:\WINDOWS\SysWOW64\accserv.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00013767 _____ C:\WINDOWS\SysWOW64\msipbtp.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00006179 _____ C:\WINDOWS\SysWOW64\ftp.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00004597 _____ C:\WINDOWS\SysWOW64\dhcp.mib
      2017-01-10 15:49 - 2016-07-16 12:43 - 00004411 _____ C:\WINDOWS\SysWOW64\smi.mib
      2017-01-10 15:48 - 2016-07-16 12:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
      2017-01-10 15:48 - 2016-07-16 12:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
      2017-01-10 15:48 - 2016-07-16 12:44 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
      2017-01-10 15:48 - 2016-07-16 12:44 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
      2017-01-10 15:48 - 2016-07-16 12:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
      2017-01-10 15:48 - 2016-07-16 12:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
      2017-01-10 15:48 - 2016-07-16 12:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
      2017-01-10 15:48 - 2016-07-16 12:43 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll
      2017-01-10 15:48 - 2016-07-16 12:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
      2017-01-10 15:48 - 2016-07-16 12:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll
      2017-01-10 15:48 - 2016-07-16 12:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
      2017-01-10 15:48 - 2016-07-16 12:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
      2017-01-07 19:23 - 2014-04-08 09:13 - 00000000 ____D C:\ProgramData\Malwarebytes
      2017-01-07 19:04 - 2013-09-06 12:31 - 00000000 ____D C:\Program Files (x86)\VideoLAN
      2017-01-07 19:01 - 2013-10-30 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
      2017-01-07 18:56 - 2015-11-08 10:11 - 00000000 ____D C:\Users\Tamara\Desktop\curriculum
      2017-01-06 11:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
      2017-01-03 21:47 - 2014-02-15 11:47 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\RenPy
      2017-01-03 17:49 - 2016-01-02 11:58 - 00000000 ____D C:\Program Files (x86)\Canon
      2016-12-28 11:20 - 2013-12-03 14:33 - 00000000 ___RD C:\Users\Tamara\Documents
      2016-12-18 23:25 - 2016-11-16 22:15 - 00002119 _____ C:\Users\Public\Desktop\Google Slides.lnk
      2016-12-18 23:25 - 2016-11-16 22:15 - 00002117 _____ C:\Users\Public\Desktop\Google Sheets.lnk
      2016-12-18 23:25 - 2016-11-16 22:15 - 00002107 _____ C:\Users\Public\Desktop\Google Docs.lnk
      2016-12-18 23:25 - 2016-11-16 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    7. #7
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Re: Virus en Windows 10

      2016-12-18 19:43 - 2013-05-08 17:29 - 00000000 ___RD C:\Users\Tamara\Videos
      2016-12-17 16:48 - 2016-10-03 03:40 - 00524288 ___SH C:\Users\Tamara\NTUSER.DAT{b9c1c070-8919-11e6-a7fe-dbae71dacaf9}.TMContainer00000000000000000002.regtrans-ms
      2016-12-17 16:48 - 2016-10-03 03:40 - 00065536 ___SH C:\Users\Tamara\NTUSER.DAT{b9c1c070-8919-11e6-a7fe-dbae71dacaf9}.TM.blf
      2016-12-17 12:09 - 2016-10-03 04:25 - 00003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2016-12-17 12:09 - 2016-10-03 04:25 - 00003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2016-12-17 11:48 - 2016-10-03 06:17 - 00000174 ___SH C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
      2016-12-17 11:48 - 2015-08-07 10:10 - 00000000 ___RD C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      2016-12-17 11:48 - 2014-04-15 15:09 - 00000000 ___RD C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      2016-12-17 11:48 - 2013-12-03 14:33 - 00000000 ___RD C:\Users\Tamara\Favorites
      2016-12-17 11:48 - 2013-05-09 00:22 - 00000000 __RHD C:\Users\Public\AccountPictures
      2016-12-17 11:48 - 2013-05-08 17:32 - 00000402 ___SH C:\Users\Tamara\Documents\desktop.ini
      2016-12-17 11:48 - 2013-05-08 17:32 - 00000282 ___SH C:\Users\Tamara\Downloads\desktop.ini
      2016-12-17 11:48 - 2013-05-08 17:32 - 00000282 ___SH C:\Users\Tamara\Desktop\desktop.ini
      2016-12-17 11:48 - 2013-05-08 17:32 - 00000174 ___SH C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
      2016-12-17 11:48 - 2013-05-08 17:32 - 00000000 ___RD C:\Users\Tamara\Searches
      2016-12-17 11:48 - 2013-05-08 17:32 - 00000000 ___RD C:\Users\Tamara\Contacts
      2016-12-17 11:48 - 2013-05-08 17:29 - 00000000 ___RD C:\Users\Tamara\Saved Games
      2016-12-17 11:48 - 2013-05-08 17:29 - 00000000 ___RD C:\Users\Tamara\Pictures
      2016-12-17 11:48 - 2013-05-08 17:29 - 00000000 ___RD C:\Users\Tamara\Music
      2016-12-17 11:48 - 2013-05-08 17:29 - 00000000 ___RD C:\Users\Tamara\Links
      2016-12-16 16:01 - 2016-07-16 07:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
      2016-12-16 15:57 - 2016-10-03 03:31 - 05109632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2016-12-16 15:55 - 2016-10-03 03:31 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
      2016-12-16 15:55 - 2016-10-03 03:31 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
      2016-12-16 15:54 - 2016-07-16 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
      2016-12-16 15:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\config\TxR
      2016-12-16 15:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
      2016-12-16 15:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
      2016-12-16 15:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\wbem
      2016-12-16 15:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
      2016-12-16 15:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
      2016-12-16 15:53 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
      2016-12-16 15:53 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
      2016-12-16 15:53 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Boot
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppPatch
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Internet Explorer
      2016-12-16 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
      2016-12-16 15:52 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
      2016-12-16 15:50 - 2016-07-16 12:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
      2016-12-15 13:22 - 2013-08-16 12:06 - 00000000 ____D C:\WINDOWS\system32\MRT
      2016-12-15 13:17 - 2013-05-10 12:54 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

      ==================== Files in the root of some directories =======

      2017-01-11 17:10 - 2017-01-11 17:10 - 0000000 _____ () C:\Program Files (x86)\metadata
      2017-01-11 17:10 - 2017-01-11 17:10 - 0000040 _____ () C:\Program Files (x86)\settings.dat
      2015-10-27 20:14 - 2015-10-27 20:14 - 0000132 _____ () C:\Users\Tamara\AppData\Roaming\Adobe PNG Format CS5 Prefs
      2017-01-07 19:03 - 2017-01-07 19:03 - 0023622 _____ () C:\Users\Tamara\AppData\Roaming\aliexpress.ico
      2017-01-07 19:03 - 2017-01-07 19:03 - 0099678 _____ () C:\Users\Tamara\AppData\Roaming\booking.ico
      2014-10-12 21:47 - 2014-10-12 21:49 - 0000132 _____ () C:\Users\Tamara\AppData\Roaming\Prefs. de formato PNG de Adobe CC
      2014-12-29 02:59 - 2015-01-04 23:52 - 0000112 _____ () C:\Users\Tamara\AppData\Roaming\Prefs. de JP2K (CS6)
      2015-09-11 10:54 - 2015-10-11 13:54 - 0001456 _____ () C:\Users\Tamara\AppData\Local\Adobe Guardar para Web 11.0 Prefs
      2014-04-26 19:55 - 2015-03-17 13:57 - 0001456 _____ () C:\Users\Tamara\AppData\Local\Adobe Guardar para Web 13.0 Prefs
      2016-10-03 03:36 - 2016-10-03 03:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

      Files to move or delete:
      ====================
      C:\Users\Public\AlexaNSISPlugin.4600.dll


      Some files in TEMP:
      ====================
      C:\Users\Tamara\AppData\Local\Temp\insD33B.tmp.exe


      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-01-09 15:54

      ==================== End of FRST.txt ============================

      - Este el de Addition.txt:

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
      Ran by Tamara (13-01-2017 09:47:31)
      Running from C:\Users\Tamara\Desktop
      Windows 10 Home Version 1607 (X64) (2016-10-03 03:34:20)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1092262898-1068350818-2070891357-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-1092262898-1068350818-2070891357-503 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-1092262898-1068350818-2070891357-1005 - Limited - Enabled)
      Invitado (S-1-5-21-1092262898-1068350818-2070891357-501 - Limited - Disabled) => C:\Users\Invitado.Tamara
      sataj_000 (S-1-5-21-1092262898-1068350818-2070891357-1006 - Limited - Enabled) => C:\Users\sataj_000
      Tamara (S-1-5-21-1092262898-1068350818-2070891357-1001 - Administrator - Enabled) => C:\Users\Tamara

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
      2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E8178AD9-8146-4752-A006-A972CB9EDB8E}) (Version: - Microsoft)
      2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
      7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
      Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
      Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
      Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
      amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.1 - amuleC) <==== ATTENTION
      Arasuite 2.2.3 (HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\2572-4193-6166-1695) (Version: 2.2.3 - ARASAAC)
      Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
      Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.)
      ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
      Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
      Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
      Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
      Malwarebytes versión 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
      Microsoft Office 365 Hogar Premium - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 15.0.4420.1017 - Microsoft Corporation)
      Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6416.1000 - Microsoft Corporation)
      Microsoft Office Proofing (Spanish) 2007 (HKLM-x32\...\{90120000-002C-0C0A-0000-0000000FF1CE}) (Version: - )
      Microsoft OneDrive (HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version: - )
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: - )
      Nero 7.10.1.0 (HKLM-x32\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG)
      ODF Add-in for Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
      Office 15 Click-to-Run Licensing Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
      Photoshop CS5 Extended 12.0 (HKLM-x32\...\Photoshop CS5 Extended 12.0) (Version: - )
      QuickTime (HKLM-x32\...\{08094E03-AFE4-4853-9D31-6D0743DF5328}) (Version: 7.1.6.200 - Apple Computer, Inc.)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
      Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
      Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
      Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
      WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\ChromeHTML: -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.) <==== ATTENTION

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {04BADEC9-1615-4322-8E28-AC6628E01B78} - System32\Tasks\{D510D8A2-C897-4242-A658-152C72DA318C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/es/go/help.faq.installer?LastError=1638
      Task: {06ECAD3F-30CA-4D4C-9E1D-FCA0BB5C9496} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
      Task: {08935376-1832-41A1-B679-49608D0E6AC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
      Task: {0C0E359B-6381-41A0-9FC3-A64C0FE894CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {0F5C03CF-E9EF-4514-AFF7-4948C4DD7670} - System32\Tasks\{94F7C823-BC5E-4C84-8B6D-713754677F92} => pcalua.exe -a C:\Users\Tamara\Desktop\setup.exe -d C:\Users\Tamara\Desktop
      Task: {0FC063DD-E6C5-4370-8D3D-90E5B70A8EFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
      Task: {232C9172-4D81-49C1-9395-923104D5A618} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {2CAED19B-0C38-479A-A24A-54C5B2C34CC1} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19] (Microsoft Corporation)
      Task: {2D549C3D-2947-407E-BE22-281339EC3DED} - \cfr3011 -> No File <==== ATTENTION
      Task: {2E503DB6-E133-407A-883C-C9C4B9D26ADA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {31A40B05-6082-48F4-ADB3-6706E2AA65B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
      Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
      Task: {4224433E-78EE-4079-AE49-6815840A845A} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
      Task: {4C4C2827-81DB-48E6-A3BA-8D60D71AB3B8} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]
      Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
      Task: {4F123735-CBB1-4D55-9583-EBB9618FAF3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {52344B0A-0F3E-4166-B757-27623094D01B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {542A6DB7-895E-43F4-A1DE-BBAB650A0682} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1092262898-1068350818-2070891357-1001 -> No File <==== ATTENTION
      Task: {582539E5-64CA-4B01-B770-BF294A23D237} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Tamara\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
      Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
      Task: {5A48629D-A062-4991-8E00-6C46C080D9B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
      Task: {617EDAEC-1A91-407B-BDE3-D80137917B99} - \CCleanerSkipUAC -> No File <==== ATTENTION
      Task: {67B4EC3B-C9CA-462F-A43F-1983C53E1ECB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
      Task: {6C459B6C-CD4B-4E47-B9BA-A81E15BDBEA8} - System32\Tasks\{23212FEF-EF94-4A8D-8BB2-6C805D7A2895} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
      Task: {7A7D3051-5A92-416E-B854-CA6D78975A56} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
      Task: {84D2FF67-7D74-43CB-9065-B3EFD0928562} - System32\Tasks\{E06D8C29-18C1-4A04-A943-7D49D67F30EF} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/es/go/help.faq.installer?LastError=1638
      Task: {93076A4C-AEAA-48B7-B6E5-23133DB617A9} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
      Task: {95056E10-43A9-4CE2-B4ED-A9585829A23A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {97A973A5-4C8C-4BFB-99EB-AF4E0DCA7287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {A9643C64-4C3F-4697-B2D7-D96FF761DFD0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {AB6B1DFD-A35A-4B3F-9FC6-206D2533EB63} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {B4DA8C1C-3736-456A-BCD1-1078FEC912D1} - System32\Tasks\Thizigethiveph Cloud => C:\Program Files (x86)\Doghtcerqesh\bopersh.exe [2017-01-07] (Glarysoft Ltd)
      Task: {B79CCAFF-CFD7-4544-8029-EF86566B63E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {C066E39F-D300-4174-B6BF-576CD4D1AD18} - System32\Tasks\{E3C3617C-04C5-40DF-B6D7-922C3F4C4B7C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/ja/abandoninstall?page=tsMain
      Task: {C4189E1E-9FA6-45FA-9E21-474143479889} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
      Task: {C4AAB77B-E162-43C7-B378-D368C3A404F6} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
      Task: {D1A04F9C-DA65-4F88-9DF9-E9B2E3038273} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
      Task: {DCFBF951-8331-4948-94FD-EA5A645C9507} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\CountCalories.job => c:\programdata\{a28baca4-79f9-6d22-a28b-baca479fb291}\rld-sims4gtw.iso.exe-1436125144227.exe <==== ATTENTION
      Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      Shortcut: C:\Users\Tamara\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Еxрlorеr.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Вrowser.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\сhrоmе - Ассеsо dirесtо.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhromе.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)

      ==================== Loaded Modules (Whitelisted) ==============

      2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
      2016-12-16 12:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
      2013-05-19 15:57 - 2013-02-23 15:44 - 00377488 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
      2013-05-19 15:57 - 2013-03-16 11:53 - 00515752 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
      2013-05-19 15:57 - 2013-03-16 11:53 - 00608424 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
      2017-01-07 19:23 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
      2017-01-11 21:47 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-01-11 21:47 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
      2016-12-16 12:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
      2016-12-13 17:47 - 2016-12-13 17:47 - 01678560 _____ () C:\Users\Tamara\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
      2016-10-03 04:19 - 2016-10-03 04:19 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
      2016-12-16 12:40 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
      2016-11-09 11:13 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
      2016-11-09 11:14 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2016-11-09 11:14 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
      2016-11-09 11:14 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
      2016-11-09 11:14 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
      2016-11-09 11:14 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
      2016-12-16 12:08 - 2016-12-16 12:09 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      2016-12-16 12:08 - 2016-12-16 12:09 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2016-12-16 12:08 - 2016-12-16 12:09 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
      2016-12-16 12:08 - 2016-12-16 12:09 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
      2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
      2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
      2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
      2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
      2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
      2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
      2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
      2017-01-11 17:05 - 2017-01-09 03:31 - 00373760 _____ () c:\programdata\microsoft\phone tools\corecon\12.0\3082\nonsdkaddonlangver.dll
      2013-02-18 06:04 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
      AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\fnmt.es -> hxxp://fnmt.es
      IE trusted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\fnmt.es -> hxxps://fnmt.es
      IE trusted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\fnmt.gob.es -> hxxps://fnmt.gob.es
      IE trusted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\fnmt.gob.es -> hxxp://fnmt.gob.es
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\008i.com -> 008i.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\008k.com -> 008k.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\00hq.com -> 00hq.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0190-dialers.com -> 0190-dialers.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\01i.info -> 01i.info
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0411dd.com -> 0411dd.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0511zfhl.com -> 0511zfhl.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\05p.com -> 05p.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0632qyw.com -> 0632qyw.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0calories.net -> 0calories.net
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0cj.net -> 0cj.net
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\0scan.com -> 0scan.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\1-se.com -> 1-se.com
      IE restricted site: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\1001movie.com -> 1001movie.com

      There are 6083 more sites.

    8. #8
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Re: Virus en Windows 10

      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2012-07-26 06:26 - 2017-01-07 19:03 - 00002880 ____N C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 down.baidu2016.com
      127.0.0.1 123.sogou.com
      127.0.0.1 www.czzsyzgm.com
      127.0.0.1 www.czzsyzxl.com
      127.0.0.1 union.baidu2019.com
      127.0.0.1 down.baidu2016.com
      127.0.0.1 123.sogou.com
      127.0.0.1 www.czzsyzgm.com
      127.0.0.1 www.czzsyzxl.com
      127.0.0.1 union.baidu2019.com
      34.195.153.94 Google Analytics Solutions - Web Analytics & Marketing Measurement ? Google
      34.195.153.94 google-analytics.com
      34.195.153.94 mc.yandex.ru
      34.195.153.94 top-fwz1.mail.ru
      34.195.153.94 site.yandex.net
      34.195.153.94 pagead2.googlesyndication.com
      34.195.153.94 ad.mail.ru
      34.195.153.94 ads.adfox.ru
      34.195.153.94 ads.pubmatic.com
      34.195.153.94 apis.google.com
      34.195.153.94 autocontext.begun.ru
      34.195.153.94 b.scorecardresearch.com
      34.195.153.94 c.amazon-adsystem.com
      34.195.153.94 cdn.admixer.net
      34.195.153.94 cdn.cxense.com
      34.195.153.94 cdn.livefyre.com
      34.195.153.94 cdn.onthe.io
      34.195.153.94 cdn.optimizely.com
      34.195.153.94 cdn.prom.st
      34.195.153.94 cdn.pushwoosh.com

      There are 56 more lines.


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tamara\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{ef53cefa-0837-4931-9424-960b48d882c2}.jpg
      DNS Servers: 62.81.16.213 - 62.81.29.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [vm-monitoring-nb-session] => LPort=139
      FirewallRules: [{59741384-375E-444C-9267-C0909F5E806B}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
      FirewallRules: [{630A8DDE-DF27-4C73-B7A4-4786A7908312}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
      FirewallRules: [{3B49A2D2-605A-4D83-8A0F-DDD655883298}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
      FirewallRules: [{FA983565-DDC5-42D5-8563-60510FEAB90F}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
      FirewallRules: [{58CA03FD-87B5-4C88-AE86-D455BD2BF3B0}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
      FirewallRules: [{ED794E58-1529-4762-ACDB-33339E9F7616}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
      FirewallRules: [UDP Query User{AD9A0924-564C-439B-9101-19C582B0347B}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
      FirewallRules: [TCP Query User{07E03259-2234-497A-BF29-1D54A9A36654}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
      FirewallRules: [{E1B8D396-7296-4776-88F3-56D8B6C6D2DF}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{6C3E485B-288F-421A-8FAE-9EE06038256C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{2AD6010F-84A2-4F19-B035-6C578DE0D6CC}] => C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{74B56AB6-CCC3-41A5-88BF-B04FCD0E3B24}] => C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [UDP Query User{B45D0FD3-1F85-47B9-B98A-90C3D0108AB7}C:\users\tamara\appdata\roaming\utorrent\utorrent.exe] => C:\users\tamara\appdata\roaming\utorrent\utorrent.exe
      FirewallRules: [TCP Query User{DB90BE4D-8965-4DB0-A16B-EA3793460F67}C:\users\tamara\appdata\roaming\utorrent\utorrent.exe] => C:\users\tamara\appdata\roaming\utorrent\utorrent.exe
      FirewallRules: [{120D27EF-4A2B-49FE-8CD9-64C6F02D0EEF}] => C:\Windows\SysWOW64\muzapp.exe
      FirewallRules: [{72080F6F-EB1F-4E17-939D-59FAF080213E}] => C:\Windows\SysWOW64\muzapp.exe
      FirewallRules: [UDP Query User{AB60E9F8-F62D-49BD-853F-2E6EE03D1D9D}C:\users\tamara\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\tamara\appdata\roaming\dropbox\bin\dropbox.exe
      FirewallRules: [TCP Query User{89866D8D-2CEC-42E6-9B0E-C8265A9DD1EC}C:\users\tamara\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\tamara\appdata\roaming\dropbox\bin\dropbox.exe
      FirewallRules: [{96C2283B-8374-437E-97F5-5050E9B84A97}] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
      FirewallRules: [{54EF1D26-1E67-4317-862F-5309CF19152C}] => C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
      FirewallRules: [{B59D6F63-526A-43F7-AC5A-68F2144DCFEA}] => C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
      FirewallRules: [{CBBFE24F-E45D-4E8C-86D9-4D97C45DB44E}] => C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
      FirewallRules: [{E1D3865A-FA5A-4439-9598-9CAC55CE99B5}] => C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
      FirewallRules: [{8A15B875-CE7E-464D-95A3-6A25A121660C}] => C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
      FirewallRules: [{13675204-F2CE-46E9-83FB-26386A13CDCC}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [TCP Query User{6581AA37-85FC-4690-9DE2-2F7FCC602560}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
      FirewallRules: [UDP Query User{58087DD3-0648-4AC6-9447-84FD87998BF2}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
      FirewallRules: [TCP Query User{D6C426B5-2E19-4829-845D-122E8EDCEBCE}C:\users\tamara\appdata\roaming\utorrent\utorrent.exe] => C:\users\tamara\appdata\roaming\utorrent\utorrent.exe
      FirewallRules: [UDP Query User{7E7489D9-EB31-4013-B739-3EC856C17D1A}C:\users\tamara\appdata\roaming\utorrent\utorrent.exe] => C:\users\tamara\appdata\roaming\utorrent\utorrent.exe
      FirewallRules: [{BDEC91B4-AEAC-4DA5-9B05-A3FC803FB471}] => C:\Program Files (x86)\Max Driver Updater\maxdu.exe
      FirewallRules: [TCP Query User{569AACF7-D0F8-4185-88A1-0ECC426D0364}C:\program files (x86)\dgu\dgu\binaries\win64\dgu-win64-shipping.exe] => C:\program files (x86)\dgu\dgu\binaries\win64\dgu-win64-shipping.exe
      FirewallRules: [UDP Query User{9F8109ED-7A47-430C-94F5-F386250B85D2}C:\program files (x86)\dgu\dgu\binaries\win64\dgu-win64-shipping.exe] => C:\program files (x86)\dgu\dgu\binaries\win64\dgu-win64-shipping.exe
      FirewallRules: [{93132B38-A1F1-4C66-8ACB-B832DB7904FE}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{502C0C21-AF08-49A6-94B5-450B04CF3C25}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
      FirewallRules: [{38945AC4-40AB-4B22-A270-F58C927DFB66}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
      FirewallRules: [{A4B90F00-11B8-4126-B7BD-2C1029E3EC69}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
      FirewallRules: [SNMP-In-UDP] => %SystemRoot%\system32\snmp.exe
      FirewallRules: [SNMP-Out-UDP] => %SystemRoot%\system32\snmp.exe
      FirewallRules: [SNMP-In-UDP-NoScope] => %SystemRoot%\system32\snmp.exe
      FirewallRules: [SNMP-Out-UDP-NoScope] => %SystemRoot%\system32\snmp.exe
      FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
      FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
      FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
      FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
      FirewallRules: [{5EEB0501-6919-4EF2-8BA3-8731CCE0909C}] => C:\Program Files (x86)\Bigflat\Application\chrome.exe

      ==================== Restore Points =========================

      27-12-2016 12:12:08 Punto de control programado
      04-01-2017 21:22:55 Punto de control programado
      10-01-2017 15:40:14 Removed WinSnare
      11-01-2017 17:11:07 Removed amuleC

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (01/13/2017 09:39:16 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 10.0.14393.479, marca de tiempo: 0x58258a90
      Nombre del módulo con errores: windows.immersiveshell.serviceprovider.dll, versión: 10.0.14393.0, marca de tiempo: 0x57899873
      Código de excepción: 0x80270233
      Desplazamiento de errores: 0x0000000000033c25
      Identificador del proceso con errores: 0x13b0
      Hora de inicio de la aplicación con errores: 0x01d26d7874f5f5e3
      Ruta de acceso de la aplicación con errores: C:\WINDOWS\Explorer.EXE
      Ruta de acceso del módulo con errores: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
      Identificador del informe: daca00ed-95f2-4b3f-bd37-fef9d46f38db
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (01/13/2017 09:38:02 AM) (Source: WinSnare) (EventID: 104) (User: )
      Description: The initialization process failed.

      Error: (01/13/2017 09:37:54 AM) (Source: DbxSvc) (EventID: 320) (User: )
      Description: Failed to connect to the driver: (-2147024894) El sistema no puede encontrar el archivo especificado.

      Error: (01/13/2017 09:16:35 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)

      Error: (01/13/2017 12:52:48 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)

      Error: (01/13/2017 12:52:48 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)

      Error: (01/13/2017 12:52:48 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)

      Error: (01/13/2017 12:52:48 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)

      Error: (01/13/2017 12:52:48 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)

      Error: (01/13/2017 12:52:48 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
      Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

      Detalles:
      (HRESULT : 0x80040210) (0x80040210)


      System errors:
      =============
      Error: (01/13/2017 09:41:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
      Description: El servidor {784E29F4-5EBE-4279-9948-1E8FE941646D} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (01/13/2017 09:38:02 AM) (Source: SNMP) (EventID: 1500) (User: )
      Description: El servicio SNMP detectó un error al tener acceso a la clave del Registro SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

      Error: (01/13/2017 09:37:48 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
      Description: El servicio Themes depende del siguiente servicio: iThemes5. Este servicio podría no estar instalado.

      Error: (01/13/2017 09:37:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio MBAMService.

      Error: (01/13/2017 09:36:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Servicio SNMP no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio debido a un error en el inicio de sesión.

      Error: (01/13/2017 09:36:40 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
      Description: El servicio SNMP no se pudo iniciarse como NT AUTHORITY\SYSTEM con la contraseña configurada actualmente debido al siguiente error:
      Solicitud no compatible.


      Para asegurarse de que el servicio esté correctamente configurado, use el complemento Servicios en Microsoft Management Console (MMC).

      Error: (01/13/2017 09:36:10 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
      Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error:
      Ya se está ejecutando una instancia de este servicio.

      Error: (01/13/2017 09:35:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

      Error: (01/13/2017 09:35:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Instantáneas de volumen se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (01/13/2017 09:35:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.


      CodeIntegrity:
      ===================================
      Date: 2017-01-11 21:48:15.060
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-11 21:48:15.058
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-11 21:48:15.058
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-11 17:17:41.690
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

      Date: 2017-01-07 20:29:54.813
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-07 19:24:42.556
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-07 19:24:42.555
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-07 19:24:42.554
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-07 19:24:42.551
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-01-07 19:24:42.548
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
      Percentage of memory in use: 46%
      Total physical RAM: 3909.28 MB
      Available physical RAM: 2080.5 MB
      Total Virtual: 5637.28 MB
      Available Virtual: 3883.95 MB

      ==================== Drives ================================

      Drive c: (Acer) (Fixed) (Total:445.85 GB) (Free:322.89 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 465.8 GB) (Disk ID: FBC98EB6)

      Partition: GPT.

      ==================== End of Addition.txt ============================

      El ordenador me va muy lento, ya casi no me abre paginas web no deseadas, pero cada vez que busco o hago click en google me abre una pagina web.

      Gracias.

    9. #9
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      17.359

      Re: Virus en Windows 10

      Tu pc no debería de ir lento...debería de ni encender con la de infecciones que tiene.

      Al terminar te dare unas indicaciones para que trates de evitar esto, porque tienes de todo







      Realiza lo siguiente porfavor:

      En el equipo con los demas programas cerrados:
      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)
      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM-x32\...\Run: [LManager] => [X]
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\Run: [vm6] => C:\Users\Tamara\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-04-03] ()
      HKLM\...\Providers\m2yz90po: C:\Program Files (x86)\Soting Mapper\local64spl.dll
      ShellExecuteHooks: No Name - {9F757126-D0F0-11E6-86F5-64006A5CFC23} - C:\Users\Tamara\AppData\Roaming\Noguyplolersp\Nkghtthundom.dll -> No File
      C:\Users\Tamara\AppData\Roaming\Noguyplolersp
      C:\Program Files (x86)\Soting Mapper
      C:\Users\Tamara\AppData\Roaming\M6 Processing
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_6/DaumActiveX.cab?ver=2,0,1,6
      Edge HomeButtonPage: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001 -> hxxp://www.amisites.com/?type=hp&ts=1484150519&z=3fb1412eb6d5a0fd48dc485g7zdb7z8gfwde7w6g1m&from=archer1028&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX
      FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
      CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=ef65f6aab9e3e4d6117172eg0z3b2cfbcg1ofo7maq&from=clc&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX&type=sp
      CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
      CHR Profile: C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION
      S2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
      2017-01-12 17:35 - 2017-01-12 17:35 - 00000000 ____D C:\ProgramData\wintools
      2017-01-12 17:34 - 2017-01-12 17:34 - 00000000 ____D C:\Program Files (x86)\amuleC2
      2017-01-11 22:43 - 2016-10-03 03:56 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Olacarita
      2017-01-11 17:10 - 2017-01-11 17:10 - 00000000 _____ C:\Program Files (x86)\metadata
      2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\Users\Tamara\AppData\Local\Bigflat
      2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\Program Files (x86)\Bigflat
      2017-01-10 22:11 - 2017-01-10 22:11 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Baidu
      2017-01-10 21:15 - 2017-01-10 22:11 - 00003694 _____ C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
      2017-01-10 21:15 - 2017-01-10 21:15 - 00075248 _____ (Baidu, Inc.) C:\WINDOWS\system32\bdhookx64.dll
      2017-01-10 21:15 - 2017-01-10 21:15 - 00032752 _____ (Baidu, Inc.) C:\WINDOWS\SysWOW64\bdhookx86.dll
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\Users\Tamara\AppData\LocalLow\BAVData
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\ProgramData\Baidu Security
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\Program Files (x86)\Baidu Security
      2017-01-10 21:12 - 2017-01-10 21:17 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\BavMini
      2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\Users\Public\Documents\Baidu
      2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\ProgramData\Baidu
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\system32\BestPractices
      2017-01-10 15:34 - 2017-01-10 15:34 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\WinSnare
      2017-01-10 15:33 - 2017-01-10 15:33 - 00000000 ____D C:\Program Files (x86)\xogt8pbn
      2017-01-07 20:33 - 2017-01-07 20:33 - 00003340 _____ C:\WINDOWS\System32\Tasks\GridinSoft Anti-Malware
      2017-01-07 20:32 - 2017-01-08 21:49 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
      2017-01-07 20:32 - 2017-01-07 20:32 - 00000000 ____D C:\ProgramData\GridinSoft
      2017-01-07 19:09 - 2017-01-07 19:09 - 00000472 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
      2017-01-07 19:09 - 2017-01-07 19:09 - 00000000 ____D C:\Users\Tamara\AppData\Local\UCBrowser
      2017-01-07 19:06 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files (x86)\Soting Mapper
      2017-01-07 19:05 - 2017-01-07 19:09 - 00000000 ____D C:\Program Files (x86)\UCBrowser
      2017-01-07 19:05 - 2017-01-07 19:05 - 00006122 _____ C:\WINDOWS\System32\Tasks\Thizigethiveph Cloud
      2017-01-07 19:04 - 2017-01-07 19:49 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Noguyplolersp
      2017-01-07 19:03 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files\C58VFKOLRA
      2017-01-07 19:03 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files\9P0RNAOMXN
      2017-01-07 19:03 - 2017-01-11 20:18 - 00000000 ____D C:\Program Files (x86)\Doghtcerqesh
      2017-01-07 19:03 - 2017-01-11 20:16 - 00000000 ____D C:\Program Files (x86)\baidu
      2017-01-07 19:03 - 2017-01-07 19:11 - 00000000 ____D C:\Users\Tamara\AppData\Local\Ghtryfmertion
      C:\Users\Public\AlexaNSISPlugin.4600.dll
      C:\Users\Tamara\AppData\Local\Temp\insD33B.tmp.exe
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\ChromeHTML: -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.) <==== ATTENTION
      C:\Program Files (x86)\Bigflat
      Task: {0C0E359B-6381-41A0-9FC3-A64C0FE894CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {0FC063DD-E6C5-4370-8D3D-90E5B70A8EFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {232C9172-4D81-49C1-9395-923104D5A618} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIO
      Task: {2D549C3D-2947-407E-BE22-281339EC3DED} - \cfr3011 -> No File <==== ATTENTION
      Task: {2E503DB6-E133-407A-883C-C9C4B9D26ADA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {4224433E-78EE-4079-AE49-6815840A845A} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
      Task: {4C4C2827-81DB-48E6-A3BA-8D60D71AB3B8} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]
      Task: {4F123735-CBB1-4D55-9583-EBB9618FAF3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {52344B0A-0F3E-4166-B757-27623094D01B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {542A6DB7-895E-43F4-A1DE-BBAB650A0682} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1092262898-1068350818-2070891357-1001 -> No File <==== ATTENTION
      Task: {617EDAEC-1A91-407B-BDE3-D80137917B99} - \CCleanerSkipUAC -> No File <==== ATTENTION
      Task: {6C459B6C-CD4B-4E47-B9BA-A81E15BDBEA8} - System32\Tasks\{23212FEF-EF94-4A8D-8BB2-6C805D7A2895} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
      Task: {7A7D3051-5A92-416E-B854-CA6D78975A56} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
      Task: {95056E10-43A9-4CE2-B4ED-A9585829A23A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {97A973A5-4C8C-4BFB-99EB-AF4E0DCA7287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {A9643C64-4C3F-4697-B2D7-D96FF761DFD0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {AB6B1DFD-A35A-4B3F-9FC6-206D2533EB63} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {B79CCAFF-CFD7-4544-8029-EF86566B63E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {C4189E1E-9FA6-45FA-9E21-474143479889} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
      Task: {D1A04F9C-DA65-4F88-9DF9-E9B2E3038273} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
      Task: {DCFBF951-8331-4948-94FD-EA5A645C9507} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
      Task: C:\WINDOWS\Tasks\CountCalories.job => c:\programdata\{a28baca4-79f9-6d22-a28b-baca479fb291}\rld-sims4gtw.iso.exe-1436125144227.exe <==== ATTENTION
      Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
      Shortcut: C:\Users\Tamara\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Еxрlorеr.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Вrowser.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\сhrоmе - Ассеsо dirесtо.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhromе.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
      AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
       
      
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

      Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
      Ejecutas Frst.exe.

      Presionas el botón Fix y aguardas a que termine.
      La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      Me pegas el log Fixlog y luego seguimos con mas indicaciones y me comentas como va el pc por ahora
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de Tamara95
      Registrado
      ene 2017
      Ubicación
      España
      Mensajes
      10

      Re: Virus en Windows 10

      Buenos días!! Puff... pues espero poder solucionarlo >.<


      Ya he hecho lo que me pediste:

      Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
      Ran by Tamara (14-01-2017 10:29:49) Run:1
      Running from C:\Users\Tamara\Desktop
      Loaded Profiles: Tamara (Available Profiles: Tamara & sataj_000 & Invitado & DefaultAppPool)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM-x32\...\Run: [LManager] => [X]
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\Run: [vm6] => C:\Users\Tamara\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-04-03] ()
      HKLM\...\Providers\m2yz90po: C:\Program Files (x86)\Soting Mapper\local64spl.dll
      ShellExecuteHooks: No Name - {9F757126-D0F0-11E6-86F5-64006A5CFC23} - C:\Users\Tamara\AppData\Roaming\Noguyplolersp\Nkghtthundom.dll -> No File
      C:\Users\Tamara\AppData\Roaming\Noguyplolersp
      C:\Program Files (x86)\Soting Mapper
      C:\Users\Tamara\AppData\Roaming\M6 Processing
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_6/DaumActiveX.cab?ver=2,0,1,6
      Edge HomeButtonPage: HKU\S-1-5-21-1092262898-1068350818-2070891357-1001 -> hxxp://www.amisites.com/?type=hp&ts=1484150519&z=3fb1412eb6d5a0fd48dc485g7zdb7z8gfwde7w6g1m&from=archer1028&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX
      FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
      CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=ef65f6aab9e3e4d6117172eg0z3b2cfbcg1ofo7maq&from=clc&uid=HitachiXHTS545050A7E380_TEA55A3R1E3UUK1E3UUKX&type=sp
      CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
      CHR Profile: C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION
      S2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
      2017-01-12 17:35 - 2017-01-12 17:35 - 00000000 ____D C:\ProgramData\wintools
      2017-01-12 17:34 - 2017-01-12 17:34 - 00000000 ____D C:\Program Files (x86)\amuleC2
      2017-01-11 22:43 - 2016-10-03 03:56 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Olacarita
      2017-01-11 17:10 - 2017-01-11 17:10 - 00000000 _____ C:\Program Files (x86)\metadata
      2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\Users\Tamara\AppData\Local\Bigflat
      2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\Program Files (x86)\Bigflat
      2017-01-10 22:11 - 2017-01-10 22:11 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Baidu
      2017-01-10 21:15 - 2017-01-10 22:11 - 00003694 _____ C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
      2017-01-10 21:15 - 2017-01-10 21:15 - 00075248 _____ (Baidu, Inc.) C:\WINDOWS\system32\bdhookx64.dll
      2017-01-10 21:15 - 2017-01-10 21:15 - 00032752 _____ (Baidu, Inc.) C:\WINDOWS\SysWOW64\bdhookx86.dll
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\Users\Tamara\AppData\LocalLow\BAVData
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\ProgramData\Baidu Security
      2017-01-10 21:15 - 2017-01-10 21:15 - 00000000 ____D C:\Program Files (x86)\Baidu Security
      2017-01-10 21:12 - 2017-01-10 21:17 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\BavMini
      2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\Users\Public\Documents\Baidu
      2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\ProgramData\Baidu
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
      2017-01-10 16:21 - 2017-01-10 16:21 - 00000000 ____D C:\WINDOWS\system32\BestPractices
      2017-01-10 15:34 - 2017-01-10 15:34 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\WinSnare
      2017-01-10 15:33 - 2017-01-10 15:33 - 00000000 ____D C:\Program Files (x86)\xogt8pbn
      2017-01-07 20:33 - 2017-01-07 20:33 - 00003340 _____ C:\WINDOWS\System32\Tasks\GridinSoft Anti-Malware
      2017-01-07 20:32 - 2017-01-08 21:49 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
      2017-01-07 20:32 - 2017-01-07 20:32 - 00000000 ____D C:\ProgramData\GridinSoft
      2017-01-07 19:09 - 2017-01-07 19:09 - 00000472 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
      2017-01-07 19:09 - 2017-01-07 19:09 - 00000000 ____D C:\Users\Tamara\AppData\Local\UCBrowser
      2017-01-07 19:06 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files (x86)\Soting Mapper
      2017-01-07 19:05 - 2017-01-07 19:09 - 00000000 ____D C:\Program Files (x86)\UCBrowser
      2017-01-07 19:05 - 2017-01-07 19:05 - 00006122 _____ C:\WINDOWS\System32\Tasks\Thizigethiveph Cloud
      2017-01-07 19:04 - 2017-01-07 19:49 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Noguyplolersp
      2017-01-07 19:03 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files\C58VFKOLRA
      2017-01-07 19:03 - 2017-01-13 00:49 - 00000000 ____D C:\Program Files\9P0RNAOMXN
      2017-01-07 19:03 - 2017-01-11 20:18 - 00000000 ____D C:\Program Files (x86)\Doghtcerqesh
      2017-01-07 19:03 - 2017-01-11 20:16 - 00000000 ____D C:\Program Files (x86)\baidu
      2017-01-07 19:03 - 2017-01-07 19:11 - 00000000 ____D C:\Users\Tamara\AppData\Local\Ghtryfmertion
      C:\Users\Public\AlexaNSISPlugin.4600.dll
      C:\Users\Tamara\AppData\Local\Temp\insD33B.tmp.exe
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\...\ChromeHTML: -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.) <==== ATTENTION
      C:\Program Files (x86)\Bigflat
      Task: {0C0E359B-6381-41A0-9FC3-A64C0FE894CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {0FC063DD-E6C5-4370-8D3D-90E5B70A8EFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {232C9172-4D81-49C1-9395-923104D5A618} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIO
      Task: {2D549C3D-2947-407E-BE22-281339EC3DED} - \cfr3011 -> No File <==== ATTENTION
      Task: {2E503DB6-E133-407A-883C-C9C4B9D26ADA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {4224433E-78EE-4079-AE49-6815840A845A} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
      Task: {4C4C2827-81DB-48E6-A3BA-8D60D71AB3B8} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]
      Task: {4F123735-CBB1-4D55-9583-EBB9618FAF3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {52344B0A-0F3E-4166-B757-27623094D01B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {542A6DB7-895E-43F4-A1DE-BBAB650A0682} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1092262898-1068350818-2070891357-1001 -> No File <==== ATTENTION
      Task: {617EDAEC-1A91-407B-BDE3-D80137917B99} - \CCleanerSkipUAC -> No File <==== ATTENTION
      Task: {6C459B6C-CD4B-4E47-B9BA-A81E15BDBEA8} - System32\Tasks\{23212FEF-EF94-4A8D-8BB2-6C805D7A2895} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
      Task: {7A7D3051-5A92-416E-B854-CA6D78975A56} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
      Task: {95056E10-43A9-4CE2-B4ED-A9585829A23A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {97A973A5-4C8C-4BFB-99EB-AF4E0DCA7287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {A9643C64-4C3F-4697-B2D7-D96FF761DFD0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {AB6B1DFD-A35A-4B3F-9FC6-206D2533EB63} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {B79CCAFF-CFD7-4544-8029-EF86566B63E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {C4189E1E-9FA6-45FA-9E21-474143479889} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
      Task: {D1A04F9C-DA65-4F88-9DF9-E9B2E3038273} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
      Task: {DCFBF951-8331-4948-94FD-EA5A645C9507} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
      Task: C:\WINDOWS\Tasks\CountCalories.job => c:\programdata\{a28baca4-79f9-6d22-a28b-baca479fb291}\rld-sims4gtw.iso.exe-1436125144227.exe <==== ATTENTION
      Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
      Shortcut: C:\Users\Tamara\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ?x?lor?r.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rnet ???l?r?r ?rowser.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?hr?m? - ????s? dir??t?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hrom?.lnk -> C:\Users\Tamara\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
      Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bigflat\Application\chrome.exe (Google Inc.)
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
      AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]


      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Microsoft\Windows\CurrentVersion\Run\\vm6 => value removed successfully
      HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\m2yz90po => key removed successfully
      HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order m2yz90po => removed successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{9F757126-D0F0-11E6-86F5-64006A5CFC23} => value removed successfully
      HKCR\CLSID\{9F757126-D0F0-11E6-86F5-64006A5CFC23} => key not found.
      C:\Users\Tamara\AppData\Roaming\Noguyplolersp => moved successfully
      C:\Program Files (x86)\Soting Mapper => moved successfully
      C:\Users\Tamara\AppData\Roaming\M6 Processing => moved successfully
      C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
      C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
      C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} => key removed successfully
      HKCR\Wow6432Node\CLSID\{B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} => key not found.
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
      HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
      Chrome DefaultSearchURL => removed successfully
      Chrome DefaultSearchKeyword => removed successfully
      C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
      HKLM\System\CurrentControlSet\Services\Themes\\DependOnService => value removed successfully
      C:\ProgramData\wintools => moved successfully
      C:\Program Files (x86)\amuleC2 => moved successfully
      C:\Users\DefaultAppPool\AppData\Local\Olacarita => moved successfully
      C:\Program Files (x86)\metadata => moved successfully
      C:\Users\Tamara\AppData\Local\Bigflat => moved successfully
      C:\Program Files (x86)\Bigflat => moved successfully
      C:\Users\Tamara\AppData\Roaming\Baidu => moved successfully
      C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => moved successfully
      C:\WINDOWS\system32\bdhookx64.dll => moved successfully
      C:\WINDOWS\SysWOW64\bdhookx86.dll => moved successfully
      C:\Users\Tamara\AppData\LocalLow\BAVData => moved successfully
      C:\ProgramData\Baidu Security => moved successfully
      C:\Program Files (x86)\Baidu Security => moved successfully
      C:\Users\Tamara\AppData\Roaming\BavMini => moved successfully
      C:\Users\Public\Documents\Baidu => moved successfully
      C:\ProgramData\Baidu => moved successfully
      C:\WINDOWS\SysWOW64\BestPractices => moved successfully
      C:\WINDOWS\system32\BestPractices => moved successfully
      C:\Users\Tamara\AppData\Roaming\WinSnare => moved successfully
      C:\Program Files (x86)\xogt8pbn => moved successfully
      C:\WINDOWS\System32\Tasks\GridinSoft Anti-Malware => moved successfully
      C:\Program Files\GridinSoft Anti-Malware => moved successfully
      C:\ProgramData\GridinSoft => moved successfully
      C:\WINDOWS\Tasks\UCBrowserUpdater.job => moved successfully
      C:\Users\Tamara\AppData\Local\UCBrowser => moved successfully
      "C:\Program Files (x86)\Soting Mapper" => not found.
      C:\Program Files (x86)\UCBrowser => moved successfully
      C:\WINDOWS\System32\Tasks\Thizigethiveph Cloud => moved successfully
      "C:\Users\Tamara\AppData\Roaming\Noguyplolersp" => not found.
      C:\Program Files\C58VFKOLRA => moved successfully
      C:\Program Files\9P0RNAOMXN => moved successfully
      C:\Program Files (x86)\Doghtcerqesh => moved successfully
      C:\Program Files (x86)\baidu => moved successfully
      C:\Users\Tamara\AppData\Local\Ghtryfmertion => moved successfully
      C:\Users\Public\AlexaNSISPlugin.4600.dll => moved successfully
      C:\Users\Tamara\AppData\Local\Temp\insD33B.tmp.exe => moved successfully
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001_Classes\ChromeHTML => key removed successfully
      "C:\Program Files (x86)\Bigflat" => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C0E359B-6381-41A0-9FC3-A64C0FE894CA} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C0E359B-6381-41A0-9FC3-A64C0FE894CA} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FC063DD-E6C5-4370-8D3D-90E5B70A8EFB} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FC063DD-E6C5-4370-8D3D-90E5B70A8EFB} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{232C9172-4D81-49C1-9395-923104D5A618} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{232C9172-4D81-49C1-9395-923104D5A618} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D549C3D-2947-407E-BE22-281339EC3DED} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D549C3D-2947-407E-BE22-281339EC3DED} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cfr3011 => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E503DB6-E133-407A-883C-C9C4B9D26ADA} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E503DB6-E133-407A-883C-C9C4B9D26ADA} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4224433E-78EE-4079-AE49-6815840A845A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4224433E-78EE-4079-AE49-6815840A845A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C4C2827-81DB-48E6-A3BA-8D60D71AB3B8} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C4C2827-81DB-48E6-A3BA-8D60D71AB3B8} => key removed successfully
      C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F123735-CBB1-4D55-9583-EBB9618FAF3A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F123735-CBB1-4D55-9583-EBB9618FAF3A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52344B0A-0F3E-4166-B757-27623094D01B} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52344B0A-0F3E-4166-B757-27623094D01B} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{542A6DB7-895E-43F4-A1DE-BBAB650A0682} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{542A6DB7-895E-43F4-A1DE-BBAB650A0682} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1092262898-1068350818-2070891357-1001 => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{617EDAEC-1A91-407B-BDE3-D80137917B99} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617EDAEC-1A91-407B-BDE3-D80137917B99} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C459B6C-CD4B-4E47-B9BA-A81E15BDBEA8} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C459B6C-CD4B-4E47-B9BA-A81E15BDBEA8} => key removed successfully
      C:\WINDOWS\System32\Tasks\{23212FEF-EF94-4A8D-8BB2-6C805D7A2895} => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{23212FEF-EF94-4A8D-8BB2-6C805D7A2895} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A7D3051-5A92-416E-B854-CA6D78975A56} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A7D3051-5A92-416E-B854-CA6D78975A56} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Core => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95056E10-43A9-4CE2-B4ED-A9585829A23A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95056E10-43A9-4CE2-B4ED-A9585829A23A} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97A973A5-4C8C-4BFB-99EB-AF4E0DCA7287} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97A973A5-4C8C-4BFB-99EB-AF4E0DCA7287} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9643C64-4C3F-4697-B2D7-D96FF761DFD0} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9643C64-4C3F-4697-B2D7-D96FF761DFD0} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB6B1DFD-A35A-4B3F-9FC6-206D2533EB63} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB6B1DFD-A35A-4B3F-9FC6-206D2533EB63} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B79CCAFF-CFD7-4544-8029-EF86566B63E8} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B79CCAFF-CFD7-4544-8029-EF86566B63E8} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4189E1E-9FA6-45FA-9E21-474143479889} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4189E1E-9FA6-45FA-9E21-474143479889} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1A04F9C-DA65-4F88-9DF9-E9B2E3038273} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1A04F9C-DA65-4F88-9DF9-E9B2E3038273} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCFBF951-8331-4948-94FD-EA5A645C9507} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCFBF951-8331-4948-94FD-EA5A645C9507} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
      C:\WINDOWS\Tasks\CountCalories.job => moved successfully
      C:\WINDOWS\Tasks\UCBrowserUpdater.job => not found.
      C:\Users\Tamara\Favorites\Acer\Acer.lnk => moved successfully
      "C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ?x?lor?r.lnk" => Could not move.
      C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully
      "C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk" => Could not move.
      "C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rnet ???l?r?r ?rowser.lnk" => Could not move.
      "C:\Users\Tamara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?hr?m? - ????s? dir??t?.lnk" => Could not move.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
      "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hrom?.lnk" => Could not move.
      C:\Users\Public\Desktop\Google Chrome.lnk => moved successfully
      C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
      C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully.
      C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully.
      C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1092262898-1068350818-2070891357-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 3 mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet Ethernet:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de *rea local* 3:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Wi-Fi:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::4478:8b9:a542:972e%13
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.13
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.0.1

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      {D3E58CC3-866C-4B2F-A119-EE236AE6E68A} canceled.
      1 out of 1 jobs canceled.

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 32768 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 270989900 B
      Java, Flash, Steam htmlcache => 84344 B
      Windows/system/drivers => 4181 B
      Edge => 497098817 B
      Chrome => 0 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 0 B
      systemprofile32 => 0 B
      LocalService => 14010 B
      NetworkService => 39569514 B
      Tamara => 41261350 B
      sataj_000 => 168683 B
      Invitado.Tamara => 3120 B
      DefaultAppPool => 0 B

      RecycleBin => 0 B
      EmptyTemp: => 809.9 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 10:37:13 ====

      Ya me funciona el Word, no me va lento, me deja meterme al Gmail, ya no me salen paginas web no deseadas pero el Windows Defender me sigue poniendo la directiva de grupo desactivó esta aplicación.

    Página 1 de 2 12 ÚltimoÚltimo