• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    Problema de malware en Chrome, windos 10.(Solucionado)

    Buen día, mi problema es el siguiente, cuando inicio el navegador Chrome me aparece una ventana de error, donde dice lo siguiente... "Error al cargar la extensión desde: C:\Users\usuario\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk. Falta el archive de manifiesto o ...

          
    1. #1
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Malware Problema de malware en Chrome, windos 10.(Solucionado)

      Buen día, mi problema es el siguiente, cuando inicio el navegador Chrome me aparece una ventana de error, donde dice lo siguiente...

      "Error al cargar la extensión desde:
      C:\Users\usuario\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk.
      Falta el archive de manifiesto o no se puede leer.

      Presiono en aceptar, abre Chrome pero en una pagina distinta a las que tengo establecidas, la pagina que abre es "FUNNY COLLECTIONS" abro otra pestaña y puedo trabajar sin problemas en el navegador, pero es molesto el que siempre que abro el navegador Chrome, me aparezca dicho mensaje y abra la pagina antes mencionada....
      espero y puedan apoyarme, ya le pasé malwalrebytes, CCLeaner y continua haciendo lo mismo...

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.192

      Re: Problema de malware en Chrome, windos 10

      Buenas pibextreme. al Foro.

      Temas que interesa revisar y leer :

      Consejos para antes de publicar un nuevo mensaje.

      Políticas del Foro de InfoSpyware.

      Políticas Foro Oficial de HijackThis en español.

      ¿Cómo subir imágenes al Foro? *TUTORIAL*
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Por favor, pon el informe de Malwarebytes para analizarlo y poder darte otros pasos a seguir.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Re: Problema de malware en Chrome, windos 10

      Muchas gracias por su pronta atención, a continuación te dejo el informe del malware que arrojó el día que lo hice..

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 15/2/17
      Hora del análisis: 10:41
      Archivo de registro: informe MWB.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.0.6.1469
      Versión de los componentes: 1.0.50
      Versión del paquete de actualización: 1.0.1270
      Licencia: Premium

      -Información del sistema-
      SO: Windows 10
      CPU: x86
      Sistema de archivos: NTFS
      Usuario: DESKTOP-LRUVPLV\Pibextreme

      -Resumen del análisis-
      Tipo de análisis: Análisis personalizado
      Resultado: Completado
      Objetos analizados: 187504
      Tiempo transcurrido: 4 hr, 39 min, 26 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 1
      Adware.Elex, C:\SYSTEM VOLUME INFORMATION\_RESTORE{B50E231D-F502-4213-AE96-02DEC58D7B1C}\RP1271\A0152691.EXE, En cuarentena, [1032], [356383],1.0.1270

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

    4. #4
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.192

      Re: Problema de malware en Chrome, windos 10

      Perfecto y ahora para revisar tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

      Paso 1.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras realizamos TODOS los pasos.

      Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


      Una vez descargadas, desconectas tu equipo de Internet(apaga el router) << Muy Importante, y Cierras también cualquier otro programa que tengas abierto.

      Paso 2.- Ejecutas las herramientas de una en una y en el orden indicado :

      Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador") para Todos los programas.
      CCleaner.-
      • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
      • Úsalo primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

      AdwCleaner.-
      • Ejecuta Adwcleaner.exe.
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\Program Files(x86)\AdwCleaner\AdwCleaner[C1].txt"

      Junkware Removal Tool.-
      • Ejecuta JRT.exe.
      • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
      • Si en algún momento te pide Reiniciar hazlo.
      • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

      Farbar Recovery Scan Tool.-
      • Ejecuta FRST.exe.
      • En el mensaje de la ventana del Disclaimer, pulsamos Yes.
      • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el análisis.
      • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

      Paso 3.- Poner los informes en tu próxima respuesta de :

      • AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.


      Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Re: Problema de malware en Chrome, windos 10

      Eres el capo de capos.... mi navegador funciona a la perfección, ya no aparece el msj antes descrito y ya abre las paginas que yo establecí de inicio...
      De antemano muchísimas gracias, te dejo los reportes que arrojaron los programas....
      saludos.
      PD.- crees que sea buena idea dar por solucionado el tema o esperamos un tiempo, (Días) para verificar que realmente siga funcionando de 10?


      # AdwCleaner v6.043 - Archivo de registro creado 17/02/2017 en 10:43:54
      # Actualizado en 27/01/2017 por Malwarebytes
      # Base de datos : 2017-01-27.1 [Local]
      # Sistema Operativo : Windows 10 Pro (X86)
      # Nombre de usuario : Pibextreme - DESKTOP-LRUVPLV
      # Ejecutado desde : C:\Users\Pibextreme\Desktop\AdwCleaner.exe
      # Modo: Limpiar
      # Soporte : https://www.malwarebytes.com/support



      ***** [ Servicios ] *****

      [-] Servicio eliminado: ucdrv


      ***** [ Carpetas ] *****

      [-] Carpeta eliminada: C:\Program Files\WinSnare(4.1.0)
      [-] Carpeta eliminada: C:\Users\Pibextreme\AppData\Roaming\mipony
      [-] Carpeta eliminada: C:\Users\Pibextreme\AppData\Roaming\PRO PC Cleaner
      [-] Carpeta eliminada: C:\Users\Pibextreme\Documents\vShare
      [-] Carpeta eliminada: C:\ProgramData\ByteFence
      [-] Carpeta eliminada: C:\Program Files\DPower
      [-] Carpeta eliminada: C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Tencent
      [#] Carpeta eliminada al reiniciar: C:\Program Files\DPower
      [-] Carpeta eliminada: C:\WINDOWS\system32\SSL


      ***** [ Archivos ] *****

      [-] Archivo eliminado: C:\Users\Pibextreme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
      [-] Archivo eliminado: C:\END
      [-] Archivo eliminado: C:\TOSTACK
      [-] Archivo eliminado: C:\WINDOWS\rsrcs.dll


      ***** [ DLL ] *****



      ***** [ WMI ] *****



      ***** [ Accesos directos ] *****

      [-] Acceso directo desinfectado: C:\Users\Public\Desktop\Google Chrome.lnk
      [-] Acceso directo desinfectado: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      [-] Acceso directo desinfectado: C:\Users\Pibextreme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
      [-] Acceso directo desinfectado: C:\Users\Pibextreme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


      ***** [ Tareas programadas ] *****

      [-] Tarea eliminada: Microsoft\Windows\Multimedia\Manager


      ***** [ Registro ] *****

      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
      [-] Llave eliminada: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
      [-] Llave eliminada: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
      [-] Llave eliminada: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
      [-] Llave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
      [-] Llave eliminada: HKU\.DEFAULT\Software\b`nl{y
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\ByteFence
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\Installer
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\PC
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\AutoTime
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\Event Monitor
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\SNDA
      [-] Llave eliminada: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\VDI
      [#] Llave eliminada al reiniciar: HKU\S-1-5-18\Software\b`nl{y
      [#] Llave eliminada al reiniciar: HKCU\Software\ByteFence
      [#] Llave eliminada al reiniciar: HKCU\Software\Installer
      [#] Llave eliminada al reiniciar: HKCU\Software\PC
      [#] Llave eliminada al reiniciar: HKCU\Software\AutoTime
      [#] Llave eliminada al reiniciar: HKCU\Software\Event Monitor
      [#] Llave eliminada al reiniciar: HKCU\Software\SNDA
      [#] Llave eliminada al reiniciar: HKCU\Software\VDI
      [-] Llave eliminada: HKLM\SOFTWARE\ByteFence
      [-] Llave eliminada: HKLM\SOFTWARE\Jawego
      [-] Llave eliminada: HKLM\SOFTWARE\PC
      [-] Llave eliminada: HKLM\SOFTWARE\Event Monitor
      [-] Llave eliminada: HKLM\SOFTWARE\b`nl{y
      [-] Llave eliminada: HKLM\SOFTWARE\WMPNetworkAcSvc
      [-] Llave eliminada: HKLM\SOFTWARE\InterSect Alliance
      [-] Llave eliminada: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
      [-] Llave eliminada: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
      [-] Valor borrado: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [apphide]
      [-] Valor borrado: HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [svchost0]
      [-] Llave eliminada: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
      [-] Llave eliminada: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [KuaiZip Shell Extension]
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
      [-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
      [-] Llave eliminada: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
      [-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PRO PC Cleaner
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
      [-] Llave eliminada: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSnare]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
      [-] Valor borrado: HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
      [-] Valor borrado: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
      [-] Llave eliminada: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe


      ***** [ Navegadores ] *****



      *************************

      :: Llaves "Tracing" eliminadas
      :: Se han borrado los ajustes de Winsock

      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [8363 Bytes] - [17/02/2017 10:43:54]
      C:\AdwCleaner\AdwCleaner[S0].txt - [8591 Bytes] - [17/02/2017 10:43:18]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8509 Bytes] ##########


      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.0 (12.05.2016)
      Operating System: Windows 10 Pro x86
      Ran by Pibextreme (Administrator) on 17/02/2017 at 10:50:46.89
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 3

      Failed to delete: C:\ProgramData\productdata (Folder)
      Failed to delete: C:\Users\Public\thunder network (Folder)
      Successfully deleted: C:\ProgramData\thunder network (Folder)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 17/02/2017 at 10:54:45.09
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    6. #6
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Re: Problema de malware en Chrome, windos 10

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2017 02
      Ran by Pibextreme (administrator) on DESKTOP-LRUVPLV (17-02-2017 10:55:33)
      Running from C:\Users\Pibextreme\Desktop
      Loaded Profiles: Pibextreme (Available Profiles: Pibextreme)
      Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Edge)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
      (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
      (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
      (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
      HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd)
      HKLM\...\Providers\uccs53rf: C:\Program Files\Grotersp Mapper\local32spl.dll
      ShellExecuteHooks: No Name - {B7F52870-EABC-11E6-A3B1-64006A5CFC23} - -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
      Tcpip\..\Interfaces\{8c2e0c80-0f84-4c6d-8c14-5240f750df94}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{8c2e0c80-0f84-4c6d-8c14-5240f750df94}: [DhcpNameServer] 192.168.1.254 192.168.1.254

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
      BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
      Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
      Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
      Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe

      FireFox:
      ========
      FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR StartupUrls: Default -> "hxxps://es-la.facebook.com/","chrome-search://local-ntp/local-ntp.html"
      CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
      CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
      CHR Profile: C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
      CHR Extension: (Diapositivas de Google) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-15]
      CHR Extension: (Google Docs) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-15]
      CHR Extension: (Google Drive) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-15]
      CHR Extension: (YouTube) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-15]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-16]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15]
      CHR Extension: (Gmail) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-15]
      CHR Extension: (Chrome Media Router) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2541248 2016-12-28] (Microsoft Corporation)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
      R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
      R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
      R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
      R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
      S2 edcaffdabdffVIA; rundll32.exe "C:\Program Files\2e6723623062dc8a20ff632dabd11ff7\edcaffdabdffVIA.dll",soeasy [X]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 akshasp; C:\WINDOWS\System32\drivers\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.)
      S3 akspccard; C:\WINDOWS\System32\drivers\akspccard.sys [16640 2006-10-23] (Aladdin Knowledge Systems)
      S3 aksusb; C:\WINDOWS\System32\drivers\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
      R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59976 2017-01-20] ()
      S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
      R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-02-07] (REALiX(tm))
      R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [152512 2017-02-17] (Malwarebytes)
      R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [94656 2017-02-17] (Malwarebytes)
      R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-02-17] (Malwarebytes)
      R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219584 2017-02-17] (Malwarebytes)
      R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [73672 2017-02-17] (Malwarebytes)
      S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
      R3 PciPPorts; C:\WINDOWS\system32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
      S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [23552 2014-08-08] (The OpenVPN Project)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
      R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-06-22] (VIA Technologies, Inc.)
      S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
      S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
      R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
      S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
      S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X]
      S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [X]
      U5 PciIsaSerial; C:\Windows\System32\Drivers\PciIsaSerial.sys [65536 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
      U5 PciSPorts; C:\Windows\System32\Drivers\PciSPorts.sys [115200 2008-12-19] ()

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-02-17 10:55 - 2017-02-17 10:56 - 00012106 _____ C:\Users\Pibextreme\Desktop\FRST.txt
      2017-02-17 10:55 - 2017-02-17 10:55 - 00000000 ____D C:\FRST
      2017-02-17 10:54 - 2017-02-17 10:54 - 00000732 _____ C:\Users\Pibextreme\Desktop\JRT.txt
      2017-02-17 10:49 - 2017-02-17 10:49 - 00008591 _____ C:\Users\Pibextreme\Desktop\AdwCleaner[C0].txt
      2017-02-17 10:47 - 2017-02-17 10:47 - 00329864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-02-17 10:41 - 2017-02-17 10:43 - 00000000 ____D C:\AdwCleaner
      2017-02-17 10:28 - 2017-02-17 10:28 - 00001077 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-02-17 10:28 - 2017-02-17 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-02-17 10:28 - 2017-02-17 10:28 - 00000000 ____D C:\Program Files\CCleaner
      2017-02-17 10:23 - 2017-02-17 10:55 - 01764352 _____ (Farbar) C:\Users\Pibextreme\Desktop\FRST.exe
      2017-02-17 10:22 - 2017-02-17 10:50 - 01663040 _____ (Malwarebytes) C:\Users\Pibextreme\Desktop\JRT.exe
      2017-02-17 10:21 - 2017-02-17 10:41 - 04015056 _____ C:\Users\Pibextreme\Desktop\AdwCleaner.exe
      2017-02-17 10:21 - 2017-02-17 10:28 - 08813488 _____ (Piriform Ltd) C:\Users\Pibextreme\Desktop\ccsetup526.exe
      2017-02-17 10:07 - 2017-02-17 10:07 - 00001509 _____ C:\Users\Pibextreme\Desktop\informe MWB.txt
      2017-02-15 18:06 - 2017-02-17 10:43 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-02-15 18:06 - 2017-02-17 10:43 - 00001362 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-02-15 18:05 - 2017-02-15 18:14 - 00000000 ____D C:\Users\Pibextreme\AppData\Local\Google
      2017-02-15 18:05 - 2017-02-15 18:06 - 00000000 ____D C:\Program Files\Google
      2017-02-15 10:25 - 2017-02-17 10:48 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      2017-02-15 10:25 - 2017-02-17 10:48 - 00152512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
      2017-02-15 10:25 - 2017-02-17 10:48 - 00094656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
      2017-02-15 10:25 - 2017-02-17 10:48 - 00073672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
      2017-02-15 10:25 - 2017-02-17 10:48 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2017-02-15 10:24 - 2017-02-15 10:24 - 00002136 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-02-15 10:24 - 2017-02-15 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-02-15 10:24 - 2017-02-15 10:24 - 00000000 ____D C:\Program Files\Malwarebytes
      2017-02-15 10:24 - 2017-01-20 07:47 - 00059976 _____ C:\WINDOWS\system32\Drivers\mbae.sys
      2017-02-15 10:13 - 2066-06-15 00:00 - 00000400 _____ C:\ProgramData\disable_activation.cmd
      2017-02-15 10:11 - 2017-02-15 10:12 - 125707572 _____ C:\Users\Pibextreme\Desktop\Malwarebytes.exe
      2017-02-15 09:34 - 2017-02-15 09:36 - 125707652 _____ C:\Users\Pibextreme\Downloads\Malwarebytes.rar
      2017-02-14 10:23 - 2017-02-14 10:23 - 00000000 ____D C:\WINDOWS\Panther
      2017-02-14 10:17 - 2017-02-14 10:20 - 00015354 _____ C:\Users\Pibextreme\Desktop\netadapter-log-2017-02-14-10-17-41.txt
      2017-02-11 14:00 - 2017-02-11 14:00 - 00000000 ____D C:\Users\Pibextreme\AppData\Local\PeerDistRepub
      2017-02-11 10:49 - 2017-02-11 10:50 - 00147454 _____ C:\Users\Pibextreme\Documents\cc_20170211_104946.reg
      2017-02-09 14:31 - 2017-02-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
      2017-02-09 12:39 - 2017-02-09 12:41 - 00000000 ___HD C:\$SysReset
      2017-02-09 10:56 - 2017-02-09 10:56 - 00000000 ____D C:\Program Files\Ghobus Collector
      2017-02-09 10:55 - 2017-02-09 10:55 - 00000043 _____ C:\Users\Pibextreme\AppData\Roaming\WB.CFG
      2017-02-09 10:07 - 2017-02-09 10:07 - 00000000 ____D C:\Users\Pibextreme\AppData\Roaming\excdir
      2017-02-09 10:03 - 2017-02-09 10:18 - 00000000 ____D C:\Program Files\Qumase
      2017-02-09 10:03 - 2017-02-09 10:03 - 00029160 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
      2017-02-08 14:12 - 2017-02-08 14:12 - 00018432 _____ C:\Users\Pibextreme\AppData\Roaming\Main.dat
      2017-02-08 13:58 - 2017-02-08 13:58 - 00140288 _____ C:\Users\Pibextreme\AppData\Roaming\Installer.dat
      2017-02-07 14:21 - 2017-02-07 14:21 - 00000282 __RSH C:\Users\Pibextreme\ntuser.pol
      2017-02-07 11:17 - 2017-02-07 11:22 - 00000000 ____D C:\ProgramData\IObit
      2017-02-07 11:16 - 2017-02-07 11:16 - 00023840 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
      2017-02-07 11:12 - 2017-02-07 11:12 - 00000000 ____D C:\Users\Public\Thunder Network
      2017-02-07 11:12 - 2017-02-07 11:12 - 00000000 ____D C:\ProgramData\Avira
      2017-02-07 11:12 - 2017-02-07 11:12 - 00000000 ____D C:\ProgramData\Avg
      2017-02-07 11:12 - 2017-02-07 11:12 - 00000000 ____D C:\ProgramData\AVAST Software
      2017-02-07 10:07 - 2017-02-07 10:07 - 00001865 _____ C:\Users\Public\Desktop\iTunes.lnk
      2017-02-07 10:07 - 2017-02-07 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      2017-02-07 10:05 - 2017-02-07 10:07 - 00000000 ____D C:\Program Files\iTunes
      2017-02-07 09:53 - 2017-02-07 09:53 - 03086008 _____ C:\WINDOWS\2469bf52249c6665289e74fab8b5a12d.exe
      2017-02-01 10:06 - 2017-02-01 10:06 - 00000000 ____D C:\Users\Pibextreme\AppData\Roaming\streamlink
      2017-01-31 16:44 - 2017-02-03 14:12 - 00000000 ____D C:\Mobile Upgrade S 4.4.4
      2017-01-31 16:44 - 2017-01-31 16:44 - 00000826 _____ C:\Users\Public\Desktop\Mobile Upgrade S 4.4.4.lnk
      2017-01-31 16:44 - 2017-01-31 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S 4.4.4
      2017-01-31 16:44 - 2015-07-30 13:24 - 10875905 _____ (TCL Communication Technology Holdings Limited ) C:\Users\Pibextreme\Desktop\Mobile Upgrade S 4.4.4 Setup.exe
      2017-01-31 16:31 - 2017-02-07 11:23 - 00000000 ___RD C:\Users\Pibextreme\Documents\MEGA
      2017-01-25 09:18 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
      2017-01-23 17:23 - 2017-01-23 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Actualización Base de Datos
      2017-01-23 17:22 - 2017-01-23 17:33 - 00000000 ____D C:\ProgramData\MEGAsync
      2017-01-23 17:02 - 2017-01-23 17:02 - 00000000 ____D C:\Users\Pibextreme\AppData\Local\Mega Limited

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-02-17 10:47 - 2016-10-11 09:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-02-17 10:45 - 2016-07-15 20:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
      2017-02-17 09:06 - 2016-07-16 02:29 - 00000000 ___HD C:\Program Files\WindowsApps
      2017-02-17 09:06 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\AppReadiness
      2017-02-17 09:03 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
      2017-02-16 19:03 - 2016-10-11 09:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-02-16 09:14 - 2016-10-31 11:35 - 00000000 ____D C:\Gdatavivid
      2017-02-15 09:55 - 2016-07-16 02:28 - 00000000 ____D C:\WINDOWS\INF
      2017-02-11 10:11 - 2017-01-10 11:33 - 00000000 ____D C:\ProgramData\KMSAutoS
      2017-02-10 10:03 - 2016-08-16 10:04 - 00000000 ____D C:\Program Files\vShare Helper
      2017-02-09 17:19 - 2016-08-03 11:28 - 00000000 ____D C:\Users\Pibextreme\AppData\Roaming\FileZilla
      2017-02-09 17:19 - 2016-05-12 10:36 - 00000000 ____D C:\Program Files\TeamViewer
      2017-02-09 15:33 - 2016-08-31 17:03 - 00000000 ____D C:\Program Files\iMobie
      2017-02-09 15:33 - 2016-07-16 02:29 - 00000000 ____D C:\Program Files\Common Files\Services
      2017-02-09 15:33 - 2016-05-12 08:15 - 00000000 ____D C:\Program Files\Datacolor
      2017-02-09 15:21 - 2016-05-25 12:24 - 00000000 ____D C:\Program Files\Cheat Engine 6.5.1
      2017-02-09 15:18 - 2016-05-10 12:57 - 00000000 ____D C:\Users\Pibextreme\AppData\Roaming\Adobe
      2017-02-09 13:12 - 2016-05-17 11:38 - 00000000 ____D C:\ProgramData\McAfee
      2017-02-09 13:07 - 2016-07-15 20:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
      2017-02-09 13:06 - 2016-05-10 05:43 - 00000000 ____D C:\Users\Default.migrated
      2017-02-09 12:52 - 2016-05-12 08:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
      2017-02-09 12:25 - 2016-08-03 11:14 - 00000000 ____D C:\Program Files\WinSCP
      2017-02-09 12:08 - 2016-08-17 09:25 - 00000000 ____D C:\Program Files\i-Funbox DevTeam
      2017-02-09 12:08 - 2016-05-11 17:43 - 00000000 ____D C:\Program Files\DIFX
      2017-02-09 11:50 - 2016-05-12 10:45 - 00000000 ____D C:\Program Files\Fast and Fluid Management
      2017-02-08 16:14 - 2016-10-11 09:24 - 00000000 ____D C:\Users\Pibextreme
      2017-02-08 15:55 - 2016-05-25 10:20 - 00001676 __RSH C:\ProgramData\ntuser.pol
      2017-02-07 11:12 - 2016-10-11 03:01 - 00000000 ____D C:\Program Files\MSBuild
      2017-02-07 11:11 - 2016-05-10 05:53 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
      2017-02-07 10:06 - 2016-10-10 08:25 - 00000000 ____D C:\Program Files\iPod
      2017-02-07 10:05 - 2016-05-20 12:08 - 00000000 ____D C:\Program Files\Common Files\Apple
      2017-02-01 14:52 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\NDF
      2017-02-01 11:00 - 2016-05-17 17:00 - 00000000 ____D C:\Users\Pibextreme\AppData\Roaming\vlc
      2017-01-25 11:56 - 2016-07-16 02:19 - 00000000 ____D C:\WINDOWS\CbsTemp
      2017-01-23 09:07 - 2016-05-10 13:01 - 00002455 _____ C:\Users\Pibextreme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-01-23 09:07 - 2016-05-10 13:01 - 00000000 ___RD C:\Users\Pibextreme\OneDrive
      2017-01-19 12:37 - 2016-11-07 09:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

      ==================== Files in the root of some directories =======

      2017-02-08 13:58 - 2017-02-08 13:58 - 0140288 _____ () C:\Users\Pibextreme\AppData\Roaming\Installer.dat
      2017-02-08 14:12 - 2017-02-08 14:12 - 0018432 _____ () C:\Users\Pibextreme\AppData\Roaming\Main.dat
      2017-02-09 10:55 - 2017-02-09 10:55 - 0000043 _____ () C:\Users\Pibextreme\AppData\Roaming\WB.CFG
      2016-08-03 11:27 - 2016-11-07 11:19 - 0000600 _____ () C:\Users\Pibextreme\AppData\Roaming\winscp.rnd
      2017-02-15 10:13 - 2066-06-15 00:00 - 0000400 _____ () C:\ProgramData\disable_activation.cmd

      Files to move or delete:
      ====================
      C:\ProgramData\disable_activation.cmd


      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-02-08 10:26

      ==================== End of FRST.txt ============================

    7. #7
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Re: Problema de malware en Chrome, windos 10

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2017 02
      Ran by Pibextreme (17-02-2017 10:57:42)
      Running from C:\Users\Pibextreme\Desktop
      Microsoft Windows 10 Pro Version 1607 (X86) (2016-10-11 15:51:10)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-4120651744-1775380126-589845940-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-4120651744-1775380126-589845940-503 - Limited - Disabled)
      Invitado (S-1-5-21-4120651744-1775380126-589845940-501 - Limited - Enabled)
      Pibextreme (S-1-5-21-4120651744-1775380126-589845940-1001 - Administrator - Enabled) => C:\Users\Pibextreme

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
      Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)
      AnyTrans (HKLM\...\AnyTrans) (Version: 4.9.6.0 - iMobie Inc.)
      Apple Application Support (32 bits) (HKLM\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
      Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
      Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
      CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
      CorobTECH 5.5 (HKLM\...\{40FAD10F-F445-48E4-8D08-5B91F188AC2A}) (Version: 5.5 - )
      FileZilla Client 3.20.1 (HKLM\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
      Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
      Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
      IDD software (HKLM\...\IDD) (Version: - )
      iFunbox (v3.0.3109.1352) (HKLM\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
      iTunes (HKLM\...\{B7C4ABF3-59A7-47AB-A72E-956BA5B4841C}) (Version: 12.5.5.5 - Apple Inc.)
      Malwarebytes versión 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
      Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.7571.2109 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-4120651744-1775380126-589845940-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
      Microsoft XML Notepad 1.0 (HKLM\...\XML Notepad) (Version: - )
      Mobile Upgrade S 4.4.4 (HKLM\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)
      NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
      Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Paquete de controladores de Windows - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
      Paquete de controladores de Windows - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
      Software Integral 1.5.2 (HKLM\...\{0D347A44-C3B2-484E-9D9A-FC315A66927B}) (Version: 1.5.2 - Comex)
      TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
      vShare Helper (HKU\S-1-5-21-4120651744-1775380126-589845940-1001\...\vShare Helper) (Version: 1.1.5.0 - vShare.com Co.,LTD)
      WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
      WinSCP 5.9 (HKLM\...\winscp3_is1) (Version: 5.9 - Martin Prikryl)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {03FD1619-16E6-40B6-81DC-3C0685BC4BF1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
      Task: {092A71F2-58AC-485F-B3BC-957CB7A7A23D} - System32\Tasks\By4rfPaCDQ => C:\Program Files\16Qd52W1CD\updengine.exe <==== ATTENTION
      Task: {29E98BFF-6D57-4C9A-9217-59B44338EB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
      Task: {2A99FFF6-7D67-45C5-A9C3-3E8CD343D342} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
      Task: {2BB45FFF-3397-4190-86C5-474E2EED8D8E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
      Task: {2D9D5DBC-702B-45C6-8722-F9D50E148EBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
      Task: {367507A1-FEC5-4415-8D94-30A903DAA97D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
      Task: {38D797F8-45F4-48AF-B583-5E40AAB31439} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2017-01-10] (MSFree Inc.)
      Task: {48DA18E0-2B54-43A6-BE23-9934F0EBA050} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
      Task: {6B570C95-AF7D-4C86-9F2A-1D0A7A181D72} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
      Task: {7785BF1B-0BC9-4FFA-9E52-AB8C774168D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
      Task: {9F45E5D6-CBE9-4F79-8AF9-5C803C448DE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
      Task: {A5835BD0-A298-4D85-834B-5AAD02DFEC45} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
      Task: {F4888103-84DF-4B60-8336-15B662E26361} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

      ==================== Loaded Modules (Whitelisted) ==============

      2016-07-16 02:25 - 2016-07-16 02:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
      2016-12-14 09:36 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
      2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2017-02-15 10:24 - 2017-01-20 07:47 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
      2017-02-15 10:24 - 2017-01-20 07:47 - 01719760 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-02-15 10:24 - 2017-01-20 07:47 - 02097616 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
      2016-12-14 09:36 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
      2016-12-21 11:49 - 2016-12-21 11:49 - 00069632 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2017-02-06 09:14 - 2017-02-06 09:15 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeHost.exe
      2017-02-06 09:14 - 2017-02-06 09:15 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2017-02-06 09:14 - 2017-02-06 09:15 - 30889472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkyWrap.dll
      2017-02-06 09:14 - 2017-02-06 09:15 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\roottools.dll
      2016-07-16 02:25 - 2016-07-16 02:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
      2017-01-12 09:51 - 2016-12-20 22:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
      2017-01-12 09:49 - 2016-12-20 22:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
      2017-01-12 09:49 - 2016-12-20 22:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2016-10-11 03:08 - 2016-10-11 03:08 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
      2017-01-12 09:49 - 2016-12-20 22:21 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
      2017-01-12 09:49 - 2016-12-20 22:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
      2017-01-12 09:49 - 2016-12-20 22:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2016-05-10 05:53 - 2017-02-15 10:13 - 00000809 ____A C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 localhost
      0.0.0.0 keystone.mwbsys.com

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
      DNS Servers: Media is not connected to internet.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\Run: => "WindowsDefender"
      HKLM\...\StartupApproved\Run: => "WikiThemes"
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\...\StartupApproved\Run: => "KV7CJBGCQY"
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\...\StartupApproved\Run: => "GHHWSW0ETN"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
      FirewallRules: [{1139ADCC-1E91-44CB-BFAE-EFBBF92CF808}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
      FirewallRules: [{C0345C59-A32E-438D-826A-F3D4AB7D205B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{B8877B6D-28DE-4066-882F-E95E28B7175F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{89B322F5-006C-479D-8EE9-9A1B1CCE39D8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
      FirewallRules: [{49E21F9B-9E3E-466F-9B2A-5AC61510FDF9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
      FirewallRules: [{32E6994A-E6E2-4D36-BA67-6CE871B9AB44}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
      FirewallRules: [{A450840C-4D66-4419-BEC9-3064DFF96A79}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
      FirewallRules: [{AF345BD6-E999-4569-82C9-327F7D12A761}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{E4D9AAFF-02D6-4EF2-89B1-096E7BDF3E49}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{C570D942-8AE9-4B77-AD31-29A202AE0EFE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
      FirewallRules: [{48C36BE6-952F-4303-A596-2350656E31C3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
      FirewallRules: [{A80A0610-46EA-4FBC-9A7B-E2BBD3398CFE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
      FirewallRules: [{52CF44C5-63EB-42FF-97C2-62BCE8E5F725}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      ATTENTION: System Restore is disabled

      ==================== Faulty Device Manager Devices =============

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Otro dispositivo de puente PCI
      Description: Otro dispositivo de puente PCI
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (02/17/2017 10:43:34 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/15/2017 05:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/15/2017 05:03:00 PM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/15/2017 10:35:58 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/15/2017 10:15:56 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/15/2017 10:09:44 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/13/2017 09:21:49 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: microsoftedgecp.exe, versión: 11.0.14393.82, marca de tiempo: 0x57a557c0
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x00000000
      Identificador del proceso con errores: 0x1e40
      Hora de inicio de la aplicación con errores: 0x01d2860cdc2bc413
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: d7ccbece-6766-485e-9bb5-514447fd12d3
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

      Error: (02/13/2017 09:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/13/2017 08:59:12 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\i-Funbox DevTeam\iFunBox_x64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (02/13/2017 08:58:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Local Hostname DESKTOP-LRUVPLV.local already in use; will try DESKTOP-LRUVPLV-2.local instead


      System errors:
      =============
      Error: (02/17/2017 10:50:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio edcaffdabdffVIA no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (02/17/2017 10:50:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio edcaffdabdffVIA.

      Error: (02/17/2017 10:48:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
      y APPID
      {F72671A9-012C-4725-9D2F-2A4D32D65169}
      al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (02/17/2017 10:47:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Hardlock no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (02/17/2017 10:47:38 AM) (Source: Application Popup) (EventID: 875) (User: )
      Description: hardlock.sys

      Error: (02/17/2017 10:47:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio akspccard no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

      Error: (02/17/2017 10:45:08 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
      Description: El servicio Telemetría y experiencias del usuario conectado no se cerró correctamente después de recibir un control de aviso de apagado.

      Error: (02/17/2017 10:44:17 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LRUVPLV)
      Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (02/17/2017 10:44:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      y APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (02/17/2017 10:43:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
      Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error:
      Ya se está ejecutando una instancia de este servicio.


      CodeIntegrity:
      ===================================
      Date: 2017-02-17 10:24:06.367
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-17 10:24:06.309
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-17 09:17:04.274
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-17 09:17:04.056
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-16 0309.694
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-16 0309.657
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-15 19:34:33.541
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-15 19:34:33.517
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-15 19:24:42.619
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-02-15 19:24:42.583
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


      ==================== Memory info ===========================

      Processor: AMD Sempron(tm) 140 Processor
      Percentage of memory in use: 38%
      Total physical RAM: 3071.36 MB
      Available physical RAM: 1886.41 MB
      Total Virtual: 3583.36 MB
      Available Virtual: 2502.46 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:48.39 GB) (Free:17.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
      Drive d: () (Fixed) (Total:74.52 GB) (Free:65.67 GB) NTFS
      Drive e: (datos) (Fixed) (Total:25.7 GB) (Free:21.31 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 74.5 GB) (Disk ID: 93499349)
      Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9AD49AD4)
      Partition 1: (Active) - (Size=48.4 GB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
      Partition 3: (Not Active) - (Size=25.7 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    8. #8
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.192

      Re: Problema de malware en Chrome, windos 10

      Bien...... y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :


      • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

      Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

      Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad: (Se excluye la palabra código)

      Código:
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      Task: {092A71F2-58AC-485F-B3BC-957CB7A7A23D} - System32\Tasks\By4rfPaCDQ => C:\Program Files\16Qd52W1CD\updengine.exe <==== ATTENTION
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
      HKLM\...\Providers\uccs53rf: C:\Program Files\Grotersp Mapper\local32spl.dll
      ShellExecuteHooks: No Name - {B7F52870-EABC-11E6-A3B1-64006A5CFC23} - -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      CHR StartupUrls: Default -> "hxxps://es-la.facebook.com/","chrome-search://local-ntp/local-ntp.html"
      CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
      CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
      CHR Extension: (Chrome Media Router) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      S2 edcaffdabdffVIA; rundll32.exe "C:\Program Files\2e6723623062dc8a20ff632dabd11ff7\edcaffdabdffVIA.dll",soeasy [X]
      S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X]
      S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [X]
      2017-02-08 13:58 - 2017-02-08 13:58 - 0140288 _____ () C:\Users\Pibextreme\AppData\Roaming\Installer.dat
      2017-02-08 14:12 - 2017-02-08 14:12 - 0018432 _____ () C:\Users\Pibextreme\AppData\Roaming\Main.dat
      2017-02-09 10:55 - 2017-02-09 10:55 - 0000043 _____ () C:\Users\Pibextreme\AppData\Roaming\WB.CFG
      2016-08-03 11:27 - 2016-11-07 11:19 - 0000600 _____ () C:\Users\Pibextreme\AppData\Roaming\winscp.rnd
      2017-02-15 10:13 - 2066-06-15 00:00 - 0000400 _____ () C:\ProgramData\disable_activation.cmd
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio <<< Esto es muy importante.

      Nota: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo



      • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador")
      • Presionar el botón FIX y aguardar a que termine.
      • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).


      Pegar el contenido de este fichero en tu próxima respuesta.

      Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Re: Problema de malware en Chrome, windos 10

      malas noticias, despues de reiniciar el equipo, volvió a aparecer el msj de error y abre la pagina de "FUNNY COLLECTIONS", te dejo el ultimo reporte... ahora que procede???

      Fix result of Farbar Recovery Scan Tool (x86) Version: 15-02-2017 02
      Ran by Pibextreme (17-02-2017 12:29:34) Run:1
      Running from C:\Users\Pibextreme\Desktop
      Loaded Profiles: Pibextreme (Available Profiles: Pibextreme)
      Boot Mode: Safe Mode (with Networking)

      ==============================================

      fixlist content:
      *****************
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      Task: {092A71F2-58AC-485F-B3BC-957CB7A7A23D} - System32\Tasks\By4rfPaCDQ => C:\Program Files\16Qd52W1CD\updengine.exe <==== ATTENTION
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
      HKLM\...\Providers\uccs53rf: C:\Program Files\Grotersp Mapper\local32spl.dll
      ShellExecuteHooks: No Name - {B7F52870-EABC-11E6-A3B1-64006A5CFC23} - -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      CHR StartupUrls: Default -> "hxxps://es-la.facebook.com/","chrome-search://local-ntp/local-ntp.html"
      CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
      CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
      CHR Extension: (Chrome Media Router) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      S2 edcaffdabdffVIA; rundll32.exe "C:\Program Files\2e6723623062dc8a20ff632dabd11ff7\edcaffdabdffVIA.dll",soeasy [X]
      S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X]
      S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [X]
      2017-02-08 13:58 - 2017-02-08 13:58 - 0140288 _____ () C:\Users\Pibextreme\AppData\Roaming\Installer.dat
      2017-02-08 14:12 - 2017-02-08 14:12 - 0018432 _____ () C:\Users\Pibextreme\AppData\Roaming\Main.dat
      2017-02-09 10:55 - 2017-02-09 10:55 - 0000043 _____ () C:\Users\Pibextreme\AppData\Roaming\WB.CFG
      2016-08-03 11:27 - 2016-11-07 11:19 - 0000600 _____ () C:\Users\Pibextreme\AppData\Roaming\winscp.rnd
      2017-02-15 10:13 - 2066-06-15 00:00 - 0000400 _____ () C:\ProgramData\disable_activation.cmd
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{092A71F2-58AC-485F-B3BC-957CB7A7A23D} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{092A71F2-58AC-485F-B3BC-957CB7A7A23D} => key removed successfully.
      C:\Windows\System32\Tasks\By4rfPaCDQ => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\By4rfPaCDQ => key removed successfully.
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully.
      C:\WINDOWS\system32\drivers => ":ucdrv-x86.sys" ADS removed successfully..
      C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully..
      HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\uccs53rf => key removed successfully.
      HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order uccs53rf => removed successfully.
      HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B7F52870-EABC-11E6-A3B1-64006A5CFC23} => value removed successfully.
      HKCR\CLSID\{B7F52870-EABC-11E6-A3B1-64006A5CFC23} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key removed successfully.
      HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully.
      HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key removed successfully.
      HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
      C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
      C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully.
      Chrome StartupUrls => removed successfully.
      Chrome DefaultSearchURL => removed successfully.
      Chrome DefaultSuggestURL => removed successfully.
      C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
      HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully.
      HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully.
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully.
      HKLM\System\CurrentControlSet\Services\edcaffdabdffVIA => key removed successfully.
      edcaffdabdffVIA => service removed successfully.
      HKLM\System\CurrentControlSet\Services\MBAMProtector => key removed successfully.
      MBAMProtector => service removed successfully.
      HKLM\System\CurrentControlSet\Services\MWAC => key removed successfully.
      MWAC => service removed successfully.
      C:\Users\Pibextreme\AppData\Roaming\Installer.dat => moved successfully
      C:\Users\Pibextreme\AppData\Roaming\Main.dat => moved successfully
      C:\Users\Pibextreme\AppData\Roaming\WB.CFG => moved successfully
      C:\Users\Pibextreme\AppData\Roaming\winscp.rnd => moved successfully
      C:\ProgramData\disable_activation.cmd => moved successfully
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Ethernet:

      Sufijo DNS espec¡fico para la conexi¢n. . : lan
      V¡nculo: direcci¢n IPv6 local. . . : fe80::b0c7:5430:a03e:fb6d%4
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.71
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.254

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67632511 B
      Java, Flash, Steam htmlcache => 506 B
      Windows/system/drivers => 467648 B
      Edge => 928482 B
      Chrome => 146499322 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 3942 B
      LocalService => 6832128 B
      NetworkService => 55624 B
      Pibextreme => 5808234 B

      RecycleBin => 0 B
      EmptyTemp: => 217.7 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 12:29:49 ====

    10. #10
      Usuario Avatar de pibextreme
      Registrado
      feb 2017
      Ubicación
      México
      Mensajes
      7

      Re: Problema de malware en Chrome, windos 10

      Te comento, realice nuevamente todos los pasos y aparentemente funcionó, espero y así siga abajo te dejo el informe del FIXLOG que resultó....
      Ahora, serías tan amable de recomendarme algún antivirus que me sirva para evitar estos problemas, ya que no cuento con ninguno y sino fuera mucha molestia, me des el link para descargarlo así como instalarlo y activarlo...
      saludos y quedo al pendiente...


      Fix result of Farbar Recovery Scan Tool (x86) Version: 15-02-2017 02
      Ran by Pibextreme (17-02-2017 14:01:17) Run:2
      Running from C:\Users\Pibextreme\Desktop
      Loaded Profiles: Pibextreme (Available Profiles: Pibextreme)
      Boot Mode: Safe Mode (with Networking)

      ==============================================

      fixlist content:
      *****************
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      Task: {092A71F2-58AC-485F-B3BC-957CB7A7A23D} - System32\Tasks\By4rfPaCDQ => C:\Program Files\16Qd52W1CD\updengine.exe <==== ATTENTION
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
      HKLM\...\Providers\uccs53rf: C:\Program Files\Grotersp Mapper\local32spl.dll
      ShellExecuteHooks: No Name - {B7F52870-EABC-11E6-A3B1-64006A5CFC23} - -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      GroupPolicy: Restriction - Chrome <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      CHR StartupUrls: Default -> "hxxps://es-la.facebook.com/","chrome-search://local-ntp/local-ntp.html"
      CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
      CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
      CHR Extension: (Chrome Media Router) - C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      S2 edcaffdabdffVIA; rundll32.exe "C:\Program Files\2e6723623062dc8a20ff632dabd11ff7\edcaffdabdffVIA.dll",soeasy [X]
      S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X]
      S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [X]
      2017-02-08 13:58 - 2017-02-08 13:58 - 0140288 _____ () C:\Users\Pibextreme\AppData\Roaming\Installer.dat
      2017-02-08 14:12 - 2017-02-08 14:12 - 0018432 _____ () C:\Users\Pibextreme\AppData\Roaming\Main.dat
      2017-02-09 10:55 - 2017-02-09 10:55 - 0000043 _____ () C:\Users\Pibextreme\AppData\Roaming\WB.CFG
      2016-08-03 11:27 - 2016-11-07 11:19 - 0000600 _____ () C:\Users\Pibextreme\AppData\Roaming\winscp.rnd
      2017-02-15 10:13 - 2066-06-15 00:00 - 0000400 _____ () C:\ProgramData\disable_activation.cmd
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{092A71F2-58AC-485F-B3BC-957CB7A7A23D} => key not found.
      C:\Windows\System32\Tasks\By4rfPaCDQ => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\By4rfPaCDQ => key not found.
      WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => not found
      "C:\WINDOWS\system32\drivers" => ":ucdrv-x86.sys" ADS not found.
      "C:\WINDOWS\system32\drivers" => ":x86" ADS not found.
      HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\uccs53rf => key not found.
      HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order uccs53rf => not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B7F52870-EABC-11E6-A3B1-64006A5CFC23} => value not found.
      HKCR\CLSID\{B7F52870-EABC-11E6-A3B1-64006A5CFC23} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key not found.
      HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key not found.
      HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key not found.
      HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
      "C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
      HKLM\SOFTWARE\Policies\Google => key not found.
      Chrome StartupUrls => not found.
      Chrome DefaultSearchURL => not found.
      Chrome DefaultSuggestURL => not found.
      C:\Users\Pibextreme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
      HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key not found.
      HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
      edcaffdabdffVIA => service not found.
      MBAMProtector => service not found.
      MWAC => service not found.
      "C:\Users\Pibextreme\AppData\Roaming\Installer.dat" => not found.
      "C:\Users\Pibextreme\AppData\Roaming\Main.dat" => not found.
      "C:\Users\Pibextreme\AppData\Roaming\WB.CFG" => not found.
      "C:\Users\Pibextreme\AppData\Roaming\winscp.rnd" => not found.
      "C:\ProgramData\disable_activation.cmd" => not found.
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-4120651744-1775380126-589845940-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Ethernet:

      Sufijo DNS espec¡fico para la conexi¢n. . : lan
      V¡nculo: direcci¢n IPv6 local. . . : fe80::b0c7:5430:a03e:fb6d%4
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.71
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.254

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8472986 B
      Java, Flash, Steam htmlcache => 0 B
      Windows/system/drivers => 143712 B
      Edge => 0 B
      Chrome => 8969685 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      LocalService => 0 B
      NetworkService => 4274 B
      Pibextreme => 168265 B

      RecycleBin => 0 B
      EmptyTemp: => 16.9 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 14:01:36 ====

    Página 1 de 2 12 ÚltimoÚltimo