• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 22

    Posibles infecciones y pantalla azul

    Ya marque todas las casillas de cuarentena y les di borrar y cuando se reinicio la notebook no le apareció la pantalla azul...

    1. #11
      Usuario Avatar de Chico C.R.
      Registrado
      may 2017
      Ubicación
      Costa Rica
      Mensajes
      13

      Re: Posibles infecciones y pantalla azul

      Ya marque todas las casillas de cuarentena y les di borrar y cuando se reinicio la notebook no le apareció la pantalla azul

    2. #12
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Posibles infecciones y pantalla azul

      Bien,. ahora veamos si queda algo


      1-Descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • La guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas /ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.

      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de Chico C.R.
      Registrado
      may 2017
      Ubicación
      Costa Rica
      Mensajes
      13

      Re: Posibles infecciones y pantalla azul

      Ya elimine los archivos de la cuarentena, hasta se le corrigió el problema de la pantalla azul que decía dump crashed. por el momento la he prendido dos veces y no ha aparecido la pantalla azul

    4. #14
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Posibles infecciones y pantalla azul

      Ok..pero realizas lo ultimo para revisar que no queden restos de infecciones
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #15
      Usuario Avatar de Chico C.R.
      Registrado
      may 2017
      Ubicación
      Costa Rica
      Mensajes
      13

      Re: Posibles infecciones y pantalla azul

      Este es el log de frst

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2017
      Ran by Fidelia (administrator) on FRANCISCO-PC (12-06-2017 23:11:12)
      Running from C:\Users\Fidelia\Downloads
      Loaded Profiles: Fidelia (Available Profiles: Fidelia & Invitado)
      Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\ProgramData\DatacardService\HWDeviceService.exe
      (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
      (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
      (Google Inc.) C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-16] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1522280 2010-11-11] (Realtek Semiconductor)
      HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [336952 2012-04-18] (Power Software Ltd)
      HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-09-25] (AVAST Software)
      HKLM\...\Run: [Argente Utilities] => C:\Program Files\Argente Utilities\ArgenteU.exe [2939904 2016-03-13] (Raúl Argente)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
      HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
      HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
      HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
      HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [763000 2017-03-28] (Adobe Systems Incorporated)
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\Run: [Google Update] => C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-01] (Google Inc.)
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\Run: [EPSON TX130 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJL.EXE [208384 2010-12-06] (SEIKO EPSON CORPORATION)
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7456984 2017-04-10] (Piriform Ltd)
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-20] (Microsoft Corporation)
      HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
      HKLM\...\Providers\vrlw7rrt: C:\Program Files\Cwetyckerberly Monitor\local32spl.dll
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-09-25] (AVAST Software)
      ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2012-11-15] (Tonec Inc.)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{0570ECA0-9ABA-4AFD-A47B-6845F6485B89}: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{0A7D3A16-967F-4802-A451-40F89CD79236}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{438E8725-8D05-4B26-AF1A-1DAD2F3D2700}: [NameServer] 200.91.75.5 200.91.75.6
      Tcpip\..\Interfaces\{661C45A2-340C-40D8-BFEF-02B5AD67AE02}: [NameServer] 4.2.2.2 8.8.4.4
      Tcpip\..\Interfaces\{82BA0D6A-9181-44E1-AB08-3EA98C5FCE36}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{C4A292F2-6BD3-415A-B27D-93D979DBBC2A}: [NameServer] 200.91.75.5 200.91.75.6
      Tcpip\..\Interfaces\{E32A53CE-0781-49A2-8FCD-5C4843D4E6FE}: [DhcpNameServer] 192.168.8.1 192.168.8.1

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> DefaultScope {CD2778E0-4C28-4F70-B7E2-3A94D3288E23} URL =
      BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2013-01-29] (Internet Download Manager, Tonec Inc.)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-10-04] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-09-25] (AVAST Software)
      BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-30] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-10-04] (Oracle Corporation)
      Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-09-25] (AVAST Software)
      Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-30] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
      Toolbar: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
      Toolbar: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> No Name - {AB0635D9-CA4E-48DB-B83A-16CB6E430774} - No File
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe

      FireFox:
      ========
      FF HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Fidelia\AppData\Roaming\IDM\idmmzcc5
      FF Extension: (IDM CC) - C:\Users\Fidelia\AppData\Roaming\IDM\idmmzcc5 [2015-05-29] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-03-24] ()
      FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-10-04] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-10-04] (Oracle Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-1129451367-2137700630-1791503237-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
      FF Plugin HKU\S-1-5-21-1129451367-2137700630-1791503237-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)

      Chrome:
      =======
      CHR DefaultProfile: ChromeDefaultData
      CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
      CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com/","hxxp://google/"
      CHR Profile: C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-12] <==== ATTENTION
      CHR Extension: (Presentaciones de Google) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-07]
      CHR Extension: (Google Docs) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-07]
      CHR Extension: (Google Drive) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-07]
      CHR Extension: (YouTube) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-07]
      CHR Extension: (Adblock Plus) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-07]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-08]
      CHR Extension: (IDM Integration) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2016-07-07]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
      CHR Extension: (Gmail) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-07]
      CHR Extension: (Chrome Media Router) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
      CHR Profile: C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\Default [2017-06-12]
      CHR Extension: (Docs) - C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-27]
      CHR Profile: C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\System Profile [2017-05-07]
      CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2013-01-29]
      StartMenuInternet: Google Chrome.BYKWUWZVSHTLLWV4C2J64MBQRQ - C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1494002694&z=1f9ccf922212f4d7c8f1411g7z3t0zde8e4o8qbt6g&from=che0812&uid=TOSHIBAXMK3275GSX_61PAP8GTTXX61PAP8GTT

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-09-25] (AVAST Software)
      R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
      S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2014-06-01] ()
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
      S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION
      S2 SNARE; C:\Users\Fidelia\AppData\Local\SNARE\Snare.dll [X] <==== ATTENTION
      S2 Update allgenius; "C:\Program Files\allgenius\updateallgenius.exe" [X]
      S2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe [X]
      S2 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android\Library\DriverInstaller\DriverInstall.exe [X]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-09-25] (AVAST Software)
      R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-09-25] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-09-25] (AVAST Software)
      R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-09-25] ()
      R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-09-25] (AVAST Software)
      R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-09-25] (AVAST Software)
      R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-09-25] (AVAST Software)
      R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [177864 2013-09-25] ()
      S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-06-11] ()
      S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-05-01] (Sony Mobile Communications)
      S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
      S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
      S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
      R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [162208 2017-06-12] (Malwarebytes)
      S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [97208 2017-06-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39840 2017-06-12] (Malwarebytes)
      R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220576 2017-06-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65824 2017-06-12] (Malwarebytes)
      R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-10-18] (Realtek Semiconductor Corporation )
      R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113072 2012-04-18] (Power Software Ltd)
      S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-04-17] ()
      S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
      S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
      S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
      S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-06-12 23:11 - 2017-06-12 23:12 - 00016344 _____ C:\Users\Fidelia\Downloads\FRST.txt
      2017-06-12 23:10 - 2017-06-12 23:11 - 00000000 ____D C:\FRST
      2017-06-12 23:06 - 2017-06-12 23:07 - 01777152 _____ (Farbar) C:\Users\Fidelia\Downloads\FRST.exe
      2017-06-07 07:02 - 2017-06-12 22:25 - 00065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2017-06-07 07:02 - 2017-06-12 22:20 - 00097208 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2017-06-05 20:33 - 2017-06-12 11:04 - 00162208 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
      2017-06-05 20:32 - 2017-06-12 22:20 - 00220576 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-06-05 20:32 - 2017-06-12 22:20 - 00039840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2017-06-05 20:32 - 2017-06-11 20:16 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
      2017-06-05 20:32 - 2017-06-05 20:32 - 00002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-06-05 20:32 - 2017-06-05 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-06-05 20:32 - 2017-06-05 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
      2017-06-05 20:32 - 2017-06-05 20:32 - 00000000 ____D C:\Program Files\Malwarebytes
      2017-05-31 19:31 - 2017-05-31 19:40 - 00000000 ____D C:\Users\Fidelia\Desktop\bluescreenview
      2017-05-31 18:53 - 2017-05-31 19:00 - 00000000 ____D C:\FSTool
      2017-05-16 23:34 - 2017-05-16 23:37 - 00000000 ____D C:\Users\Fidelia\AppData\Local\WhatsApp
      2017-05-16 18:17 - 2017-05-16 19:39 - 00000282 __RSH C:\ProgramData\ntuser.pol
      2017-05-16 11:16 - 2017-05-16 11:17 - 00000132 _____ C:\ProgramData\log.bin
      2017-05-14 22:08 - 2017-05-14 22:08 - 00000000 ____D C:\Users\Fidelia\AppData\Roaming\Google

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-06-12 23:11 - 2009-07-13 22:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-06-12 23:11 - 2009-07-13 22:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-06-12 22:49 - 2015-07-14 11:38 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
      2017-06-12 22:32 - 2015-04-05 12:42 - 00000000 ____D C:\Users\Fidelia\Documents\Peliculas
      2017-06-12 22:19 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
      2017-06-12 22:18 - 2016-03-24 11:06 - 00000000 ____D C:\Program Files\Argente Utilities
      2017-06-12 10:35 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
      2017-06-11 23:39 - 2014-07-16 15:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
      2017-06-11 20:15 - 2014-03-10 19:53 - 01675926 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-06-11 20:15 - 2009-07-14 02:48 - 00747230 _____ C:\Windows\system32\perfh00A.dat
      2017-06-11 20:15 - 2009-07-14 02:48 - 00158670 _____ C:\Windows\system32\perfc00A.dat
      2017-06-10 21:18 - 2017-05-07 16:10 - 01386916 _____ C:\Windows\ntbtlog.txt
      2017-06-03 12:17 - 2014-08-21 17:40 - 00000000 ____D C:\Users\Fidelia\Downloads\Compressed
      2017-06-03 10:42 - 2016-03-17 20:24 - 00000000 ____D C:\Windows\system32\_tWm
      2017-06-03 09:35 - 2014-08-21 17:39 - 00000000 ____D C:\Users\Fidelia\AppData\Roaming\DMCache
      2017-06-03 00:11 - 2015-08-28 16:39 - 00000000 ____D C:\Users\Fidelia\Desktop\Nueva carpeta
      2017-06-02 23:36 - 2017-03-27 19:37 - 00000000 ____D C:\Program Files\Cwetyckerberly Monitor
      2017-06-02 23:12 - 2017-05-03 12:21 - 00000000 ____D C:\Insist
      2017-06-02 21:56 - 2014-12-30 14:32 - 00000000 ____D C:\Users\Fidelia\AppData\Local\ESET
      2017-06-01 23:10 - 2016-06-09 21:57 - 00000000 ____D C:\Users\Fidelia\AppData\Roaming\WhatsApp
      2017-05-16 23:37 - 2016-06-09 21:53 - 00000000 ____D C:\Users\Fidelia\AppData\Local\SquirrelTemp
      2017-05-16 23:30 - 2014-08-21 17:40 - 00000000 ____D C:\Users\Fidelia\Downloads\Video
      2017-05-16 18:20 - 2017-05-05 10:44 - 00000000 ____D C:\ProgramData\BIT
      2017-05-16 18:18 - 2016-07-07 20:46 - 00002498 _____ C:\Users\Fidelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-05-16 18:18 - 2014-03-10 19:46 - 00001401 _____ C:\Users\Fidelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2017-05-16 18:16 - 2015-12-22 13:49 - 00000000 ____D C:\ProgramData\APN
      2017-05-16 18:16 - 2014-11-28 13:00 - 00000000 ____D C:\Users\Fidelia\Nero 7.5.9.0 ESP + keygen
      2017-05-16 18:16 - 2014-11-28 13:00 - 00000000 ____D C:\Users\Fidelia\Internet Download Manager 6.15
      2017-05-16 11:16 - 2017-03-27 19:36 - 00000128 _____ C:\ProgramData\log.ewb
      2017-05-14 22:48 - 2015-05-29 12:08 - 00000000 ____D C:\Users\Fidelia\AppData\Roaming\IDM

      ==================== Files in the root of some directories =======

      2015-03-31 02:14 - 2016-05-29 22:34 - 0000385 _____ () C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU
      2016-09-02 22:12 - 2016-09-02 22:12 - 0000017 _____ () C:\Users\Fidelia\AppData\Local\si
      2017-03-29 15:11 - 2017-03-29 15:19 - 0000177 _____ () C:\Users\Fidelia\AppData\Local\uts.ini
      2017-05-16 11:16 - 2017-05-16 11:17 - 0000132 _____ () C:\ProgramData\log.bin
      2017-03-27 19:36 - 2017-05-16 11:16 - 0000128 _____ () C:\ProgramData\log.ewb
      2016-03-17 20:27 - 2016-03-17 20:27 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

      Files to move or delete:
      ====================
      C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-04-15 19:50

      ==================== End of FRST.txt ============================

    6. #16
      Usuario Avatar de Chico C.R.
      Registrado
      may 2017
      Ubicación
      Costa Rica
      Mensajes
      13

      Re: Posibles infecciones y pantalla azul

      Este el log del addition

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-06-2017
      Ran by Fidelia (12-06-2017 23:13:17)
      Running from C:\Users\Fidelia\Downloads
      Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-03-11 01:45:03)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1129451367-2137700630-1791503237-500 - Administrator - Disabled)
      Fidelia (S-1-5-21-1129451367-2137700630-1791503237-1000 - Administrator - Enabled) => C:\Users\Fidelia
      HomeGroupUser$ (S-1-5-21-1129451367-2137700630-1791503237-1745 - Limited - Enabled)
      Invitado (S-1-5-21-1129451367-2137700630-1791503237-501 - Limited - Enabled) => C:\Users\Invitado

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
      Adobe Flash Player Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 9.0.124.0 - Adobe Systems Incorporated)
      Adobe Reader XI (11.0.20) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
      Argente Utilities 1.0.7.0 (HKLM\...\Argente Utilities_is1) (Version: 1.0.7.0 - Raúl Argente)
      aTube Catcher versión 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
      avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1498.0 - AVAST Software)
      CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
      Desinstalador de impresoras EPSON TX130 Series (HKLM\...\EPSON TX130 Series) (Version: - SEIKO EPSON Corporation)
      Driver Installer (HKLM\...\{F804CAE5-50B2-4646-803A-A428325237CA}) (Version: 2.3.0.797 - Option NV)
      Epson Easy Photo Print 2 (HKLM\...\{E65AE514-9C14-48DE-BAE5-64A4F9CB6FE5}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
      Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
      Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)
      Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
      Epson Event Manager (HKLM\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
      Google Chrome (HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
      Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
      Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
      Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
      J2SE Runtime Environment 5.0 Update 10 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.)
      Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
      Malwarebytes versión 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
      Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
      Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
      Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
      Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
      Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
      Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
      Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.005.22.00.540 - Huawei Technologies Co.,Ltd)
      Motorola Driver Installation (HKLM\...\{9579E862-5FC7-4337-B1CC-5E37451524C5}) (Version: 2.8.0 - Motorola Inc.)
      Need For Speed III (HKLM\...\{DDB16E1B-5BB2-458D-B379-8540223AC796}_is1) (Version: - EA-Space Rik)
      PICTIONARY (HKLM\...\PICTIONARY4) (Version: - )
      PowerISO (HKLM\...\PowerISO) (Version: 5.1 - Power Software Ltd)
      ProPanel (HKLM\...\ProPanel) (Version: - )
      Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.29.1006.2010 - Realtek)
      Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6246 - Realtek Semiconductor Corp.)
      Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
      Recuva (HKLM\...\Recuva) (Version: 1.38 - Piriform)
      TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 - TOSHIBA Corporation)
      Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
      VLC media player 1.1.0 (HKLM\...\VLC media player) (Version: 1.1.0 - VideoLAN)
      WhatsApp (HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\...\WhatsApp) (Version: 0.2.777 - WhatsApp)
      WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Fidelia\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{76461B60-9D44-402F-33A8-5888A123C941}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Fidelia\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0212C5E1-D778-4165-89C0-5828CD5365EA} - System32\Tasks\{9D11484A-C09F-4A3C-861A-1D28730F6FD0} => pcalua.exe -a C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe -d C:\Users\Fidelia\Desktop\EPSON-KATHERINE
      Task: {03E500E2-09DE-47ED-8FF2-4583249FB094} - System32\Tasks\{78047329-2688-47E6-A5ED-3CB70AF71D32} => pcalua.exe -a "C:\Users\Fidelia\Documents\Mitchell on demand\78\Autodesk AutoCAD 2007\Bin\acadFeui\support\DirectX\DXSETUP.exe" -d "C:\Users\Fidelia\Documents\Mitchell on demand\78\Autodesk AutoCAD 2007\Bin\acadFeui\support\DirectX"
      Task: {09189B14-0621-46A8-88DE-4BF5705B4698} - System32\Tasks\{6B316FA3-7E6A-46AE-92A0-929A45CBD995} => pcalua.exe -a "C:\Users\Fidelia\Desktop\Age Of Empires II (by yaiba527)\AoFE_Launcher.exe" -d "C:\Users\Fidelia\Desktop\Age Of Empires II (by yaiba527)"
      Task: {0DFE1EE7-122D-4004-8E04-B7DDA012F6CB} - System32\Tasks\{AB82DC1E-8964-4505-9707-FEBDA25A01E9} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {0EB703B1-3187-4B61-B636-3F011BFF3F6F} - System32\Tasks\{51B9AA9C-3EFB-413A-8556-F70AE8DF54DA} => C:\Program Files\Need For Speed III\nfs3.exe [1998-09-10] (Electronic Arts, Inc.)
      Task: {0F4AF549-31A6-4E7D-9FD5-8FBD06899464} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-16] (AVAST Software)
      Task: {10CED86B-7754-4822-A55B-8B514B387BB0} - System32\Tasks\{ECAFB1B3-E137-48B3-B103-7DD3FADCF2DE} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {165CABFB-F431-4DC5-961F-D53BBC772B8E} - System32\Tasks\{C9ED76C5-D41F-40B0-9F00-E54776DA4E8B} => E:\PHOTOSHOP\SETUP.EXE
      Task: {1B27E411-8318-48CC-B28C-3C817DD069EB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
      Task: {1B413960-F99A-4D96-9D30-6CE58AC09187} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
      Task: {1EB23358-8C53-41F8-A83E-47E41FA5C31B} - System32\Tasks\{AF7263BB-EDF0-420F-92C1-54DFBC0F3B28} => pcalua.exe -a C:\Users\Fidelia\Downloads\Programs\nox_setup_v3.1.0.0_full_en.exe -d C:\Users\Fidelia\Downloads\Programs
      Task: {2423EF41-1A3B-4D60-B9A3-FB8C33559AEB} - System32\Tasks\{EF4ADF28-128C-4618-9338-855123C6483E} => pcalua.exe -a C:\Windows\uninst.exe -c -f"C:\Program Files\ThrustMaster\ProPanel\DeIsL1.isu"
      Task: {249657E9-F947-4E25-A075-D30838C58A65} - System32\Tasks\{F1D7F4D7-D587-4A4C-88AF-3CE763587BBC} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {24DD5D1A-FE42-4144-A29C-A5FE738CAC90} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1129451367-2137700630-1791503237-1000Core => C:\Users\Fidelia\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.)
      Task: {2CFEA3F6-29B5-4F45-AEE8-984EB3C0F53B} - System32\Tasks\{2018FE7B-C219-46E2-94C2-2E667CA5CDCA} => pcalua.exe -a C:\Users\Fidelia\Downloads\Programs\nox_setup_v3.7.2.0_full_En.exe -d C:\Users\Fidelia\Downloads\Programs
      Task: {2EFD93F0-12BA-41EF-9873-DE427AEBBBED} - System32\Tasks\{F1DD3261-98D9-43B7-8257-D6FD70F1435D} => C:\Program Files\Argente Utilities\Argente Utilities.exe
      Task: {3259141D-D4BC-4A47-AA20-9F9D3A201D88} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1129451367-2137700630-1791503237-501
      Task: {3A76BE5C-D270-4765-BC5C-70194ACBEF8F} - System32\Tasks\{0410E911-5BCF-491F-A80F-75EEFB2C119B} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {3B9FFB04-74F3-426A-9D5A-8426D3F3C795} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1129451367-2137700630-1791503237-1000
      Task: {3BD28E23-C0B1-4C65-BC58-C85C6CB4A6D9} - System32\Tasks\{DA65F4BC-2818-4640-8E1C-47AF0A97DD08} => C:\Program Files\Argente Utilities\Argente Utilities.exe
      Task: {3E12AA5A-0A06-4338-B286-577F0DD0DAC3} - System32\Tasks\{26821406-E149-47A2-8F5A-F8BC651272A8} => pcalua.exe -a C:\Users\Fidelia\tencha\Descargas\NodLogin32bits\setup.exe -d C:\Users\Fidelia\tencha\Descargas\NodLogin32bits
      Task: {4154057B-1C8B-4AA9-8F4F-B2F968611E0C} - System32\Tasks\{7DF3D411-543D-4427-8DBE-32230D4CA234} => C:\Users\Fidelia\Desktop\New Folder\AR2.EXE [1999-02-04] (Origin Systems Inc.)
      Task: {49ECF562-F5BA-4D08-93D8-88DE0FC28BE1} - System32\Tasks\{B8A0FADC-38A9-43E2-8B55-4CDB5E8753BB} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {4B27808D-5A2F-4A0D-A678-70FCA6B03A85} - System32\Tasks\{DBA10DFE-5BF4-429E-BDA5-2B82D9A8BDA2} => C:\Games\Need for Speed Hot Pursuit\NFS11.exe
      Task: {4E4A453D-3712-446C-ABA5-5A499D388B43} - System32\Tasks\{96056449-F4F2-4340-B34B-80A8775789F9} => pcalua.exe -a "C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Setup.exe" -d "C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130"
      Task: {4FE7E568-8E5F-43F0-9D42-99D47F814BD1} - System32\Tasks\Cwetyckerberly Monitor => C:\Program Files\Fworyvadasy\xktedom.exe
      Task: {51C27ED3-A6C1-4F98-A276-45B93C57E782} - System32\Tasks\{5F703F60-FD7C-4D0A-A785-24DC792C1BAB} => C:\Program Files\Need For Speed III\nfs3.exe [1998-09-10] (Electronic Arts, Inc.)
      Task: {58FADF59-EAB0-4569-81EA-1D8D3B285C85} - System32\Tasks\{98590296-C829-4607-B0DD-45D57E4BD865} => C:\Users\Fidelia\Desktop\New Folder\AR2.EXE [1999-02-04] (Origin Systems Inc.)
      Task: {61AE1A4D-44D6-48A0-8FA6-B6467EAA8668} - System32\Tasks\{72920001-B91C-4333-8217-C851DF0B703B} => C:\Program Files\Argente Utilities\Argente Utilities.exe
      Task: {676CD1ED-58B8-481B-8AE9-62027DD60867} - System32\Tasks\{ECA0D482-9B16-43EC-B8C8-4DCEF613D297} => C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Espanol\Guide\setup.exe [2011-03-07] (Epson America, Inc.)
      Task: {6EDFE996-7610-40FD-9417-F04165814695} - System32\Tasks\{5B15485D-B936-4D65-94EE-B950C2487715} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {70BCD104-C2BF-42B9-9EA7-33434CCE7CA9} - System32\Tasks\{A49C0928-8DAA-4632-8497-8822AD8AB444} => pcalua.exe -a C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Espanol\Guide\setup.exe -d C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Espanol\Guide
      Task: {7F5BB27A-CE65-4EF5-BE4E-0897A0A5B44F} - System32\Tasks\{C858E8EC-88A4-44C2-B237-147EF4C61C85} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {80A23343-F2AE-4F52-8BB7-5D171A6D7C9C} - System32\Tasks\{EB3E3827-7A87-4036-9E51-307149F6BEA0} => C:\Games\Need for Speed Hot Pursuit\NFS11.exe
      Task: {80D219F1-7944-4545-8C21-56DBA1574F40} - System32\Tasks\{229A6F20-8A4D-447D-AE95-8C4239B5C479} => C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Setup.exe [2009-01-02] (EPSON America Inc.)
      Task: {80EB50E8-6163-40DD-9713-BE83B7986F77} - System32\Tasks\{8AF2C4D5-0B13-4FDB-BC04-77AF65487C81} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {9BFBE6C5-F9D8-4076-965C-D80FB4D93CC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1129451367-2137700630-1791503237-1000UA => C:\Users\Fidelia\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.)
      Task: {9C065DF5-43C3-49E5-A755-1F18903AE4A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-17] (Avast Software s.r.o.)
      Task: {A83494FE-151C-42C2-9515-0A35AB7675B5} - System32\Tasks\{016582F9-097A-4BCF-8FA6-05AE0B1D11B5} => pcalua.exe -a H:\EPSON-KATHERINE\Setup.exe -d H:\EPSON-KATHERINE
      Task: {AA0FDE5D-8723-4E50-B942-F9A54AA253C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-25] (Adobe Systems Incorporated)
      Task: {ADA509F2-1708-471A-A042-7580FAECE1E9} - System32\Tasks\{3EA0BD32-EA3F-49BF-865C-F659F4428080} => C:\Program Files\Need For Speed III\nfs3.exe [1998-09-10] (Electronic Arts, Inc.)
      Task: {B0DA18B3-7AB0-4626-A505-2B6C16015E02} - \Tupagh -> No File <==== ATTENTION
      Task: {B15A3430-02FC-4D6B-AD93-89F7AC9E1EBF} - System32\Tasks\{7D139ED7-CC3E-46F5-B8B9-21F7D2818504} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [2017-03-28] (Adobe Systems Incorporated)
      Task: {B524801A-8497-406F-AD75-378588234248} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
      Task: {B753D567-5EB2-4B96-BE3B-1024B8E9E366} - System32\Tasks\{A273D093-D8EA-4048-BF57-88D72D6A90DD} => C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Setup.exe [2009-01-02] (EPSON America Inc.)
      Task: {BAA7BFCE-4750-49C8-9E3F-D928097D3CA8} - System32\Tasks\{23FBC76B-5183-47A5-B731-5E32A248822A} => C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Espanol\Guide\setup.exe [2011-03-07] (Epson America, Inc.)
      Task: {C3B67B70-8956-469A-8DE1-9540F6BE5334} - System32\Tasks\{E4E08D7E-94B9-45B9-916E-AAACE3642AAF} => C:\Program Files\Argente Utilities\Argente Utilities.exe
      Task: {C5247FFB-194D-45BB-901F-8B891051C4BB} - System32\Tasks\{33892FF2-20BE-4BC8-BE37-DBE54B322FF0} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {C81B2446-F7B0-4C87-A924-8FC000DC4CB0} - System32\Tasks\{6A154C8E-6F2E-4ED7-82A6-B1F13E518D75} => C:\Program Files\Need For Speed III\nfs3.exe [1998-09-10] (Electronic Arts, Inc.)
      Task: {CD269821-6FC8-437E-970B-DC2B639730A9} - System32\Tasks\{DCE8D8BC-E8F9-419B-BC15-902574B47F78} => pcalua.exe -a "C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Espanol\Guide\setup.exe" -d "C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Espanol\Guide"
      Task: {CD9FF844-127D-4714-A300-91941F94F41A} - System32\Tasks\{BAF2C088-2EC3-447F-8FE2-B854648403BA} => C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Setup.exe [2009-01-02] (EPSON America Inc.)
      Task: {CDEC9B9E-42DC-4F51-9C81-E698524EB025} - System32\Tasks\{7360F05F-DF7E-4A89-BA36-2DA778AA6686} => C:\Games\Need for Speed Hot Pursuit\NFS11.exe
      Task: {D3166A22-6602-49D7-8C91-2B662A673602} - System32\Tasks\{EA9A6362-7A01-4A53-B0BD-996CA02280BE} => pcalua.exe -a C:\Users\Fidelia\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
      Task: {D402D5E2-ACC3-4A41-B6FB-3EC118750314} - System32\Tasks\{EC9F44EE-788B-4F2D-97B2-4F9021AE19B0} => C:\Users\Fidelia\Desktop\New Folder\AR2.EXE [1999-02-04] (Origin Systems Inc.)
      Task: {D8EB3CBC-CB0A-49FA-B250-08B25BCD5FED} - System32\Tasks\{D309739C-E513-447F-BE12-6CA92234CCF9} => C:\Users\Fidelia\Desktop\Nueva carpeta\Driver epson stylus tx130\Setup.exe [2009-01-02] (EPSON America Inc.)
      Task: {E36E23D8-9AB3-4FB0-AD31-9BBCFC005D72} - System32\Tasks\{683A2DF5-3B1B-4661-A315-C4B9E1F410D4} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [2017-03-28] (Adobe Systems Incorporated)
      Task: {E7974213-6670-473A-8782-DA7E07591908} - System32\Tasks\{0A3C8AED-5B85-4CF0-A2B1-1B21A19013F1} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
      Task: {F49EFF54-908B-47AD-B2BA-AF6869E5C18A} - System32\Tasks\{F2309C05-5ED2-469E-B215-F8358214B545} => C:\Program Files\Need For Speed III\nfs3.exe [1998-09-10] (Electronic Arts, Inc.)
      Task: {F9621A4B-D900-4F36-8EE5-E94E592FDFBE} - System32\Tasks\{59CEA600-0C4F-4B02-9884-9AA2E15F1013} => C:\Users\Fidelia\Desktop\EPSON-KATHERINE\Setup.exe
      Task: {F9BEFBCA-6BD5-4C87-A921-2154707853FD} - System32\Tasks\{17984CDB-7904-4768-9C55-5DBBDCC9E518} => C:\Program Files\Argente Utilities\Argente Utilities.exe

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\1r2YK4fkXN50ObOCi7ZU.job => C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU.exe <==== ATTENTION
      Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============

      2016-08-25 18:40 - 2016-08-25 10:17 - 02980864 _____ () C:\Program Files\AVAST Software\Avast\defs\16082501\algo.dll
      2011-03-14 09:27 - 2011-03-14 09:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
      2014-06-01 18:58 - 2014-06-01 18:56 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
      2014-06-01 18:58 - 2014-06-01 18:56 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
      2014-06-01 18:58 - 2014-06-01 18:56 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
      2014-06-01 18:58 - 2014-06-01 18:56 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
      2014-06-01 18:58 - 2014-06-01 18:56 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
      2014-06-01 18:58 - 2014-06-01 18:56 - 00835072 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
      2014-06-01 18:58 - 2014-06-01 18:56 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
      2016-09-07 19:04 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
      2016-09-07 19:04 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 20:04 - 2017-04-27 13:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 localhost

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fidelia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.100.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: )
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [TCP Query User{6174E807-19BC-4B70-BE28-19E6B40D7B7C}H:\epson software\event manager\eeventmanager.exe] => (Allow) H:\epson software\event manager\eeventmanager.exe
      FirewallRules: [UDP Query User{4A6392F5-025B-4432-AFF0-BCCAAB3CD051}H:\epson software\event manager\eeventmanager.exe] => (Allow) H:\epson software\event manager\eeventmanager.exe
      FirewallRules: [TCP Query User{C39754D2-B588-445F-8976-94ED0323689B}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
      FirewallRules: [UDP Query User{E2FB3247-AA03-4839-AE97-7C0F190A6327}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
      FirewallRules: [TCP Query User{A8F73C17-D85A-4E35-8887-A685B4E7CE19}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
      FirewallRules: [UDP Query User{7D0F4E1D-F706-43D8-A441-3E12C9096469}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
      FirewallRules: [TCP Query User{FC15BF94-6460-477E-AC75-01F2CA6FB61B}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
      FirewallRules: [UDP Query User{42DE6657-022F-466A-9AA0-629613F8750B}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
      FirewallRules: [{E0927F2F-8F93-435B-A914-452D46A18D85}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
      FirewallRules: [{5791919B-92B0-4D67-B24E-148A88462FB5}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
      FirewallRules: [{BFD80535-B0D0-4EB3-91F1-C3D2457E8AFC}] => (Allow) C:\Users\Fidelia\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{C206888B-D5E1-4CAD-B6F9-37B483A6DFF0}] => (Allow) C:\Users\Fidelia\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{0D2D67A1-AC1C-409E-83EF-CA4E42EC2731}] => (Allow) C:\Users\Fidelia\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{DB4E34C9-C9C4-414D-80F2-7AD255186FDE}] => (Allow) C:\Users\Fidelia\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{47DABFAF-1401-4F42-A022-E53C4265ECAB}] => (Allow) C:\Users\Fidelia\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{499EF099-27CE-4E0C-B0B5-8AC4B9ED72A1}] => (Allow) C:\Users\Fidelia\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [TCP Query User{D4A6D1D2-CA29-4DFE-AB2D-0E652895D19F}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
      FirewallRules: [UDP Query User{FBC3C4A5-523B-4637-86EB-6009426A8095}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
      FirewallRules: [{A27D57F0-29D2-4C1A-AD1A-C25C9A852808}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [{EC90F63A-0666-4BB9-A08A-2A0E8BE6BBD7}] => (Allow) C:\Users\Fidelia\Desktop\andy-x86\Setup.exe
      FirewallRules: [{A43B72F0-2654-4065-9020-D62E330B4A0D}] => (Allow) C:\Users\Fidelia\Desktop\andy-x86\Setup.exe
      FirewallRules: [{C6A769DD-5D19-4696-A932-635585568E74}] => (Allow) C:\Program Files\Andy\andy.exe
      FirewallRules: [{F3024741-414F-4BE6-B905-8FCEF941029D}] => (Allow) C:\Program Files\Andy\andy.exe
      FirewallRules: [{99A7626E-B76C-4033-9784-F3841492B2B7}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
      FirewallRules: [{7780E9E1-1E15-46FD-BC47-C9358385F5E3}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
      FirewallRules: [{416052D2-8977-4765-B451-4F750CC0CB9B}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
      FirewallRules: [{33A05410-3F77-4723-9DEB-DFA87248DE05}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
      FirewallRules: [{19F031AD-6C14-4ECB-8653-353FD1040C25}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
      FirewallRules: [{D447C6EF-31EF-4E78-83D3-D8240040E750}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
      FirewallRules: [{980F5EDD-08AA-490B-9978-F988CD69C746}] => (Allow) C:\Users\Fidelia\AppData\Local\Temp\RemoveTemp.exe
      FirewallRules: [{F8891D57-FD1A-4953-B5D1-4AE53A1FFFDE}] => (Allow) C:\Users\Fidelia\AppData\Local\Temp\RemoveTemp.exe
      FirewallRules: [{EBEC0911-B579-43E5-94DE-A5BBA4980E6A}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
      FirewallRules: [{3F0B1CEE-34BC-499B-95ED-3252E8171E35}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
      FirewallRules: [{7E7F7F95-5F66-47C7-BD1B-19D8065FD01B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{266B3696-22B0-468A-B5ED-05D376F36A04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [TCP Query User{E96DD26B-57D6-4648-BD0E-AA8B8871F6D9}C:\program files\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files\youwave android\vb\vboxsdl.exe
      FirewallRules: [UDP Query User{2BD78346-F590-4A55-BD56-6E27CC4AC8E4}C:\program files\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files\youwave android\vb\vboxsdl.exe
      FirewallRules: [{7B30C4CD-CF38-4DED-A20C-388214E7F774}] => (Allow) C:\Program Files\Winamp\winamp.exe
      FirewallRules: [{15458E75-5566-4228-8D31-8ABA3EBA454B}] => (Allow) C:\Program Files\Winamp\winamp.exe
      FirewallRules: [TCP Query User{9BE3BBD3-6D99-4445-AB16-C629BE83B2A2}C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1.exe] => (Allow) C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1.exe
      FirewallRules: [UDP Query User{8E78D3F5-7350-4A00-97BB-674A4022DC2C}C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1.exe] => (Allow) C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1.exe
      FirewallRules: [TCP Query User{1837C825-53D3-495A-8942-88F74907B948}C:\program files\need for speed iii\nfs3.exe] => (Block) C:\program files\need for speed iii\nfs3.exe
      FirewallRules: [UDP Query User{54563FE8-3927-44A9-869E-AFB9F83032E0}C:\program files\need for speed iii\nfs3.exe] => (Block) C:\program files\need for speed iii\nfs3.exe
      FirewallRules: [TCP Query User{42F716D6-53F4-422B-9931-CF02764EAFB7}C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1\age2_x2.exe] => (Allow) C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1\age2_x2.exe
      FirewallRules: [UDP Query User{87892DC7-D1B0-45BF-A7E2-829C4300FB26}C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1\age2_x2.exe] => (Allow) C:\users\fidelia\desktop\age of empires ii (by yaiba527)\age2_x1\age2_x2.exe
      FirewallRules: [TCP Query User{28861E2F-DF86-4B8C-A465-3C15B1029CA5}C:\users\fidelia\desktop\age of empires ii (by yaiba527)\empires2.exe] => (Allow) C:\users\fidelia\desktop\age of empires ii (by yaiba527)\empires2.exe
      FirewallRules: [UDP Query User{68C63860-DBB8-4BD7-87C9-E70CC64A16FC}C:\users\fidelia\desktop\age of empires ii (by yaiba527)\empires2.exe] => (Allow) C:\users\fidelia\desktop\age of empires ii (by yaiba527)\empires2.exe
      FirewallRules: [TCP Query User{980A42BE-3082-4434-98A8-C015BD993FBB}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
      FirewallRules: [UDP Query User{0F820A46-7C35-4CE0-A319-D50C855718E2}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
      FirewallRules: [TCP Query User{354DA480-3498-4E11-BBCF-059E2591B8E4}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
      FirewallRules: [UDP Query User{F1ADEB6B-8AD0-460F-9562-4B1EE058C546}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
      FirewallRules: [TCP Query User{645075FC-31A0-4F47-801F-8E5BB5201F6C}C:\users\fidelia\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fidelia\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{CAD8FFC4-A04D-41BC-8DE1-FFF25344AAE9}C:\users\fidelia\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fidelia\appdata\local\google\chrome\application\chrome.exe

      ==================== Restore Points =========================

      01-06-2017 20:16:31 Archivos de copia de seguridad de Service Pack quitados
      03-06-2017 12:12:05 Windows Update

      ==================== Faulty Device Manager Devices =============

      Name: Adaptador de tunelización Teredo de Microsoft
      Description: Adaptador de tunelización Teredo de Microsoft
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Microsoft
      Service: tunnel
      Problem: : This device cannot start. (Code10)
      Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
      On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (06/12/2017 11:02:33 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.479, marca de tiempo: 0x58f6aabc
      Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7b96e
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00032239
      Id. del proceso con errores: 0x70c
      Hora de inicio de la aplicación con errores: 0x01d2e354dfa63cd4
      Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
      Id. del informe: ecbf9795-4f90-11e7-b733-b870f4c595b7

      Error: (06/10/2017 10:57:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
      Description: Los Servicios de cifrado no pudieron inicializar el objeto "System Writer" de la copia de seguridad de VSS.

      Details:
      Could not query the status of the EventSystem service.

      System Error:
      Se está cerrando el sistema.
      .

      Error: (06/07/2017 06:57:28 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.479, marca de tiempo: 0x58f6aabc
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x0073006f
      Id. del proceso con errores: 0x870
      Hora de inicio de la aplicación con errores: 0x01d2df312aff0ed7
      Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: unknown
      Id. del informe: dbaa6792-4b80-11e7-98dd-b870f4c595b7

      Error: (06/06/2017 10:38:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa Explorer.EXE, versión 6.1.7601.17514, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: 2e8

      Hora de inicio: 01d2df312470e4b6

      Hora de finalización: 9803

      Ruta de acceso de la aplicación: C:\Windows\Explorer.EXE

      Identificador de informe:

      Error: (06/05/2017 07:53:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
      Description: Los Servicios de cifrado no pudieron inicializar el objeto "System Writer" de la copia de seguridad de VSS.

      Details:
      Could not query the status of the EventSystem service.

      System Error:
      Se está cerrando el sistema.
      .

      Error: (06/03/2017 12:30:39 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1068, marca de tiempo: 0x59125ef2
      Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x58ed4d4f
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x001a497b
      Id. del proceso con errores: 0xc
      Hora de inicio de la aplicación con errores: 0x01d2dc97554d91ff
      Ruta de acceso de la aplicación con errores: C:\Program FilesMB\Anti-Malware\mbam.exe
      Ruta de acceso del módulo con errores: C:\Program FilesMB\Anti-Malware\Qt5Core.dll
      Id. del informe: bd8dd9e6-488a-11e7-b798-b870f4c595b7

      Error: (06/03/2017 12:19:17 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.479, marca de tiempo: 0x58f6aabc
      Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7b96e
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00032239
      Id. del proceso con errores: 0x137c
      Hora de inicio de la aplicación con errores: 0x01d2dc948ab82a1d
      Ruta de acceso de la aplicación con errores: C:\Program FilesMB\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
      Id. del informe: 27777e2f-4889-11e7-aa7e-b870f4c595b7

      Error: (06/01/2017 08:16:22 PM) (Source: VSS) (EventID: 8194) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
      .
      A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


      Operación:
      Recopilando datos del escritor

      Contexto:
      Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
      Nombre del escritor: System Writer
      Id. de instancia del escritor: {81687d93-9f73-4a5e-acc9-2efff477fd39}

      Error: (05/31/2017 06:51:07 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.479, marca de tiempo: 0x58f6aabc
      Nombre del módulo con errores: CleanControllerImpl.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x590a4a55
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x6df443e8
      Id. del proceso con errores: 0x5a0
      Hora de inicio de la aplicación con errores: 0x01d2da5870924e3c
      Ruta de acceso de la aplicación con errores: C:\Program FilesMB\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: CleanControllerImpl.dll
      Id. del informe: 64d756d4-4664-11e7-ac44-b870f4c595b7

      Error: (05/16/2017 06:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.1.0.479, marca de tiempo: 0x58f6aabc
      Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7b96e
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00052c86
      Id. del proceso con errores: 0x640
      Hora de inicio de la aplicación con errores: 0x01d2cea405198104
      Ruta de acceso de la aplicación con errores: C:\Program FilesMB\Anti-Malware\mbamservice.exe
      Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
      Id. del informe: 083d352a-3a9c-11e7-ab2b-b870f4c595b7


      System errors:
      =============
      Error: (06/12/2017 10:32:58 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_NUM

      Error: (06/12/2017 10:32:58 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_COMPLETE

      Error: (06/12/2017 10:32:56 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_REQUEST

      Error: (06/12/2017 10:32:04 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_NUM

      Error: (06/12/2017 10:32:04 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_COMPLETE

      Error: (06/12/2017 10:32:03 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_REQUEST

      Error: (06/12/2017 10:31:04 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_NUM

      Error: (06/12/2017 10:31:04 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_COMPLETE

      Error: (06/12/2017 10:31:03 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_REQUEST

      Error: (06/12/2017 10:30:04 PM) (Source: RTL8192Ce) (EventID: 0) (User: )
      Description: OID_SCAN_NUM


      CodeIntegrity:
      ===================================
      Date: 2014-03-13 17:49:08.961
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\IDMShellExt.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 17:49:08.946
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\IDMShellExt.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 17:49:08.915
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\IDMShellExt.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 17:49:08.587
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\IDMShellExt.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 12:28:24.605
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\RpcRtRemote.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 12:28:24.527
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\RpcRtRemote.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 12:28:24.449
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\RpcRtRemote.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-13 12:28:23.888
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\RpcRtRemote.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-12 15:58:58.379
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\aswSP_2.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2014-03-12 11:54:08.674
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Fidelia\Desktop\fifi\appidapi_1.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
      Percentage of memory in use: 61%
      Total physical RAM: 1013.42 MB
      Available physical RAM: 389.63 MB
      Total Virtual: 2037.42 MB
      Available Virtual: 1071.03 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:297.99 GB) (Free:130.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 430A979E)
      Partition 1: (Not Active) - (Size=100 MB) - (Type=06)
      Partition 2: (Active) - (Size=298 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    7. #17
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Posibles infecciones y pantalla azul

      Actualizas los programas de Adobe:

      https://get.adobe.com/es/flashplayer/ ( hazlo con todos los navgadores)

      Entra en :

      https://www.java.com/es/download/uninstalltool.jsp



      Realiza copia marcadores de Chrome >> https://support.google.com/chrome/answer/96816?hl=es




      Realiza lo siguiente por favor:

      En el equipo con los demas programas cerrados:
      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      Toolbar: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
      Toolbar: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> No Name - {AB0635D9-CA4E-48DB-B83A-16CB6E430774} - No File
      CHR Profile: C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-12] <==== ATTENTION
      StartMenuInternet: Google Chrome.BYKWUWZVSHTLLWV4C2J64MBQRQ - C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1494002694&z=1f9ccf922212f4d7c8f1411g7z3t0zde8e4o8qbt6g&from=che0812&uid=TOSHIBAXMK3275GSX_61PAP8GTTXX61PAP8GTT
      S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION
      S2 SNARE; C:\Users\Fidelia\AppData\Local\SNARE\Snare.dll [X] <==== ATTENTION
      C:\ProgramData\BIT
      C:\Users\Fidelia\AppData\Local\SNARE
      C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
      Task: {B0DA18B3-7AB0-4626-A505-2B6C16015E02} - \Tupagh -> No File <==== ATTENTION
      Task: C:\Windows\Tasks\1r2YK4fkXN50ObOCi7ZU.job => C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU.exe <==== ATTENTION
      C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU.exe
      
       
      
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

      Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
      Ejecutas Frst.exe.

      Presionas el botón Fix y aguardas a que termine.
      La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo
      Lo pegas en tu próxima respuesta, comentado como va el problema
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de Chico C.R.
      Registrado
      may 2017
      Ubicación
      Costa Rica
      Mensajes
      13

      Re: Posibles infecciones y pantalla azul

      Este es el resultado del fixlog

      Fix result of Farbar Recovery Scan Tool (x86) Version: 15-06-2017 01
      Ran by Fidelia (17-06-2017 22:35:58) Run:1
      Running from C:\Users\Fidelia\Desktop
      Loaded Profiles: Fidelia (Available Profiles: Fidelia & Invitado)
      Boot Mode: Normal

      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      Toolbar: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
      Toolbar: HKU\S-1-5-21-1129451367-2137700630-1791503237-1000 -> No Name - {AB0635D9-CA4E-48DB-B83A-16CB6E430774} - No File
      CHR Profile: C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-12] <==== ATTENTION
      StartMenuInternet: Google Chrome.BYKWUWZVSHTLLWV4C2J64MBQRQ - C:\Users\Fidelia\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1494002694&z=1f9ccf922212f4d7c8f1411g7z3t0zde8e4o8qbt6g&from=che0812&uid=TOSHIBAXMK3275GSX_61PAP8GTTXX61PAP8GTT
      S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION
      S2 SNARE; C:\Users\Fidelia\AppData\Local\SNARE\Snare.dll [X] <==== ATTENTION
      C:\ProgramData\BIT
      C:\Users\Fidelia\AppData\Local\SNARE
      C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
      Task: {B0DA18B3-7AB0-4626-A505-2B6C16015E02} - \Tupagh -> No File <==== ATTENTION
      Task: C:\Windows\Tasks\1r2YK4fkXN50ObOCi7ZU.job => C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU.exe <==== ATTENTION
      C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU.exe



      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      HKLM\SOFTWARE\Policies\Google => key removed successfully.
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
      HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key removed successfully.
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AB0635D9-CA4E-48DB-B83A-16CB6E430774} => value removed successfully.
      HKLM\Software\Classes\CLSID\{AB0635D9-CA4E-48DB-B83A-16CB6E430774} => key not found.
      C:\Users\Fidelia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
      HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.BYKWUWZVSHTLLWV4C2J64MBQRQ\shell\open\command\\Default => value restored successfully
      HKLM\System\CurrentControlSet\Services\BIT => key removed successfully.
      BIT => service removed successfully.
      HKLM\System\CurrentControlSet\Services\SNARE => key removed successfully.
      SNARE => service removed successfully.
      C:\ProgramData\BIT => moved successfully
      "C:\Users\Fidelia\AppData\Local\SNARE" => not found.
      C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0DA18B3-7AB0-4626-A505-2B6C16015E02} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0DA18B3-7AB0-4626-A505-2B6C16015E02} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tupagh => key removed successfully.
      C:\Windows\Tasks\1r2YK4fkXN50ObOCi7ZU.job => moved successfully
      "C:\Users\Fidelia\AppData\Roaming\1r2YK4fkXN50ObOCi7ZU.exe" => not found.
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-1129451367-2137700630-1791503237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::9400:4cce:16d0:ff8d%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.100.7
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.100.1

      Adaptador de Ethernet Conexi¢n de *rea local:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to cancel {D5D634B0-0A0B-4474-80D9-F360A2F58DCE}.
      {0ABA3661-A95F-445A-A2F5-34B4088F9084} canceled.
      1 out of 2 jobs canceled.

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21781503 B
      Java, Flash, Steam htmlcache => 492 B
      Windows/system/drivers => 220 B
      Edge => 0 B
      Chrome => 188416 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 66228 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 16887596 B
      LocalService => 132244 B
      NetworkService => 952 B
      Fidelia => 18150338 B
      Invitado => 43128425 B

      RecycleBin => 1777696 B
      EmptyTemp: => 105.4 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 22:38:49 ====

    9. #19
      Usuario Avatar de Chico C.R.
      Registrado
      may 2017
      Ubicación
      Costa Rica
      Mensajes
      13

      Re: Posibles infecciones y pantalla azul

      Se reinició el equipo automáticamente y apareció un cuadro unos segundos y desapareció

    10. #20
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Posibles infecciones y pantalla azul

      Ok...como va todo?
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.