• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    Virus grrrr

    Hola, ya hacía tiempo que no teníamos virus alguno peeeero.. esta vez me ha vuelto a tocar... Síntomas: Se abren pantallas de navegación no solicitadas. Lentitud en el ordenador Se me han borrado (desinstalado algunos ...

    1. #1
      Usuario Avatar de inmodu
      Registrado
      may 2014
      Ubicación
      España
      Mensajes
      66

      Virus grrrr

      Hola, ya hacía tiempo que no teníamos virus alguno peeeero.. esta vez me ha vuelto a tocar...
      Síntomas:
      Se abren pantallas de navegación no solicitadas.
      Lentitud en el ordenador
      Se me han borrado (desinstalado algunos programas)

      He realizado los pasos generales y no he solucionado nada:
      Malware virus dice que no hay virus
      I-explore dice que no hay virus
      Ccleaner he limpiado y reparado registro y... "na de na" :-((

      SO Windows 10

      Gracias por la ayuda

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Virus grrrr

      Hola inmodu

      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C1].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de inmodu
      Registrado
      may 2014
      Ubicación
      España
      Mensajes
      66

      Re: Virus grrrr

      Hola Daniela, pues... lamentblemente la lentitud continúa y las páginas no deseadas se siguen abriendo en webs en las que antes no se abrían :-(
      Te pego los reportes...
      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 25/9/17
      Hora del análisis: 16:22
      Archivo de registro: ebab3380-a1fc-11e7-9d43-40b03470e39c.json
      Administrador: Sí

      -Información del software-
      Versión: 3.2.2.2018
      Versión de los componentes: 1.0.188
      Versión del paquete de actualización: 1.0.2881
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 10 (Build 15063.540)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: LAPTOP-1QU852D4\Nombre

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 382354
      Amenazas detectadas: 8
      Amenazas en cuarentena: 8
      Tiempo transcurrido: 2 min, 26 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 1
      Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En cuarentena, [318], [-1],0.0.0

      Valor del registro: 7
      Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, En cuarentena, [318], [438935],1.0.2881
      Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, En cuarentena, [318], [-1],0.0.0
      Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [318], [-1],0.0.0
      Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [318], [-1],0.0.0
      Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [318], [-1],0.0.0
      Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{4030FAE4-266B-407B-B45D-59C376B43F23}|AUTOCONFIGURL, En cuarentena, [318], [438932],1.0.2881
      Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, En cuarentena, [318], [438933],1.0.2881

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 0
      (No hay elementos maliciosos detectados)

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 10 Home x64
      Ran by Nombre (Administrator) on 25/09/2017 at 16:31:11,42
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 1

      Successfully deleted: C:\Users\Nombre\AppData\Roaming\wyupdate au (Folder)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 25/09/2017 at 16:37:28,82
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      # AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 25 14:39:30 2017
      # Updated on 2017/29/08 by Malwarebytes
      # Database: 09-23-2017.2
      # Running on Windows 10 Home (X64)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************

      C:/AdwCleaner/AdwCleaner[C0].txt - [3423 B] - [2017/9/25 14:11:49]
      C:/AdwCleaner/AdwCleaner[S0].txt - [3410 B] - [2017/9/25 14:11:24]
      C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2017/9/25 14:16:48]


      ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Virus grrrr

      Hola

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de inmodu
      Registrado
      may 2014
      Ubicación
      España
      Mensajes
      66

      Re: Virus grrrr

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2016-07-16 13:47 - 2017-09-24 14:27 - 000000897 _____ C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 skipittok.com
      0.0.0.0 telemetry.malwarebytes.com

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
      DNS Servers: 80.58.61.250 - 80.58.61.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\StartupFolder: => "HP JumpStart Launch.lnk"
      HKLM\...\StartupApproved\Run: => "BtServer"
      HKLM\...\StartupApproved\Run: => "HPRadioMgr"
      HKLM\...\StartupApproved\Run: => "Cm106Sound"
      HKLM\...\StartupApproved\Run32: => "HPMessageService"
      HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
      HKLM\...\StartupApproved\Run32: => "EEventManager"
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\StartupApproved\Run: => "BlueStacks Agent"
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\StartupApproved\Run: => "Epson Stylus SX235"
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\StartupApproved\Run: => "OneDrive"
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\StartupApproved\Run: => "EPSONF033E8 (Epson Stylus SX235)"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [UDP Query User{444134A8-DC18-4370-ABB5-554454C850B9}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
      FirewallRules: [TCP Query User{F42BF0F6-17DA-4954-AFDE-F51882E7D0D4}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
      FirewallRules: [UDP Query User{601A0971-8159-4AC0-B4D3-B55AF99ECA0C}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
      FirewallRules: [TCP Query User{BC73A601-F826-473E-967D-52942ED8B1C6}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
      FirewallRules: [{40BE31AE-BF4F-4CF3-8F77-8F1E77845D25}] => (Block) C:\users\nombre\appdata\local\it-finance\prorealtime\runtime\bin\java.exe
      FirewallRules: [{6DFC441E-8385-4C19-A547-EB1F6108DE92}] => (Block) C:\users\nombre\appdata\local\it-finance\prorealtime\runtime\bin\java.exe
      FirewallRules: [UDP Query User{502EADFC-FB7C-404F-9566-BE5753C05400}C:\users\nombre\appdata\local\it-finance\prorealtime\runtime\bin\java.exe] => (Allow) C:\users\nombre\appdata\local\it-finance\prorealtime\runtime\bin\java.exe
      FirewallRules: [TCP Query User{F171DC20-32CB-40FD-A2F0-50AF895FE4DD}C:\users\nombre\appdata\local\it-finance\prorealtime\runtime\bin\java.exe] => (Allow) C:\users\nombre\appdata\local\it-finance\prorealtime\runtime\bin\java.exe
      FirewallRules: [UDP Query User{B31174EB-6DD3-46B9-BE2B-A34BA699CCF9}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
      FirewallRules: [TCP Query User{4654D5CC-FFC3-4916-AD18-2D397FBE5502}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
      FirewallRules: [{385D824F-49C0-42DE-AA1F-C3E929EB4A94}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
      FirewallRules: [{841A8E70-4877-4E96-92EE-8D3F0414CF51}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{A55A2771-ACA5-496E-AA24-F2B2939242C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
      FirewallRules: [{E58CB83E-A846-4551-BE87-AEE052AB4960}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{497F15D6-C7CF-4297-975E-C6B678650208}] => (Allow) C:\Program Files\Vuze\Azureus.exe
      FirewallRules: [{96C07E65-AB7B-4561-AAF7-6557FB62CD65}] => (Allow) C:\Program Files\Vuze\Azureus.exe
      FirewallRules: [{BCB2A6E5-ADE4-4BB3-A126-EE3D66754C49}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
      FirewallRules: [{BAE93EAE-B10F-4E20-9F22-E59E9C7D9551}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
      FirewallRules: [{E38EE9F1-D854-482F-8119-299731D6BA02}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
      FirewallRules: [{81F562E3-0D98-462C-91F9-06E7E53E9F7A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
      FirewallRules: [{40B40E03-7592-41C7-B29C-212937B7295A}] => (Allow) LPort=13148
      FirewallRules: [{D779A47E-66DE-4C16-8CCC-09A20FC0B1D4}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
      FirewallRules: [{869B197C-61B3-4F78-BE6E-31749BCD82C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{1CC986EB-2600-422C-A407-02BCAC604160}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{E6795661-9C4C-49CF-B003-6C45018DEEA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{303D7460-67F9-483F-B5C7-221455ACD618}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{B2110528-B933-4898-AE82-5434FC9F350D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
      FirewallRules: [{E62C4C7B-DD3C-4A73-B1AC-1B50337042CD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
      FirewallRules: [{D58678F0-DC2D-45C0-A87A-E59D8DD97200}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
      FirewallRules: [{0E3F8AA8-63F1-45C8-93DA-164B5ADEA2D7}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
      FirewallRules: [{B57F3712-BCEB-4992-BF34-13D14652AA7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      17-09-2017 13:12:42 Windows Update
      21-09-2017 12:52:18 Windows Update
      24-09-2017 15:26:35 Windows Update
      25-09-2017 16:31:38 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (09/26/2017 07:25:48 AM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/26/2017 07:24:08 AM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (09/25/2017 10:32:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

      Error: (09/25/2017 10:32:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 15609

      Error: (09/25/2017 10:32:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (09/25/2017 08:53:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1QU852D4)
      Description: Se detuvo el paquete Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe+App porque se tardó demasiado en suspender.

      Error: (09/25/2017 07:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 1482016

      Error: (09/25/2017 07:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 1482016

      Error: (09/25/2017 07:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (09/25/2017 05:43:12 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio "WmiApRpl" en el archivo DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.


      System errors:
      =============
      Error: (09/25/2017 07:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      y APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (09/25/2017 06:57:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (09/25/2017 06:57:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\Nombre\AppData\Local\Temp\ehdrv.sys

      Error: (09/25/2017 06:57:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (09/25/2017 06:57:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\Nombre\AppData\Local\Temp\ehdrv.sys

      Error: (09/25/2017 06:57:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (09/25/2017 06:57:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\Nombre\AppData\Local\Temp\ehdrv.sys

      Error: (09/25/2017 06:57:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (09/25/2017 06:57:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\Nombre\AppData\Local\Temp\ehdrv.sys

      Error: (09/25/2017 06:57:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador


      CodeIntegrity:
      ===================================
      Date: 2017-09-26 07:18:24.677
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-26 07:18:24.404
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 21:06:55.550
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 21:06:41.875
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 21:06:40.808
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 21:06:40.606
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 20:17:16.781
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 20:17:13.474
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 20:16:41.387
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-09-25 20:16:23.216
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
      Percentage of memory in use: 41%
      Total physical RAM: 8107.91 MB
      Available physical RAM: 4749.32 MB
      Total Virtual: 10539.91 MB
      Available Virtual: 7159.54 MB

      ==================== Drives ================================

      Drive c: (Windows) (Fixed) (Total:915.86 GB) (Free:622.88 GB) NTFS
      Drive d: (RECOVERY) (Fixed) (Total:14.42 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from drive)]

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 931.5 GB) (Disk ID: A7F5FB85)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    6. #6
      Usuario Avatar de inmodu
      Registrado
      may 2014
      Ubicación
      España
      Mensajes
      66

      Re: Virus grrrr

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01
      Ran by Nombre (administrator) on LAPTOP-1QU852D4 (26-09-2017 07:26:06)
      Running from C:\Users\Nombre\Desktop
      Loaded Profiles: Nombre (Available Profiles: defaultuser0 & Nombre)
      Platform: Windows 10 Home Version 1703 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Edge)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
      (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
      (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
      (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHeciSvc.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
      (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
      (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
      (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
      (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxEM.exe
      (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor)
      HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corporation)
      HKLM\...\Run: [Cm106Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd
      HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
      HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
      HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\Run: [EPSONF033E8 (Epson Stylus SX235)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\MountPoints2: {db3ce210-6f8e-11e7-947a-40b03470e39c} - "F:\LG_PC_Programs.exe"
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-02-01]
      ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico ()

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{21c3d722-9985-4430-a1fd-52a7d4ade0e5}: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{bbdc9d81-6265-4ad5-805f-aa9161605c95}: [DhcpNameServer] 80.58.61.250 80.58.61.254

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
      BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
      BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
      BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
      BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
      Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
      Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)

      FireFox:
      ========
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()

      Chrome:
      =======
      CHR Profile: C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
      CHR Extension: (Presentaciones de Google) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-23]
      CHR Extension: (Google Docs) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-23]
      CHR Extension: (Google Drive) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-23]
      CHR Extension: (YouTube) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-23]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-23]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-23]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
      CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp.)
      R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
      S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-23] (Dropbox, Inc.)
      S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-23] (Dropbox, Inc.)
      R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-04] (Intel Corporation)
      S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
      R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed]
      R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3316576 2016-08-09] (HP Inc.)
      R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc.)
      S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
      R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
      R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
      S4 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
      R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-03] (McAfee, Inc.)
      S3 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
      R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
      R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink)
      R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor)
      R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
      R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
      R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
      S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-04] (Intel Corporation)
      R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-04] (Intel Corporation)
      R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-09-24] ()
      R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-24] (Malwarebytes)
      R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-25] (Malwarebytes)
      R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-25] (Malwarebytes)
      R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-25] (Malwarebytes)
      R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-26] (Malwarebytes)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-08-02] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc.)
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek )
      R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation)
      S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-09-23] (Realsil Semiconductor Corporation)
      R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
      S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 USBMULCD; C:\WINDOWS\system32\drivers\CM10664.sys [4120576 2012-10-04] (C-Media Electronics Inc)
      S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
      S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
      R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
      R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
      S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
      S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-09-26 07:26 - 2017-09-26 07:27 - 000018822 _____ C:\Users\Nombre\Desktop\FRST.txt
      2017-09-26 07:25 - 2017-09-26 07:25 - 000000000 ____D C:\Users\Nombre\Desktop\FRST-OlderVersion
      2017-09-25 18:57 - 2017-09-25 18:57 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
      2017-09-25 18:56 - 2017-09-25 18:56 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Nombre\Downloads\ESETOnlineScanner_ESL (2).exe
      2017-09-25 18:55 - 2017-09-26 07:16 - 000000000 ____D C:\Program Files\Bitdefender Agent
      2017-09-25 18:55 - 2017-09-25 18:55 - 000050320 _____ C:\ProgramData\agent.1506358520.bdinstall.bin
      2017-09-25 18:55 - 2017-09-25 18:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
      2017-09-25 18:54 - 2017-09-25 18:55 - 009932672 _____ C:\Users\Nombre\Downloads\bitdefender_online.exe
      2017-09-25 17:40 - 2017-09-25 17:40 - 000000000 ___HD C:\ProgramData\temp
      2017-09-25 16:39 - 2017-09-25 16:39 - 000001149 _____ C:\Users\Nombre\Desktop\AdwCleaner[S2].txt
      2017-09-25 16:37 - 2017-09-25 16:38 - 000000625 _____ C:\Users\Nombre\Desktop\JRT.txt
      2017-09-25 16:28 - 2017-09-25 16:28 - 000002790 _____ C:\Users\Nombre\Desktop\mbinfo.txt
      2017-09-25 16:20 - 2017-09-25 16:20 - 001790024 _____ (Malwarebytes) C:\Users\Nombre\Downloads\JRT.exe
      2017-09-25 16:20 - 2017-09-25 16:20 - 001790024 _____ (Malwarebytes) C:\Users\Nombre\Desktop\JRT.exe
      2017-09-25 16:09 - 2017-09-25 22:22 - 000000000 ____D C:\AdwCleaner
      2017-09-25 16:08 - 2017-09-25 16:08 - 008182736 _____ (Malwarebytes) C:\Users\Nombre\Desktop\AdwCleaner.exe
      2017-09-25 16:07 - 2017-09-25 16:08 - 008182736 _____ (Malwarebytes) C:\Users\Nombre\Downloads\AdwCleaner.exe
      2017-09-25 16:05 - 2017-09-26 07:26 - 000000000 ____D C:\FRST
      2017-09-25 16:04 - 2017-09-26 07:25 - 002399744 _____ (Farbar) C:\Users\Nombre\Desktop\FRST64.exe
      2017-09-25 16:01 - 2017-09-25 16:03 - 002399744 _____ (Farbar) C:\Users\Nombre\Downloads\FRST64.exe
      2017-09-25 13:56 - 2017-09-25 13:57 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Nombre\Downloads\ESETOnlineScanner_ESL (1).exe
      2017-09-25 13:20 - 2017-09-25 13:20 - 000000000 __SHD C:\found.001
      2017-09-24 19:53 - 2017-09-25 12:44 - 000002030 _____ C:\Users\Nombre\Desktop\Rkill.txt
      2017-09-24 19:28 - 2017-09-24 19:28 - 000011272 _____ C:\Users\Nombre\Downloads\Truman_HDRip.torrent
      2017-09-24 19:18 - 2017-09-24 19:18 - 000021191 _____ C:\Users\Nombre\Downloads\Truman-(ARCHIVO).torrent
      2017-09-24 16:47 - 2017-09-24 16:46 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Nombre\Desktop\iExplore.exe
      2017-09-24 16:46 - 2017-09-24 16:46 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Nombre\Downloads\iExplore.exe
      2017-09-24 16:33 - 2017-09-24 16:33 - 000000000 ____D C:\Users\Nombre\AppData\Local\ESET
      2017-09-24 16:31 - 2017-09-24 16:33 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Nombre\Downloads\ESETOnlineScanner_ESL.exe
      2017-09-24 10:33 - 2017-09-26 07:22 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
      2017-09-24 10:33 - 2017-09-25 17:41 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      2017-09-24 10:33 - 2017-09-25 17:41 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
      2017-09-24 10:33 - 2017-09-25 17:41 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2017-09-24 10:33 - 2017-09-24 10:36 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
      2017-09-24 10:32 - 2017-09-24 10:32 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-09-24 10:32 - 2017-09-24 10:32 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-09-24 10:32 - 2017-09-24 10:32 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-09-20 13:44 - 2017-09-20 13:44 - 000324781 _____ C:\Users\Nombre\Downloads\Nuria Gines Roedores Castelldefels (2).pdf
      2017-09-20 13:05 - 2017-09-20 13:05 - 000324781 _____ C:\Users\Nombre\Downloads\Nuria Gines Roedores Castelldefels (1).pdf
      2017-09-20 13:01 - 2017-09-20 13:01 - 000324781 _____ C:\Users\Nombre\Downloads\Nuria Gines Roedores Castelldefels.pdf
      2017-09-18 13:58 - 2017-09-18 13:58 - 000841490 _____ C:\Users\Nombre\Downloads\1505735909537.pdf
      2017-09-18 09:59 - 2017-09-18 09:59 - 000011614 _____ C:\Users\Nombre\Desktop\basuras JI.pdf
      2017-09-18 09:58 - 2017-09-18 09:58 - 000011614 _____ C:\Users\Nombre\Downloads\file (2).pdf
      2017-09-17 19:05 - 2017-09-17 19:05 - 000047365 _____ C:\Users\Nombre\Downloads\Personal_Shopper.torrent
      2017-09-17 11:46 - 2017-09-17 11:46 - 000587039 _____ C:\Users\Nombre\Downloads\Fin-Contraco 50% lali.pdf
      2017-09-14 09:35 - 2017-09-21 11:28 - 000000000 ____D C:\Users\Nombre\Desktop\WORD
      2017-09-14 08:03 - 2017-09-14 08:03 - 000000000 __SHD C:\found.000
      2017-09-13 08:07 - 2017-09-13 08:07 - 000000165 ____H C:\Users\Nombre\Desktop\~$bolsa20172.xlsx
      2017-09-13 06:58 - 2017-09-13 06:58 - 000626266 _____ C:\Users\Nombre\Downloads\Autorización y Fin de Contrato.pdf
      2017-09-12 12:10 - 2017-09-12 12:10 - 001546673 _____ C:\Users\Nombre\Downloads\1. Contrato de alquiler (1).pdf
      2017-09-12 12:01 - 2017-09-12 12:01 - 001149676 _____ C:\Users\Nombre\Downloads\Inventario Entrada.pdf
      2017-09-11 15:03 - 2017-09-11 15:03 - 000011629 _____ C:\Users\Nombre\Downloads\file (1).pdf
      2017-09-09 11:03 - 2017-09-09 11:03 - 001546673 _____ C:\Users\Nombre\Downloads\1. Contrato de alquiler.pdf
      2017-09-08 23:07 - 2017-09-08 23:07 - 000036119 _____ C:\Users\Nombre\Downloads\El_bebe_jefazo.torrent
      2017-09-08 23:02 - 2017-09-08 23:02 - 000048182 _____ C:\Users\Nombre\Downloads\El_Bebe_Jefazo_BluRay_1080p.torrent
      2017-09-07 20:46 - 2017-09-07 20:46 - 000114817 _____ C:\Users\Nombre\Downloads\House_Tem_1_Completa_BluRay_1080p.torrent
      2017-09-07 20:43 - 2017-09-07 20:43 - 000028479 _____ C:\Users\Nombre\Downloads\House-(8x22).torrent
      2017-09-07 16:46 - 2017-09-07 16:46 - 000075672 _____ C:\Users\Nombre\Downloads\FACT. PROFORMA (1).pdf
      2017-09-04 13:08 - 2017-09-04 13:08 - 013916956 _____ C:\Users\Nombre\Downloads\*******.com_696dba6c4f4984d4f3f863990afa2450.mp4
      2017-09-04 12:50 - 2017-09-04 12:50 - 000017012 _____ C:\Users\Nombre\Downloads\A7717 FACTURA VICENTE ( SAAB) (1).pdf
      2017-09-03 19:54 - 2017-09-03 19:54 - 000030685 _____ C:\Users\Nombre\Downloads\Ghost-in-the-Shell-El-alma-de-la-maquina-www.divxtotal.com_ (2).torrent
      2017-09-03 19:51 - 2017-09-03 19:51 - 000068715 _____ C:\Users\Nombre\Downloads\Life_BluRay_1080p.torrent
      2017-09-03 19:47 - 2017-09-03 19:47 - 000045030 _____ C:\Users\Nombre\Downloads\07-La-alta-sociedad-2016-www.DivxTotaL.com_.avi.torrent
      2017-09-03 19:42 - 2017-09-03 19:42 - 000044244 _____ C:\Users\Nombre\Downloads\Manana-Empieza-Todo-www.DivxTotaL.com_.torrent
      2017-08-31 23:06 - 2017-08-31 23:06 - 000019867 _____ C:\Users\Nombre\Downloads\Mentes.Criminales.12x06.HDTV_.XviD_.www_.DivxTotaL.com_.torrent
      2017-08-30 10:44 - 2017-08-30 10:44 - 000044032 _____ C:\Users\Nombre\Downloads\Account (1).xls
      2017-08-29 12:25 - 2017-08-29 12:25 - 000000000 ____D C:\Users\Nombre\AppData\Local\TempOfficeC2R0EA6930E-5DD4-4FC5-B9D1-1C15336334E0

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-09-26 07:25 - 2017-06-19 19:17 - 000003656 _____ C:\WINDOWS\System32\Tasks\AutoKMS
      2017-09-26 07:23 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
      2017-09-26 07:23 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
      2017-09-26 07:16 - 2017-02-23 13:17 - 000000000 __SHD C:\Users\Nombre\IntelGraphicsProfiles
      2017-09-25 22:32 - 2017-05-25 11:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-09-25 20:10 - 2017-02-23 14:19 - 000000000 ____D C:\Users\Nombre\Documents\Vuze Downloads
      2017-09-25 18:22 - 2017-08-23 10:15 - 000000000 ____D C:\Program Files (x86)\BlueStacks
      2017-09-25 18:22 - 2017-02-23 22:21 - 000000000 ____D C:\Users\Nombre\AppData\Local\Bluestacks
      2017-09-25 18:18 - 2017-07-19 17:36 - 000403894 _____ C:\Users\Nombre\Desktop\bolsa20172.xlsx
      2017-09-25 17:40 - 2017-05-25 12:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-09-25 17:39 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
      2017-09-25 16:44 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
      2017-09-25 12:41 - 2017-02-23 14:16 - 000000000 ____D C:\Users\Nombre\AppData\Roaming\Azureus
      2017-09-25 12:40 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
      2017-09-25 11:59 - 2017-05-25 11:50 - 000000000 ____D C:\Users\Nombre
      2017-09-25 08:36 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-09-24 19:36 - 2017-04-18 12:24 - 000000000 ____D C:\Users\Nombre\Documents\MEGAsync Downloads
      2017-09-24 19:23 - 2017-08-26 12:06 - 000000000 ____D C:\Users\Nombre\Desktop\MPW322-MW
      2017-09-24 11:16 - 2017-02-24 12:52 - 000000000 ____D C:\Users\Nombre\Desktop\ADRUINO
      2017-09-24 10:36 - 2017-08-26 12:51 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
      2017-09-23 08:35 - 2017-07-27 13:07 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4108729684-2564332567-1374157880-1001
      2017-09-23 08:35 - 2017-07-27 13:04 - 000002455 _____ C:\Users\Nombre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-09-23 08:35 - 2017-02-23 13:21 - 000000000 ___RD C:\Users\Nombre\OneDrive
      2017-09-21 08:31 - 2017-02-23 13:17 - 000000000 ____D C:\Users\Nombre\AppData\Local\Packages
      2017-09-19 23:06 - 2016-10-21 09:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
      2017-09-19 07:44 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2017-09-18 15:44 - 2017-03-13 11:06 - 000000000 ___RD C:\Users\Nombre\Desktop\EXCEL
      2017-09-18 14:49 - 2017-02-24 17:33 - 000000000 ____D C:\Users\Nombre\AppData\Roaming\mIRC
      2017-09-14 10:24 - 2017-02-23 16:59 - 000000000 ____D C:\WINDOWS\system32\MRT
      2017-09-14 10:20 - 2017-02-23 16:58 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2017-09-14 09:37 - 2017-06-06 12:55 - 000000000 ____D C:\Users\Nombre\Desktop\FOTOS ANUNCIOS
      2017-09-13 12:10 - 2017-05-25 11:49 - 002781870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-09-13 12:10 - 2017-03-20 07:11 - 001274314 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-09-13 12:10 - 2017-03-20 07:11 - 000308430 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-09-11 22:12 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\NDF
      2017-09-11 16:43 - 2017-03-12 21:31 - 000000000 ____D C:\ProgramData\EPSON
      2017-09-11 10:02 - 2017-03-09 10:42 - 000000000 ____D C:\Users\Nombre\Desktop\Furgo
      2017-09-02 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2017-09-02 17:15 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
      2017-08-29 09:08 - 2017-02-23 13:35 - 000002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-08-28 12:31 - 2017-04-17 18:40 - 000465408 _____ (Dirección General de la Policía) C:\Users\Nombre\AppData\Local\DNIeService.exe

      ==================== Files in the root of some directories =======

      2017-02-23 13:18 - 2017-09-26 07:17 - 003329487 _____ () C:\Users\Nombre\AppData\Local\BTServer.log
      2017-04-17 18:45 - 2017-06-13 11:24 - 000000292 _____ () C:\Users\Nombre\AppData\Local\config.ini
      2017-04-17 18:40 - 2017-08-28 12:31 - 000465408 _____ (Dirección General de la Policía) C:\Users\Nombre\AppData\Local\DNIeService.exe
      2017-04-17 18:45 - 2017-06-13 11:25 - 000000000 _____ () C:\Users\Nombre\AppData\Local\simedit.log
      2017-02-23 22:24 - 2017-03-06 19:20 - 000000552 _____ () C:\Users\Nombre\AppData\Local\TroubleshooterConfig.json
      2017-09-25 18:55 - 2017-09-25 18:55 - 000050320 _____ () C:\ProgramData\agent.1506358520.bdinstall.bin
      2017-05-17 14:22 - 2017-05-20 18:05 - 000000225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

      Some files in TEMP:
      ====================
      2017-09-25 18:21 - 2017-08-16 13:31 - 000838200 _____ (BlueStack Systems, Inc.) C:\Users\Nombre\AppData\Local\Temp\BlueStacksClientUninstaller.exe
      2017-09-25 18:21 - 2017-08-16 13:30 - 000421400 _____ (CodeTitans) C:\Users\Nombre\AppData\Local\Temp\JSON.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-09-16 16:01

      ==================== End of FRST.txt ============================

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
      Ran by Nombre (26-09-2017 07:28:50)
      Running from C:\Users\Nombre\Desktop
      Windows 10 Home Version 1703 (X64) (2017-05-25 10:44:58)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-4108729684-2564332567-1374157880-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-4108729684-2564332567-1374157880-503 - Limited - Disabled)
      defaultuser0 (S-1-5-21-4108729684-2564332567-1374157880-1000 - Limited - Disabled) => C:\Users\defaultuser0
      HomeGroupUser$ (S-1-5-21-4108729684-2564332567-1374157880-1003 - Limited - Enabled)
      Invitado (S-1-5-21-4108729684-2564332567-1374157880-501 - Limited - Disabled)
      Nombre (S-1-5-21-4108729684-2564332567-1374157880-1001 - Administrator - Enabled) => C:\Users\Nombre

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
      Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
      Build-a-lot (HKLM-x32\...\WTA-9cb96c11-9be3-4d7e-980d-70fc52803c07) (Version: 3.0.2.59 - WildTangent) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
      Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
      Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
      Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
      CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
      Crazy Chicken Soccer (HKLM-x32\...\WTA-1ad0c345-4f4e-436c-a7d7-a8a28fd71d2a) (Version: 2.2.0.110 - WildTangent) Hidden
      CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
      CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
      Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
      Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
      Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
      Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation)
      EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
      Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
      EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
      HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
      HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
      HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
      HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
      HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
      HP Orbit (HKLM-x32\...\{94fe0719-8e44-4833-a106-b54ad117949f}) (Version: 1.0.0.191 - HP Inc.)
      HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
      HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.3.50.9 - HP Inc.)
      HP Support Solutions Framework (HKLM-x32\...\{85B05AF8-EA5F-447E-9F05-A7C62013EF45}) (Version: 12.5.32.203 - HP Inc.)
      HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
      HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
      HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
      Instalable DNIe (HKLM\...\{FE707892-A9CB-4191-A4B2-0D3BE0CF5337}) (Version: 11.5.0 - Cuerpo Nacional de Policía)
      Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
      Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
      Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
      Juegos WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
      Magic Heroes: Save Our Park (HKLM-x32\...\WTA-9f704a73-2e9b-449e-8309-8eb33541e0b6) (Version: 3.0.2.59 - WildTangent) Hidden
      Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
      Microsoft Office Hogar y Estudiantes 2016 - es-es (HKLM\...\HomeStudentRetail - es-es) (Version: 16.0.8326.2107 - Microsoft Corporation)
      Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.8326.2107 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
      mIRC (HKLM-x32\...\mIRC) (Version: 7.48 - mIRC Co. Ltd.)
      Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
      Polar Bowler 1st Frame (HKLM-x32\...\WTA-6b811ae8-bc6f-4221-9db4-732307642693) (Version: 3.0.2.59 - WildTangent) Hidden
      ProRealTime (HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\ProRealTime_is1) (Version: 1.10 - IT-Finance)
      Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-6a190ddb-9cdf-4dea-96c9-3f47f5a17a9f) (Version: 2.2.0.97 - WildTangent) Hidden
      REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
      Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
      Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
      Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
      REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.83 - REALTEK Semiconductor Corp.)
      Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
      Runefall (HKLM-x32\...\WTA-f8ce9ad0-65db-4992-8dbe-805b7b6ab8ec) (Version: 3.0.2.126 - WildTangent) Hidden
      ScanTool.net for Windows v1.13 (HKLM-x32\...\ScanTool.net for Windows) (Version: v1.13 - ScanTool.net, LLC)
      Software para dispositivos de chipset Intel® (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel(R) Corporation) Hidden
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
      Trinklit Supreme (HKLM-x32\...\WTA-13c00d26-7dac-4107-aa9d-65e8e3d0a141) (Version: 2.2.0.98 - WildTangent) Hidden
      Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
      USB Multi-Channel Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006206}) (Version: 1.00.0005 - C-Media Electronics, Inc.)
      Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
      WildTangent Games App para HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
      Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
      Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard (01/22/2015 1.0.2.3) (HKLM\...\A73F9FB7688F6D2F6A9AD94658766BB1EBB8AB00) (Version: 01/22/2015 1.0.2.3 - Dirección General de la Policía)
      WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxDTCM.dll [2016-12-06] (Intel Corporation)
      ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {076600F5-CD3E-4061-AF53-1066B0AC72E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
      Task: {0B08A37A-C195-4EF5-AC6D-E8F1A4D34E63} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
      Task: {0B413FB9-C22B-4F60-9E30-F54CB40E14E7} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
      Task: {10CB1094-FE35-4003-A764-BA4276B5B4D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
      Task: {2320229E-4EF1-4563-9F7B-9F4D5A2FE62B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
      Task: {3CE48F2F-DB8E-47E1-8507-3A88F79D583D} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] ()
      Task: {413E3BF6-FCC9-404D-813D-D45FDC18A603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
      Task: {5BFACF59-90AE-463F-B8BD-95346930BDDF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
      Task: {5FC61768-489F-4906-B42D-1F005202A057} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-23] (Dropbox, Inc.)
      Task: {70FF04C2-B3C4-42DA-9A72-6D2A968ED672} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
      Task: {717FBFB0-CFEB-4199-BA0F-6CF28A1742AE} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
      Task: {72D40C4A-F177-47F5-A049-E83ECD299198} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
      Task: {856E1474-9FF5-4D47-BBA7-782B117F6073} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
      Task: {9479045A-E28D-4D23-9A0D-B07208787722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-23] (Google Inc.)
      Task: {94E4AD13-B923-4222-9841-D7D224D47A7D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
      Task: {A015AB11-9E97-482A-AE2C-99EF046C2AFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
      Task: {A6F493BB-EE72-4F7A-AE5E-C5CFE3286EB8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-23] (Dropbox, Inc.)
      Task: {AC4DAF1F-CF28-4E61-9A44-339F19617ADD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
      Task: {AD91CFE5-D971-4A19-B886-144F7E3FE6AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
      Task: {B2A6840A-4995-4627-9433-751200E3B09F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
      Task: {B53596D2-E46B-4042-B189-05D99A4FCCBB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-06-19] ()
      Task: {B63E8B2F-7BDE-4B18-845C-6619AB420CAD} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
      Task: {BDDB7289-114F-4F11-8820-8736EBC3DE16} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
      Task: {C109110C-A996-4A25-82F6-7130EF40C489} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
      Task: {C85CA308-0BE8-400B-B7E0-1E8840A97C65} - System32\Tasks\{29984F04-CB0E-4989-935F-BBB4656A9A2A} => C:\windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
      Task: {DF60B06E-B73B-4355-827B-91B7A8B60D7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
      Task: {F5335BF7-0E41-4FBC-8ABF-5C189C643031} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-23] (Google Inc.)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-09-24 10:32 - 2017-09-24 10:36 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
      2016-08-05 15:42 - 2016-08-05 15:42 - 000843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
      2017-03-18 22:59 - 2017-03-20 07:13 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2017-08-29 09:08 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
      2017-08-29 09:08 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
      2017-08-11 12:58 - 2017-08-11 12:58 - 000134656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\40ea2e13f898faf8a8cf878b434d6dd9\BRIDGECommon.ni.dll
      2017-08-11 12:59 - 2017-08-11 12:59 - 000112128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\3347c629f8defa0610bc20f7a24f14f2\BridgeExtension.ni.dll
      2017-08-11 12:59 - 2017-08-11 12:59 - 000068608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\21a048e5973a1822a8f632527e18ce1f\NativeInterop.ni.dll

    7. #7
      Usuario Avatar de inmodu
      Registrado
      may 2014
      Ubicación
      España
      Mensajes
      66

      Re: Virus grrrr

      Sigo con los síntomas... se abren pantallas no deseadas (aunque las bloquea MAlwarebytes, pero se abren), ordenador muy muy muy lento, tarda mucho en cargar páginas...

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Virus grrrr

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKU\S-1-5-21-4108729684-2564332567-1374157880-1001\...\MountPoints2: {db3ce210-6f8e-11e7-947a-40b03470e39c} - "F:\LG_PC_Programs.exe" 
      CHR Extension: (Presentaciones de Google) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-23]
      CHR Extension: (Google Docs) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-23]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-23]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Nombre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
      CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
      ShellIconOverlayIdentifiers: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.