• Registrarse
  • Iniciar sesión


  • Página 3 de 4 PrimeroPrimero 1234 ÚltimoÚltimo
    Resultados 21 al 30 de 36

    Virus en mi computadora

    Hola El reporte de EsetOnline no esta completo faltan los datos iniciales, los necesito para ver si se ejecutó bien. De momento no revises con ningún programa mientras yo no te lo indique. Pon el ...

    1. #21
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.352

      Re: Virus en mi computadora

      Hola

      El reporte de EsetOnline no esta completo faltan los datos iniciales, los necesito para ver si se ejecutó bien.

      De momento no revises con ningún programa mientras yo no te lo indique.

      Pon el reporte.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    2. #22
      Usuario Avatar de Matil
      Registrado
      oct 2017
      Ubicación
      Argentina
      Mensajes
      21

      Re: Virus en mi computadora

      Hola Daniela.
      Copio el informe que busqué como me indicaste en un mensaje anterior, en la carpeta Appdata, etc...

      16:35:41 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=723a655e9349c54d9327075dc7fff5ee
      # end=init
      # utc_time=2017-10-12 19:35:39
      # local_time=2017-10-12 16:35:39 (-0300, Hora estándar de Argentina)
      # country="Argentina"
      # osver=6.1.7601 NT Service Pack 1
      16:38:11 Updating
      16:38:11 Update Init
      16:38:14 Update Download
      16:53:08 esets_scanner_reload returned 0
      16:53:08 g_uiModuleBuild: 35043
      16:53:08 Update Finalize
      16:53:08 Call m_esets_charon_send
      16:53:08 Call m_esets_charon_destroy
      16:53:08 Updated modules version: 35043
      16:53:21 Call m_esets_charon_setup_create
      16:53:21 Call m_esets_charon_create
      16:53:21 m_esets_charon_create OK
      16:53:21 Call m_esets_charon_start_send_thread
      16:53:21 Call m_esets_charon_setup_set
      16:53:21 m_esets_charon_setup_set OK
      16:53:21 Scanner engine: 35043
      19:56:34 # product=EOS
      # version=8
      # flags=0
      # ESETOnlineScanner_ESL.exe=2.0.17.0
      # EOSSerial=723a655e9349c54d9327075dc7fff5ee
      # engine=35043
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # sfx_checked=true
      # utc_time=2017-10-12 22:56:33
      # local_time=2017-10-12 19:56:33 (-0300, Hora estándar de Argentina)
      # country="Argentina"
      # lang=13322
      # osver=6.1.7601 NT Service Pack 1
      # compatibility_mode_1=''
      # compatibility_mode=5893 16776574 100 94 133371030 259393784 0 0
      # scanned=2
      # found=16
      # cleaned=16
      # scan_time=11003
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/InstalleRex.T aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Documents and Settings\All Users\InstallMate\{ACE9FB2A-31A5-4285-9510-43F1636EAB21}\_Setupx.dll"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Lightning.A aplicación potencialmente no deseada,JS/Lightning.B aplicación potencialmente no deseada (eliminado)" ac=C fn="C:\Documents and Settings\Matil\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\slidebar.crx"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/MailRu.D aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Documents and Settings\Matil\AppData\Local\Temp\019739849617482C8C0B00E36EFCF41E"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/MailRu.D aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Documents and Settings\Matil\AppData\Local\Temp\KB30C73A64A92837F9.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Documents and Settings\Matil\Desktop\arman\Programas & Plug Ins\Content.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Generik.CQKCWJE troyano (eliminado)" ac=C fn="C:\Documents and Settings\Matil\Desktop\arman\Programas & Plug Ins\IK.Multimedia T-RackS 3 Deluxe.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/HackTool.Patcher.X aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Documents and Settings\Matil\Videos\Real_Player_11.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/HackTool.Patcher.X aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Documents and Settings\Matil\Videos\Real Player 11\Activator v4.2.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Patcher.BN aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Games\Sega Col.rar"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Patcher.BN aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Games\Sega Col\Emuls\Gens 32\Tools\AT32 Hack\MoonWalker\AT32_MoonWalker.zip"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Toolbar.Conduit.AU aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\TV vídeo\FormatFactory250.exe"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.F aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Windows\Installer\MSI3CF3.tmp"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.F aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.P aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.Q aplicación potencialmente no segura,una variante de Win32/Bundled.Toolbar.Ask.R aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-CME-V7[1].7z"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.F aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.P aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.Q aplicación potencialmente no segura,una variante de Win32/Bundled.Toolbar.Ask.R aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-CME-V7[2].7z"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.F aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.P aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.Q aplicación potencialmente no segura,una variante de Win32/Bundled.Toolbar.Ask.R aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-CME-V7[3].7z"
      sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Bundled.Toolbar.Ask.F aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.P aplicación potencialmente no segura,Win32/Bundled.Toolbar.Ask.Q aplicación potencialmente no segura,una variante de Win32/Bundled.Toolbar.Ask.R aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-CME-V7[4].7z"
      20:24:29 Call m_esets_charon_send
      20:24:29 Call m_esets_charon_destroy
      20:24:30 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Matil\AppData\Local\ESET\ESETOnlineScanner\Quarantine\


      Otra cosa: intenté abrir un archivo de word, y me tira un error "Se produjo un problema al enviar el comando al programa". Abre el word pero no el archivo. Y luego si desde el word, abro el archivo, lo abre.

    3. #23
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.352

      Re: Virus en mi computadora

      Hola

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #24
      Usuario Avatar de Matil
      Registrado
      oct 2017
      Ubicación
      Argentina
      Mensajes
      21

      Re: Virus en mi computadora

      Hola Daniela.
      Los programas siempre me los baja en la carpeta de descarga. No puede modificarlo al bajar este... Pero lo corté y pegué en el escritorio. ¿Está bien?

      Aquí van los informes (muuuuuy largos):

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-10-2017
      Ran by Matil (administrator) on PEPERINA (14-10-2017 12:02:30)
      Running from C:\Users\Matil\Desktop
      Loaded Profiles: Matil (Available Profiles: Matil)
      Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
      (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [282624 2009-05-15] (Alps Electric Co., Ltd.)
      HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [6361600 2017-04-13] (Broadcom Corporation)
      HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
      HKLM\...\Run: [SERVICE] => [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\Run: [Facebook Update] => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\MountPoints2: G - G:\.\Driver\DriverInstaller.exe -eject
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\MountPoints2: {1e517507-1df1-11e7-9546-0027136d9a28} - G:\.\Driver\DriverInstaller.exe -eject
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-19] (Microsoft Corporation)
      IFEO\acrobat.com.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimpac.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimpate.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\elcc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\flashget3.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\formatfactory.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\gens.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\hearts.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\hptcs.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\idte.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javacpl.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javaw.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javaws.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\jdownloaderd3d.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\minesweeper.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\moc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\onplay.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\outlook.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\picasa3.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\picasaphotoviewer.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\player.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\provider.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\purbleplace.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\recoverymgr.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\sidebar.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\silverlight.configuration.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\skypesetup.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\solitaire.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\spidersolitaire.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\spotify.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\ummyvideodownloader.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\unins000.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\uninst.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\uninstall.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\videopad.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\vlc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\wab.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\webcamviewer v1.0.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winrar.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winthruster.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\x32-edit.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-04-13]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{8952D7BA-3F3C-4183-BB17-AE33A0509C61}: [DhcpNameServer] 192.168.1.1

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      SearchScopes: HKLM -> DefaultScope value is missing
      SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-01] (Oracle Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
      BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Matil\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-01] (Oracle Corporation)
      BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
      DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
      DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
      DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab

      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-13] ()
      FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
      FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
      FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-01] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-01] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
      FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-04] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-04] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin HKU\S-1-5-21-3578093062-3410416267-702171468-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      FF Plugin HKU\S-1-5-21-3578093062-3410416267-702171468-1000: SkypePlugin -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default [2017-10-14]
      CHR Extension: (Presentaciones) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Documentos) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
      CHR Extension: (YouTube) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
      CHR Extension: (Adblock Plus) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
      CHR Extension: (Búsqueda de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
      CHR Extension: (Hojas de cálculo) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
      CHR Extension: (Gmail) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
      CHR Extension: (Chrome Media Router) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16]
      CHR Extension: (Llamadas de Skype) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-09-08]
      CHR Profile: C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-12]
      CHR Profile: C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-12]
      CHR Extension: (Presentaciones de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
      CHR Extension: (Google Docs) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
      CHR Extension: (Google Drive) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
      CHR Extension: (YouTube) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
      CHR Extension: (Búsqueda de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
      CHR Extension: (Gmail) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
      CHR HKLM\...\Chrome\Extension: [khodmflachnghikomnfcollkoljpghbc] - C:\ProgramData\Codecv\khodmflachnghikomnfcollkoljpghbc.crx <not found>
      CHR HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 1999-12-31] (LSI Corporation)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
      S4 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-06-05] (WildTangent, Inc.)
      R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113624 2017-10-12] (SurfRight B.V.)
      S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
      R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
      R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
      R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
      R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4677904 2017-02-21] (AVG Technologies CZ, s.r.o.)
      S3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48912 2017-02-21] (AVG Technologies CZ, s.r.o.)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5179392 2017-04-13] (Broadcom Corporation) [File not signed]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [19664 2017-04-13] (Broadcom Corporation)
      R3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [508184 2012-12-04] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-12] (Malwarebytes)
      S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-12] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-12] (Malwarebytes)
      S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-12] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-12] (Malwarebytes)
      S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [62976 2011-03-07] (Siano) [File not signed]
      R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]
      R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-11-02] (AVG Netherlands B.V.)
      S3 athur; system32\DRIVERS\athur.sys [X]
      S4 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
      U2 wuaserv; no ImagePath

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-10-14 12:02 - 2017-10-14 12:03 - 000020462 _____ C:\Users\Matil\Desktop\FRST.txt
      2017-10-14 12:02 - 2017-10-14 12:02 - 000000000 ____D C:\Users\Matil\Desktop\FRST-OlderVersion
      2017-10-14 12:02 - 2017-10-14 12:02 - 000000000 ____D C:\FRST
      2017-10-14 09:43 - 2017-10-14 12:02 - 001798144 _____ (Farbar) C:\Users\Matil\Desktop\FRST.exe
      2017-10-13 16:41 - 2017-10-13 16:41 - 000000000 ____D C:\Users\Matil\AppData\Local\ElevatedDiagnostics
      2017-10-13 10:03 - 2017-10-13 10:03 - 000092208 _____ C:\Users\Matil\AppData\Local\GDIPFONTCACHEV1.DAT
      2017-10-12 20:23 - 2017-10-12 20:23 - 000007422 _____ C:\Users\Matil\Desktop\ESET.txt
      2017-10-12 16:04 - 2017-10-12 16:04 - 000000000 ____D C:\Users\Matil\AppData\Local\CrashDumps
      2017-10-12 15:55 - 2017-10-12 15:57 - 000139994 _____ C:\Windows\ntbtlog.txt
      2017-10-12 15:55 - 2017-10-12 15:56 - 000360240 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-10-12 15:32 - 2017-10-12 15:32 - 000001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
      2017-10-12 15:32 - 2017-10-12 15:32 - 000001893 _____ C:\ProgramData\Desktop\HitmanPro.lnk
      2017-10-12 15:32 - 2017-10-12 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
      2017-10-12 15:32 - 2017-10-12 15:32 - 000000000 ____D C:\Program Files\HitmanPro
      2017-10-12 15:27 - 2017-10-12 15:27 - 011007936 _____ (SurfRight B.V.) C:\Users\Matil\Downloads\hitmanpro.exe
      2017-10-12 13:56 - 2017-10-12 13:56 - 000003788 _____ C:\Users\Matil\Desktop\Info Malwarebytes.txt
      2017-10-12 13:52 - 2017-10-12 13:52 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2017-10-12 13:52 - 2017-10-12 13:52 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2017-10-12 13:52 - 2017-10-12 13:52 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2017-10-12 13:35 - 2017-10-12 13:39 - 000000000 ____D C:\AdwCleaner
      2017-10-12 13:32 - 2017-10-12 13:32 - 000781312 _____ C:\Users\Matil\Downloads\DelFix.exe
      2017-10-12 13:31 - 2017-10-12 13:31 - 008182736 _____ (Malwarebytes) C:\Users\Matil\Downloads\AdwCleaner.exe
      2017-10-12 13:30 - 2017-10-12 13:30 - 001790024 _____ (Malwarebytes) C:\Users\Matil\Downloads\JRT.exe
      2017-10-11 09:15 - 2017-10-11 09:15 - 000030279 _____ C:\ProgramData\agent.uninstall.1507724095.bdinstall.bin
      2017-10-10 16:40 - 2017-10-10 16:40 - 000266465 _____ C:\Users\Matil\Desktop\Sucesión García se acompaña, solicita.pdf
      2017-10-10 13:58 - 2017-10-12 13:57 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2017-10-10 13:58 - 2017-10-12 13:52 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2017-10-09 16:29 - 2017-10-09 16:29 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-10-09 16:29 - 2017-10-09 16:29 - 000001980 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
      2017-10-09 16:28 - 2017-10-09 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-10-09 16:28 - 2017-10-09 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-10-09 16:28 - 2017-10-09 16:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-10-09 16:28 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
      2017-10-08 21:12 - 2017-10-08 21:12 - 000000000 ____D C:\ProgramData\Bitdefender
      2017-10-08 21:08 - 2017-10-08 21:08 - 000000000 ____D C:\Users\Matil\AppData\Roaming\QuickScan
      2017-10-08 20:54 - 2017-10-08 20:54 - 000047756 _____ C:\ProgramData\agent.1507506873.bdinstall.bin
      2017-10-08 20:54 - 2017-10-08 20:54 - 000000000 ____D C:\ProgramData\Bitdefender Agent
      2017-10-04 10:25 - 2017-10-04 10:25 - 000002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-10-03 19:54 - 2017-10-11 10:16 - 000000000 ____D C:\WinSys
      2017-10-03 19:54 - 2017-10-11 10:16 - 000000000 ____D C:\Applications
      2017-10-03 19:54 - 2017-10-03 19:54 - 000140800 _____ C:\Users\Matil\AppData\Local\installer.dat
      2017-10-03 18:13 - 2017-10-03 19:25 - 000000000 ____D C:\Users\Matil\AppData\LocalLow\Unity
      2017-10-03 18:13 - 2017-10-03 19:25 - 000000000 ____D C:\Users\Matil\AppData\Local\Unity
      2017-10-03 18:08 - 2017-10-09 17:05 - 000000000 ____D C:\ProgramData\DirectX11b
      2017-10-03 18:08 - 2017-10-09 16:55 - 000000000 ___RD C:\ProgramData\Framework
      2017-10-03 18:04 - 2017-10-11 10:29 - 000000000 ____D C:\Users\Matil\Documents\REAPER Media
      2017-10-03 18:00 - 2017-10-03 21:26 - 000000000 ____D C:\Users\Matil\AppData\Roaming\REAPER
      2017-10-02 17:28 - 2017-10-02 17:28 - 000051616 _____ C:\Windows\uninstaller.dat
      2017-10-01 18:38 - 2017-10-01 18:38 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
      2017-10-01 18:38 - 2017-10-01 18:38 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
      2017-10-01 18:24 - 2017-10-01 18:24 - 000000000 ____D C:\Users\Default\AppData\Local\AVG
      2017-10-01 18:24 - 2017-10-01 18:24 - 000000000 ____D C:\Users\Default User\AppData\Local\AVG
      2017-10-01 18:24 - 2017-02-21 09:25 - 000048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
      2017-10-01 18:24 - 2017-02-21 09:25 - 000042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
      2017-10-01 18:15 - 2017-10-01 18:15 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
      2017-10-01 18:15 - 2017-10-01 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
      2017-10-01 18:14 - 2017-10-01 18:14 - 000000000 ____D C:\Program Files\AVG
      2017-10-01 18:13 - 2017-10-01 18:16 - 000000000 ____D C:\Users\Matil\AppData\Local\AvgSetupLog
      2017-10-01 18:13 - 2017-10-01 18:15 - 000000000 ____D C:\Users\Matil\AppData\Local\Avg
      2017-10-01 18:13 - 2017-10-01 18:14 - 000000000 ____D C:\ProgramData\Avg
      2017-09-28 16:01 - 2017-09-28 16:01 - 000102686 _____ C:\Users\Matil\Documents\Doc1.pdf

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-10-14 09:48 - 2009-07-14 01:34 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-10-14 09:48 - 2009-07-14 01:34 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-10-14 09:34 - 2009-11-06 22:25 - 004874736 _____ C:\Windows\system32\perfh00A.dat
      2017-10-14 09:34 - 2009-11-06 22:25 - 001552388 _____ C:\Windows\system32\perfc00A.dat
      2017-10-14 09:34 - 2009-09-06 20:02 - 000006212 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-10-14 09:29 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-10-13 16:48 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF
      2017-10-13 08:40 - 2012-07-11 16:06 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2017-10-13 08:40 - 2012-07-11 16:06 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2017-10-13 08:40 - 2009-11-06 14:55 - 000000000 ____D C:\Windows\system32\Macromed
      2017-10-13 08:28 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
      2017-10-12 18:32 - 2010-08-17 23:30 - 000000000 ____D C:\TV vídeo
      2017-10-12 17:41 - 2016-06-28 13:07 - 000000000 ____D C:\Games
      2017-10-12 16:35 - 2010-04-26 22:42 - 000000000 ____D C:\Users\Matil\AppData\Local\ESET
      2017-10-12 15:52 - 2010-06-14 23:25 - 000000000 ____D C:\Users\Matil\Documents\copias de seguridad registro
      2017-10-11 13:05 - 2017-05-11 22:07 - 000000650 _____ C:\DelFix.txt
      2017-10-11 10:43 - 2015-12-13 12:37 - 000000000 ____D C:\Tino
      2017-10-11 10:32 - 2012-09-01 21:57 - 000000000 ___RD C:\Users\Matil\Desktop\arman
      2017-10-11 10:24 - 2010-09-07 22:12 - 000000000 ____D C:\Users\Matil\AppData\Roaming\vlc
      2017-10-09 15:52 - 2010-04-19 21:58 - 000001355 _____ C:\Users\Matil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2017-10-09 13:56 - 2016-05-23 16:38 - 000000000 ____D C:\Users\Matil\AppData\Roaming\AIMP
      2017-10-05 21:42 - 2014-05-26 21:33 - 000000000 ____D C:\Users\Matil\AppData\Roaming\X32-Edit
      2017-10-04 10:47 - 2012-09-11 16:38 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job
      2017-10-04 10:47 - 2012-09-11 16:38 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job
      2017-10-04 10:25 - 2011-03-13 00:32 - 000000000 ____D C:\Program Files\Google
      2017-10-04 10:24 - 2015-03-03 20:37 - 000000000 ____D C:\Users\Matil\AppData\Local\Deployment
      2017-10-03 19:13 - 2017-05-11 20:40 - 000000282 __RSH C:\ProgramData\ntuser.pol
      2017-10-01 21:50 - 2010-06-14 23:11 - 000000000 ____D C:\Program Files\WinRAR
      2017-10-01 18:54 - 2017-04-13 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
      2017-10-01 18:54 - 2013-05-15 00:41 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
      2017-10-01 18:53 - 2009-11-06 16:03 - 000000000 ____D C:\Program Files\Java
      2017-10-01 18:43 - 2017-08-12 13:16 - 000000000 ____D C:\Users\Matil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-10-01 18:43 - 2017-08-12 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-10-01 18:40 - 2013-04-06 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
      2017-10-01 18:40 - 2013-04-06 15:52 - 000000000 ____D C:\Program Files\QuickTime
      2017-10-01 18:38 - 2010-05-03 21:01 - 000000000 ____D C:\Users\Matil\AppData\Local\Adobe
      2017-10-01 18:38 - 2009-11-06 15:06 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
      2017-10-01 18:38 - 2009-11-06 15:06 - 000000000 ____D C:\Program Files\Adobe
      2017-10-01 18:36 - 2010-06-14 23:15 - 000000000 ____D C:\Users\Matil\AppData\Local\Microsoft Help
      2017-10-01 18:36 - 2010-04-22 01:10 - 000000000 ____D C:\Users\Matil\AppData\Roaming\HpUpdate
      2017-09-30 09:21 - 2010-04-19 21:51 - 000000000 ____D C:\Users\Matil
      2017-09-20 09:59 - 2010-04-26 23:09 - 000000000 ____D C:\mÚsiCa

      ==================== Files in the root of some directories =======

      2011-04-19 21:43 - 2011-05-10 21:24 - 000001849 _____ () C:\Users\Matil\AppData\Roaming\GhostObjGAFix.xml
      2016-08-01 19:34 - 2016-08-01 19:39 - 000000016 _____ () C:\Users\Matil\AppData\Roaming\msregsvv.dll
      2015-09-21 20:52 - 2017-05-26 20:25 - 000153138 _____ () C:\Users\Matil\AppData\Roaming\VideoPad.dmp
      2013-02-20 18:20 - 2013-02-20 18:20 - 000000160 _____ () C:\Users\Matil\AppData\Roaming\wklnhst.dat
      2010-04-19 21:59 - 2010-04-19 21:59 - 000000000 _____ () C:\Users\Matil\AppData\Local\AtStart.txt
      2011-04-03 00:44 - 2016-06-08 18:21 - 000005120 _____ () C:\Users\Matil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2010-04-19 21:59 - 2010-04-19 21:59 - 000000000 _____ () C:\Users\Matil\AppData\Local\DSwitch.txt
      2017-10-03 19:54 - 2017-10-03 19:54 - 000140800 _____ () C:\Users\Matil\AppData\Local\installer.dat
      2010-04-19 21:59 - 2010-04-19 21:59 - 000000000 _____ () C:\Users\Matil\AppData\Local\QSwitch.txt
      2017-10-08 20:54 - 2017-10-08 20:54 - 000047756 _____ () C:\ProgramData\agent.1507506873.bdinstall.bin
      2017-10-11 09:15 - 2017-10-11 09:15 - 000030279 _____ () C:\ProgramData\agent.uninstall.1507724095.bdinstall.bin
      2016-08-01 19:34 - 2016-08-01 19:39 - 000000016 _____ () C:\ProgramData\autobk.inc
      2014-09-15 00:35 - 2014-09-15 00:35 - 000000020 _____ () C:\ProgramData\bc.ini
      2010-04-19 21:59 - 2014-06-11 19:04 - 000000198 _____ () C:\ProgramData\HPWALog.txt
      2017-01-03 22:46 - 2017-01-03 22:46 - 000000069 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
      2016-09-18 17:09 - 2016-09-18 17:09 - 000005116 _____ () C:\ProgramData\rxsmznjf.zcp
      2010-02-04 22:59 - 2010-02-04 22:59 - 000000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
      2009-11-06 15:31 - 2009-11-06 15:31 - 000000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
      2010-02-04 22:58 - 2010-02-04 22:58 - 000000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
      2009-11-06 15:27 - 2009-11-06 15:28 - 000000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
      2010-02-04 22:57 - 2010-02-04 22:57 - 000000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
      2010-02-04 22:58 - 2010-02-04 22:58 - 000000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
      2009-11-06 15:27 - 2009-11-06 15:27 - 000000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
      2009-11-06 15:28 - 2009-11-06 15:31 - 000000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
      2010-02-04 22:59 - 2010-02-04 22:59 - 000000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

      Some files in TEMP:
      ====================
      2017-10-03 18:12 - 2017-10-03 18:12 - 000009728 _____ () C:\Users\Matil\AppData\Local\Temp\bassmod.dll
      2017-10-03 18:07 - 2017-10-03 18:07 - 000410616 _____ (Mail.Ru) C:\Users\Matil\AppData\Local\Temp\d7fegdknvj.exe

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-10-12 11:20

      ==================== End of FRST.txt ============================

    5. #25
      Usuario Avatar de Matil
      Registrado
      oct 2017
      Ubicación
      Argentina
      Mensajes
      21

      Re: Virus en mi computadora

      Y acá está el otro:
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-10-2017
      Ran by Matil (14-10-2017 12:04:09)
      Running from C:\Users\Matil\Desktop
      Microsoft Windows 7 Home Basic Service Pack 1 (X86) (2010-04-20 00:51:20)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3578093062-3410416267-702171468-500 - Administrator - Disabled)
      Invitado (S-1-5-21-3578093062-3410416267-702171468-501 - Limited - Disabled)
      Matil (S-1-5-21-3578093062-3410416267-702171468-1000 - Administrator - Enabled) => C:\Users\Matil

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
      Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
      Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
      Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
      Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.159 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
      Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
      Adobe Shockwave Player (HKLM\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
      AIMP (HKLM\...\AIMP) (Version: v4.02.1713, 26.04.2016 - AIMP DevTeam)
      Alps Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
      Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
      AVG PC TuneUp (HKLM\...\{D87926DA-D66D-4B80-BB89-019E95477B73}) (Version: 16.74.1 - AVG Technologies) Hidden
      AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
      Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.148 - Broadcom Corporation)
      Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
      Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.148 - Broadcom Corporation)
      CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
      CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
      D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      EasyLife Gadget (HKLM\...\{ACE9FB2A-31A5-4285-9510-43F1636EAB21}) (Version: 1.0 - EasyLife Gadget)
      eLicenser Control (HKLM\...\eLicenser Control) (Version: 6.9.3.8190 - Steinberg Media Technologies GmbH)
      ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
      Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
      FlashGet 3.3 (HKLM\...\FlashGet 3.3) (Version: 3.3.0.1092 - hxxp://www.FlashGet.com)
      FMW 1 (HKLM\...\{A2B92392-DC17-416B-88F6-A6A55E053E32}) (Version: 1.143.3 - AVG Technologies) Hidden
      FormatFactory 2.50 (HKLM\...\FormatFactory) (Version: 2.50 - Free Time)
      Galería fotográfica de Windows Live (HKLM\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
      Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
      HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
      HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
      HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
      HP Setup (HKLM\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
      HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
      HP User Guides 0146 (HKLM\...\{45E5D641-3C82-4F95-92FB-AE5459DF2988}) (Version: 1.02.0002 - Hewlett-Packard)
      HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
      IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
      IDTE-ID3 Tag Editor (HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\IDTE-ID3 Tag Editor) (Version: 02.80.00.00 - Team IDTE)
      Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
      Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
      Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
      Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
      JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
      JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
      Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
      LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
      Malwarebytes versión 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
      Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
      Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
      Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_STANDARD_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
      Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_STANDARD_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
      Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_STANDARD_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
      Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_STANDARD_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Paquete de compatibilidad para 2007 Office system (HKLM\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
      QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
      QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
      Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
      Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2214 - CyberLink Corp.) Hidden
      Sega Col 1.00 (HKLM\...\Sega Col 1.00) (Version: 1.00 - Pilotus)
      Skype Web Plugin (HKLM\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
      Skype Web Plugin (HKLM\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
      SkypeFall version 1.0 (HKLM\...\{50C37E0A-2AEB-409D-9FDC-AFBF9C6A75E8}}_is1) (Version: 1.0 - ) <==== ATTENTION
      Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
      UmmyVideoDownloader (HKLM\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.5.0.4 - ) <==== ATTENTION
      Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
      VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
      VideoPad, editor de vídeo (HKLM\...\VideoPad) (Version: 4.57 - NCH Software)
      Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
      Windows Live Sync (HKLM\...\{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}) (Version: 14.0.8117.416 - Microsoft Corporation)
      WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{0A40F1CC-1705-436E-A6F5-BDD5C88DD79B}\localserver32 -> C:\Users\Matil\AppData\Local\SkypePlugin\PluginHost.exe (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX.dll (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Matil\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion.exe (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\EdgeBrokerPS.dll (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matil\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2016-05-23] (AIMP DevTeam)
      ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
      ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2016-05-23] (AIMP DevTeam)
      ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
      ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {01E04F44-387D-4996-991E-6F263C2680A3} - System32\Tasks\{AC56B93D-E015-4722-BD66-A5A4DB852B48} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
      Task: {09A256F4-7027-4BC3-AF8F-D6828C1524F3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
      Task: {0C8CB876-B0CF-4115-B915-20D6D79613FF} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
      Task: {0E3A88A9-FD9D-4278-8C98-8252D9616604} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
      Task: {0EC3216C-0854-4A82-BD51-4FF6ADD5F833} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-04] (Google Inc.)
      Task: {18341AFF-947A-42BC-B785-0E4A32A94C3E} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
      Task: {20C2B8C1-B9CF-4D68-96A8-05B21B90860B} - System32\Tasks\{0F1C62E6-C7BF-496C-A29A-D27D15B4AF29} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/4.2.0.158.259/es/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-notinstalled
      Task: {256B5113-A0A0-4AEF-B40D-2A242AD9405A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-13] (Adobe Systems Incorporated)
      Task: {29DF5FC0-A5B7-4653-843D-2B9CEEE42027} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
      Task: {2C462630-79E7-4F9E-9465-E9167F422D3B} - System32\Tasks\Peperina\Matil - Start WLAN Tray Applet => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE [2017-04-13] (Broadcom Corporation)
      Task: {2F5DC6EC-D8F0-4856-ABC6-D369C234506D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
      Task: {34442C2A-ECAD-4C84-BE24-5E8F48E375C2} - System32\Tasks\NCH Software\VideoPadDowngrade => C:\Program Files\NCH Software\VideoPad\videopad.exe [2016-12-09] (NCH Software)
      Task: {3E5B5FD6-5AB2-424E-9840-6C0A62D35BDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
      Task: {66434ED9-5B62-476C-988A-1AF7A271744D} - System32\Tasks\Programa de actualización online de DivX => C:\Program Files\DivX\DivX Update\DivXUpdate.exe
      Task: {6854326E-A799-4873-9D12-8C8982AB000C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
      Task: {68A853A9-B59C-4C96-92F6-DE92D8B4E133} - System32\Tasks\ShadowsocksS => C:\Applications\Service.exe [2017-09-17] (TODO: <Company name>)
      Task: {6A233CC3-F5AB-4D66-BD1E-5404A0E65B10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
      Task: {6F284B58-9F8A-45E7-901F-6410298EAEFA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-04-06] (Adobe Systems Incorporated)
      Task: {70B8345B-7FE5-4D7F-9F82-3921BAB429A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-15] (HP Inc.)
      Task: {877EE6B1-1F61-4B17-889D-68868CBDC007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
      Task: {894C635A-68A4-48AF-9431-2AF611FCD5A3} - System32\Tasks\{12FFB488-CEF3-4620-91A6-9C279A952841} => C:\Windows\system32\pcalua.exe -a F:\Install\NOD32\NOD32.FiX.v2.2-nsane.exe -d F:\Install\NOD32
      Task: {918744C8-E97B-43CF-A188-AF4317ED4CC0} - System32\Tasks\Programa de actualización en línea de HP => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
      Task: {9546B54A-83ED-46AC-8C86-CCC35319ACBC} - System32\Tasks\{70C083CA-16CD-4290-BB5A-552993E3A201} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.1.0.112/es/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;alreadyoffered
      Task: {ABFE093C-8537-427B-AEE2-32A8AC2FF539} - System32\Tasks\{96F89D75-3ADC-4818-AAA6-1A424153FBC5} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.158.259&LastError=404
      Task: {B7352451-2367-4C20-9940-489C78790233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-04] (Google Inc.)
      Task: {C9C7D4EC-DFA1-4EB8-82F5-539E9A655989} - System32\Tasks\{F105E082-421E-4B34-A4EB-3CB44AFA276F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
      Task: {E6E76FFB-90FC-4B5C-9B05-E8BDC7A4C74C} - System32\Tasks\{C27E34B7-48C1-476D-A806-E86E6B6EA20E} => C:\Windows\system32\pcalua.exe -a C:\Users\Matil\Desktop\avg_free_stb_all_9_115_global.exe -d C:\Users\Matil\Desktop

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Users\Matil\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nchsoftware.com/es/index.htm

      ==================== Loaded Modules (Whitelisted) ==============

      2017-10-01 18:20 - 2017-10-01 18:20 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\google.com.mx -> hxxps://google.com.mx

      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:04 - 2010-10-25 22:39 - 000000902 ____N C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
      MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{2BCE5AD7-90CD-4762-88C8-BDD6FDC9EF63}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [{83AF773C-87ED-4CDB-8B2B-EBA9D0E62359}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [{AFF68F08-F6AC-4AE2-A2A6-3BAA657F51E3}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [{F217EFB2-A3A7-4ACD-8103-F27EAFA73B61}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [TCP Query User{9BA9A081-B312-4922-8712-61B806E15A51}C:\program files\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [UDP Query User{C617C989-2DAA-4146-8C05-7B7B9F60EB06}C:\program files\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [{19358E8B-EA09-440F-995B-C6358C003F9D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{BDCFEC96-5C1E-4311-BF74-EE83C92B9B6D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{2C87923E-FBE0-42DB-9680-FA1E0CB8047D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{F9573A64-A1B6-4171-A48C-D7BE43ABFF38}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{D989BF98-D049-4BB8-B315-27BD9473BC02}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{BEB75DD6-D297-4962-A650-EBE9AC7E5C66}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{67DE2728-C693-474E-A9ED-968995708539}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
      FirewallRules: [TCP Query User{B46A60F6-12FE-4A19-B7BA-10F032D26BCF}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
      FirewallRules: [UDP Query User{D7938258-9823-4A77-9E88-5F765A717AD7}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
      FirewallRules: [TCP Query User{9FD22257-348C-45E2-980B-4D9940539EE5}C:\program files\flashget network\flashget 3\flashget3.exe] => (Block) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [UDP Query User{F73DA3EB-52D0-4AB4-B0E8-4E8FA1B765A3}C:\program files\flashget network\flashget 3\flashget3.exe] => (Block) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [{A323EA80-F27E-4FC9-8988-5154C4544158}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{EF129221-4138-4CCA-9FB0-ED29B80D180E}] => (Allow) LPort=2869
      FirewallRules: [{13E14F72-9347-4CFA-BFC1-09A31E1644E3}] => (Allow) LPort=1900
      FirewallRules: [{1EFAF3F6-48E0-453C-A782-D4C3FE4A0795}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
      FirewallRules: [TCP Query User{B9244F22-4783-40CE-A9CB-F9527707EA7A}C:\users\matil\desktop\x32-edit.exe] => (Allow) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [UDP Query User{95897EF2-8F83-4D1C-9A41-BBC74B81281C}C:\users\matil\desktop\x32-edit.exe] => (Allow) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [{BEA823C1-9DB2-49C0-BEE7-1DC7442B309B}] => (Allow) C:\Program Files\SkypeWebPlugin\3.1.15602.22612\SkypeWebPlugin.exe
      FirewallRules: [TCP Query User{89BC9D8C-11F5-4D90-81F3-F7D1C77E9C4C}C:\users\matil\desktop\x32-edit.exe] => (Block) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [UDP Query User{0665B171-FFBA-48DC-BA10-294A2E8D8A9A}C:\users\matil\desktop\x32-edit.exe] => (Block) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [{DBB6C587-3135-41A7-95B9-B486C423FEE7}] => (Allow) C:\Users\Matil\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
      FirewallRules: [TCP Query User{7E1FCFAF-26B5-4A72-9873-91FCE74F8466}C:\users\matil\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\matil\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [UDP Query User{1942C380-4D42-4A48-A248-C0A0D908723F}C:\users\matil\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\matil\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [{705C5147-5CFF-4B79-918F-22BD5C4E3038}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [{17184FAA-F88B-4FEE-BDBD-EC257C5EA20A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

      ==================== Restore Points =========================


      ==================== Faulty Device Manager Devices =============

      Name: Teredo Tunneling Pseudo-Interface
      Description: Adaptador de tunelización Teredo de Microsoft
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Microsoft
      Service: tunnel
      Problem: : This device cannot start. (Code10)
      Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
      On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (10/14/2017 12:04:43 PM) (Source: VSS) (EventID: 12292) (User: )
      Description: Error del Servicio de instantáneas de volumen: error al crear la clase de proveedor de instantáneas COM con Id. {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
      ].


      Operación:
      Obtener una interfaz disponible para este proveedor
      Mostrar lista de interfaces de todos los proveedores compatibles con este contexto
      Consultar instantáneas

      Contexto:
      Id. de proveedor: {b5946137-7b9f-4925-af80-51abd60b20d5}
      Id. de clase: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
      Contexto de instantánea: 13
      Contexto de instantánea: 13
      Contexto de ejecución: Coordinator

      Error: (10/14/2017 12:04:43 PM) (Source: VSS) (EventID: 13) (User: )
      Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} y el nombre SW_PROV no puede iniciarse. [0x80070422, No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
      ]


      Operación:
      Obtener una interfaz disponible para este proveedor
      Mostrar lista de interfaces de todos los proveedores compatibles con este contexto
      Consultar instantáneas

      Contexto:
      Id. de proveedor: {b5946137-7b9f-4925-af80-51abd60b20d5}
      Id. de clase: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
      Contexto de instantánea: 13
      Contexto de instantánea: 13
      Contexto de ejecución: Coordinator

      Error: (10/14/2017 09:34:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (10/14/2017 09:34:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/14/2017 09:34:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/13/2017 11:28:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (10/13/2017 11:28:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/13/2017 11:28:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/13/2017 09:06:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (10/13/2017 09:06:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.


      System errors:
      =============
      Error: (10/12/2017 08:52:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:52:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:52:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:50:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:50:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:50:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:44:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:44:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:44:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/12/2017 08:42:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.


      CodeIntegrity:
      ===================================
      Date: 2017-04-08 1214.155
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-04-08 1213.874
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-22 12:17:31.782
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-22 12:17:31.731
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-22 12:17:31.670
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-08 22:57:01.005
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-08 22:57:00.990
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-02-06 21:34:03.619
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-02-06 21:34:03.339
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-02-04 12:42:07.836
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
      Percentage of memory in use: 31%
      Total physical RAM: 1978.96 MB
      Available physical RAM: 1357.47 MB
      Total Virtual: 3957.92 MB
      Available Virtual: 3226.18 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:281.81 GB) (Free:86.88 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive d: (RECOVERY) (Fixed) (Total:15.98 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 298.1 GB) (Disk ID: D53D6E88)
      Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=281.8 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

      ==================== End of Addition.txt ============================

      ¿Cómo sigo ahora? La falla de los archivos de word me sigue pasando. Por ahora sólo descubrí eso... ¿Puede ser parte de todo esto?

      Nuevamente, miles de gracias!!!

    6. #26
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.352

      Re: Virus en mi computadora

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\Run: [Facebook Update] => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\MountPoints2: G - G:\.\Driver\DriverInstaller.exe -eject
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\MountPoints2: {1e517507-1df1-11e7-9546-0027136d9a28} - G:\.\Driver\DriverInstaller.exe -eject
      IFEO\acrobat.com.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimpac.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimpate.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\elcc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\flashget3.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\formatfactory.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\gens.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\hearts.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\hptcs.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\idte.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javacpl.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javaw.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javaws.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\jdownloaderd3d.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\minesweeper.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\moc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\onplay.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\outlook.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\picasa3.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\picasaphotoviewer.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\player.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\provider.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\purbleplace.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\recoverymgr.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\sidebar.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\silverlight.configuration.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\skypesetup.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\solitaire.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\spidersolitaire.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\spotify.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\ummyvideodownloader.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\unins000.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\uninst.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\uninstall.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\videopad.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\vlc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\wab.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\webcamviewer v1.0.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winrar.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winthruster.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\x32-edit.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      SearchScopes: HKLM -> DefaultScope value is missing
      FF Plugin HKU\S-1-5-21-3578093062-3410416267-702171468-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      CHR Extension: (Presentaciones) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Documentos) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Chrome Media Router) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16]
      CHR Extension: (Llamadas de Skype) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-09-08]
      CHR Extension: (Presentaciones de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
      CHR Extension: (Google Docs) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
      CHR HKLM\...\Chrome\Extension: [khodmflachnghikomnfcollkoljpghbc] - C:\ProgramData\Codecv\khodmflachnghikomnfcollkoljpghbc.crx <not found>
      CHR HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
      S4 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
      U2 wuaserv; no ImagePath
      2017-10-04 10:47 - 2012-09-11 16:38 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job
      2017-10-04 10:47 - 2012-09-11 16:38 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job
      2017-10-03 18:12 - 2017-10-03 18:12 - 000009728 _____ () C:\Users\Matil\AppData\Local\Temp\bassmod.dll
      2017-10-03 18:07 - 2017-10-03 18:07 - 000410616 _____ (Mail.Ru) C:\Users\Matil\AppData\Local\Temp\d7fegdknvj.exe
      ShellIconOverlayIdentifiers: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      Task: {09A256F4-7027-4BC3-AF8F-D6828C1524F3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
      Task: {0E3A88A9-FD9D-4278-8C98-8252D9616604} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
      Task: {66434ED9-5B62-476C-988A-1AF7A271744D} - System32\Tasks\Programa de actualización online de DivX => C:\Program Files\DivX\DivX Update\DivXUpdate.exe
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #27
      Usuario Avatar de Matil
      Registrado
      oct 2017
      Ubicación
      Argentina
      Mensajes
      21

      Re: Virus en mi computadora

      Hola Daniela.
      Aquí paso reporte de las últimas actuaciones.
      Este es el fixlog.txt:
      Fix result of Farbar Recovery Scan Tool (x86) Version: 14-10-2017
      Ran by Matil (15-10-2017 00:30:05) Run:1
      Running from C:\Users\Matil\Desktop
      Loaded Profiles: Matil (Available Profiles: Matil)
      Boot Mode: Safe Mode (with Networking)

      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\Run: [Facebook Update] => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\MountPoints2: G - G:\.\Driver\DriverInstaller.exe -eject
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\MountPoints2: {1e517507-1df1-11e7-9546-0027136d9a28} - G:\.\Driver\DriverInstaller.exe -eject
      IFEO\acrobat.com.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimpac.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\aimpate.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\elcc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\flashget3.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\formatfactory.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\gens.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\hearts.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\hptcs.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\idte.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javacpl.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javaw.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\javaws.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\jdownloaderd3d.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\minesweeper.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\moc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\onplay.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\outlook.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\picasa3.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\picasaphotoviewer.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\player.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\provider.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\purbleplace.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\recoverymgr.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\sidebar.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\silverlight.configuration.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\skypesetup.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\solitaire.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\spidersolitaire.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\spotify.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\ummyvideodownloader.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\unins000.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\uninst.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\uninstall.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\videopad.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\vlc.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\wab.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\webcamviewer v1.0.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winrar.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winthruster.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      IFEO\x32-edit.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      SearchScopes: HKLM -> DefaultScope value is missing
      FF Plugin HKU\S-1-5-21-3578093062-3410416267-702171468-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      CHR Extension: (Presentaciones) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Documentos) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Chrome Media Router) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16]
      CHR Extension: (Llamadas de Skype) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-09-08]
      CHR Extension: (Presentaciones de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
      CHR Extension: (Google Docs) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
      CHR HKLM\...\Chrome\Extension: [khodmflachnghikomnfcollkoljpghbc] - C:\ProgramData\Codecv\khodmflachnghikomnfcollkoljpghbc.crx <not found>
      CHR HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
      S4 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
      U2 wuaserv; no ImagePath
      2017-10-04 10:47 - 2012-09-11 16:38 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job
      2017-10-04 10:47 - 2012-09-11 16:38 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job
      2017-10-03 18:12 - 2017-10-03 18:12 - 000009728 _____ () C:\Users\Matil\AppData\Local\Temp\bassmod.dll
      2017-10-03 18:07 - 2017-10-03 18:07 - 000410616 _____ (Mail.Ru) C:\Users\Matil\AppData\Local\Temp\d7fegdknvj.exe
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      Task: {09A256F4-7027-4BC3-AF8F-D6828C1524F3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
      Task: {0E3A88A9-FD9D-4278-8C98-8252D9616604} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
      Task: {66434ED9-5B62-476C-988A-1AF7A271744D} - System32\Tasks\Programa de actualizaci�n online de DivX => C:\Program Files\DivX\DivX Update\DivXUpdate.exe
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job => C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully.
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => key removed successfully.
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e517507-1df1-11e7-9546-0027136d9a28} => key removed successfully.
      HKLM\Software\Classes\CLSID\{1e517507-1df1-11e7-9546-0027136d9a28} => key not found.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\acrobat.com.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adobe air application installer.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\aimp.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\aimpac.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\aimpate.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\elcc.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\flashget3.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\formatfactory.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gens.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hearts.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hptcs.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\idte.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javacpl.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javaw.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javaws.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jdownloaderd3d.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\minesweeper.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\moc.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mstore.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\offdiag.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ois.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onplay.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\outlook.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\picasa3.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\picasaphotoviewer.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\player.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\provider.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\purbleplace.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\recoverymgr.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sidebar.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\silverlight.configuration.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skypesetup.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\solitaire.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spidersolitaire.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spotify.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ummyvideodownloader.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninst.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\videopad.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vlc.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wab.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\webcamviewer v1.0.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winrar.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winthruster.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe => key removed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\x32-edit.exe => key removed successfully.
      C:\Windows\system32\GroupPolicy\Machine => moved successfully
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      C:\Windows\system32\GroupPolicy\User => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => key removed successfully.
      C:\Users\Matil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => moved successfully
      CHR Extension: (Presentaciones) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16] => Error: No automatic fix found for this entry.
      CHR Extension: (Llamadas de Skype) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-09-08] => Error: No automatic fix found for this entry.
      CHR Extension: (Presentaciones de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10] => Error: No automatic fix found for this entry.
      CHR Extension: (Google Docs) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09] => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Google\Chrome\Extensions\khodmflachnghikomnfcollkoljpghbc => key removed successfully.
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => key removed successfully.
      HKLM\System\CurrentControlSet\Services\BHipsEx => key removed successfully.
      BHipsEx => service removed successfully.
      HKLM\System\CurrentControlSet\Services\wuaserv => key removed successfully.
      wuaserv => service removed successfully.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job => moved successfully
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job => moved successfully
      C:\Users\Matil\AppData\Local\Temp\bassmod.dll => moved successfully
      C:\Users\Matil\AppData\Local\Temp\d7fegdknvj.exe => moved successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
      HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
      HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
      HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09A256F4-7027-4BC3-AF8F-D6828C1524F3} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A256F4-7027-4BC3-AF8F-D6828C1524F3} => key removed successfully.
      C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E3A88A9-FD9D-4278-8C98-8252D9616604} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E3A88A9-FD9D-4278-8C98-8252D9616604} => key removed successfully.
      C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66434ED9-5B62-476C-988A-1AF7A271744D} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66434ED9-5B62-476C-988A-1AF7A271744D} => key removed successfully.
      C:\Windows\System32\Tasks\Programa de actualizaci�n online de DivX => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Programa de actualizaci�n online de DivX => key not found.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000Core.job => not found.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3578093062-3410416267-702171468-1000UA.job => not found.

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica 3 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica 3:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:

      Sufijo DNS espec¡fico para la conexi¢n. . : home
      Direcci¢n IPv6 . . . . . . . . . . : fdb9:5a12:aa48bdd4:b81d:66b5:e57a
      Direcci¢n IPv6 temporal. . . . . . : fdb9:5a12:aa489c2a:ba88:7805:5135
      V¡nculo: direcci¢n IPv6 local. . . : fe80::bdd4:b81d:66b5:e57a%23
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de Ethernet Conexi¢n de *rea local:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{52C62133-F841-4625-A4D5-946C377C6E31}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel 6TO4 Adapter:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Reusable Microsoft 6To4 Adapter:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{8952D7BA-3F3C-4183-BB17-AE33A0509C61}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Conexi¢n de *rea local* 35:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.home:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c
      No se puede iniciar el servicio o grupo de dependencia.



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15189941 B
      Java, Flash, Steam htmlcache => 524 B
      Windows/system/drivers => 93848793 B
      Edge => 0 B
      Chrome => 433976609 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 75930 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 104811 B
      LocalService => 141022 B
      NetworkService => 70484 B
      Matil => 84983798 B

      RecycleBin => 1011545502 B
      EmptyTemp: => 1.5 GB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 00:30:59 ====

      Y el informe de Delfix, no dice más que se creó el registro con éxito...

      Por cierto: las pestañas de internet no se abren más desde hace rato. Y ahora se reparó lo de word! Puedo abrir los archivos directamente.

      ¿Será que has logrado guiarme para arreglar completamente mi computadora?

      Esto es como "un pequeño paso para el hombre, un gran paso para Matil"... ¿Ejecuto ahora el removedor de herramientas? ¿Vuelvo a hacerle un escaneo completo?

      Otra cosa MUY IMPORTANTE: ¿qué antivirus le instalo? Desde que le saqué Bedefender no puse ningún otro.

      Cuán agradecida estoy, no lo podés imaginar!! Sos merecedora de una rica torta que hago yo

    8. #28
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.352

      Re: Virus en mi computadora

      Hola

      Cita Originalmente publicado por Matil Ver Mensaje
      Cuán agradecida estoy, no lo podés imaginar!! Sos merecedora de una rica torta que hago yo
      Gracias

      En el reporte de Frst vi todavía entradas de AVG y Bedefender, intenta pasar la herramienta de desinstalación de de cada uno >> Herramientas de desinstalación de Antivirus, AntiSpyware y Firewall.

      Después vuelve a sacar un reporte de Frst, en esta ocasión marca Addition, siempre quedan entradas que cuesta quitar y comenta también si ya no tienes AVGTune Up porque vi entradas y asi eliminamos todo lo que haya de paso.

      Ya después que eliminemos todo, te comento que antivirus puedes instalar, primero hay que quitar todo lo que haya de otros para que no creen conflictos.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #29
      Usuario Avatar de Matil
      Registrado
      oct 2017
      Ubicación
      Argentina
      Mensajes
      21

      Re: Virus en mi computadora

      Hola Daniela.

      Bajé el removedor del Bitdefender. Lo corrí y me quedó este informe final... Veo que hay una cruz roja, pero no sé qué implica:


      Por otro lado, mientras estaba corriendo apareció este mensaje, y como no me daba una opción de no permitir, cerré la ventana... ¿Es un virus? ¿Qué es?


      Luego, bajé el removedor de AVG. Con mucha pena desinstalé el AVG PC TuneUp Me parece muy útil ese programa, acelera el rendimiento de la computadora y la mantiene en orden... ¿Es malo el programa ese? ¿Tenía virus? ¿Puedo conseguirlo e instalarlo nuevamente, o no me lo recomendas?

      Como indicaba la guía de removedores, se reinició la compu después del removedor del AVG y pasé el CCleaner en limpiador y buscador de problemas, guardando previamente un registro.

      Finalmente, volví a correr el FRST.exe, marcada la casilla de Addition. Aquí los informes:

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2017
      Ran by Matil (administrator) on PEPERINA (15-10-2017 20:41:02)
      Running from C:\Users\Matil\Desktop
      Loaded Profiles: Matil (Available Profiles: Matil)
      Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
      (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
      (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
      (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
      (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
      (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      (TODO: <Company name>) C:\Applications\Service.exe
      (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
      (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
      () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      (TODO: <Company name>) C:\Applications\Service.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [282624 2009-05-15] (Alps Electric Co., Ltd.)
      HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [6361600 2017-04-13] (Broadcom Corporation)
      HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
      HKLM\...\Run: [SERVICE] => [X]
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-19] (Microsoft Corporation)
      Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-04-13]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{8952D7BA-3F3C-4183-BB17-AE33A0509C61}: [DhcpNameServer] 192.168.1.1

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-01] (Oracle Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
      BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Matil\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-01] (Oracle Corporation)
      BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
      DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
      DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
      DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab

      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-13] ()
      FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
      FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
      FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-01] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-01] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
      FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-04] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-04] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin HKU\S-1-5-21-3578093062-3410416267-702171468-1000: SkypePlugin -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default [2017-10-15]
      CHR Extension: (Presentaciones) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Documentos) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
      CHR Extension: (YouTube) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
      CHR Extension: (Adblock Plus) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
      CHR Extension: (Búsqueda de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
      CHR Extension: (Hojas de cálculo) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
      CHR Extension: (Gmail) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
      CHR Extension: (Chrome Media Router) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16]
      CHR Extension: (Llamadas de Skype) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-09-08]
      CHR Profile: C:\Users\Matil\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-15]
      CHR Profile: C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-15]
      CHR Extension: (Presentaciones de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
      CHR Extension: (Google Docs) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
      CHR Extension: (Google Drive) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
      CHR Extension: (YouTube) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
      CHR Extension: (Búsqueda de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
      CHR Extension: (Gmail) - C:\Users\Matil\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 1999-12-31] (LSI Corporation)
      S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-06-05] (WildTangent, Inc.)
      R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113624 2017-10-12] (SurfRight B.V.)
      R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
      R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
      R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
      R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5179392 2017-04-13] (Broadcom Corporation) [File not signed]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [19664 2017-04-13] (Broadcom Corporation)
      R3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [508184 2012-12-04] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-12] (Malwarebytes)
      S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-12] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-12] (Malwarebytes)
      S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-12] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-12] (Malwarebytes)
      S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [62976 2011-03-07] (Siano) [File not signed]
      R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]
      S3 athur; system32\DRIVERS\athur.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-10-15 20:41 - 2017-10-15 20:42 - 000014905 _____ C:\Users\Matil\Desktop\FRST.txt
      2017-10-15 20:02 - 2017-10-15 20:02 - 002842784 _____ C:\Users\Matil\Downloads\The_New_Bitdefender_UninstallTool.exe
      2017-10-15 20:00 - 2017-10-15 20:33 - 000000000 ____D C:\AVG_Remover
      2017-10-15 19:59 - 2017-10-15 20:00 - 007986864 _____ ( ) C:\Users\Matil\Downloads\AVG_Remover.exe
      2017-10-14 12:02 - 2017-10-15 20:41 - 000000000 ____D C:\FRST
      2017-10-14 12:02 - 2017-10-15 20:40 - 000000000 ____D C:\Users\Matil\Desktop\FRST-OlderVersion
      2017-10-14 09:43 - 2017-10-15 20:40 - 001798144 _____ (Farbar) C:\Users\Matil\Desktop\FRST.exe
      2017-10-12 16:04 - 2017-10-15 20:37 - 000000000 ____D C:\Users\Matil\AppData\Local\CrashDumps
      2017-10-12 15:32 - 2017-10-12 15:32 - 000001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
      2017-10-12 15:32 - 2017-10-12 15:32 - 000001893 _____ C:\ProgramData\Desktop\HitmanPro.lnk
      2017-10-12 15:32 - 2017-10-12 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
      2017-10-12 15:32 - 2017-10-12 15:32 - 000000000 ____D C:\Program Files\HitmanPro
      2017-10-12 15:27 - 2017-10-12 15:27 - 011007936 _____ (SurfRight B.V.) C:\Users\Matil\Downloads\hitmanpro.exe
      2017-10-12 13:52 - 2017-10-12 13:52 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2017-10-12 13:52 - 2017-10-12 13:52 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2017-10-12 13:52 - 2017-10-12 13:52 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2017-10-12 13:35 - 2017-10-12 13:39 - 000000000 ____D C:\AdwCleaner
      2017-10-12 13:32 - 2017-10-12 13:32 - 000781312 _____ C:\Users\Matil\Desktop\DelFix.exe
      2017-10-12 13:31 - 2017-10-12 13:31 - 008182736 _____ (Malwarebytes) C:\Users\Matil\Downloads\AdwCleaner.exe
      2017-10-12 13:30 - 2017-10-12 13:30 - 001790024 _____ (Malwarebytes) C:\Users\Matil\Downloads\JRT.exe
      2017-10-11 09:15 - 2017-10-11 09:15 - 000030279 _____ C:\ProgramData\agent.uninstall.1507724095.bdinstall.bin
      2017-10-10 13:58 - 2017-10-12 13:57 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2017-10-10 13:58 - 2017-10-12 13:52 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2017-10-09 16:29 - 2017-10-09 16:29 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-10-09 16:29 - 2017-10-09 16:29 - 000001980 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
      2017-10-09 16:28 - 2017-10-09 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-10-09 16:28 - 2017-10-09 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-10-09 16:28 - 2017-10-09 16:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-10-09 16:28 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
      2017-10-08 21:08 - 2017-10-08 21:08 - 000000000 ____D C:\Users\Matil\AppData\Roaming\QuickScan
      2017-10-08 20:54 - 2017-10-08 20:54 - 000047756 _____ C:\ProgramData\agent.1507506873.bdinstall.bin
      2017-10-08 20:54 - 2017-10-08 20:54 - 000000000 ____D C:\ProgramData\Bitdefender Agent
      2017-10-04 10:25 - 2017-10-04 10:25 - 000002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-10-03 19:54 - 2017-10-11 10:16 - 000000000 ____D C:\WinSys
      2017-10-03 19:54 - 2017-10-11 10:16 - 000000000 ____D C:\Applications
      2017-10-03 19:54 - 2017-10-03 19:54 - 000140800 _____ C:\Users\Matil\AppData\Local\installer.dat
      2017-10-03 18:13 - 2017-10-03 19:25 - 000000000 ____D C:\Users\Matil\AppData\LocalLow\Unity
      2017-10-03 18:13 - 2017-10-03 19:25 - 000000000 ____D C:\Users\Matil\AppData\Local\Unity
      2017-10-03 18:08 - 2017-10-09 17:05 - 000000000 ____D C:\ProgramData\DirectX11b
      2017-10-03 18:08 - 2017-10-09 16:55 - 000000000 ___RD C:\ProgramData\Framework
      2017-10-03 18:04 - 2017-10-11 10:29 - 000000000 ____D C:\Users\Matil\Documents\REAPER Media
      2017-10-03 18:00 - 2017-10-03 21:26 - 000000000 ____D C:\Users\Matil\AppData\Roaming\REAPER
      2017-10-02 17:28 - 2017-10-02 17:28 - 000051616 _____ C:\Windows\uninstaller.dat
      2017-10-01 18:38 - 2017-10-01 18:38 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
      2017-10-01 18:38 - 2017-10-01 18:38 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
      2017-10-01 18:24 - 2017-10-01 18:24 - 000000000 ____D C:\Users\Default\AppData\Local\AVG
      2017-10-01 18:24 - 2017-10-01 18:24 - 000000000 ____D C:\Users\Default User\AppData\Local\AVG
      2017-10-01 18:24 - 2017-02-21 09:25 - 000042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
      2017-10-01 18:14 - 2017-10-15 20:31 - 000000000 ____D C:\Program Files\AVG
      2017-10-01 18:13 - 2017-10-15 20:31 - 000000000 ____D C:\ProgramData\Avg
      2017-10-01 18:13 - 2017-10-01 18:15 - 000000000 ____D C:\Users\Matil\AppData\Local\Avg
      2017-09-28 16:01 - 2017-09-28 16:01 - 000102686 _____ C:\Users\Matil\Documents\Doc1.pdf

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-10-15 20:39 - 2010-06-14 23:25 - 000000000 ____D C:\Users\Matil\Documents\copias de seguridad registro
      2017-10-15 20:38 - 2009-11-06 22:25 - 004963324 _____ C:\Windows\system32\perfh00A.dat
      2017-10-15 20:38 - 2009-11-06 22:25 - 001582036 _____ C:\Windows\system32\perfc00A.dat
      2017-10-15 20:38 - 2009-09-06 20:02 - 000006212 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-10-15 20:37 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
      2017-10-15 20:34 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-10-15 16:32 - 2009-07-14 01:34 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-10-15 16:32 - 2009-07-14 01:34 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-10-15 00:33 - 2017-05-11 20:40 - 000000008 __RSH C:\ProgramData\ntuser.pol
      2017-10-15 00:30 - 2013-02-20 17:45 - 000000000 ____D C:\Users\Matil\AppData\LocalLow\Temp
      2017-10-15 00:30 - 2009-07-13 23:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
      2017-10-14 13:43 - 2017-05-11 22:07 - 000000259 _____ C:\DelFix.txt
      2017-10-13 16:48 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF
      2017-10-13 08:40 - 2012-07-11 16:06 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2017-10-13 08:40 - 2012-07-11 16:06 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2017-10-13 08:40 - 2009-11-06 14:55 - 000000000 ____D C:\Windows\system32\Macromed
      2017-10-12 18:32 - 2010-08-17 23:30 - 000000000 ____D C:\TV vídeo
      2017-10-12 17:41 - 2016-06-28 13:07 - 000000000 ____D C:\Games
      2017-10-12 16:35 - 2010-04-26 22:42 - 000000000 ____D C:\Users\Matil\AppData\Local\ESET
      2017-10-11 10:43 - 2015-12-13 12:37 - 000000000 ____D C:\Tino
      2017-10-11 10:32 - 2012-09-01 21:57 - 000000000 ___RD C:\Users\Matil\Desktop\arman
      2017-10-11 10:24 - 2010-09-07 22:12 - 000000000 ____D C:\Users\Matil\AppData\Roaming\vlc
      2017-10-09 15:52 - 2010-04-19 21:58 - 000001355 _____ C:\Users\Matil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2017-10-09 13:56 - 2016-05-23 16:38 - 000000000 ____D C:\Users\Matil\AppData\Roaming\AIMP
      2017-10-05 21:42 - 2014-05-26 21:33 - 000000000 ____D C:\Users\Matil\AppData\Roaming\X32-Edit
      2017-10-04 10:25 - 2011-03-13 00:32 - 000000000 ____D C:\Program Files\Google
      2017-10-04 10:24 - 2015-03-03 20:37 - 000000000 ____D C:\Users\Matil\AppData\Local\Deployment
      2017-10-01 21:50 - 2010-06-14 23:11 - 000000000 ____D C:\Program Files\WinRAR
      2017-10-01 18:54 - 2017-04-13 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
      2017-10-01 18:54 - 2013-05-15 00:41 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
      2017-10-01 18:53 - 2009-11-06 16:03 - 000000000 ____D C:\Program Files\Java
      2017-10-01 18:43 - 2017-08-12 13:16 - 000000000 ____D C:\Users\Matil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-10-01 18:43 - 2017-08-12 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-10-01 18:40 - 2013-04-06 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
      2017-10-01 18:40 - 2013-04-06 15:52 - 000000000 ____D C:\Program Files\QuickTime
      2017-10-01 18:38 - 2010-05-03 21:01 - 000000000 ____D C:\Users\Matil\AppData\Local\Adobe
      2017-10-01 18:38 - 2009-11-06 15:06 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
      2017-10-01 18:38 - 2009-11-06 15:06 - 000000000 ____D C:\Program Files\Adobe
      2017-10-01 18:36 - 2010-06-14 23:15 - 000000000 ____D C:\Users\Matil\AppData\Local\Microsoft Help
      2017-10-01 18:36 - 2010-04-22 01:10 - 000000000 ____D C:\Users\Matil\AppData\Roaming\HpUpdate
      2017-09-30 09:21 - 2010-04-19 21:51 - 000000000 ____D C:\Users\Matil
      2017-09-20 09:59 - 2010-04-26 23:09 - 000000000 ____D C:\mÚsiCa

      ==================== Files in the root of some directories =======

      2011-04-19 21:43 - 2011-05-10 21:24 - 000001849 _____ () C:\Users\Matil\AppData\Roaming\GhostObjGAFix.xml
      2016-08-01 19:34 - 2016-08-01 19:39 - 000000016 _____ () C:\Users\Matil\AppData\Roaming\msregsvv.dll
      2015-09-21 20:52 - 2017-05-26 20:25 - 000153138 _____ () C:\Users\Matil\AppData\Roaming\VideoPad.dmp
      2013-02-20 18:20 - 2013-02-20 18:20 - 000000160 _____ () C:\Users\Matil\AppData\Roaming\wklnhst.dat
      2010-04-19 21:59 - 2010-04-19 21:59 - 000000000 _____ () C:\Users\Matil\AppData\Local\AtStart.txt
      2011-04-03 00:44 - 2016-06-08 18:21 - 000005120 _____ () C:\Users\Matil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2010-04-19 21:59 - 2010-04-19 21:59 - 000000000 _____ () C:\Users\Matil\AppData\Local\DSwitch.txt
      2017-10-03 19:54 - 2017-10-03 19:54 - 000140800 _____ () C:\Users\Matil\AppData\Local\installer.dat
      2010-04-19 21:59 - 2010-04-19 21:59 - 000000000 _____ () C:\Users\Matil\AppData\Local\QSwitch.txt
      2017-10-08 20:54 - 2017-10-08 20:54 - 000047756 _____ () C:\ProgramData\agent.1507506873.bdinstall.bin
      2017-10-11 09:15 - 2017-10-11 09:15 - 000030279 _____ () C:\ProgramData\agent.uninstall.1507724095.bdinstall.bin
      2016-08-01 19:34 - 2016-08-01 19:39 - 000000016 _____ () C:\ProgramData\autobk.inc
      2014-09-15 00:35 - 2014-09-15 00:35 - 000000020 _____ () C:\ProgramData\bc.ini
      2010-04-19 21:59 - 2014-06-11 19:04 - 000000198 _____ () C:\ProgramData\HPWALog.txt
      2017-01-03 22:46 - 2017-01-03 22:46 - 000000069 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
      2016-09-18 17:09 - 2016-09-18 17:09 - 000005116 _____ () C:\ProgramData\rxsmznjf.zcp
      2010-02-04 22:59 - 2010-02-04 22:59 - 000000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
      2009-11-06 15:31 - 2009-11-06 15:31 - 000000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
      2010-02-04 22:58 - 2010-02-04 22:58 - 000000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
      2009-11-06 15:27 - 2009-11-06 15:28 - 000000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
      2010-02-04 22:57 - 2010-02-04 22:57 - 000000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
      2010-02-04 22:58 - 2010-02-04 22:58 - 000000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
      2009-11-06 15:27 - 2009-11-06 15:27 - 000000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
      2009-11-06 15:28 - 2009-11-06 15:31 - 000000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
      2010-02-04 22:59 - 2010-02-04 22:59 - 000000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-10-12 11:20

      ==================== End of FRST.txt ============================

    10. #30
      Usuario Avatar de Matil
      Registrado
      oct 2017
      Ubicación
      Argentina
      Mensajes
      21
      Y del Addition:

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2017
      Ran by Matil (15-10-2017 20:42:44)
      Running from C:\Users\Matil\Desktop
      Microsoft Windows 7 Home Basic Service Pack 1 (X86) (2010-04-20 00:51:20)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3578093062-3410416267-702171468-500 - Administrator - Disabled)
      Invitado (S-1-5-21-3578093062-3410416267-702171468-501 - Limited - Disabled)
      Matil (S-1-5-21-3578093062-3410416267-702171468-1000 - Administrator - Enabled) => C:\Users\Matil

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
      Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
      Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
      Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
      Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.159 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
      Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
      Adobe Shockwave Player (HKLM\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
      AIMP (HKLM\...\AIMP) (Version: v4.02.1713, 26.04.2016 - AIMP DevTeam)
      Alps Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
      Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
      AVG PC TuneUp (HKLM\...\{D87926DA-D66D-4B80-BB89-019E95477B73}) (Version: 16.74.1 - AVG Technologies) Hidden
      Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.148 - Broadcom Corporation)
      Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
      Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.148 - Broadcom Corporation)
      CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
      CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
      D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      EasyLife Gadget (HKLM\...\{ACE9FB2A-31A5-4285-9510-43F1636EAB21}) (Version: 1.0 - EasyLife Gadget)
      eLicenser Control (HKLM\...\eLicenser Control) (Version: 6.9.3.8190 - Steinberg Media Technologies GmbH)
      ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
      Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
      FlashGet 3.3 (HKLM\...\FlashGet 3.3) (Version: 3.3.0.1092 - hxxp://www.FlashGet.com)
      FormatFactory 2.50 (HKLM\...\FormatFactory) (Version: 2.50 - Free Time)
      Galería fotográfica de Windows Live (HKLM\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
      Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
      HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
      HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
      HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
      HP Setup (HKLM\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
      HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
      HP User Guides 0146 (HKLM\...\{45E5D641-3C82-4F95-92FB-AE5459DF2988}) (Version: 1.02.0002 - Hewlett-Packard)
      HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
      IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
      IDTE-ID3 Tag Editor (HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\IDTE-ID3 Tag Editor) (Version: 02.80.00.00 - Team IDTE)
      Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
      Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
      Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
      Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
      JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
      JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
      Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
      LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
      Malwarebytes versión 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
      Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
      Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
      Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_STANDARD_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
      Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_STANDARD_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
      Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_STANDARD_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
      Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_STANDARD_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Paquete de compatibilidad para 2007 Office system (HKLM\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
      QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
      QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
      Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
      Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2214 - CyberLink Corp.) Hidden
      Sega Col 1.00 (HKLM\...\Sega Col 1.00) (Version: 1.00 - Pilotus)
      Skype Web Plugin (HKLM\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
      Skype Web Plugin (HKLM\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
      SkypeFall version 1.0 (HKLM\...\{50C37E0A-2AEB-409D-9FDC-AFBF9C6A75E8}}_is1) (Version: 1.0 - ) <==== ATTENTION
      Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
      UmmyVideoDownloader (HKLM\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.5.0.4 - ) <==== ATTENTION
      Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
      VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
      VideoPad, editor de vídeo (HKLM\...\VideoPad) (Version: 4.57 - NCH Software)
      Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
      Windows Live Sync (HKLM\...\{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}) (Version: 14.0.8117.416 - Microsoft Corporation)
      WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{0A40F1CC-1705-436E-A6F5-BDD5C88DD79B}\localserver32 -> C:\Users\Matil\AppData\Local\SkypePlugin\PluginHost.exe (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Matil\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX.dll (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Matil\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion.exe (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\EdgeBrokerPS.dll (Skype Technologies S.A.)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matil\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
      CustomCLSID: HKU\S-1-5-21-3578093062-3410416267-702171468-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Matil\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
      ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2016-05-23] (AIMP DevTeam)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
      ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2016-05-23] (AIMP DevTeam)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {01E04F44-387D-4996-991E-6F263C2680A3} - System32\Tasks\{AC56B93D-E015-4722-BD66-A5A4DB852B48} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
      Task: {0C8CB876-B0CF-4115-B915-20D6D79613FF} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
      Task: {0EC3216C-0854-4A82-BD51-4FF6ADD5F833} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-04] (Google Inc.)
      Task: {18341AFF-947A-42BC-B785-0E4A32A94C3E} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
      Task: {20C2B8C1-B9CF-4D68-96A8-05B21B90860B} - System32\Tasks\{0F1C62E6-C7BF-496C-A29A-D27D15B4AF29} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/4.2.0.158.259/es/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-notinstalled
      Task: {256B5113-A0A0-4AEF-B40D-2A242AD9405A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-13] (Adobe Systems Incorporated)
      Task: {2C462630-79E7-4F9E-9465-E9167F422D3B} - System32\Tasks\Peperina\Matil - Start WLAN Tray Applet => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE [2017-04-13] (Broadcom Corporation)
      Task: {2F5DC6EC-D8F0-4856-ABC6-D369C234506D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
      Task: {34442C2A-ECAD-4C84-BE24-5E8F48E375C2} - System32\Tasks\NCH Software\VideoPadDowngrade => C:\Program Files\NCH Software\VideoPad\videopad.exe [2016-12-09] (NCH Software)
      Task: {3E5B5FD6-5AB2-424E-9840-6C0A62D35BDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
      Task: {6854326E-A799-4873-9D12-8C8982AB000C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
      Task: {68A853A9-B59C-4C96-92F6-DE92D8B4E133} - System32\Tasks\ShadowsocksS => C:\Applications\Service.exe [2017-09-17] (TODO: <Company name>)
      Task: {6A233CC3-F5AB-4D66-BD1E-5404A0E65B10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
      Task: {6F284B58-9F8A-45E7-901F-6410298EAEFA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-04-06] (Adobe Systems Incorporated)
      Task: {70B8345B-7FE5-4D7F-9F82-3921BAB429A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-15] (HP Inc.)
      Task: {877EE6B1-1F61-4B17-889D-68868CBDC007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
      Task: {894C635A-68A4-48AF-9431-2AF611FCD5A3} - System32\Tasks\{12FFB488-CEF3-4620-91A6-9C279A952841} => C:\Windows\system32\pcalua.exe -a F:\Install\NOD32\NOD32.FiX.v2.2-nsane.exe -d F:\Install\NOD32
      Task: {918744C8-E97B-43CF-A188-AF4317ED4CC0} - System32\Tasks\Programa de actualización en línea de HP => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
      Task: {9546B54A-83ED-46AC-8C86-CCC35319ACBC} - System32\Tasks\{70C083CA-16CD-4290-BB5A-552993E3A201} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.1.0.112/es/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;alreadyoffered
      Task: {ABFE093C-8537-427B-AEE2-32A8AC2FF539} - System32\Tasks\{96F89D75-3ADC-4818-AAA6-1A424153FBC5} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.158.259&LastError=404
      Task: {B7352451-2367-4C20-9940-489C78790233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-04] (Google Inc.)
      Task: {C9C7D4EC-DFA1-4EB8-82F5-539E9A655989} - System32\Tasks\{F105E082-421E-4B34-A4EB-3CB44AFA276F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
      Task: {E6E76FFB-90FC-4B5C-9B05-E8BDC7A4C74C} - System32\Tasks\{C27E34B7-48C1-476D-A806-E86E6B6EA20E} => C:\Windows\system32\pcalua.exe -a C:\Users\Matil\Desktop\avg_free_stb_all_9_115_global.exe -d C:\Users\Matil\Desktop

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Users\Matil\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nchsoftware.com/es/index.htm

      ==================== Loaded Modules (Whitelisted) ==============

      2009-07-01 11:44 - 2009-07-01 11:44 - 000632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-3578093062-3410416267-702171468-1000\...\google.com.mx -> hxxps://google.com.mx

      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:04 - 2017-10-15 00:30 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3578093062-3410416267-702171468-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
      MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{2BCE5AD7-90CD-4762-88C8-BDD6FDC9EF63}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [{83AF773C-87ED-4CDB-8B2B-EBA9D0E62359}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [{AFF68F08-F6AC-4AE2-A2A6-3BAA657F51E3}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [{F217EFB2-A3A7-4ACD-8103-F27EAFA73B61}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
      FirewallRules: [TCP Query User{9BA9A081-B312-4922-8712-61B806E15A51}C:\program files\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [UDP Query User{C617C989-2DAA-4146-8C05-7B7B9F60EB06}C:\program files\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [{19358E8B-EA09-440F-995B-C6358C003F9D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{BDCFEC96-5C1E-4311-BF74-EE83C92B9B6D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{2C87923E-FBE0-42DB-9680-FA1E0CB8047D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{F9573A64-A1B6-4171-A48C-D7BE43ABFF38}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{D989BF98-D049-4BB8-B315-27BD9473BC02}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{BEB75DD6-D297-4962-A650-EBE9AC7E5C66}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{67DE2728-C693-474E-A9ED-968995708539}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
      FirewallRules: [TCP Query User{B46A60F6-12FE-4A19-B7BA-10F032D26BCF}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
      FirewallRules: [UDP Query User{D7938258-9823-4A77-9E88-5F765A717AD7}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
      FirewallRules: [TCP Query User{9FD22257-348C-45E2-980B-4D9940539EE5}C:\program files\flashget network\flashget 3\flashget3.exe] => (Block) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [UDP Query User{F73DA3EB-52D0-4AB4-B0E8-4E8FA1B765A3}C:\program files\flashget network\flashget 3\flashget3.exe] => (Block) C:\program files\flashget network\flashget 3\flashget3.exe
      FirewallRules: [{A323EA80-F27E-4FC9-8988-5154C4544158}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{EF129221-4138-4CCA-9FB0-ED29B80D180E}] => (Allow) LPort=2869
      FirewallRules: [{13E14F72-9347-4CFA-BFC1-09A31E1644E3}] => (Allow) LPort=1900
      FirewallRules: [{1EFAF3F6-48E0-453C-A782-D4C3FE4A0795}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
      FirewallRules: [TCP Query User{B9244F22-4783-40CE-A9CB-F9527707EA7A}C:\users\matil\desktop\x32-edit.exe] => (Allow) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [UDP Query User{95897EF2-8F83-4D1C-9A41-BBC74B81281C}C:\users\matil\desktop\x32-edit.exe] => (Allow) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [{BEA823C1-9DB2-49C0-BEE7-1DC7442B309B}] => (Allow) C:\Program Files\SkypeWebPlugin\3.1.15602.22612\SkypeWebPlugin.exe
      FirewallRules: [TCP Query User{89BC9D8C-11F5-4D90-81F3-F7D1C77E9C4C}C:\users\matil\desktop\x32-edit.exe] => (Block) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [UDP Query User{0665B171-FFBA-48DC-BA10-294A2E8D8A9A}C:\users\matil\desktop\x32-edit.exe] => (Block) C:\users\matil\desktop\x32-edit.exe
      FirewallRules: [{DBB6C587-3135-41A7-95B9-B486C423FEE7}] => (Allow) C:\Users\Matil\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
      FirewallRules: [TCP Query User{7E1FCFAF-26B5-4A72-9873-91FCE74F8466}C:\users\matil\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\matil\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [UDP Query User{1942C380-4D42-4A48-A248-C0A0D908723F}C:\users\matil\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\matil\appdata\local\skypeplugin\pluginhost.exe
      FirewallRules: [{705C5147-5CFF-4B79-918F-22BD5C4E3038}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [{17184FAA-F88B-4FEE-BDBD-EC257C5EA20A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

      ==================== Restore Points =========================

      10-09-2017 14:30:54 Punto de control programado
      18-09-2017 13:08:13 Punto de control programado
      25-09-2017 18:29:58 Punto de control programado
      30-09-2017 09:04:06 Removed Visual Studio 2012 x86 Redistributables
      30-09-2017 10:01:07 Archivos de copia de seguridad de Service Pack quitados

      ==================== Faulty Device Manager Devices =============

      Name: Teredo Tunneling Pseudo-Interface
      Description: Adaptador de tunelización Teredo de Microsoft
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Microsoft
      Service: tunnel
      Problem: : This device cannot start. (Code10)
      Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
      On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (10/15/2017 08:38:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (10/15/2017 08:38:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/15/2017 08:38:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/15/2017 04:28:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (10/15/2017 04:28:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/15/2017 04:28:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/15/2017 12:37:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (10/15/2017 12:37:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/15/2017 12:37:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (10/15/2017 12:31:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.


      System errors:
      =============
      Error: (10/15/2017 08:34:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Broadcom Wireless LAN Tray Service no pudo iniciarse debido al siguiente error:
      La aplicación Broadcom Wireless LAN Tray Service no se puede ejecutar en modo Win32.

      Error: (10/15/2017 08:18:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Adquisición de imágenes de Windows (WIA) depende del servicio Detección de hardware shell, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

      Error: (10/15/2017 08:06:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Adquisición de imágenes de Windows (WIA) depende del servicio Detección de hardware shell, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

      Error: (10/15/2017 08:06:19 PM) (Source: DCOM) (EventID: 10005) (User: )
      Description: Error de DCOM "1068" al intentar iniciar el servicio stisvc con argumentos "" para ejecutar el servidor:
      {A1F4E726-8CF1-11D1-BF92-0060081ED811}

      Error: (10/15/2017 12:30:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/15/2017 12:30:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/15/2017 12:30:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/15/2017 12:30:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/15/2017 12:30:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (10/15/2017 12:30:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.


      CodeIntegrity:
      ===================================
      Date: 2017-04-08 1214.155
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-04-08 1213.874
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-22 12:17:31.782
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-22 12:17:31.731
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-22 12:17:31.670
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-08 22:57:01.005
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-03-08 22:57:00.990
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-02-06 21:34:03.619
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-02-06 21:34:03.339
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-02-04 12:42:07.836
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
      Percentage of memory in use: 43%
      Total physical RAM: 1978.96 MB
      Available physical RAM: 1127.59 MB
      Total Virtual: 3957.92 MB
      Available Virtual: 2960.68 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:281.81 GB) (Free:88.82 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive d: (RECOVERY) (Fixed) (Total:15.98 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 298.1 GB) (Disk ID: D53D6E88)
      Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=281.8 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

      ==================== End of Addition.txt ============================

      ¿Cómo seguimos?

      Me doy cuenta que me quedó el acceso directo del AVGPC en la barra del escritorio!!

      Logré sacarlo. Pero la verdad que no me deja mucha seguridad de los rastros que hayan quedado del programa...