• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 13

    Chequear ausencia Virut (Solucionado)

    Hola, ayer la aplicación de OSI me saltó con amenaza de estar infectado por Virut. le pase Bitdefender Total y no me chequeo nada. Le pase Dr WebCure It y no chequeo nada. Ahora bien ...

          
    1. #1
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Chequear ausencia Virut (Solucionado)

      Hola,
      ayer la aplicación de OSI me saltó con amenaza de estar infectado por Virut.
      le pase Bitdefender Total y no me chequeo nada.
      Le pase Dr WebCure It y no chequeo nada.

      Ahora bien esta mañana al arrancar el pc, ( WXPsp3) se me ha desconfigurado por completo vuelve al formato original y tengo deshabilitado el restaurador de sistema.

      Me deja entrar en modo a prueba de fallos pero no tengo claro que pasos seguir.

      1) para recuperar el acceso normal a windows
      2) chequear que tengo, o no en el pc

      Ahora mismo desde el modo a prueba de fallos si entro en internet no me salta ningún aviso de OSI pero conocida la virulencia de los Virut me gustaría tener certeza alguna al respecto

      gracias.

    2. #2
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Chequear ausencia Virut

      Reliza en orden y me pegas los log


      Paso 1.-: Descarga Malwarebytes Anti-Rootkit Beta >>Malwarebytes Anti-Rootkit | InfoSpyware y descomprima el contenido en su escritorio
      Paso 2.- : Desactiva tu antivirus >> Cómo deshabilitar temporalmente su Antivirus

      Abra la carpeta Mbar. Doble clic en el archivo Mbar.exe
      • En la interfaz del programa haga clic en Next.
      • Haga clic en el botón Update. Terminando clic en Next
      • Para iniciar el análisis clic en el botón Scan
      • Terminando, si hay infección clic en CleanUp, si no hay, clic en Exit.


      Al finalizar abra la carpeta Mbar, los archivos mbar-log.txt , copie y pegue todo su contenido en la siguiente respuesta y comentando los resultados.

      1-Descarga Farbar Recovery Scan Tool By Farbar (Descarga el archivo dependiendo de la arquitectura de tu sistema).>> Como saber si mi sistema es de 32 o de 64 Bits

      • La guardas en el escritorio >> Esto es muy importante..
      • Con todos los programas /ventanas cerrados, doble clic para ejecutar Frst.exe.
      • En la ventana del Disclaimer, presiona Yes.
      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.

      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Re: Chequear ausencia Virut

      Malware anti-rookit - No found. No me detecta nada, dice que todo limpio.
      Sigo con el paso 2.

      Gracias.

    4. #4
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Re: Chequear ausencia Virut

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
      Ran by Jorge (administrator) on JORGE-PC7 (14-11-2017 16:17:23)
      Running from C:\Users\Jorge\Desktop
      Loaded Profiles: Jorge (Available Profiles: Jorge)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
      (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
      (Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
      (pdfforge GmbH) C:\Program Files\PDF Architect 5\creator-ws.exe
      (© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
      (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
      (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
      (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
      (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
      (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
      (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
      (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
      (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
      (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [321744 2017-10-02] (Bitdefender)
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
      HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
      HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
      HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480592 2017-09-18] (Malwarebytes Corporation)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [Google Update] => C:\Users\Jorge\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-08-27] (Google Inc.)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40417680 2017-11-01] ()
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Jorge\Desktop\dds.scr
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...0c966feabec1\InprocServer32: [Default-shell32] <==== ATTENTION
      BootExecute: autocheck autochk * sdnclean64.exe

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 212.231.6.7 8.8.8.8
      Tcpip\..\Interfaces\{CF5D0C5E-988C-4301-9F92-1023434CD146}: [DhcpNameServer] 212.231.6.7 8.8.8.8

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
      BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-10-02] (Bitdefender)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
      BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-10-02] (Bitdefender)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
      BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-07-05] (pdfforge GmbH)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
      Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-10-02] (Bitdefender)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
      Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-10-02] (Bitdefender)
      Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-07-05] (pdfforge GmbH)

      FireFox:
      ========
      FF ProfilePath: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\thib5sM7.default [2017-11-14]
      FF Extension: (Avira Navegación segura) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\thib5sM7.default\Extensions\[email protected] [2017-07-24]
      FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
      FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
      FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
      FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [not signed]
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
      FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]der.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
      FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2017-01-17] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
      FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2017-01-17] ()
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
      FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-07-05] (pdfforge GmbH)
      FF Plugin HKU\S-1-5-21-2499668031-2600949832-3842433268-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jorge\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-27] (Google Inc.)
      FF Plugin HKU\S-1-5-21-2499668031-2600949832-3842433268-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jorge\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-27] (Google Inc.)

      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.es/
      CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://mail.google.com/"
      CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=opensearch
      CHR DefaultSearchKeyword: Default -> ecosia.org
      CHR DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/autocomplete?q={searchTerms}&type=list
      CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
      CHR Extension: (Presentaciones) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
      CHR Extension: (Documentos) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
      CHR Extension: (Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
      CHR Extension: (Adguard AdBlocker) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-09-28]
      CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-08-13]
      CHR Extension: (YouTube) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
      CHR Extension: (True Key™ by Intel Security) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaibbcbodhimfnjnakiidgbpiehfgci [2017-10-04]
      CHR Extension: (Timer) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2017-01-18]
      CHR Extension: (Google Calendar) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-18]
      CHR Extension: (Hojas de cálculo) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
      CHR Extension: (Word Online) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-01-18]
      CHR Extension: (Edición de Office) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-10]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
      CHR Extension: (Google Calendar (por Google)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2017-10-08]
      CHR Extension: (Guardar en Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-01-18]
      CHR Extension: (Google Photos) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-07-01]
      CHR Extension: (OSI: Servicio AntiBotnet) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhljghnmjahiaofikeljkjnhbeoiclbh [2017-01-18]
      CHR Extension: (G.lux) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinolicfmhnjadpggledmhnffommefaf [2017-01-26]
      CHR Extension: (Google Keep: notas y listas) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-14]
      CHR Extension: (Excel Online) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-01-18]
      CHR Extension: (Elimina los avisos sobre cookies de las webs) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\incjhkojnpgianldgommkkkmcapcphah [2017-07-30]
      CHR Extension: (Dropbox) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2017-07-01]
      CHR Extension: (Botón de Google Académico) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2017-10-08]
      CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-27]
      CHR Extension: (Google Maps) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-18]
      CHR Extension: (Extensión de Google Keep para Chrome) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-01-18]
      CHR Extension: (Video Downloader GetThemAll) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-07-30]
      CHR Extension: (Mailtrack para Gmail e Inbox: Email tracking) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-10-27]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
      CHR Extension: (Alerta de protección de contraseña) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2017-10-04]
      CHR Extension: (Checker Plus for Gmail™) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2017-11-13]
      CHR Extension: (Outlook.com) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-01-18]
      CHR Extension: (Gmail) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
      CHR Extension: (Chrome Media Router) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-08]
      CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-08]
      CHR Extension: (Fast search) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-08]
      CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
      R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2090152 2017-08-30] (Bitdefender)
      S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-18] (Dropbox, Inc.)
      S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-18] (Dropbox, Inc.)
      R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
      R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-09-14] (Bitdefender)
      R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
      R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2015-03-25] (SEIKO EPSON CORPORATION)
      S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
      S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH)
      S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH)
      R2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH)
      R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
      R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
      S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
      S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
      R2 UPDATESRV; C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\UPDATESRV.EXE [218416 2017-10-02] (Bitdefender)
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 VSSERV; C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\VSSERV.EXE [1280816 2017-10-13] (Bitdefender)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-12-09] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1019880 2017-10-02] (BitDefender S.R.L. Bucharest, ROMANIA)
      R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-10-02] (BitDefender)
      R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [124424 2017-05-31] (BitDefender LLC)
      R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)
      R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-09] ()
      R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
      R0 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [362664 2017-10-02] (Bitdefender)
      S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-27] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-27] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-27] (Malwarebytes)
      S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
      R2 Syncbox; C:\Users\Jorge\AppData\Roaming\SyncboxServer\driver\syncbox.sys [120408 2015-01-20] (Windows (R) Win 7 DDK provider)
      R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
      S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
      S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      S3 dbx; system32\DRIVERS\dbx.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-14 16:17 - 2017-11-14 16:18 - 000025259 _____ C:\Users\Jorge\Desktop\FRST.txt
      2017-11-14 16:17 - 2017-11-14 16:17 - 000000000 ____D C:\FRST
      2017-11-14 16:15 - 2017-11-14 16:15 - 002392576 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
      2017-11-14 15:53 - 2017-11-14 15:53 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5552234C.sys
      2017-11-14 15:48 - 2017-11-14 15:48 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Jorge\Downloads\mbar-1.10.3.1001.exe
      2017-11-11 08:02 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\istmskyj.sys
      2017-11-11 07:55 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\cikzpvxz.sys
      2017-11-11 07:41 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\btubdury.sys
      2017-11-10 11:50 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\znnzncic.sys
      2017-11-10 11:45 - 2017-11-10 11:48 - 000000000 ____D C:\AdwCleaner
      2017-11-10 11:41 - 2017-11-10 11:41 - 008261584 _____ (Malwarebytes) C:\Users\Jorge\Downloads\AdwCleaner.exe
      2017-11-10 11:39 - 2017-11-11 08:08 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
      2017-11-10 11:39 - 2017-11-10 11:39 - 001875480 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mbae-setup-1.10.1.41.exe
      2017-11-10 11:39 - 2017-11-10 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
      2017-11-10 11:39 - 2017-11-10 11:39 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
      2017-11-09 07:43 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\pvtyrgfh.sys
      2017-11-08 22:18 - 2015-11-03 16:46 - 000108792 _____ (Panda Security S.L.) C:\Windows\SysWOW64\PCloudCleanerService.EXE
      2017-11-08 22:18 - 2015-10-27 12:03 - 000044792 _____ C:\Windows\system32\Drivers\PRSBDRVR.SYS
      2017-11-08 22:18 - 2015-10-23 09:16 - 000214264 _____ C:\Windows\system32\Drivers\DasBootS.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000059152 _____ C:\Windows\system32\Drivers\DasBootF.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000035088 _____ C:\Windows\system32\Drivers\DasBootK.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000026384 _____ C:\Windows\system32\Drivers\DasBoot.SYS
      2017-11-08 22:17 - 2017-11-08 22:17 - 000001246 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
      2017-11-08 20:46 - 2017-11-08 20:46 - 000003969 _____ C:\stats.txt
      2017-11-08 13:17 - 2017-11-08 13:22 - 000000000 ____D C:\Users\Jorge\Doctor Web
      2017-11-08 13:17 - 2017-11-08 13:17 - 000000000 ____D C:\ProgramData\Doctor Web
      2017-11-08 13:14 - 2017-11-08 13:15 - 160512680 _____ C:\Users\Jorge\Downloads\cureit.exe
      2017-11-08 12:13 - 2017-11-10 22:17 - 001365896 _____ C:\Windows\ntbtlog.txt
      2017-11-08 07:23 - 2017-11-08 07:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
      2017-11-08 07:14 - 2017-11-08 07:14 - 038206360 _____ (Panda Security ) C:\Users\Jorge\Downloads\PandaCloudCleaner.exe
      2017-11-08 07:12 - 2017-11-08 07:13 - 131114280 _____ (Kaspersky Lab ZAO) C:\Users\Jorge\Downloads\KVRT (1).exe
      2017-11-08 07:02 - 2017-11-08 07:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
      2017-11-08 06:59 - 2017-11-08 06:59 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
      2017-11-08 06:59 - 2017-11-08 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      2017-11-08 06:59 - 2017-11-08 06:59 - 000000000 ____D C:\Program Files\iPod
      2017-11-08 06:57 - 2017-11-08 06:59 - 000000000 ____D C:\Program Files\iTunes
      2017-11-08 06:34 - 2017-11-08 06:39 - 000000000 ____D C:\KVRT_Data
      2017-11-08 06:29 - 2017-11-08 06:31 - 131114280 _____ (Kaspersky Lab ZAO) C:\Users\Jorge\Downloads\KVRT.exe
      2017-11-07 12:08 - 2017-11-07 12:08 - 000000358 _____ C:\Users\Jorge\Downloads\citation-311781548.ris
      2017-11-07 03:24 - 2017-11-07 03:24 - 000000000 ____D C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synergy Logging Software
      2017-11-07 02:04 - 2017-11-07 02:04 - 000043776 _____ C:\ProgramData\dm.update.1510016666.bdinstall.bin
      2017-11-02 21:44 - 2017-11-02 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
      2017-11-01 12:58 - 2017-11-01 12:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
      2017-11-01 12:58 - 2017-11-01 12:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
      2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
      2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-14 16:17 - 2017-07-04 16:50 - 000000000 ____D C:\Users\Jorge\AppData\Local\CrashDumps
      2017-11-14 16:13 - 2017-08-10 18:37 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
      2017-11-14 16:13 - 2017-08-10 18:36 - 000000000 ____D C:\Users\Jorge\Desktop\mbar
      2017-11-14 16:10 - 2017-08-08 10:52 - 000000000 ____D C:\Program Files\Bitdefender Agent
      2017-11-14 16:03 - 2017-01-18 12:58 - 000000990 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
      2017-11-14 15:52 - 2017-09-13 19:48 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
      2017-11-14 15:49 - 2017-03-17 11:49 - 000000911 _____ C:\Windows\Tasks\EPSON XP-432 435 Series Update {90E06A08-1391-4467-A9C7-8BF199923A21}.job
      2017-11-14 15:10 - 2009-07-14 05:45 - 000034352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-14 15:10 - 2009-07-14 05:45 - 000034352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-14 13:45 - 2017-01-18 01:12 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-14 13:45 - 2017-01-18 01:12 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-11-14 13:24 - 2017-01-18 12:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-11-14 13:23 - 2017-01-18 01:11 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-14 13:23 - 2017-01-18 01:11 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-14 13:16 - 2011-04-12 10:10 - 002300478 _____ C:\Windows\system32\perfh00A.dat
      2017-11-14 13:16 - 2011-04-12 10:10 - 000669630 _____ C:\Windows\system32\perfc00A.dat
      2017-11-14 13:16 - 2009-07-14 06:13 - 000006500 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-14 13:12 - 2017-02-12 22:16 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-11-14 13:11 - 2017-08-08 10:54 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
      2017-11-14 13:11 - 2017-02-12 22:16 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-11-14 13:11 - 2017-02-12 22:16 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-14 13:11 - 2017-02-12 22:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-11-14 13:11 - 2017-02-12 22:15 - 000000000 ____D C:\Windows\system32\Macromed
      2017-11-14 13:10 - 2017-04-28 13:30 - 000000000 ___RD C:\Users\Jorge\iCloudDrive
      2017-11-14 13:07 - 2017-01-18 12:58 - 000000986 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
      2017-11-14 13:07 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-13 21:50 - 2017-08-11 09:49 - 000047923 _____ C:\bdlog.txt
      2017-11-13 21:47 - 2017-02-12 20:23 - 000000000 ____D C:\Users\Jorge\AppData\Roaming\Skype
      2017-11-13 21:46 - 2017-02-12 20:23 - 000000000 ____D C:\ProgramData\Skype
      2017-11-11 08:12 - 2017-01-18 13:02 - 000000000 ___RD C:\Users\Jorge\Dropbox
      2017-11-11 08:00 - 2017-08-08 16:35 - 000011098 _____ C:\Windows\system32\PHOOKSmf.txt
      2017-11-10 12:16 - 2017-01-17 06:59 - 000000000 ____D C:\Users\Jorge
      2017-11-10 11:11 - 2017-01-17 09:37 - 000000000 ____D C:\Users\Jorge\AppData\Local\ElevatedDiagnostics
      2017-11-09 07:56 - 2017-08-08 16:34 - 000000000 ____D C:\Windows\system32\DBBK
      2017-11-08 12:56 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
      2017-11-08 12:50 - 2017-08-08 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegSeeker
      2017-11-08 09:13 - 2017-04-28 13:30 - 000000000 ____D C:\Users\Jorge\AppData\Local\3B72D761-4F21-4A54-B0E6-86DCC2F88D08.aplzod
      2017-11-07 10:02 - 2017-10-10 03:10 - 000000000 ____D C:\Users\Jorge\AppData\Local\JxBrowser
      2017-11-07 03:24 - 2017-09-09 12:15 - 000000000 ____D C:\SynergySportsTech
      2017-11-06 10:49 - 2017-04-28 13:23 - 000003422 _____ C:\Windows\System32\Tasks\Apple Diagnostics
      2017-11-04 20:54 - 2017-08-27 10:17 - 000002002 _____ C:\Users\Public\Desktop\Google Slides.lnk
      2017-11-04 20:54 - 2017-08-27 10:17 - 000002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
      2017-11-04 20:54 - 2017-08-27 10:17 - 000001990 _____ C:\Users\Public\Desktop\Google Docs.lnk
      2017-11-04 20:54 - 2017-08-27 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
      2017-11-02 21:45 - 2017-01-18 12:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
      2017-10-31 10:53 - 2017-02-03 00:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-10-31 10:53 - 2017-02-03 00:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-10-31 10:16 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
      2017-10-29 19:38 - 2017-02-03 00:59 - 000000000 ____D C:\Users\Jorge\AppData\LocalLow\Mozilla
      2017-10-25 13:56 - 2017-10-05 18:46 - 000000000 ____D C:\Program Files\PDFCreator
      2017-10-15 14:48 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache

      ==================== Files in the root of some directories =======

      2017-01-18 07:32 - 2017-01-18 07:32 - 000000001 _____ () C:\Users\Jorge\AppData\Local\llftool.4.30.agreement
      2017-09-20 19:42 - 2017-09-20 19:42 - 000007605 _____ () C:\Users\Jorge\AppData\Local\Resmon.ResmonCfg
      2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Jorge\AppData\Local\setup.txt
      2017-03-21 01:34 - 2017-10-03 04:38 - 000056320 _____ () C:\Users\Jorge\AppData\Local\WebpageIcons.db
      2017-07-09 17:36 - 2017-07-09 17:36 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{5635FC67-C3E2-4E86-B06D-966BD1BC546A}
      2017-07-09 17:38 - 2017-07-09 17:38 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{86102032-ECA6-4B15-ACC0-0982815320ED}
      2017-07-12 04:37 - 2017-07-12 04:37 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{A21D6219-DEF9-4182-82F0-2E2A8456556D}
      2017-08-08 10:52 - 2017-08-08 10:52 - 000048524 _____ () C:\ProgramData\agent.1502185975.bdinstall.bin
      2017-08-11 09:34 - 2017-08-11 09:34 - 000030998 _____ () C:\ProgramData\agent.update.1502440465.bdinstall.bin
      2017-08-11 09:38 - 2017-08-11 09:39 - 000073614 _____ () C:\ProgramData\cl.1502440716.9052.bin
      2017-08-11 09:39 - 2017-08-11 09:44 - 000015167 _____ () C:\ProgramData\cl.1502440766.1808.bin
      2017-08-11 09:40 - 2017-08-11 09:40 - 000014783 _____ () C:\ProgramData\cl.1502440766.3236.bin
      2017-08-11 09:42 - 2017-08-11 09:42 - 000002341 _____ () C:\ProgramData\cl.1502440766.3636.bin
      2017-08-11 09:40 - 2017-08-11 09:44 - 000294697 _____ () C:\ProgramData\cl.1502440766.4024.bin
      2017-08-11 09:39 - 2017-08-11 09:44 - 000101012 _____ () C:\ProgramData\cl.1502440766.4296.bin
      2017-08-11 09:40 - 2017-08-11 09:40 - 000001090 _____ () C:\ProgramData\cl.1502440766.6236.bin
      2017-08-11 09:39 - 2017-08-11 09:44 - 000013076 _____ () C:\ProgramData\cl.1502440766.6748.bin
      2017-08-11 09:40 - 2017-08-11 09:42 - 000016931 _____ () C:\ProgramData\cl.1502440766.8120.bin
      2017-08-11 09:54 - 2017-08-11 09:54 - 000087476 _____ () C:\ProgramData\cl.1502441594.bdinstall.bin
      2017-07-01 04:36 - 2017-06-08 03:42 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
      2017-08-11 09:54 - 2017-08-11 09:54 - 000056830 _____ () C:\ProgramData\dm.1502441654.bdinstall.bin
      2017-11-07 02:04 - 2017-11-07 02:04 - 000043776 _____ () C:\ProgramData\dm.update.1510016666.bdinstall.bin
      2017-07-01 01:48 - 2017-07-01 01:48 - 000000231 _____ () C:\ProgramData\fontcacheev1.dat

      Files to move or delete:
      ====================
      C:\ProgramData\cmdres.dll
      C:\ProgramData\fontcacheev1.dat


      Some files in TEMP:
      ====================
      2017-11-13 20:55 - 2017-11-13 20:55 - 058804680 _____ (Skype Technologies S.A.) C:\Users\Jorge\AppData\Local\Temp\SkypeSetup.exe

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-11 09:02

      ==================== End of FRST.txt ============================

    5. #5
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Re: Chequear ausencia Virut

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
      Ran by Jorge (14-11-2017 16:18:36)
      Running from C:\Users\Jorge\Desktop
      Windows 7 Professional Service Pack 1 (X64) (2017-01-17 05:59:05)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-2499668031-2600949832-3842433268-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-2499668031-2600949832-3842433268-1002 - Limited - Enabled)
      Invitado (S-1-5-21-2499668031-2600949832-3842433268-501 - Limited - Disabled)
      Jorge (S-1-5-21-2499668031-2600949832-3842433268-1000 - Administrator - Enabled) => C:\Users\Jorge

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
      AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
      AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: Bitdefender Cortafuego (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      . . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
      . . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
      µTorrent (HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
      Apple Application Support (32 bits) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
      Apple Application Support (64 bits) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
      Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
      Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.)
      Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
      Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
      Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
      Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
      CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
      Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
      Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
      Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
      EPSON XP-432 435 Series Printer Uninstall (HKLM\...\EPSON XP-432 435 Series) (Version: - Seiko Epson Corporation)
      Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Photos Backup (HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.781 - IBM Corp)
      iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
      Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
      Intel(R) Network Connections 14.6.9.0 (HKLM\...\PROSetDX) (Version: 14.6.9.0 - Intel)
      Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
      iTunes (HKLM\...\{89774EC3-A09C-48CA-958B-5C4F0A5E5948}) (Version: 12.7.1.14 - Apple Inc.)
      Malwarebytes Anti-Exploit version 1.10.1.41 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.1.41 - Malwarebytes)
      Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
      Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
      Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
      Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
      Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
      Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
      Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
      Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Mozilla Firefox 56.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 56.0.2 (x64 es-ES)) (Version: 56.0.2 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
      Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
      OpenOffice 4.1.3 (HKLM-x32\...\{EF451311-C2EC-4245-911F-4847C2294A82}) (Version: 4.13.9783 - Apache Software Foundation)
      Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
      PDF Architect 5 (HKLM-x32\...\PDF Architect 5) (Version: 5.0.22.32360 - pdfforge GmbH)
      PDF Architect 5 Create Module (HKLM\...\{0E25DE98-E56E-4259-B554-F1360BB2DC22}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
      PDF Architect 5 Edit Module (HKLM\...\{EE01D8D7-2DD0-4C43-BF42-D9C8FC8DAE99}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
      PDF Architect 5 View Module (HKLM\...\{4DC94B75-B036-474D-8AC8-E2D055C95FBD}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
      PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.0.1 - pdfforge GmbH)
      Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.7 - Nombre de su organización)
      Python 2.7.13 (64-bit) (HKLM\...\{4A656C6C-D24A-473F-9747-3A8D00907A04}) (Version: 2.7.13150 - Python Software Foundation)
      Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version: 1.8.0-r${SVN_REVISION}-2 - QGIS Development Team)
      Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
      RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
      ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
      Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
      Songr (HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\Songr) (Version: 2.1 - Xamasoft)
      Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
      Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - )
      WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{0037AC54-E32B-4ACA-9864-09F869AA82FE}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{12594540-9B58-4FE9-A7EA-8A10F641B049}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Jorge\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{1F1F4E1A-2252-4063-84BB-EEE75F8856D5}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{247161C5-995C-4097-9FF4-655DC6D12DB5}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{447AC255-CE81-43AD-9827-AFDDB1561B07}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{70F598E9-F4AB-495A-99E2-A7C4D3D89ABF}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{7E320092-596A-41B2-BBEB-175D10504EB6}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{89798CA1-701C-4633-B553-AC73E3424520}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{91A52FB4-15AF-43A7-90C9-3A72DF68A01A}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{91A52FB8-15AF-43A7-90C9-3A72DF68A01A}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{94E15FA1-68AF-4281-A67C-7D5A086169F2}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{A9B377B6-7D6F-4F37-B208-2AF6DC85E608}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{AF02484C-A0A9-4669-9051-058AB12B9195}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{B9330878-C1DB-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{B9710503-D5B1-11D2-8B6F-00C04F797443}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{C7657C4A-9F68-40FA-A4DF-96BC08EB3551}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{D23B90D0-144F-46BD-841D-59E4EB19DC59}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{D5DC4B7F-786B-42B7-B83B-FE1B5FC15E2C}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jorge\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{EE3C1BE8-E049-43DC-BB3D-32CA777EA3C1}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{F7FFE0A0-A4F5-44B5-949E-15ED2BC66F9D}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{FCC970B8-86D5-4A30-AC33-B76679BDF970}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{FF48DE4B-8769-48F6-A008-976E8395D1F0}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000_Classes\CLSID\{FF8F1D65-AD2B-47F1-9E71-66B7D35E3852}\InprocServer32 -> no filepath
      ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
      ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
      ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
      ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
      ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-10-02] (Bitdefender)
      ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
      ContextMenuHandlers1: [PDFArchitect5_ManagerExt] -> {00B7B69F-6774-4906-9C7F-7D117A3644A9} => C:\Program Files\PDF Architect 5\creator-context-menu.dll [2017-07-05] (pdfforge GmbH)
      ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
      ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
      ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-10-02] (Bitdefender)
      ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
      ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
      ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-10-02] (Bitdefender)
      ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
      ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-10-02] (Bitdefender)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {19FD516A-AF0F-4D76-888D-B8D6BC0F877D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)
      Task: {3CA491BC-B0FD-4CE1-AF38-E16EAA101867} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
      Task: {59297297-A5EB-45D7-A62D-54E50EAC119A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)
      Task: {5CA7F2B0-E5F3-492A-9D1F-607D9CC3EB2B} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
      Task: {7042681C-E1FA-47CD-A3D1-EEE4C5B59B3C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-18] (Dropbox, Inc.)
      Task: {7C4323C3-E133-467D-9F37-BBCC1124DFA8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-18] (Dropbox, Inc.)
      Task: {93A4D688-B29C-46BF-AEB9-8D186C3378BC} - System32\Tasks\Google IntelliTools vv1000F => C:\Windows\system32\rundll32.exe "C:\Program Files\Google IntelliTools vv1000F\Google IntelliTools vv1000F.dll",JhemusWY <==== ATTENTION
      Task: {9DA95F64-0E4D-4612-8661-D8BD86ACDB10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
      Task: {A51E51D0-0F3C-44FA-8308-DA8FEBCDD4F3} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
      Task: {A6D54268-56F4-44EC-9DA7-2A88A9FACB9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2499668031-2600949832-3842433268-1000UA => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-27] (Google Inc.)
      Task: {AEC63BB2-EB8E-4428-88D1-D0E2A471D836} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
      Task: {C7146F0C-FA84-4BD0-83C6-6379E6D08942} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {EFD5382A-1236-4A72-AD59-7DFD1540F8E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2499668031-2600949832-3842433268-1000Core => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-27] (Google Inc.)
      Task: {F1873A98-EE11-47F8-B95A-A9C8474C8E79} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
      Task: {F51E4897-2A84-42FD-96D3-1A8B22E30406} - System32\Tasks\{8957E10F-4AD2-4069-91EE-6EB4D91FFE57} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/es/go/help.faq.installer?LastError=1603
      Task: {F7254528-5094-4278-9748-DDEC67873FE9} - System32\Tasks\EPSON XP-432 435 Series Update {90E06A08-1391-4467-A9C7-8BF199923A21} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPDE.EXE [2015-03-25] (SEIKO EPSON CORPORATION)
      Task: {F853EE05-58F9-42A7-9B56-2FDA3C51F928} - System32\Tasks\{DEEDE757-CD39-418D-B97B-E8F4D5D195C7} => C:\Windows\system32\pcalua.exe -a C:\Users\Jorge\Desktop\office\OFICCE_2007\setup.exe -d C:\Users\Jorge\Desktop\office\OFICCE_2007
      Task: {F9DD8873-5215-4CCF-B9EF-4A32FF18ED81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      Task: C:\Windows\Tasks\EPSON XP-432 435 Series Update {90E06A08-1391-4467-A9C7-8BF199923A21}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPDE.EXE:/EXE:{90E06A08-1391-4467-A9C7-8BF199923A21} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ShortcutWithArgument: C:\Users\Jorge\Desktop\Synergy Logger Dashboard.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1139570395.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\Desktop\SynergyHyperPlayer.Windows ....lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1387451826.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synergy Logger Dashboard.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1139570395.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SynergyHyperPlayer.Windows ....lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1387451826.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Keep_ notas y listas.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
      ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk -> C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide "C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"

      ==================== Loaded Modules (Whitelisted) ==============

      2017-08-11 09:42 - 2013-09-03 13:29 - 000111832 _____ () C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\bdmetrics.dll
      2017-08-11 09:42 - 2017-02-07 11:34 - 001008448 _____ () C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\otengines_001_001\ashttpbr.mdl
      2017-08-11 09:42 - 2017-02-07 11:34 - 000541952 _____ () C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\otengines_001_001\ashttpdsp.mdl
      2017-08-11 09:42 - 2017-02-07 11:34 - 003243920 _____ () C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\otengines_001_001\ashttpph.mdl
      2017-08-11 09:42 - 2017-02-07 11:34 - 001544568 _____ () C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER SECURITY\otengines_001_001\ashttprbl.mdl
      2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2017-03-16 15:08 - 2017-03-16 15:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2017-01-17 02:30 - 2017-01-17 02:30 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
      2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
      2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
      2017-11-01 05:49 - 2017-11-01 05:49 - 040417680 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      2017-08-12 07:57 - 2017-06-27 10:15 - 066355808 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
      2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
      2017-03-16 15:09 - 2017-03-16 15:09 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
      2017-10-18 23:51 - 2017-10-18 23:51 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
      2017-11-02 21:42 - 2017-11-01 12:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
      2017-11-02 21:42 - 2017-11-01 12:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
      2017-11-02 21:43 - 2017-11-01 12:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
      2017-11-02 21:41 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
      2017-11-02 21:41 - 2017-11-01 13:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
      2017-11-02 21:41 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
      2017-11-02 21:42 - 2017-11-01 12:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
      2017-11-02 21:42 - 2017-11-01 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
      2017-11-02 21:43 - 2017-11-01 12:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
      2017-11-02 21:42 - 2017-11-01 12:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
      2017-11-02 21:42 - 2017-11-01 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
      2017-11-02 21:43 - 2017-11-01 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
      2017-11-02 21:41 - 2017-11-01 13:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
      2017-11-02 21:41 - 2017-11-01 13:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
      2017-11-02 21:43 - 2017-11-01 12:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
      2017-11-02 21:43 - 2017-11-01 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
      2017-11-02 21:42 - 2017-11-01 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
      2017-11-02 21:42 - 2017-11-01 13:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
      2017-11-02 21:43 - 2017-11-01 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
      2017-11-02 21:42 - 2017-11-01 13:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
      2017-11-02 21:43 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
      2017-11-02 21:42 - 2017-11-01 13:01 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
      2017-11-14 13:09 - 2017-11-14 13:09 - 000088064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_ctypes.pyd
      2017-11-14 13:09 - 2017-11-14 13:09 - 000918528 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_hashlib.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000098816 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32api.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000110080 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\pywintypes27.dll
      2017-11-14 13:10 - 2017-11-14 13:10 - 000364544 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\pythoncom27.dll
      2017-11-14 13:10 - 2017-11-14 13:10 - 000686080 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\unicodedata.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000320512 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32com.shell.shell.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 001177088 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\wx._core_.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000806912 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\wx._gdi_.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000816640 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\wx._windows_.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 001067520 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\wx._controls_.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000733696 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\wx._misc_.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000736256 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\pysqlite2._sqlite.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000119808 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32file.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000108544 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32security.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000007168 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\hashobjs_ext.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000017920 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\thumbnails_ext.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000082432 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\usb_ext.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000013824 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\common.time34.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000018432 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32event.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000027648 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\windows.conditional.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000017408 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\windows.winwrap.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000089088 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\windows.volumes.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000167936 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32gui.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000046080 _____ ()

    6. #6
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Re: Chequear ausencia Virut

      C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_socket.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 001309696 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_ssl.pyd
      2017-11-14 13:09 - 2017-11-14 13:09 - 000129536 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_elementtree.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000127488 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\pyexpat.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000038912 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32inet.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000077824 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\wx._html2.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000036864 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_psutil_windows.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000524248 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\windows._lib_cacheinvalidation.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000011264 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32crypt.pyd
      2017-11-14 13:09 - 2017-11-14 13:09 - 000218624 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\PIL._imaging.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000027648 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_multiprocessing.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000020480 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\_yappi.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000035840 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32process.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000024064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32pipe.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000010240 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\select.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000025600 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32pdh.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000059392 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\windows.device_monitor.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000017408 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32profile.pyd
      2017-11-14 13:10 - 2017-11-14 13:10 - 000022528 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242\win32ts.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000088064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_ctypes.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000918528 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_hashlib.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000098816 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32api.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000110080 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\pywintypes27.dll
      2017-11-14 13:13 - 2017-11-14 13:13 - 000364544 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\pythoncom27.dll
      2017-11-14 13:13 - 2017-11-14 13:13 - 000686080 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\unicodedata.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000320512 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32com.shell.shell.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 001177088 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\wx._core_.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000806912 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\wx._gdi_.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000816640 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\wx._windows_.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 001067520 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\wx._controls_.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000733696 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\wx._misc_.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000736256 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\pysqlite2._sqlite.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000119808 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32file.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000108544 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32security.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000007168 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\hashobjs_ext.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000017920 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\thumbnails_ext.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000082432 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\usb_ext.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000013824 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\common.time34.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000018432 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32event.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000027648 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\windows.conditional.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000017408 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\windows.winwrap.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000089088 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\windows.volumes.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000167936 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32gui.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000046080 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_socket.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 001309696 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_ssl.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000129536 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_elementtree.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000127488 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\pyexpat.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000038912 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32inet.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000077824 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\wx._html2.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000036864 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_psutil_windows.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000524248 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\windows._lib_cacheinvalidation.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000011264 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32crypt.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000218624 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\PIL._imaging.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000027648 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_multiprocessing.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000020480 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\_yappi.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000035840 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32process.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000024064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32pipe.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000010240 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\select.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000025600 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32pdh.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000059392 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\windows.device_monitor.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000017408 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32profile.pyd
      2017-11-14 13:13 - 2017-11-14 13:13 - 000022528 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482\win32ts.pyd

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Users\Jorge\Documents\bookmarks_18_4_16.html:com.dropbox.attributes [160]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73159746.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73159746.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...\localhost -> hxxps://localhost

      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-14 03:34 - 2017-11-14 16:07 - 000000838 _____ C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 localhost

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 212.231.6.7 - 8.8.8.8
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [{E70C0327-E113-47EC-8F5B-0190D4A051E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{06A33357-5628-4EAD-A9E1-6C2CC8F9CC77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{332F9412-7739-4682-88C1-1C7CE1499943}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [TCP Query User{E5165507-6E11-4790-97EB-EF256E5E74B4}C:\program files (x86)\jes-soft\basketball playbook 012\playbook.exe] => (Allow) C:\program files (x86)\jes-soft\basketball playbook 012\playbook.exe
      FirewallRules: [UDP Query User{0CC41680-0B0B-43C3-B737-257C9AB62C97}C:\program files (x86)\jes-soft\basketball playbook 012\playbook.exe] => (Allow) C:\program files (x86)\jes-soft\basketball playbook 012\playbook.exe
      FirewallRules: [{00E0CB3A-C877-46BB-A1DC-53D5F4C10F75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{D69DE176-8BD7-4670-95F4-B3E5D8418BEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{BFEFB43D-D3E0-47CF-9A5B-E42852B8BD6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{108A975E-C347-43B5-A678-F5AF0A37BA49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{077625F1-F31F-4AEF-91D6-818A23A39403}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{2B0EF18D-8B70-4546-8F61-F76333ADACE7}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{9680C799-B43C-48EF-8D7A-B7E6BB900426}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{7614DF9B-154D-45D4-9FEF-FBAEF202D5DE}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{14C25203-9131-4991-92C2-776DA7CE02B0}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{CD1DC9AA-C909-4DB4-AAB2-B998AADE11A5}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{C3E8B8C2-D806-46AC-922B-4638C318F25A}] => (Allow) C:\Windows\system32\rundll32.exe
      FirewallRules: [{F51AE610-67C9-4141-8173-8963936A498F}] => (Allow) C:\Windows\System32\rundll32.exe
      FirewallRules: [{82F6BD39-B8B2-41BA-A109-3630D90B11A6}] => (Allow) C:\Windows\System32\rundll32.exe
      FirewallRules: [{2C8D5624-BCBA-46DB-BB3D-61456EEAFEF3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      FirewallRules: [{1563A0B5-A996-45D7-8207-042008714B11}] => (Allow) C:\Program Files\iTunes\iTunes.exe
      FirewallRules: [{7293383B-A981-44AD-BA8B-B99973839C0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================


      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/14/2017 04:16:45 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: native_proxy.exe, versión: 1.34.0.3271, marca de tiempo: 0x594abc41
      Nombre del módulo con errores: native_proxy.exe, versión: 1.34.0.3271, marca de tiempo: 0x594abc41
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00000000000243b6
      Id. del proceso con errores: 0x304
      Hora de inicio de la aplicación con errores: 0x01d35d41f6a7ac83
      Ruta de acceso de la aplicación con errores: C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
      Ruta de acceso del módulo con errores: C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
      Id. del informe: d31aaa8c-c94e-11e7-88e5-1078d270ebdb

      Error: (11/14/2017 01:16:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (11/14/2017 01:16:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/14/2017 01:16:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/14/2017 0150 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/13/2017 07:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 2168

      Error: (11/13/2017 07:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 2168

      Error: (11/13/2017 07:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (11/13/2017 07:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

      Error: (11/13/2017 07:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 1045


      System errors:
      =============
      Error: (11/14/2017 03:40:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
      Description: El servicio Servicio de notificación de SSP se cerró con el siguiente error:
      Acceso denegado.

      Error: (11/14/2017 02:40:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
      Description: El servicio Servicio de notificación de SSP se cerró con el siguiente error:
      Acceso denegado.

      Error: (11/14/2017 01:40:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
      Description: El servicio Servicio de notificación de SSP se cerró con el siguiente error:
      Acceso denegado.

      Error: (11/14/2017 01:30:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
      Description: El servicio Energy Server Service queencreek se cerró con el siguiente error:
      %%502

      Error: (11/14/2017 01:15:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
      Description: El servicio Servicio de notificación de SSP se cerró con el siguiente error:
      Acceso denegado.

      Error: (11/14/2017 01:13:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Servicio de Google Update (gupdate) no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/14/2017 01:13:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (120000 ms) para la conexión con el servicio Servicio de Google Update (gupdate).

      Error: (11/14/2017 0150 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
      VBoxNetAdp

      Error: (11/14/2017 01:09:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/14/2017 01:09:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (120000 ms) para la conexión con el servicio Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK.


      CodeIntegrity:
      ===================================
      Date: 2017-08-08 10:33:45.236
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-08-08 10:33:45.174
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-07-01 04:42:30.683
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\Windows\System32\api-ms-win-core-synch-l1-2-0.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-07-01 04:42:30.524
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\Windows\System32\api-ms-win-core-synch-l1-2-0.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-07-01 04:14:16.464
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\Windows\System32\api-ms-win-core-synch-l1-2-0.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-07-01 04:14:16.364
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\Windows\System32\api-ms-win-core-synch-l1-2-0.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-07-01 03:58:55.470
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\Windows\System32\api-ms-win-core-synch-l1-2-0.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2017-07-01 03:58:55.392
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume4\Windows\System32\api-ms-win-core-synch-l1-2-0.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
      Percentage of memory in use: 44%
      Total physical RAM: 3958.36 MB
      Available physical RAM: 2204.91 MB
      Total Virtual: 7914.91 MB
      Available Virtual: 4985.24 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:251.77 GB) (Free:160.45 GB) NTFS
      Drive d: (personal) (Fixed) (Total:41.88 GB) (Free:41.69 GB) NTFS
      Drive e: (DATOS TESIS) (Fixed) (Total:423.79 GB) (Free:129.91 GB) NTFS
      Drive g: (multimedia) (Fixed) (Total:213.98 GB) (Free:213.53 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 7757ADEB)
      Partition 1: (Active) - (Size=251.8 GB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=214 GB) - (Type=05)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9416C0D9)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=41.9 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=423.8 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    7. #7
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Chequear ausencia Virut

      Realiza lo siguiente por favor:

      En el equipo con los demas programas cerrados:
      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)
      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...0c966feabec1\InprocServer32: [Default-shell32] <==== ATTENTION
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      2017-11-11 08:02 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\istmskyj.sys
      2017-11-11 07:55 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\cikzpvxz.sys
      2017-11-11 07:41 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\btubdury.sys
      2017-11-10 11:50 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\znnzncic.sys
      2017-11-09 07:43 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\pvtyrgfh.sys
      2017-11-08 22:18 - 2015-10-27 12:03 - 000044792 _____ C:\Windows\system32\Drivers\PRSBDRVR.SYS
      2017-11-08 22:18 - 2015-10-23 09:16 - 000214264 _____ C:\Windows\system32\Drivers\DasBootS.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000059152 _____ C:\Windows\system32\Drivers\DasBootF.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000035088 _____ C:\Windows\system32\Drivers\DasBootK.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000026384 _____ C:\Windows\system32\Drivers\DasBoot.SYS
      2017-07-09 17:36 - 2017-07-09 17:36 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{5635FC67-C3E2-4E86-B06D-966BD1BC546A}
      2017-07-09 17:38 - 2017-07-09 17:38 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{86102032-ECA6-4B15-ACC0-0982815320ED}
      2017-07-12 04:37 - 2017-07-12 04:37 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{A21D6219-DEF9-4182-82F0-2E2A8456556D}
      C:\ProgramData\cmdres.dll
      C:\ProgramData\fontcacheev1.dat
      2017-11-13 20:55 - 2017-11-13 20:55 - 058804680 _____ (Skype Technologies S.A.) C:\Users\Jorge\AppData\Local\Temp\SkypeSetup.exe
      Task: {93A4D688-B29C-46BF-AEB9-8D186C3378BC} - System32\Tasks\Google IntelliTools vv1000F => C:\Windows\system32\rundll32.exe "C:\Program Files\Google IntelliTools vv1000F\Google IntelliTools vv1000F.dll",JhemusWY <==== ATTENTION
      C:\Program Files\Google IntelliTools vv1000F
      Task: {F51E4897-2A84-42FD-96D3-1A8B22E30406} - System32\Tasks\{8957E10F-4AD2-4069-91EE-6EB4D91FFE57} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/es/go/help.faq.installer?LastError=1603
      ShortcutWithArgument: C:\Users\Jorge\Desktop\Synergy Logger Dashboard.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1139570395.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\Desktop\SynergyHyperPlayer.Windows ....lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1387451826.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synergy Logger Dashboard.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1139570395.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SynergyHyperPlayer.Windows ....lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1387451826.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Keep_ notas y listas.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
      ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk -> C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide "C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"
      2017-11-14 13:09 - 2017-11-14 13:09 - 000088064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242
      2017-11-14 13:13 - 2017-11-14 13:13 - 000088064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482
      AlternateDataStreams: C:\Users\Jorge\Documents\bookmarks_18_4_16.html:com.dropbox.attributes [160]
      
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

      Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
      Ejecutas Frst.exe.

      Presionas el botón Fix y aguardas a que termine.
      La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo
      Lo pegas en tu próxima respuesta junto a estos otros:


      1. Descarga en tú escritorio el TDSSKiller

      Paso 1º Ejecute TDSSkiller,acepte las condiciones y licencia de Kaspesrky y siga estos pasos:

      1. Haga clic sobre "Change parameters" y marque las opciones:
      2. Verify Driver Digital Signature;
      3. Detect TDLFS file system
      4. Use KSN to scan objects
      5. Haga clic en OK, y luego presione el botón Start Scan.
      6. Si se detecta un archivo infectado, la acción por defecto será Cure, haga clic en Continue.
      7. Si se detecta un archivo sospechoso, la acción por defecto será Skip, haga clic en Continue.
      8. Se le puede pedir que reinicie el equipo para completar el proceso. Hacer clic en "Reboot Computer".
      9. Una vez completado, se generara un log en la raíz del disco duro (Por lo general es el disco C:) como:
        C:\TDSSKiller.x.xx.x_xx.xx.xxxx_xx.xx.xx_log.txt donde "x.xx.x_xx.xx.xxxx_xx.xx.xx" son versión, fecha y hora.
      10. Copie y pegue el final del reporte donde indica los archivos infectados/curados.. en su siguiente respuesta en este mismo tema para continuar.

      Descarga >> https://www.infospyware.com/antispyware/adwcleaner y colócalo en el escritorio:


      - Ejecútalo con todos los programas cerrados y con el antivirus deshabilitado >>Cómo deshabilitar temporalmente su Antivirus.
      - Si usas Windows Vista/ W 7/W 8, ejecútalo como administrador. (Botón derecho >> Ejecutar como Administrador) , aceptas la licencia (j’acepte) ..


      Presionas y das en Escanear y esperas a que el programa haga lo suyo.
      Ejecutamos Limpiar para realizar la limpieza y si nos pide reiniciar el pc lo hacemos.

      - Al terminar se abrirá un reporte en un archivo de texto, cuyo contenido deberás copiar y pegar en tu próxima respuesta.


      El reporte se encuentra también en C:\AdwCleaner- AdwCleaner[CX].txt

      Descarga Hitman Pro >> HitmanPro 3.7.9 | InfoSpyware
      Manual Hitman Pro >> http://www.forospyware.com/t492725.html#post2353812
      -Eliges según tu Windows sea de 32 bits o de 64 bits >> Como determinar si su sistema es de 32 o 64 bits

      • Ejecuta HitmanPRO, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona el botón: "Siguiente".
      • Dejamos marcada la opción recomendada >> Instalar una copia en el equipo<< y desmarcamos las casillas adicionales
      • En "Configuración", desmarcamos análisis de Cookies y “aceptar” Pulsamos Siguiente
      • Una vez finalizado el escaneo HitmanPRO incluye 30 días gratuitos para la eliminación de los posibles malwares detectados.

      - Cuando la búsqueda haya finalizado, se mostrará la ventana Resultados del análisis.
      -Recuerde OMITIR los marcados como Sospechosos
      - Pulsamos en Siguiente, para que Hitman realice lo necesario con las amenazas encontradas

      El informe también lo puede encontrar en Configuración>> Historial >> Registros
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Re: Chequear ausencia Virut

      TDSSKILLER 0 amenazas
      ============================================================
      20:05:28.0764 0x26ac Scan finished
      20:05:28.0764 0x26ac ============================================================
      20:05:28.0779 0x2680 Detected object count: 0
      20:05:28.0779 0x2680 Actual detected object count: 0
      20:05:36.0643 0x0d5c Deinitialize success

      Si quieres lo pego entero pero entiendo que solo te interesa si hubiera encontrado algo.


      ADW

      # AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 14 19:11:05 2017
      # Updated on 2017/27/10 by Malwarebytes
      # Running on Windows 7 Professional (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      No malicious folders deleted.

      ***** [ Files ] *****

      No malicious files deleted.

      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      No malicious tasks deleted.

      ***** [ Registry ] *****

      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dmmzebk6min1t.cloudfront.net


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[C0].txt - [1255 B] - [2017/11/10 10:48:58]
      C:/AdwCleaner/AdwCleaner[S0].txt - [1137 B] - [2017/11/10 10:46:15]
      C:/AdwCleaner/AdwCleaner[S1].txt - [1264 B] - [2017/11/14 1913]
      ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

      y Hitmann Igual...solo detecto sospechoso FRST64 pero ninguna amenaza.

      Puedo entender pues que tengo limpio el PC?

    9. #9
      Warrior Avatar de @Miguelgrado
      Registrado
      dic 2005
      Ubicación
      Asturias-España
      Mensajes
      18.147

      Re: Chequear ausencia Virut

      Pega el Fixlog.txt del Frst, si hiciste lo indicado
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de adiskide
      Registrado
      abr 2011
      Ubicación
      Zaragoza
      Mensajes
      70

      Re: Chequear ausencia Virut

      Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
      Ran by Jorge (14-11-2017 19:33:34) Run:1
      Running from C:\Users\Jorge\Desktop
      Loaded Profiles: Jorge (Available Profiles: Jorge)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\...0c966feabec1\InprocServer32: [Default-shell32] <==== ATTENTION
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      2017-11-11 08:02 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\istmskyj.sys
      2017-11-11 07:55 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\cikzpvxz.sys
      2017-11-11 07:41 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\btubdury.sys
      2017-11-10 11:50 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\znnzncic.sys
      2017-11-09 07:43 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\pvtyrgfh.sys
      2017-11-08 22:18 - 2015-10-27 12:03 - 000044792 _____ C:\Windows\system32\Drivers\PRSBDRVR.SYS
      2017-11-08 22:18 - 2015-10-23 09:16 - 000214264 _____ C:\Windows\system32\Drivers\DasBootS.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000059152 _____ C:\Windows\system32\Drivers\DasBootF.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000035088 _____ C:\Windows\system32\Drivers\DasBootK.SYS
      2017-11-08 22:18 - 2014-12-11 17:12 - 000026384 _____ C:\Windows\system32\Drivers\DasBoot.SYS
      2017-07-09 17:36 - 2017-07-09 17:36 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{5635FC67-C3E2-4E86-B06D-966BD1BC546A}
      2017-07-09 17:38 - 2017-07-09 17:38 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{86102032-ECA6-4B15-ACC0-0982815320ED}
      2017-07-12 04:37 - 2017-07-12 04:37 - 000000000 _____ () C:\Users\Jorge\AppData\Local\{A21D6219-DEF9-4182-82F0-2E2A8456556D}
      C:\ProgramData\cmdres.dll
      C:\ProgramData\fontcacheev1.dat
      2017-11-13 20:55 - 2017-11-13 20:55 - 058804680 _____ (Skype Technologies S.A.) C:\Users\Jorge\AppData\Local\Temp\SkypeSetup.exe
      Task: {93A4D688-B29C-46BF-AEB9-8D186C3378BC} - System32\Tasks\Google IntelliTools vv1000F => C:\Windows\system32\rundll32.exe "C:\Program Files\Google IntelliTools vv1000F\Google IntelliTools vv1000F.dll",JhemusWY <==== ATTENTION
      C:\Program Files\Google IntelliTools vv1000F
      Task: {F51E4897-2A84-42FD-96D3-1A8B22E30406} - System32\Tasks\{8957E10F-4AD2-4069-91EE-6EB4D91FFE57} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/es/go/help.faq.installer?LastError=1603
      ShortcutWithArgument: C:\Users\Jorge\Desktop\Synergy Logger Dashboard.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1139570395.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\Desktop\SynergyHyperPlayer.Windows ....lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1387451826.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synergy Logger Dashboard.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1139570395.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SynergyHyperPlayer.Windows ....lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1387451826.www.synergysportstech.com
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Keep_ notas y listas.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
      ShortcutWithArgument: C:\Users\Jorge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
      ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk -> C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide "C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"
      2017-11-14 13:09 - 2017-11-14 13:09 - 000088064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI19242
      2017-11-14 13:13 - 2017-11-14 13:13 - 000088064 _____ () C:\Users\Jorge\AppData\Local\Temp\_MEI85482
      AlternateDataStreams: C:\Users\Jorge\Documents\bookmarks_18_4_16.html:com.dropbox.attributes [160]

      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key removed successfully
      HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
      HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
      HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
      HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
      HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl => key removed successfully
      HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
      catchme => service removed successfully
      C:\Windows\system32\Drivers\istmskyj.sys => moved successfully
      C:\Windows\system32\Drivers\cikzpvxz.sys => moved successfully
      C:\Windows\system32\Drivers\btubdury.sys => moved successfully
      C:\Windows\system32\Drivers\znnzncic.sys => moved successfully
      C:\Windows\system32\Drivers\pvtyrgfh.sys => moved successfully
      C:\Windows\system32\Drivers\PRSBDRVR.SYS => moved successfully
      C:\Windows\system32\Drivers\DasBootS.SYS => moved successfully
      C:\Windows\system32\Drivers\DasBootF.SYS => moved successfully
      C:\Windows\system32\Drivers\DasBootK.SYS => moved successfully
      C:\Windows\system32\Drivers\DasBoot.SYS => moved successfully
      C:\Users\Jorge\AppData\Local\{5635FC67-C3E2-4E86-B06D-966BD1BC546A} => moved successfully
      C:\Users\Jorge\AppData\Local\{86102032-ECA6-4B15-ACC0-0982815320ED} => moved successfully
      C:\Users\Jorge\AppData\Local\{A21D6219-DEF9-4182-82F0-2E2A8456556D} => moved successfully
      C:\ProgramData\cmdres.dll => moved successfully
      C:\ProgramData\fontcacheev1.dat => moved successfully
      C:\Users\Jorge\AppData\Local\Temp\SkypeSetup.exe => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{93A4D688-B29C-46BF-AEB9-8D186C3378BC} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93A4D688-B29C-46BF-AEB9-8D186C3378BC} => key removed successfully
      C:\Windows\System32\Tasks\Google IntelliTools vv1000F => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google IntelliTools vv1000F => key removed successfully
      C:\Program Files\Google IntelliTools vv1000F => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F51E4897-2A84-42FD-96D3-1A8B22E30406} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F51E4897-2A84-42FD-96D3-1A8B22E30406} => key removed successfully
      C:\Windows\System32\Tasks\{8957E10F-4AD2-4069-91EE-6EB4D91FFE57} => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8957E10F-4AD2-4069-91EE-6EB4D91FFE57} => key removed successfully
      C:\Users\Jorge\Desktop\Synergy Logger Dashboard.lnk => Shortcut argument removed successfully.
      C:\Users\Jorge\Desktop\SynergyHyperPlayer.Windows ....lnk => Shortcut argument removed successfully.
      C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synergy Logger Dashboard.lnk => Shortcut argument removed successfully.
      C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SynergyHyperPlayer.Windows ....lnk => Shortcut argument removed successfully.
      C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Keep_ notas y listas.lnk => Shortcut argument removed successfully.
      C:\Users\Jorge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
      C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk => Shortcut argument removed successfully.
      C:\Users\Jorge\AppData\Local\Temp\_MEI19242 => moved successfully
      C:\Users\Jorge\AppData\Local\Temp\_MEI85482 => moved successfully
      C:\Users\Jorge\Documents\bookmarks_18_4_16.html => ":com.dropbox.attributes" ADS removed successfully.
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-2499668031-2600949832-3842433268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . : Home
      V¡nculo: direcci¢n IPv6 local. . . : fe80::1125:324f:cfa9:2f7b%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.128
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.Home:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . : Home

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to cancel {99FE26D4-7837-4B2C-8CBF-6AACCD90D2CD}.
      0 out of 1 jobs canceled.

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21306168 B
      Java, Flash, Steam htmlcache => 806 B
      Windows/system/drivers => 7157362 B
      Edge => 0 B
      Chrome => 712559169 B
      Firefox => 7659773 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 491099 B
      systemprofile32 => 66088 B
      LocalService => 0 B
      NetworkService => 0 B
      Jorge => 431795491 B

      RecycleBin => 0 B
      EmptyTemp: => 1.1 GB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 19:35:53 ====

    Página 1 de 2 12 ÚltimoÚltimo