• Registrarse
  • Iniciar sesión


  • Página 1 de 3 123 ÚltimoÚltimo
    Resultados 1 al 10 de 24

    Infectado con Adware.Elex.ShrtCln

    Saludos. Como dice el título tengo un par de archivos con el Adware.Elex que Malwarebytes me detecta pero es incapaz de eliminar. He estado mirando un poco y ojeando un post de otro forero que ...

    1. #1
      Usuario Avatar de KEnSuKE
      Registrado
      ene 2006
      Ubicación
      España
      Mensajes
      72

      Infectado con Adware.Elex.ShrtCln

      Saludos.

      Como dice el título tengo un par de archivos con el Adware.Elex que Malwarebytes me detecta pero es incapaz de eliminar.
      He estado mirando un poco y ojeando un post de otro forero que solucionó @Daniela, he visto que no se soluciona con una herramienta común, así que os pido ayuda para la desinfección.

      Como siempre gracias de antemano por vuestro inestimable trabajo y os reporto el log de malwarebytes.

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 18/11/17
      Hora del análisis: 8:06
      Archivo de registro: 0bb424b4-cc2f-11e7-a70b-305a3a45b55a.json
      Administrador: SÃ*

      -Información del software-
      Versión: 3.2.2.2018
      Versión de los componentes: 1.0.212
      Versión del paquete de actualización: 1.0.3288
      Licencia: Premium

      -Información del sistema-
      SO: Windows 10 (Build 15063.726)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: JOSI-W1N10\JoSi-Win10

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 439722
      Amenazas detectadas: 2
      Amenazas en cuarentena: 2
      Tiempo transcurrido: 7 min, 38 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      HeurÃ*stica: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 2
      Adware.Elex.ShrtCln, C:\USERS\JOSI-WIN10.DESKTOP-CG8R3CA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Sustituido, [2306], [454748],1.0.3288
      Adware.Elex.ShrtCln, C:\USERS\JOSI-WIN10.DESKTOP-CG8R3CA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Sustituido, [2306], [454748],1.0.3288

      Sector fÃ*sico: 0
      (No hay elementos maliciosos detectados)


      (end)

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infectado con Adware.Elex.ShrtCln

      Hola KEnSuKE

      primero realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C0].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de KEnSuKE
      Registrado
      ene 2006
      Ubicación
      España
      Mensajes
      72

      Re: Infectado con Adware.Elex.ShrtCln

      Muchas gracias por atenderme @Daniela.

      He seguido tus instrucciones al pie de la letra.

      Quería comentarte que después de todo el proceso me ha aparecido un icono de acceso directo a Avast, he intentado desinstalarlo desde "programas y características" pero se abre una ventana aparentemente sin opción a desinstalar.

      Aquí están los reportes:

      Malwarebytes Antimalware:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 19/11/17
      Hora del análisis: 8:28
      Archivo de registro: 2e82e56c-ccfb-11e7-b921-305a3a45b55a.json
      Administrador: SÃ*

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3293
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 10 (Build 15063.726)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: JOSI-W1N10\JoSi-Win10

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 451714
      Amenazas detectadas: 3
      Amenazas en cuarentena: 3
      Tiempo transcurrido: 15 min, 12 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      HeurÃ*stica: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 3
      RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, En cuarentena, [718], [353142],0.0.0
      Adware.Elex.ShrtCln, C:\USERS\JOSI-WIN10.DESKTOP-CG8R3CA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [2306], [454748],1.0.3293
      Adware.Elex.ShrtCln, C:\USERS\JOSI-WIN10.DESKTOP-CG8R3CA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [2306], [454748],1.0.3293

      Sector fÃ*sico: 0
      (No hay elementos maliciosos detectados)


      (end)

      JRT

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 10 Pro x64
      Ran by JoSi-Win10 (Administrator) on 19/11/2017 at 8:54:12,71
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 2

      Successfully deleted: C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\nico mak computing (Folder)
      Successfully deleted: C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\extensions\[email protected] (File)

      Deleted the following from C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\prefs.js
      user_pref(extensions.s3security.security_dns_list, [{\name\:\Yandex.DNS\,\id\:\yandex_dns\,\dns_ip\:[\77.88.8.7\,\77.88.8.3\],\enabled\:true,\result_list\



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 19/11/2017 at 8:56:43,62
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      AdwareCleaner

      # AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 19 08:00:16 2017
      # Updated on 2017/27/10 by Malwarebytes
      # Database: 11-17-2017.1
      # Running on Windows 10 Pro (X64)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************

      C:/AdwCleaner/AdwCleaner[C0].txt - [1247 B] - [2017/10/3 21:14:15]
      C:/AdwCleaner/AdwCleaner[C1].txt - [1371 B] - [2017/10/3 21:22:37]
      C:/AdwCleaner/AdwCleaner[C2].txt - [1539 B] - [2017/10/28 5:49:12]
      C:/AdwCleaner/AdwCleaner[S0].txt - [1099 B] - [2017/10/3 21:13:17]
      C:/AdwCleaner/AdwCleaner[S1].txt - [1210 B] - [2017/10/3 21:22:10]
      C:/AdwCleaner/AdwCleaner[S2].txt - [1216 B] - [2017/10/3 21:42:28]
      C:/AdwCleaner/AdwCleaner[S3].txt - [1284 B] - [2017/10/21 12:35:9]
      C:/AdwCleaner/AdwCleaner[S4].txt - [1352 B] - [2017/10/28 5:47:27]
      C:/AdwCleaner/AdwCleaner[S5].txt - [1488 B] - [2017/11/16 19:12:48]


      ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt ##########

      A la espera de instrucciones.

      Un saludo. ^_^

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infectado con Adware.Elex.ShrtCln

      Hola

      Cita Originalmente publicado por KEnSuKE Ver Mensaje
      Quería comentarte que después de todo el proceso me ha aparecido un icono de acceso directo a Avast, he intentado desinstalarlo desde "programas y características" pero se abre una ventana aparentemente sin opción a desinstalar.
      No tienes instalado Avast como antivirus? Comentalo así aprobechamos a quitar todo lo que vea con Frst.

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de KEnSuKE
      Registrado
      ene 2006
      Ubicación
      España
      Mensajes
      72

      Re: Infectado con Adware.Elex.ShrtCln

      Buenas.
      Sólo utilizo Windows Defender como antivirus, ha sido durante el proceso que me ha aparecido el icono de acceso directo a Avast en el escritorio.

      Te pego los reportes:

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
      Ran by JoSi-Win10 (administrator) on JOSI-W1N10 (19-11-2017 22:24:35)
      Running from C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads
      Loaded Profiles: JoSi-Win10 (Available Profiles: JoSi-Win10)
      Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
      (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
      (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
      (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
      (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
      (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Ericksystem) C:\Ericksystem\USB Rescate\usbrescate.exe
      () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
      HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-19] (AVAST Software)
      HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\Run: [usbrescate] => C:\Ericksystem\USB Rescate\usbrescate.exe [1067520 2016-10-29] (Ericksystem)
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\Run: [uTorrent] => C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2017-08-05] (BitTorrent Inc.)
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: Hosts file not detected in the default directory
      Tcpip\Parameters: [DhcpNameServer] 212.142.144.66
      Tcpip\..\Interfaces\{d2afc5f5-18d6-42a0-89a4-a86c2d06213c}: [DhcpNameServer] 212.142.144.66

      Internet Explorer:
      ==================
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

      Edge:
      ======
      Edge HomeButtonPage: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001 -> hxxp://www.google.es/

      FireFox:
      ========
      FF ProfilePath: C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636 [2017-11-19]
      FF Homepage: Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636 -> hxxps://www.google.es
      FF NetworkProxy: Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636 -> proxy_over_tls", false
      FF Extension: (AutoCopy 2) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2016-11-20] [Lagacy]
      FF Extension: (Ghostery) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-02]
      FF Extension: (HTML5 Video Everywhere) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-09]
      FF Extension: (HTTPS Everywhere) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-02]
      FF Extension: (Al Traductor de Google) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-04-23]
      FF Extension: (signTextJS plus) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-09-03] [Lagacy]
      FF Extension: (YouTube™ Flash® Player) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-08-11]
      FF Extension: (YouTube™ Flash-HTML5) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-08-28]
      FF Extension: (Tile Tabs WE) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-10-24]
      FF Extension: (Tile View) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-08-24] [Lagacy]
      FF Extension: (Google Translator for Firefox) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-19]
      FF Extension: (uBlock Origin) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-09]
      FF Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-19]
      FF Extension: (ColorfulTabs) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2017-11-18]
      FF Extension: (YouTube High Definition) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-10-20]
      FF Extension: (Flash and Video Download) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2017-11-18]
      FF Extension: (YouTube Flash Video Player) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-11-05]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.es/
      CHR StartupUrls: Default -> "hxxps://www.google.es/","hxxp://www.google.es/"
      CHR Profile: C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default [2017-11-19]
      CHR Extension: (Traductor de Google) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-20]
      CHR Extension: (Presentaciones) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
      CHR Extension: (Proxy gratuito para acceder a cualquier sitio | Touch VPN) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-08-26]
      CHR Extension: (YouTube) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
      CHR Extension: (uBlock Origin) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-15]
      CHR Extension: (Traductor) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\djmbpnjogkmohdhchohmodogognbbpbh [2016-03-11]
      CHR Extension: (Traducir Texto Seleccionado) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2016-06-28]
      CHR Extension: (Hojas de cálculo) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (YouTube Flash Video Player) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2017-05-24]
      CHR Extension: (HTTPS Everywhere) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-10-31]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
      CHR Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-19]
      CHR Extension: (Ghostery) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-10-30]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
      CHR Extension: (Gmail) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06]
      CHR Extension: (Chrome Media Router) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-19] (AVAST Software)
      R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
      R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
      R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI) [File not signed]
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
      R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
      R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
      R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-19] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
      S3 BazisPortableCDBus; C:\WINDOWS\System32\drivers\BazisPortableCDBus.sys [283480 2016-03-10] (Sysprogs OU)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
      S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-03-10] (Disc Soft Ltd)
      S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-03-10] (Disc Soft Ltd)
      R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-19] (Malwarebytes)
      S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
      S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-19 22:24 - 2017-11-19 22:25 - 000020203 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\FRST.txt
      2017-11-19 22:17 - 2017-11-19 22:24 - 000000000 ____D C:\FRST
      2017-11-19 22:16 - 2017-11-19 22:16 - 002391552 _____ (Farbar) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\FRST64.exe
      2017-11-19 21:51 - 2017-11-19 21:51 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-11-19 09:10 - 2017-11-19 09:10 - 000200080 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Documents\copia seguridad ccleaner cc_20171119_091002.reg
      2017-11-19 09:10 - 2017-11-19 09:10 - 000004896 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Documents\cc_20171119_091051.reg
      2017-11-19 09:10 - 2017-11-19 09:10 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\AVAST Software
      2017-11-19 09:10 - 2017-11-19 09:10 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\CEF
      2017-11-19 09:09 - 2017-11-19 09:09 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-11-19 09:09 - 2017-11-19 09:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
      2017-11-19 09:09 - 2017-11-19 09:09 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2017-11-19 09:09 - 2017-11-19 09:09 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
      2017-11-19 09:09 - 2017-11-19 09:09 - 000001927 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-11-19 09:09 - 2017-11-19 09:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-11-19 09:09 - 2017-11-19 09:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-11-19 09:09 - 2017-11-19 09:08 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-11-19 09:09 - 2017-11-19 09:08 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-11-19 09:06 - 2017-11-19 11:01 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-11-19 09:06 - 2017-11-19 09:06 - 000000000 ____D C:\Program Files\AVAST Software
      2017-11-19 09:05 - 2017-11-19 09:05 - 010849904 _____ (Piriform Ltd) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\ccsetup537.exe
      2017-11-19 09:03 - 2017-11-19 09:14 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
      2017-11-19 09:03 - 2017-11-19 09:14 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-11-19 09:03 - 2017-11-19 09:03 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
      2017-11-19 09:03 - 2017-11-19 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-11-19 09:03 - 2017-11-19 09:03 - 000000000 ____D C:\Program Files\CCleaner
      2017-11-19 08:57 - 2017-11-19 08:57 - 000001134 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\analisis JRT.txt
      2017-11-19 08:56 - 2017-11-19 08:56 - 000001134 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\JRT.txt
      2017-11-19 08:48 - 2017-11-19 08:48 - 000001851 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\Analisis mbam.txt
      2017-11-19 08:32 - 2017-11-19 08:32 - 010427120 _____ (Piriform Ltd) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\ccsetup536.exe
      2017-11-19 08:32 - 2017-11-19 08:32 - 008261584 _____ (Malwarebytes) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\AdwCleaner.exe
      2017-11-19 08:32 - 2017-11-19 08:32 - 001790024 _____ (Malwarebytes) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\JRT.exe
      2017-11-19 08:26 - 2017-11-19 08:26 - 000001872 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-11-19 08:26 - 2017-11-19 08:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-11-19 08:26 - 2017-11-19 08:26 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-19 08:26 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
      2017-11-19 08:24 - 2017-11-19 08:24 - 078346672 _____ (Malwarebytes ) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\mb3-setup-consumer-3.3.1.2183.exe
      2017-11-18 09:11 - 2017-11-18 09:11 - 000001746 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\Malwarebytes.txt
      2017-11-15 20:37 - 2017-11-15 20:37 - 000040828 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\theater_calculator_v4.1.xlsx
      2017-11-15 19:04 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
      2017-11-15 19:04 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
      2017-11-15 19:04 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
      2017-11-15 19:04 - 2017-11-02 05:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
      2017-11-15 19:04 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
      2017-11-15 19:04 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
      2017-11-15 19:04 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
      2017-11-15 19:04 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
      2017-11-15 19:04 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
      2017-11-15 19:04 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
      2017-11-15 19:04 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
      2017-11-15 19:04 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
      2017-11-15 19:04 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
      2017-11-15 19:04 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
      2017-11-15 19:04 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
      2017-11-15 19:04 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
      2017-11-15 19:04 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
      2017-11-15 19:04 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
      2017-11-15 19:04 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
      2017-11-15 19:04 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
      2017-11-15 19:04 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
      2017-11-15 19:04 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
      2017-11-15 19:04 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
      2017-11-15 19:04 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
      2017-11-15 19:04 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
      2017-11-15 19:04 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
      2017-11-15 19:04 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
      2017-11-15 19:04 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
      2017-11-15 19:03 - 2017-11-02 06:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
      2017-11-15 19:03 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
      2017-11-15 19:03 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
      2017-11-15 19:03 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
      2017-11-15 19:03 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
      2017-11-15 19:03 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
      2017-11-15 19:03 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
      2017-11-15 19:03 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
      2017-11-15 19:03 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
      2017-11-15 19:03 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
      2017-11-15 19:03 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
      2017-11-15 19:03 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
      2017-11-15 19:03 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
      2017-11-15 19:03 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
      2017-11-15 19:03 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
      2017-11-15 19:03 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
      2017-11-15 19:03 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
      2017-11-15 19:03 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
      2017-11-15 19:03 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
      2017-11-15 19:03 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
      2017-11-15 19:03 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
      2017-11-15 19:03 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
      2017-11-15 19:03 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
      2017-11-15 19:03 - 2017-11-02 05:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
      2017-11-15 19:03 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
      2017-11-15 19:03 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
      2017-11-15 19:03 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
      2017-11-15 19:03 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
      2017-11-15 19:03 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
      2017-11-15 19:03 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
      2017-11-15 19:03 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
      2017-11-15 19:03 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
      2017-11-15 19:03 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
      2017-11-15 19:03 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
      2017-11-15 19:03 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
      2017-11-15 19:03 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
      2017-11-15 18:57 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
      2017-11-15 18:57 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
      2017-11-15 18:57 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
      2017-11-15 18:57 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      2017-11-15 18:57 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
      2017-11-15 18:57 - 2017-11-02 05:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2017-11-15 18:57 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
      2017-11-15 18:57 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
      2017-11-15 18:57 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
      2017-11-15 18:57 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
      2017-11-15 18:57 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
      2017-11-15 18:57 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
      2017-11-15 18:57 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
      2017-11-15 18:57 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
      2017-11-15 18:57 - 2017-11-02 05:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
      2017-11-15 18:57 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
      2017-11-15 18:57 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
      2017-11-15 18:57 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
      2017-11-15 18:57 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
      2017-11-15 18:57 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
      2017-11-15 18:57 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
      2017-11-15 18:57 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
      2017-11-15 18:57 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
      2017-11-15 18:57 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
      2017-11-15 18:57 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
      2017-11-15 18:57 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
      2017-11-15 18:57 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2017-11-15 18:57 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
      2017-11-15 18:57 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
      2017-11-15 18:57 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
      2017-11-15 18:57 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
      2017-11-15 18:57 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2017-11-15 18:57 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
      2017-11-15 18:57 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
      2017-11-15 18:57 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
      2017-11-15 18:57 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
      2017-11-15 18:56 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
      2017-11-15 18:56 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
      2017-11-15 18:56 - 2017-11-02 06:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
      2017-11-15 18:56 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
      2017-11-15 18:56 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
      2017-11-15 18:56 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
      2017-11-15 18:56 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
      2017-11-15 18:56 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
      2017-11-15 18:56 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
      2017-11-15 18:56 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
      2017-11-15 18:56 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
      2017-11-15 18:56 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
      2017-11-15 18:56 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
      2017-11-15 18:56 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
      2017-11-15 18:56 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
      2017-11-15 18:56 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
      2017-11-15 18:56 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
      2017-11-15 18:56 - 2017-11-02 05:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2017-11-15 18:56 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
      2017-11-15 18:56 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
      2017-11-15 18:56 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
      2017-11-15 18:56 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2017-11-15 18:56 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
      2017-11-15 18:56 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
      2017-11-15 18:56 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
      2017-11-15 18:56 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
      2017-11-15 18:56 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
      2017-11-15 18:56 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
      2017-11-15 18:56 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2017-11-15 18:55 - 2017-11-02 06:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
      2017-11-15 18:55 - 2017-11-02 06:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
      2017-11-15 18:55 - 2017-11-02 06:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2017-11-15 18:55 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
      2017-11-15 18:55 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
      2017-11-15 18:55 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
      2017-11-15 18:55 - 2017-11-02 06:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
      2017-11-15 18:55 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2017-11-15 18:55 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
      2017-11-15 18:55 - 2017-11-02 06:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
      2017-11-15 18:55 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
      2017-11-15 18:55 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
      2017-11-15 18:55 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
      2017-11-15 18:55 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
      2017-11-15 18:55 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
      2017-11-15 18:55 - 2017-11-02 05:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2017-11-15 18:55 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
      2017-11-15 18:55 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
      2017-11-15 18:55 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
      2017-11-15 18:55 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
      2017-11-15 18:55 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
      2017-11-15 18:55 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
      2017-11-15 18:55 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2017-11-15 18:55 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
      2017-11-15 18:55 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
      2017-11-15 18:55 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
      2017-11-15 18:55 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
      2017-11-15 18:55 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
      2017-11-15 18:55 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
      2017-11-15 18:55 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
      2017-11-15 18:55 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
      2017-11-15 18:55 - 2017-11-02 05:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
      2017-11-15 18:55 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
      2017-11-15 18:55 - 2017-11-02 05:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2017-11-15 18:55 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
      2017-11-15 18:55 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
      2017-11-15 18:55 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
      2017-11-15 18:55 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
      2017-11-15 18:55 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
      2017-11-15 18:55 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
      2017-11-15 18:55 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
      2017-11-15 18:55 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
      2017-11-15 18:55 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
      2017-11-15 18:55 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
      2017-11-15 18:55 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
      2017-11-15 18:55 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
      2017-11-15 18:55 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
      2017-11-15 18:55 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
      2017-11-15 18:55 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
      2017-11-15 18:54 - 2017-11-02 06:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
      2017-11-15 18:54 - 2017-11-02 06:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
      2017-11-15 18:54 - 2017-11-02 06:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
      2017-11-15 18:54 - 2017-11-02 06:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
      2017-11-15 18:54 - 2017-11-02 06:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
      2017-11-15 18:54 - 2017-11-02 06:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
      2017-11-15 18:54 - 2017-11-02 06:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
      2017-11-15 18:54 - 2017-11-02 06:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
      2017-11-15 18:54 - 2017-11-02 06:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
      2017-11-15 18:54 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
      2017-11-15 18:54 - 2017-11-02 06:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
      2017-11-15 18:54 - 2017-11-02 06:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
      2017-11-15 18:54 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
      2017-11-15 18:54 - 2017-11-02 06:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
      2017-11-15 18:54 - 2017-11-02 06:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
      2017-11-15 18:54 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
      2017-11-15 18:54 - 2017-11-02 06:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
      2017-11-15 18:54 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
      2017-11-15 18:54 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
      2017-11-15 18:54 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
      2017-11-15 18:54 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
      2017-11-15 18:54 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
      2017-11-15 18:54 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
      2017-11-15 18:54 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
      2017-11-15 18:54 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2017-11-15 18:54 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2017-11-15 18:54 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
      2017-11-15 18:54 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
      2017-11-15 18:54 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
      2017-11-09 18:06 - 2017-11-09 18:52 - 000000000 ____D C:\Program Files (x86)\MP3Gain
      2017-11-09 18:06 - 2017-11-09 18:06 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
      2017-11-09 18:05 - 2017-11-09 18:05 - 000667344 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\mp3gain-win-1_2_5.exe
      2017-11-09 18:04 - 2017-11-09 18:04 - 012018285 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\qmp3gain-0.9.0-install.exe
      2017-11-04 08:14 - 2017-11-04 08:14 - 000983024 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\Programa RAM 2017.pdf
      2017-11-03 21:22 - 2017-11-03 21:47 - 674946186 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\Rock RadiKal Vasco. La gran martxa de los 80 (Begoña Atutxa 2011) Eskorbuto-Hertzainak-La Polla-RIP-Cicatriz-Kortatu-Barricada-Zarama.avi
      2017-11-03 20:52 - 2017-11-09 19:27 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\Nueva carpeta
      2017-10-28 08:14 - 2017-11-19 08:26 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
      2017-10-28 07:36 - 2017-10-28 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
      2017-10-28 07:35 - 2017-10-28 07:35 - 000481378 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop\Confirmation _ WRU tickets _ Principality Stadium ticket office.pdf
      2017-10-28 07:10 - 2017-10-28 07:10 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-10-28 06:45 - 2017-10-28 06:46 - 008261584 _____ (Malwarebytes) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads\adwcleaner_7.0.4.0.exe

    6. #6
      Usuario Avatar de KEnSuKE
      Registrado
      ene 2006
      Ubicación
      España
      Mensajes
      72

      Re: Infectado con Adware.Elex.ShrtCln

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-19 22:19 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-11-19 22:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
      2017-11-19 22:13 - 2016-05-21 07:42 - 000000000 ____D C:\Temp
      2017-11-19 21:54 - 2017-07-16 00:25 - 002425434 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-11-19 21:54 - 2017-03-20 06:11 - 001126318 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-11-19 21:54 - 2017-03-20 06:11 - 000253014 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-11-19 21:49 - 2017-07-16 00:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-19 21:49 - 2016-03-20 19:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-11-19 11:38 - 2017-07-16 00:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
      2017-11-19 11:38 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
      2017-11-19 11:35 - 2016-04-15 19:05 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\ClassicShell
      2017-11-19 11:32 - 2017-07-16 00:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-11-19 11:30 - 2017-07-11 16:21 - 000000000 ___DC C:\WINDOWS\Panther
      2017-11-19 11:18 - 2017-07-16 00:30 - 000024768 _____ C:\WINDOWS\diagwrn.xml
      2017-11-19 11:18 - 2017-07-16 00:30 - 000024768 _____ C:\WINDOWS\diagerr.xml
      2017-11-19 10:51 - 2017-03-18 12:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
      2017-11-19 10:44 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Registration
      2017-11-19 10:43 - 2017-09-30 16:06 - 000000000 ___HD C:\$WINDOWS.~BT
      2017-11-19 10:43 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
      2017-11-19 09:15 - 2016-11-20 10:07 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\LocalLow\Mozilla
      2017-11-19 09:09 - 2016-11-13 17:45 - 000000000 ____D C:\ProgramData\Foxit Software
      2017-11-19 09:09 - 2016-03-10 19:31 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\DAEMON Tools Lite
      2017-11-19 09:09 - 2016-03-06 17:48 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent
      2017-11-19 09:08 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
      2017-11-19 09:03 - 2017-06-30 19:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-11-19 09:03 - 2016-03-20 19:48 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla
      2017-11-19 09:03 - 2016-03-20 19:47 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-19 09:00 - 2017-10-03 22:11 - 000000000 ____D C:\AdwCleaner
      2017-11-19 08:52 - 2017-07-16 00:24 - 000004230 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{68A350EC-9D72-4F40-A12F-82192D711A85}
      2017-11-16 19:18 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
      2017-11-16 19:01 - 2016-03-06 10:46 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 18:54 - 2017-07-16 00:24 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-16 18:54 - 2017-07-16 00:24 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-15 22:43 - 2016-03-05 13:31 - 000000000 __RHD C:\Users\Public\AccountPictures
      2017-11-15 22:15 - 2017-07-16 00:06 - 000298120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-15 22:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
      2017-11-15 22:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
      2017-11-15 22:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
      2017-11-15 22:11 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2017-11-15 22:11 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
      2017-11-15 20:40 - 2015-07-10 12:04 - 000000167 _____ C:\WINDOWS\win.ini
      2017-11-15 20:38 - 2016-03-06 09:34 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Packages
      2017-11-15 19:23 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
      2017-11-14 17:54 - 2017-07-16 00:24 - 000004394 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
      2017-11-14 17:54 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-11-14 17:54 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-11-11 15:57 - 2017-01-15 18:24 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Documents\Biblioteca de calibre
      2017-11-11 15:50 - 2017-01-15 18:24 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\calibre
      2017-11-10 13:55 - 2017-05-15 18:45 - 000000959 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
      2017-11-10 13:55 - 2017-01-15 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
      2017-11-10 13:55 - 2017-01-15 18:24 - 000000000 ____D C:\Program Files\Calibre2
      2017-11-10 13:53 - 2016-11-20 12:19 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Documents\Mis Descargas de FileHippo
      2017-11-07 22:28 - 2017-07-16 00:11 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA
      2017-11-07 19:16 - 2017-07-29 08:30 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1977722032-1609589620-2362224290-1001
      2017-11-07 19:16 - 2016-03-06 09:37 - 000002462 _____ C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-11-07 19:16 - 2016-03-06 09:37 - 000000000 ___RD C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\OneDrive
      2017-11-06 22:24 - 2016-07-30 20:10 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
      2017-11-06 22:24 - 2016-07-30 20:10 - 000000000 ____D C:\Program Files (x86)\CDBurnerXP
      2017-11-05 02:40 - 2017-03-18 22:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2017-11-05 02:40 - 2017-03-18 22:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-04 07:59 - 2016-03-10 18:56 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\vlc
      2017-11-03 21:00 - 2016-03-10 19:24 - 000000000 ____D C:\Program Files\Bandizip
      2017-10-29 21:36 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
      2017-10-27 18:37 - 2016-03-10 22:43 - 000000000 ____D C:\ProgramData\TEMP
      2017-10-27 18:37 - 2016-03-10 22:43 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
      2017-10-27 18:37 - 2016-03-10 19:32 - 000041432 __RSH C:\ProgramData\ntuser.pol
      2017-10-27 17:54 - 2016-03-09 21:22 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\ElevatedDiagnostics

      ==================== Files in the root of some directories =======

      2017-04-16 07:30 - 2017-09-03 12:16 - 000465408 _____ (Dirección General de la PolicÃ*a) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\DNIeService.exe
      2016-03-25 10:20 - 2016-03-25 10:21 - 000007605 _____ () C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\resmon.resmoncfg

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-16 19:04

      ==================== End of FRST.txt ============================

      ADDITIONAL SCAN RESULT:

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
      Ran by JoSi-Win10 (19-11-2017 22:25:37)
      Running from C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Downloads
      Windows 10 Pro Version 1703 15063.726 (X64) (2017-07-15 23:33:13)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1977722032-1609589620-2362224290-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-1977722032-1609589620-2362224290-503 - Limited - Disabled)
      Invitado (S-1-5-21-1977722032-1609589620-2362224290-501 - Limited - Disabled)
      JoSi-Win10 (S-1-5-21-1977722032-1609589620-2362224290-1001 - Administrator - Enabled) => C:\Users\JoSi-Win10.DESKTOP-CG8R3CA

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
      ACP Application (HKLM\...\{C24F174C-FCD8-854E-16CA-9F8A5E33AE40}) (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
      ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
      Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
      AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
      AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
      Application Profiles (HKLM-x32\...\{77A795C8-E532-4B09-5C58-7FFFC3CC9171}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
      Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
      Bandizip (HKLM\...\Bandizip) (Version: 6.10 - Bandisoft.com)
      calibre 64bit (HKLM\...\{3E7334AB-3B64-4CD0-8DAC-817FF56AED7E}) (Version: 3.12.0 - Kovid Goyal)
      Capicom 2.1.0.2 FNMT-RCM (HKLM-x32\...\{E06DBD80-CD9B-4A3F-BD83-ED1AA4CB1E3A}) (Version: 1.00.0000 - FNMT-RCM)
      Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{E8D9A5F5-A76F-C1CB-2609-F09167AA5628}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{BD555B5E-F1F9-3B62-18AD-DCF2E079AEB4}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{FCB5675A-A034-2872-8361-00EE0391C399}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{29F35063-F14F-D4A8-5825-0F74240F25C3}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{51E9360E-0B90-EE7F-D840-28458BD048DA}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{33FF313C-78A1-35CE-2E12-93EC013CD42D}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{8F4F9CAC-37A7-E424-2DBC-B9293E772F60}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{B709D228-78E5-4D06-6BD9-7C49CAF0F3A2}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{5066336E-513F-CBB9-9BB0-C89A3933C10F}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{AED89989-7DBE-543C-19A4-BE5A855DD2FB}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{98DD6106-888C-301A-AD03-753FF86838AE}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{D0EA7EFC-D5CD-D8B1-EB42-F72483CEAABF}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{A88050CD-0501-3DCF-2DDA-D290D3E3DCAA}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{1739AB49-2038-78F5-1A87-BC7490CAC76A}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{3530D72B-E13A-E242-1B65-1D4A56FEB793}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{413A45F5-20F8-1760-22DF-000C80A392E5}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{47E510DD-18B9-17F3-121E-B068BCD51D94}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{FDA9F952-8DBD-112A-1244-0AD718D6C3A6}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{25DEBD2B-5356-EF0F-43D8-CFFB5BBAA808}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{4793D2FE-9842-F82B-F03F-05A89A0AC2E4}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{2464B26D-1665-8DA4-190D-7C474AE7586B}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
      CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
      Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
      Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.6 - FNMT-RCM)
      CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
      DawnArk Video Converter 1.0.23.0430 (HKLM-x32\...\DawnArk Video Converter) (Version: 1.0.23.0430 - DawnArk Studio.)
      Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      eMule (HKLM-x32\...\eMule) (Version: - )
      Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
      Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
      Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
      Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
      Mozilla Firefox 51.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0 (x86 en-US)) (Version: 51.0 - Mozilla)
      Mozilla Firefox 57.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 57.0 (x64 es-ES)) (Version: 57.0 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
      MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
      Panda USB Vaccine 1.0.0.50a (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
      Pure APK Install version 1.4.0583 (HKLM-x32\...\085A5308-DFBB-A19F-29DF-244998E2CD84_is1) (Version: 1.4.0583 - APKPure Inc.)
      Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
      Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
      Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
      SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
      Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version: - Microsoft)
      Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version: - Microsoft)
      UsbFix (HKLM-x32\...\Usbfix) (Version: 8.239 - El Desaparecido - www.usb-antivirus.com - www.sosvirus.net)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
      Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
      Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
      Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
      ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
      ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
      ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
      ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
      ContextMenuHandlers1_S-1-5-21-1977722032-1609589620-2362224290-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers2_S-1-5-21-1977722032-1609589620-2362224290-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers4_S-1-5-21-1977722032-1609589620-2362224290-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)
      ContextMenuHandlers5_S-1-5-21-1977722032-1609589620-2362224290-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-11-03] (Bandisoft.com)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {040648D0-6B24-43BE-8170-026AAE565C9D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-11-19] (AVAST Software)
      Task: {0ED7774A-4B58-48F2-B09A-07CCCA3E5760} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
      Task: {1126CD92-3B5D-4807-9DAD-91A84A750B8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
      Task: {28145742-CEF9-4182-B818-3DAAFDDF0E2D} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
      Task: {31000108-C208-408E-9ADB-996C15218CB5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
      Task: {3B24F34D-78B1-4DAB-8260-13C1F83B084C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
      Task: {406FCD6A-A044-4A36-8218-F4EBD818C63F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-19] (AVAST Software)
      Task: {42A7235C-264E-49AC-AFB7-A7C0171578E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
      Task: {7531671F-3BFC-490C-89E5-070183C1618A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
      Task: {774BC64C-A45B-4BA6-A504-EAE6D60203C9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-11] (@ByELDI)
      Task: {7A362B6A-6076-42D4-97D5-302996E27782} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-06-16] ()
      Task: {7AE1C1D8-6401-4F81-AC8F-9AF9AC552488} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-10-10] (Microsoft Corporation)
      Task: {87D04140-2E58-4BC4-9F0F-43EAC474E76D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
      Task: {95A85831-E038-4316-857D-31F9FA76DB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
      Task: {A8B79404-7BB9-411B-89FA-83B508A8108B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
      Task: {B35970AB-D92E-44F0-9086-16971248F5D9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
      Task: {D12EE43F-C320-42EA-9D96-8835762A7895} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
      Task: {D6A3070C-6443-45C9-86F8-9A9E05C92617} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    7. #7
      Usuario Avatar de KEnSuKE
      Registrado
      ene 2006
      Ubicación
      España
      Mensajes
      72

      Re: Infectado con Adware.Elex.ShrtCln

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-11-19 08:26 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
      2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
      2016-09-14 02:00 - 2016-09-14 02:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
      2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
      2016-09-14 02:00 - 2016-09-14 02:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
      2016-09-14 01:59 - 2016-09-14 01:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
      2016-09-14 01:59 - 2016-09-14 01:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
      2016-09-14 02:00 - 2016-09-14 02:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
      2017-03-18 21:59 - 2017-03-20 06:14 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2017-11-13 18:16 - 2017-11-13 18:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      2017-11-13 18:16 - 2017-11-13 18:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2017-11-13 18:16 - 2017-11-13 18:18 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
      2017-11-06 21:18 - 2017-11-06 21:18 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
      2015-09-02 12:00 - 2015-09-02 12:00 - 010566352 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
      2017-11-08 22:35 - 2017-11-08 22:35 - 000098688 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2014-04-07 15:31 - 2014-04-07 15:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
      2017-11-19 09:07 - 2017-11-19 09:07 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
      AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\fnmt.es -> hxxp://fnmt.es
      IE trusted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\fnmt.es -> hxxps://fnmt.es
      IE trusted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\fnmt.gob.es -> hxxps://fnmt.gob.es
      IE trusted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\fnmt.gob.es -> hxxp://fnmt.gob.es
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\008i.com -> 008i.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\008k.com -> 008k.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\00hq.com -> 00hq.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0190-dialers.com -> 0190-dialers.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\01i.info -> 01i.info
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0411dd.com -> 0411dd.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0511zfhl.com -> 0511zfhl.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\05p.com -> 05p.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0632qyw.com -> 0632qyw.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0calories.net -> 0calories.net
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0cj.net -> 0cj.net
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\0scan.com -> 0scan.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\1-se.com -> 1-se.com
      IE restricted site: HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\1001movie.com -> 1001movie.com

      There are 6091 more sites.


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Fondo de escritorio.bmp
      DNS Servers: 212.142.144.66
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\Run: => "StartCN"
      HKLM\...\StartupApproved\Run: => "RTHDVCPL"
      HKLM\...\StartupApproved\Run32: => "Raptr"
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\StartupApproved\Run: => "uTorrent"
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\StartupApproved\Run: => "OneDrive"
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{29986B20-E219-4F54-AC11-7BBE3976816C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{65ED297C-BD1B-4651-9706-E184F14E0337}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{2AA2008F-99A7-44C5-AF3C-D812EB48AACC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
      FirewallRules: [{7806172C-C814-418E-81B9-EB65DCE807CF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
      FirewallRules: [{E9B4CBCA-61ED-4F21-AD28-152077B03CB1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
      FirewallRules: [{6A8F6FDB-4644-4470-ADDB-0B320B51BA26}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
      FirewallRules: [{A3773AB3-B6BE-448A-A45B-B450AAF8D1C3}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{0C73F723-B6F3-45FB-8133-3DE73D3720E0}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{23B94DF0-E76F-4194-8037-1D5C14590E9C}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{F4894462-F425-470C-A0E8-26DF8D5B271C}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{329EE93C-FEFE-4A71-8D77-E1E6074B9A8B}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{8D8085BD-A005-4B8D-8EDB-0EBFCAC91F61}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [TCP Query User{C63D51E9-BB4C-404E-98A2-5C8A8AC823F7}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
      FirewallRules: [UDP Query User{C46E46A7-C7EA-44FE-8043-3043B2CD86EA}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
      FirewallRules: [{CB5BF0CD-DBC6-4CD5-90DB-5916A6BD40B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{915ABE7E-B3C1-4B49-8D01-0D3ECC4AE147}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{1067AF1B-6002-46C5-9DE1-DFB93D3F4EBA}F:\documents and settings\kensuke\datos de programa\utorrent\utorrent.exe] => (Allow) F:\documents and settings\kensuke\datos de programa\utorrent\utorrent.exe
      FirewallRules: [UDP Query User{6310286A-99CC-42C6-9C65-9C8FD745BA3C}F:\documents and settings\kensuke\datos de programa\utorrent\utorrent.exe] => (Allow) F:\documents and settings\kensuke\datos de programa\utorrent\utorrent.exe
      FirewallRules: [TCP Query User{B32DA362-1570-4832-B80B-F2ADBFD3F26C}F:\documents and settings\kensuke\datos de programa\utorrent\updates\3.5.0_43916.exe] => (Block) F:\documents and settings\kensuke\datos de programa\utorrent\updates\3.5.0_43916.exe
      FirewallRules: [UDP Query User{69D6DD2C-BA5C-44C1-A9D5-B72CB5C8F8AE}F:\documents and settings\kensuke\datos de programa\utorrent\updates\3.5.0_43916.exe] => (Block) F:\documents and settings\kensuke\datos de programa\utorrent\updates\3.5.0_43916.exe
      FirewallRules: [{4BDE69C6-8514-4DED-AF79-76B252361515}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{5B4E0961-D383-466C-8057-132E638F7646}] => (Allow) C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{BCD46F90-98A1-48AB-89DB-F4BB96B7743A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
      FirewallRules: [{BA328CE0-647F-45C5-838E-2A9242BF4E43}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
      FirewallRules: [{45C75D29-3D4A-4D35-8869-9C7CDE3E2146}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      03-11-2017 18:26:41 Installed calibre 64bit
      10-11-2017 13:54:10 Installed calibre 64bit
      15-11-2017 19:12:11 Windows Update
      19-11-2017 08:54:16 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/19/2017 10:02:06 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

      Error: (11/19/2017 11:35:46 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 11:35:41 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 11:20:59 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 11:20:54 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 11:06:03 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 11:05:57 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 10:53:36 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 10:50:57 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error

      Error: (11/19/2017 10:50:51 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
      Description: ATI EEU Service event error


      System errors:
      =============
      Error: (11/19/2017 09:49:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
      Description: Error al intentar leer el archivo local de hosts.

      Error: (11/19/2017 09:49:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
      Description: Error al intentar leer el archivo local de hosts.

      Error: (11/19/2017 09:49:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
      Solicitud no compatible.

      Error: (11/19/2017 08:46:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
      y APPID
      {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
      al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (11/19/2017 08:46:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
      y APPID
      {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
      al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (11/19/2017 08:45:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
      Description: Error al intentar leer el archivo local de hosts.

      Error: (11/19/2017 08:45:48 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
      Description: Error al intentar leer el archivo local de hosts.

      Error: (11/19/2017 08:45:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
      Solicitud no compatible.

      Error: (11/19/2017 12:40:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      y APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (11/18/2017 07:38:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
      Solicitud no compatible.


      CodeIntegrity:
      ===================================
      Date: 2017-11-18 23:05:27.571
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-18 21:11:02.964
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-11-18 21:06:45.851
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-11-18 21:06:08.337
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-11-18 21:06:07.991
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

      Date: 2017-11-15 22:27:07.321
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-15 20:29:48.625
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-13 18:07:24.768
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-11 20:34:15.161
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-07 21:41:31.694
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


      ==================== Memory info ===========================

      Processor: AMD A10-7870K Radeon R7, 12 Compute Cores 4C+8G
      Percentage of memory in use: 30%
      Total physical RAM: 7110.13 MB
      Available physical RAM: 4930.86 MB
      Total Virtual: 8262.13 MB
      Available Virtual: 6128.64 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:930.96 GB) (Free:618.18 GB) NTFS
      Drive d: (Torrents) (Fixed) (Total:69.27 GB) (Free:1.35 GB) NTFS
      Drive e: ( Emule) (Fixed) (Total:134.76 GB) (Free:22.18 GB) NTFS
      Drive f: (Joseba_XP) (Fixed) (Total:28.84 GB) (Free:12 GB) NTFS
      Drive z: () (Removable) (Total:14.9 GB) (Free:10.04 GB) FAT32

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 28 GB) (Disk ID: A8B768B5)

      Partition: GPT.

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

      Partition: GPT.

      ========================================================
      Disk: 2 (Size: 232.9 GB) (Disk ID: 89B985B4)
      Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)

      ========================================================
      Disk: 3 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 25B18C0C)
      Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

      ==================== End of Addition.txt ============================

      Gracias. ^_^

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infectado con Adware.Elex.ShrtCln

      Hola

      No has descargado y ejecutado FRST desde el escritorio como te indiqué, muevelo allí para realizar los siguientes pasos, si no no funcionará.

      Tienes instalado Avast, asi que quitaremos las entradas que veo con el fixlog y cuando te lo indique, vas a pasar la herramienta de desinstalación, por si quedara algún resto más.

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\Run: [uTorrent] => C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2017-08-05] (BitTorrent Inc.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Extension: (Tile Tabs WE) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-10-24]
      FF Extension: (Tile View) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-08-24] [Lagacy]
      FF Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-19]
      FF Extension: (ColorfulTabs) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2017-11-18]
      CHR Extension: (Presentaciones) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Proxy gratuito para acceder a cualquier sitio | Touch VPN) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-08-26]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
      CHR Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-19]
      CHR Extension: (Chrome Media Router) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-19] (AVAST Software)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-19] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-19] (AVAST Software)
      2017-11-19 09:10 - 2017-11-19 09:10 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\AVAST Software
      2017-11-19 09:09 - 2017-11-19 09:09 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-11-19 09:09 - 2017-11-19 09:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
      2017-11-19 09:09 - 2017-11-19 09:09 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2017-11-19 09:09 - 2017-11-19 09:09 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
      2017-11-19 09:09 - 2017-11-19 09:09 - 000001927 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-11-19 09:09 - 2017-11-19 09:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-11-19 09:09 - 2017-11-19 09:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-11-19 09:09 - 2017-11-19 09:08 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-11-19 09:09 - 2017-11-19 09:08 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-11-19 09:06 - 2017-11-19 11:01 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-11-19 09:06 - 2017-11-19 09:06 - 000000000 ____D C:\Program Files\AVAST Software
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      Task: {040648D0-6B24-43BE-8170-026AAE565C9D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-11-19] (AVAST Software)
      Task: {406FCD6A-A044-4A36-8218-F4EBD818C63F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-19] (AVAST Software)
      2017-11-19 09:08 - 2017-11-19 09:08 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
      2017-11-19 09:07 - 2017-11-19 09:07 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
      AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134] 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Utiliza la herramienta de desinstalación de Avast >> Herramientas de desinstalación de Antivirus, AntiSpyware y Firewall.

      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de KEnSuKE
      Registrado
      ene 2006
      Ubicación
      España
      Mensajes
      72

      Re: Infectado con Adware.Elex.ShrtCln

      Hola.

      Creo que esta vez he hecho todo bien.

      Avast está desinstalado.
      Durante el fix con FRST me ha dado un error que no sé si se habrá reflejado en el log (si te hiciera falta he hecho captura de pantalla pero ahora mismo no sé subirla aquí).


      Después de todo el proceso he pasado Malwarebytes y parece que el problema persiste.

      Te reporto los logs.

      FIXLOG

      Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
      Ran by JoSi-Win10 (20-11-2017 21:53:19) Run:1
      Running from C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\Desktop
      Loaded Profiles: JoSi-Win10 (Available Profiles: JoSi-Win10)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\...\Run: [uTorrent] => C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2017-08-05] (BitTorrent Inc.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Extension: (Tile Tabs WE) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-10-24]
      FF Extension: (Tile View) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-08-24] [Lagacy]
      FF Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] [2017-11-19]
      FF Extension: (ColorfulTabs) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2017-11-18]
      CHR Extension: (Presentaciones) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Proxy gratuito para acceder a cualquier sitio | Touch VPN) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-08-26]
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
      CHR Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-19]
      CHR Extension: (Chrome Media Router) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-19] (AVAST Software)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-19] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-19] (AVAST Software)
      2017-11-19 09:10 - 2017-11-19 09:10 - 000000000 ____D C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\AVAST Software
      2017-11-19 09:09 - 2017-11-19 09:09 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-11-19 09:09 - 2017-11-19 09:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
      2017-11-19 09:09 - 2017-11-19 09:09 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2017-11-19 09:09 - 2017-11-19 09:09 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
      2017-11-19 09:09 - 2017-11-19 09:09 - 000001927 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-11-19 09:09 - 2017-11-19 09:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-11-19 09:09 - 2017-11-19 09:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-11-19 09:09 - 2017-11-19 09:08 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-11-19 09:09 - 2017-11-19 09:08 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-11-19 09:09 - 2017-11-19 09:08 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-11-19 09:09 - 2017-11-19 09:07 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-11-19 09:06 - 2017-11-19 11:01 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-11-19 09:06 - 2017-11-19 09:06 - 000000000 ____D C:\Program Files\AVAST Software
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-19] (AVAST Software)
      Task: {040648D0-6B24-43BE-8170-026AAE565C9D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-11-19] (AVAST Software)
      Task: {406FCD6A-A044-4A36-8218-F4EBD818C63F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-19] (AVAST Software)
      2017-11-19 09:08 - 2017-11-19 09:08 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
      2017-11-19 09:08 - 2017-11-19 09:08 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
      2017-11-19 09:07 - 2017-11-19 09:07 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
      AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      C:\Program Files\AVAST Software\Avast\AvastSvc.exe => No running process found
      C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe => No running process found
      C:\Program Files\AVAST Software\Avast\AvastUI.exe => No running process found
      HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Raptr => value removed successfully
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully
      C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
      C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
      C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully
      C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] => moved successfully
      C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] => moved successfully
      C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\[email protected] => moved successfully
      C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\Mozilla\Firefox\Profiles\xkcdcpqk.default-1479638018636\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi => moved successfully
      CHR Extension: (Presentaciones) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Proxy gratuito para acceder a cualquier sitio | Touch VPN) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-08-26] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20] => Error: No automatic fix found for this entry.
      CHR Extension: (Avast Online Security) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-19] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
      HKLM\System\CurrentControlSet\Services\aswbIDSAgent => key removed successfully
      aswbIDSAgent => service removed successfully
      HKLM\System\CurrentControlSet\Services\avast! Antivirus => key removed successfully
      avast! Antivirus => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswArPot => key removed successfully
      aswArPot => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswbidsdriver => key removed successfully
      aswbidsdriver => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswbidsh => key removed successfully
      aswbidsh => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswblog => key removed successfully
      aswblog => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswbuniv => key removed successfully
      aswbuniv => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswHwid => key removed successfully
      aswHwid => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswMonFlt => key removed successfully
      aswMonFlt => service removed successfully
      aswRdr => Unable to stop service.
      HKLM\System\CurrentControlSet\Services\aswRdr => key removed successfully
      aswRdr => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswRvrt => key removed successfully
      aswRvrt => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswSnx => key removed successfully
      aswSnx => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswSP => key removed successfully
      aswSP => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswStm => key removed successfully
      aswStm => service removed successfully
      HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
      aswVmm => service removed successfully
      C:\Users\JoSi-Win10.DESKTOP-CG8R3CA\AppData\Roaming\AVAST Software => moved successfully
      C:\WINDOWS\system32\Drivers\aswSP.sys => moved successfully
      C:\WINDOWS\system32\Drivers\lpsport.sys => moved successfully
      C:\WINDOWS\System32\Tasks\Avast Emergency Update => moved successfully
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk => moved successfully
      C:\Users\Public\Desktop\Avast Free Antivirus.lnk => moved successfully
      C:\WINDOWS\System32\Tasks\Avast Software => moved successfully
      C:\Program Files\Common Files\Avast Software => moved successfully
      C:\WINDOWS\system32\aswBoot.exe => moved successfully
      C:\WINDOWS\system32\Drivers\aswVmm.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswStm.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswArPot.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswMonFlt.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswRdr2.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswRvrt.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswHwid.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswSnx.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswbloga.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswbidsha.sys => moved successfully
      C:\WINDOWS\system32\Drivers\aswbuniva.sys => moved successfully
      C:\ProgramData\AVAST Software => moved successfully
      C:\Program Files\AVAST Software => moved successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key removed successfully
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\avast => key removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
      HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => key removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
      HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => key removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{040648D0-6B24-43BE-8170-026AAE565C9D} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{040648D0-6B24-43BE-8170-026AAE565C9D} => key removed successfully
      C:\WINDOWS\System32\Tasks\Avast Software\Overseer => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{406FCD6A-A044-4A36-8218-F4EBD818C63F} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406FCD6A-A044-4A36-8218-F4EBD818C63F} => key removed successfully
      C:\WINDOWS\System32\Tasks\Avast Emergency Update => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update => key removed successfully
      "C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll" => not found.
      "C:\Program Files\AVAST Software\Avast\module_lifetime.dll" => not found.
      "C:\Program Files\AVAST Software\Avast\libcef.dll" => not found.
      "C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll" => not found.
      "C:\Program Files\AVAST Software\Avast\tasks_core.dll" => not found.
      "C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll" => not found.
      C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
      C:\ProgramData\TEMP => ":B755D674" ADS removed successfully.

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Ethernet:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::29f8:1668:93e5:f2bb%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.10
      MÂ*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.0.1

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c
      El servicio no puede iniciarse en modo a prueba de errores

      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1977722032-1609589620-2362224290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 7888896 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 46050565 B
      Java, Flash, Steam htmlcache => 541 B
      Windows/system/drivers => 676241 B
      Edge => 23384 B
      Chrome => 372053599 B
      Firefox => 34133818 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 6656 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      systemprofile32 => 128 B
      LocalService => 1626 B
      NetworkService => 0 B
      JoSi-Win10.DESKTOP-CG8R3CA => 24823826 B

      RecycleBin => 0 B
      EmptyTemp: => 463.2 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 21:54:07 ===

      MALWAREBYTES

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 20/11/17
      Hora del análisis: 22:10
      Archivo de registro: 419d1086-ce37-11e7-a0af-305a3a45b55a.json
      Administrador: SÃ*

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3305
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 10 (Build 15063.726)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: JOSI-W1N10\JoSi-Win10

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 435728
      Amenazas detectadas: 2
      Amenazas en cuarentena: 2
      Tiempo transcurrido: 13 min, 8 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      HeurÃ*stica: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 2
      Adware.Elex.ShrtCln, C:\USERS\JOSI-WIN10.DESKTOP-CG8R3CA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [2306], [454748],1.0.3305
      Adware.Elex.ShrtCln, C:\USERS\JOSI-WIN10.DESKTOP-CG8R3CA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [2306], [454748],1.0.3305

      Sector fÃ*sico: 0
      (No hay elementos maliciosos detectados)


      (end)

      Gracias y saludos.

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infectado con Adware.Elex.ShrtCln

      Hola

      Hola

      Realiza los siguientes pasos:

      1) Descarga HitmanPRO su manual de uso

      • Ejecuta HitmanPRO, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona el botón: "Siguiente" en las dos pantallas para comenzar.
      • Una vez finalizado el escaneo HitmanPRO incluye 30 días gratuitos para la eliminación de los posibles malwares detectados.
      • En todo caso se puede con su reporte encontrar la ruta especifica de lo detectado y eliminar manualmente.
      • El reporte se genera presionando "Guardar Registro" en donde queramos, para luego abrirlo y copiarnos el contenido en este mismo tema.


      2) Realiza un escaneo en linea ESET Online Scanner

      • Desactiva el Antivirus
      • Después de realizar el escaneo, vuelves a activar el Antivirus
      • Descarga y ejecuta ESET Online (Ver Manual)
      • Marca las casillas de Eliminar las amenazas detectadas y analizar archivos.
      • Haz clic en Configuración adicional y tilda las casillas:
        - Analizar en busca de aplicaciones potencialmente indeseables,
        - Analizar en busca de aplicaciones potencialmente peligrosas
        - Activar la tecnología Anti-Stealth.
      • Pulsa en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      • Cuando acabe haz clic en Finalizar
      • Localiza el reporte en C:\Archivos de programa\ESET\ESET Online Scanner\log y nos lo adjuntas en tu próxima respuesta.


      Para el reporte de la nueva versión de Eset Online
      • La ruta por defecto es: C:\users\%userprofile%\appdata\local\temp\log.txt
      • Así que primero tendras que mostrar Archivos y Carpetas Ocultos
      • Cuando lo hayas hecho podras acceder a la carpeta AppData de tu cuenta de usuario, abrela
      • Entras a la carpeta local y ahí encontraras la carpeta Temp
      • Dentro de este directorio debes encontrar el archivo log.txt
      • Ya sabes, abrelo con el bloc de notas, seleccionalo todo, copialo y pegalo en tu próxima respuesta


      Pega los reportes y comenta como sigue.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 3 123 ÚltimoÚltimo