• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

    Desde hace un mes aparece reiteradamente el informe de la presencia del Adaware.Elex.shrtcln, detectado por Malwarebytes o por el Eset Nod, realicé todas esas veces los pasos con estos dos programas, y con AdwCleaner, luego ...

    1. #1
      Usuario Avatar de MFBG
      Registrado
      sep 2005
      Ubicación
      Argentina
      Mensajes
      98

      Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Desde hace un mes aparece reiteradamente el informe de la presencia del Adaware.Elex.shrtcln, detectado por Malwarebytes o por el Eset Nod, realicé todas esas veces los pasos con estos dos programas, y con AdwCleaner, luego limpieza con CCleaner, y con Regseeker.

      Miré ayer en el foro y seguí los pasos que se detallaron en este posteo. http://www.forospyware.com/t530709.html

      Pego los informes Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt,
      (espero no sea un problema, y haya ganado tiempo).

      gracias de antemano.


      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 18/11/17
      Hora del análisis: 17:06
      Archivo de registro: f5591a40-cc9b-11e7-835f-00e052e03584.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3286
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x86
      Sistema de archivos: NTFS
      Usuario: PC\Mar\u00c3\u00ada Fernanda

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 283467
      Amenazas detectadas: 1
      Amenazas en cuarentena: 1
      Tiempo transcurrido: 18 min, 30 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 1
      Adware.Elex.ShrtCln, C:\USERS\MARíA FERNANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [2306], [454721],1.0.3286

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)



      # AdwCleaner 7.0.2.1 - Logfile created on Sat Nov 18 20:43:29 2017
      # Updated on 2017/29/08 by Malwarebytes
      # Database: 08-29-2017.2
      # Running on Windows 7 Home Premium (X86)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************

      C:/AdwCleaner/AdwCleaner[C0].txt - [1404 B] - [2017/10/19 159]
      C:/AdwCleaner/AdwCleaner[C1].txt - [1507 B] - [2017/11/11 19:51:23]
      C:/AdwCleaner/AdwCleaner[S0].txt - [1299 B] - [2017/10/19 0:27:58]
      C:/AdwCleaner/AdwCleaner[S1].txt - [1087 B] - [2017/10/20 12:56:0]
      C:/AdwCleaner/AdwCleaner[S2].txt - [1334 B] - [2017/11/11 18:54:36]
      C:/AdwCleaner/AdwCleaner[S3].txt - [1353 B] - [2017/11/11 19:47:7]
      C:/AdwCleaner/AdwCleaner[S4].txt - [1361 B] - [2017/11/13 18:36:57]
      C:/AdwCleaner/AdwCleaner[S5].txt - [1430 B] - [2017/11/13 21:58:59]
      C:/AdwCleaner/AdwCleaner[S6].txt - [1499 B] - [2017/11/15 0:19:0]
      C:/AdwCleaner/AdwCleaner[S7].txt - [1566 B] - [2017/11/15 2:59:44]
      C:/AdwCleaner/AdwCleaner[S8].txt - [1634 B] - [2017/11/17 23:40:48]


      ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########

      =================== End of Addition.txt ============================


      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Home Premium x86
      Ran by Mar¡a Fernanda (Administrator) on 18/11/2017 at 17:49:36,07
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 8

      Successfully deleted: C:\Users\Mar¡a Fernanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GEOG2ZF (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Mar¡a Fernanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\784HQ0UA (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Mar¡a Fernanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON5V9Q25 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Mar¡a Fernanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1BNQNN1 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GEOG2ZF (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\784HQ0UA (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON5V9Q25 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1BNQNN1 (Temporary Internet Files Folder)



      Registry: 0

    2. #2
      Usuario Avatar de MFBG
      Registrado
      sep 2005
      Ubicación
      Argentina
      Mensajes
      98

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2017
      Ran by María Fernanda (administrator) on PC (18-11-2017 17:53:56)
      Running from C:\Users\María Fernanda\Desktop
      Loaded Profiles: María Fernanda & UpdatusUser (Available Profiles: María Fernanda & UpdatusUser)
      Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
      () C:\mysql\bin\mysqld-nt.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [297592 2017-11-08] (ESET)
      HKLM\...\Run: [ArgenteRC] => C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe [6888448 2015-02-16] (Raúl Argente)
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\Policies\Explorer: [NoSaveSettings] 0
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-01] (Microsoft Corporation)
      BootExecute: autocheck autochk *
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{BD4E3AAF-95B0-418D-B99F-07572EE9F7D6}: [DhcpNameServer] 192.168.1.1

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.infospyware.com
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.infospyware.com/
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-3224671148-4119020339-2458528890-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-11-18] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
      Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
      Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
      Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)

      FireFox:
      ========
      FF ProfilePath: C:\Users\María Fernanda\AppData\Roaming\Mozilla\Firefox\Profiles\bbngak71.default-1481544662016 [2017-11-18]
      FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
      FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
      FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
      FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
      FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.com.ar/
      CHR StartupUrls: Default -> "hxxp://www.google.com.ar/","hxxps://www.google.com/","hxxps://www.google.com/"
      CHR Profile: C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default [2017-11-18]
      CHR Extension: (Presentaciones) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Learn French - Très Bien) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2016-04-24]
      CHR Extension: (Documentos) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-24]
      CHR Extension: (YouTube) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-24]
      CHR Extension: (Hojas de cálculo) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-24]
      CHR Extension: (Chrome Media Router) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-01]
      CHR Extension: (Diapositivas de Google) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-30]
      CHR Extension: (Google Docs) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-30]
      CHR Extension: (Google Drive) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-30]
      CHR Extension: (YouTube) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-30]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-30]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-30]
      CHR Extension: (Gmail) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-30]
      CHR Extension: (Chrome Media Router) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
      CHR Profile: C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-18]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
      S3 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
      R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [5096616 2017-11-02] (Microsoft Corporation)
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2089176 2017-11-08] (ESET)
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
      R2 MySql; C:\mysql\bin\mysqld-nt.exe [1130496 2002-08-14] () [File not signed]
      S3 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2017-01-16] (Samsung Electronics Co., Ltd.)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-11-08] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-11-08] (ESET)
      R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [68224 2017-11-08] (ESET)
      R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-09-18] (Glarysoft Ltd)
      R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
      S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
      R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
      S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2017-01-16] (Samsung Electronics Co., Ltd.)
      U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2015-03-08] (Huawei Technologies Co., Ltd.)
      U5 UnlockerDriver5; C:\Program Files\x86\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-18 17:53 - 2017-11-18 17:54 - 000014027 _____ C:\Users\María Fernanda\Desktop\FRST.txt
      2017-11-18 17:53 - 2017-11-18 17:53 - 000000000 ____D C:\FRST
      2017-11-18 17:52 - 2017-11-18 17:52 - 000001911 _____ C:\Users\María Fernanda\Desktop\JRT.txt
      2017-11-18 17:48 - 2017-11-18 17:48 - 000001703 _____ C:\Users\María Fernanda\Desktop\AdwCleaner[S9].txt
      2017-11-17 21:35 - 2017-11-17 21:35 - 000002475 _____ C:\Users\María Fernanda\Desktop\virus.txt
      2017-11-17 21:09 - 2017-11-17 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-11-17 21:08 - 2017-11-17 21:08 - 000000000 ____D C:\ProgramData\MB3CoreBackup
      2017-11-17 21:01 - 2017-11-17 21:02 - 001788928 _____ (Farbar) C:\Users\María Fernanda\Desktop\FRST.exe
      2017-11-17 21:00 - 2017-11-17 21:02 - 008261584 _____ (Malwarebytes) C:\Users\María Fernanda\Desktop\AdwCleaner (1).exe
      2017-11-17 21:00 - 2017-11-17 21:01 - 001790024 _____ (Malwarebytes) C:\Users\María Fernanda\Desktop\JRT.exe
      2017-11-17 12:39 - 2017-11-17 12:39 - 000009016 _____ C:\Users\María Fernanda\Downloads\ComprobantePagoRealizado (4).pdf
      2017-11-17 12:38 - 2017-11-17 12:38 - 000009016 _____ C:\Users\María Fernanda\Downloads\ComprobantePagoRealizado (2).pdf
      2017-11-17 12:38 - 2017-11-17 12:38 - 000009014 _____ C:\Users\María Fernanda\Downloads\ComprobantePagoRealizado (3).pdf
      2017-11-14 20:17 - 2017-10-16 19:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-11-14 20:17 - 2017-10-14 04:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-11-14 20:17 - 2017-10-14 03:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-11-14 20:17 - 2017-10-14 03:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-11-14 20:17 - 2017-10-14 03:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-11-14 20:17 - 2017-10-14 03:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-11-14 20:17 - 2017-10-14 03:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-11-14 20:17 - 2017-10-14 03:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-11-14 20:16 - 2017-10-18 03:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-11-14 20:16 - 2017-10-17 22:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2017-11-14 20:16 - 2017-10-17 22:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2017-11-14 20:16 - 2017-10-17 22:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2017-11-14 20:16 - 2017-10-17 22:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2017-11-14 20:16 - 2017-10-17 22:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2017-11-14 20:16 - 2017-10-17 22:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2017-11-14 20:16 - 2017-10-17 22:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2017-11-14 20:16 - 2017-10-16 19:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-11-14 20:16 - 2017-10-16 18:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2017-11-14 20:16 - 2017-10-14 04:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-11-14 20:16 - 2017-10-14 04:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-11-14 20:16 - 2017-10-14 03:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-11-14 20:16 - 2017-10-14 03:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-11-14 20:16 - 2017-10-14 03:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-11-14 20:16 - 2017-10-14 03:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-11-14 20:16 - 2017-10-14 03:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-11-14 20:16 - 2017-10-14 03:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-11-14 20:16 - 2017-10-14 03:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-11-14 20:16 - 2017-10-14 03:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-11-14 20:16 - 2017-10-14 03:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-11-14 20:16 - 2017-10-14 03:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-11-14 20:16 - 2017-10-14 03:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-11-14 20:16 - 2017-10-14 03:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-11-14 20:16 - 2017-10-14 03:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-11-14 20:16 - 2017-10-14 03:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-11-14 20:16 - 2017-10-14 03:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-11-14 20:16 - 2017-10-14 03:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-11-14 20:16 - 2017-10-14 03:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-11-14 20:16 - 2017-10-14 03:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-11-14 20:16 - 2017-10-14 03:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-11-14 20:16 - 2017-10-14 03:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-11-14 20:16 - 2017-10-14 03:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-11-14 20:16 - 2017-10-14 03:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-11-14 20:16 - 2017-10-14 03:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-11-14 20:16 - 2017-10-14 03:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-11-14 20:16 - 2017-10-14 03:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-11-14 20:16 - 2017-10-14 03:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-11-14 20:16 - 2017-10-11 21:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2017-11-14 20:16 - 2017-10-11 21:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-11-14 20:16 - 2017-10-11 21:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-11-14 20:16 - 2017-10-11 21:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-11-14 20:16 - 2017-10-11 21:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-11-14 20:16 - 2017-10-11 21:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-11-14 20:16 - 2017-10-11 21:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-11-14 20:16 - 2017-10-11 21:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
      2017-11-14 20:16 - 2017-10-11 21:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
      2017-11-14 20:16 - 2017-10-11 21:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
      2017-11-14 20:16 - 2017-10-11 21:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-11-14 20:16 - 2017-10-11 21:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
      2017-11-14 20:16 - 2017-09-07 10:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2017-11-14 20:16 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2017-11-14 19:59 - 2017-10-17 23:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2017-11-14 19:59 - 2017-10-17 23:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2017-11-14 19:59 - 2017-10-15 19:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2017-11-14 19:59 - 2017-10-04 10:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2017-11-14 19:59 - 2017-10-04 10:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2017-11-14 19:59 - 2017-10-04 10:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2017-11-14 19:59 - 2017-10-04 10:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2017-11-14 19:59 - 2017-10-04 10:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2017-11-14 19:59 - 2017-10-04 10:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2017-11-14 19:59 - 2017-10-04 10:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2017-11-14 15:33 - 2017-11-14 15:33 - 000000124 _____ C:\Users\María Fernanda\Desktop\tablet.txt
      2017-11-13 20:20 - 2017-11-13 20:20 - 000009020 _____ C:\Users\María Fernanda\Downloads\ComprobantePagoRealizado (1).pdf
      2017-11-13 20:08 - 2017-11-13 20:08 - 000008966 _____ C:\Users\María Fernanda\Downloads\ComprobantePagoRealizado.pdf
      2017-11-13 15:32 - 2017-11-13 15:32 - 000010468 _____ C:\Users\María Fernanda\AppData\Local\recently-used.xbel
      2017-11-12 12:20 - 2017-11-12 12:20 - 000117217 _____ C:\Users\María Fernanda\Desktop\Carlos DEBER 22 -enviar para corregir.pdf
      2017-11-12 11:23 - 2017-11-12 18:27 - 000001814 _____ C:\Users\María Fernanda\Desktop\prólogo.txt
      2017-11-10 14:56 - 2017-11-10 14:56 - 000000814 _____ C:\Users\María Fernanda\Desktop\taller a distancia.txt
      2017-11-06 19:27 - 2017-11-06 20:38 - 000000000 ____D C:\Users\María Fernanda\Downloads\Photos (2)
      2017-11-02 16:46 - 2017-11-02 16:46 - 000000043 _____ C:\Users\María Fernanda\Downloads\hbpix
      2017-10-31 15:21 - 2017-10-31 15:21 - 000001539 _____ C:\Users\María Fernanda\Desktop\sedronar.txt
      2017-10-29 19:38 - 2017-10-29 19:38 - 000444450 _____ C:\Users\María Fernanda\Downloads\listado_de_medicos_y_odontologos_de_cobertura_portena_de_salud_2015_0.pdf
      2017-10-29 19:38 - 2017-10-29 19:38 - 000147232 _____ C:\Users\María Fernanda\Downloads\listado_farmacias_2015_0.pdf
      2017-10-29 19:38 - 2017-10-29 19:38 - 000037500 _____ C:\Users\María Fernanda\Downloads\listado_servicios_zonales.pdf
      2017-10-29 19:38 - 2017-10-29 19:38 - 000037500 _____ C:\Users\María Fernanda\Downloads\listado_servicios_zonales (1).pdf
      2017-10-25 16:32 - 2017-10-25 16:32 - 000000000 ____D C:\Users\María Fernanda\Desktop\nuevos dictados
      2017-10-24 15:42 - 2017-10-24 15:42 - 000000507 _____ C:\Users\María Fernanda\Desktop\album de fotos.txt
      2017-10-21 17:34 - 2017-10-28 15:11 - 002081597 _____ C:\Users\María Fernanda\Downloads\El arte de ganar - Jaime Duran Barba- Santiago Nie.pdf

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-18 17:43 - 2017-10-18 21:24 - 000000000 ____D C:\AdwCleaner
      2017-11-18 17:40 - 2009-07-14 01:34 - 000025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-18 17:40 - 2009-07-14 01:34 - 000025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-18 17:33 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-18 17:33 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
      2017-11-18 16:51 - 2016-11-19 07:45 - 000000000 ____D C:\Users\María Fernanda\AppData\LocalLow\Mozilla
      2017-11-18 16:48 - 2015-02-02 13:40 - 000000000 ____D C:\Users\María Fernanda\Desktop\Fer
      2017-11-18 16:07 - 2016-12-03 09:52 - 000000000 ____D C:\Windows\system32\Macromed
      2017-11-18 16:01 - 2017-03-09 12:26 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
      2017-11-18 09:00 - 2016-11-22 21:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2017-11-18 08:58 - 2015-02-28 02:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
      2017-11-18 08:58 - 2009-07-13 23:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
      2017-11-18 08:55 - 2015-02-23 12:05 - 000000000 ____D C:\Program Files\Microsoft Office
      2017-11-17 21:37 - 2016-05-26 22:16 - 000000000 ____D C:\Users\María Fernanda\AppData\Local\Adobe
      2017-11-17 21:36 - 2016-12-03 09:52 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2017-11-17 21:36 - 2016-12-03 09:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2017-11-17 21:08 - 2015-02-02 23:14 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-16 16:45 - 2009-07-14 01:53 - 000032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2017-11-16 09:07 - 2009-07-14 01:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      2017-11-15 22:32 - 2016-04-24 16:05 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-15 12:50 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\rescache
      2017-11-15 06:49 - 2015-11-09 08:02 - 000426088 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-11-15 06:43 - 2016-02-27 11:26 - 000000000 ____D C:\Windows\system32\appraiser
      2017-11-15 00:08 - 2015-02-01 10:14 - 001650540 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-15 00:08 - 2009-07-14 05:48 - 000747396 _____ C:\Windows\system32\perfh00A.dat
      2017-11-15 00:08 - 2009-07-14 05:48 - 000158868 _____ C:\Windows\system32\perfc00A.dat
      2017-11-13 22:18 - 2015-02-01 11:22 - 000000000 ____D C:\Users\María Fernanda\Documents\Letras
      2017-11-13 15:32 - 2017-10-10 15:25 - 000000000 ____D C:\Users\María Fernanda\Desktop\Antología 2017
      2017-11-10 15:00 - 2016-06-21 23:44 - 000000000 ____D C:\Users\María Fernanda\AppData\Local\CrashDumps
      2017-11-10 15:00 - 2015-02-27 16:38 - 000000000 ____D C:\Windows\Minidump
      2017-11-08 12:25 - 2015-07-14 15:29 - 000141480 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
      2017-11-08 12:25 - 2015-07-14 15:29 - 000113544 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
      2017-11-08 12:25 - 2015-07-14 15:29 - 000068224 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
      2017-11-08 11:13 - 2015-02-01 10:11 - 000000000 ____D C:\Users\María Fernanda
      2017-11-01 08:54 - 2017-10-18 22:19 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
      2017-10-28 22:12 - 2015-02-08 16:50 - 000000000 ____D C:\Users\María Fernanda\AppData\Local\ESET
      2017-10-28 14:46 - 2015-02-02 10:42 - 000000000 ____D C:\Users\María Fernanda\Documents\facturas
      2017-10-27 20:53 - 2015-02-01 10:35 - 000000000 ____D C:\Users\UpdatusUser
      2017-10-27 20:24 - 2015-02-02 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
      2017-10-25 16:32 - 2015-02-04 01:11 - 000000000 ____D C:\Users\María Fernanda\AppData\Roaming\vlc

      ==================== Files in the root of some directories =======

      2016-01-29 00:32 - 2009-08-27 16:52 - 000113664 _____ () C:\Users\María Fernanda\iniFox_by_infospyware.exe
      2016-01-29 00:32 - 2009-05-25 08:52 - 000520621 _____ () C:\Users\María Fernanda\sqlite3.exe
      2015-06-01 17:43 - 2015-06-01 17:43 - 000004096 ____H () C:\Users\María Fernanda\AppData\Local\keyfile3.drm
      2017-11-13 15:32 - 2017-11-13 15:32 - 000010468 _____ () C:\Users\María Fernanda\AppData\Local\recently-used.xbel
      2016-09-09 09:12 - 2016-09-09 09:12 - 000000017 _____ () C:\Users\María Fernanda\AppData\Local\resmon.resmoncfg

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-09 19:52

      ==================== End of FRST.txt ============================

    3. #3
      Usuario Avatar de MFBG
      Registrado
      sep 2005
      Ubicación
      Argentina
      Mensajes
      98

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2017
      Ran by María Fernanda (18-11-2017 17:55:13)
      Running from C:\Users\María Fernanda\Desktop
      Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-02-01 1358)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3224671148-4119020339-2458528890-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-3224671148-4119020339-2458528890-1002 - Limited - Enabled)
      Invitado (S-1-5-21-3224671148-4119020339-2458528890-501 - Limited - Disabled)
      María Fernanda (S-1-5-21-3224671148-4119020339-2458528890-1001 - Administrator - Enabled) => C:\Users\María Fernanda
      UpdatusUser (S-1-5-21-3224671148-4119020339-2458528890-1003 - Limited - Enabled) => C:\Users\UpdatusUser

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
      AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
      Actualización de NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
      Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      Argente - Registry Cleaner 3.1.1.0 (HKLM\...\Argente - Registry Cleaner_is1) (Version: 3.1.1.0 - Raúl Argente)
      Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
      calibre (HKLM\...\{5B27E69E-F59D-4B62-901F-F6981C826A5A}) (Version: 3.4.0 - Kovid Goyal)
      CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
      CorelDRAW Graphics Suite X7 - Capture (HKLM\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Common (HKLM\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Connect (HKLM\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Custom Data (HKLM\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Draw (HKLM\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - ES (HKLM\...\{168EC2AB-9458-40F7-9C2B-424EFE565CE3}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Filters (HKLM\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - FontNav (HKLM\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - IPM Content (HKLM\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - IPM T (HKLM\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Redist (HKLM\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Setup Files (HKLM\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - VBA (HKLM\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.1 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X7 - Writing Tools (HKLM\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.1 - Corel Corporation) Hidden
      D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      EarMaster Pro 6.2 (HKLM\...\EarMaster Pro 6_is1) (Version: 6.2 - EarMaster ApS)
      FFmpeg (Windows) for Audacity versión 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
      FileZilla Client 3.24.0 (HKLM\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
      Foxit PhantomPDF Business (HKLM\...\{F54D6DB2-CEE3-4089-BE83-09F4DD180B4E}) (Version: 7.0.8.1216 - Foxit Software Inc.)
      Galería de fotos (HKLM\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      Glary Utilities 5.63 (HKLM\...\Glary Utilities 5) (Version: 5.63.0.84 - Glarysoft Ltd)
      Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
      GPL Ghostscript (HKLM\...\GPL Ghostscript 9.20) (Version: 9.20 - Artifex Software Inc.)
      GPL Ghostscript 8.70 (HKLM\...\GPL Ghostscript 8.70) (Version: - )
      GSview 4.9 (HKLM\...\GSview 4.9) (Version: - )
      HandBrake 0.10.5 (HKLM\...\HandBrake) (Version: 0.10.5 - )
      Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
      Inkscape 0.92.0 (HKLM\...\Inkscape) (Version: 0.92.0 - Inkscape Project)
      Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
      Kindle Previewer (HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\KindlePreviewer) (Version: 2.94 - Amazon)
      LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
      LicensingService (HKLM\...\{31834C68-EED8-4D5E-B6AE-88A70E1D45B2}) (Version: 1.00.0000 - Corel Corporation) Hidden
      MakeMKV v1.9.9 (HKLM\...\MakeMKV) (Version: v1.9.9 - GuinpinSoft inc)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
      Microsoft OneNote Hogar y Estudiantes 2016 - es-es (HKLM\...\OneNoteFreeRetail - es-es) (Version: 16.0.8625.2127 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual Studio Tools for Applications 2.0 Language Pack - ESN (HKLM\...\{6D972506-DC01-39BC-A5DD-06DA86E00031}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ESN (HKLM\...\{4A28444E-0532-3264-B07D-5AFE590E30BE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual Studio Tools for Applications 2012 (HKLM\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
      Movie Maker (HKLM\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
      Mozilla Firefox 50.1.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 50.1.0 (x86 es-ES)) (Version: 50.1.0 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla)
      Mozilla Thunderbird 52.4.0 (x86 es-AR) (HKLM\...\Mozilla Thunderbird 52.4.0 (x86 es-AR)) (Version: 52.4.0 - Mozilla)
      MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
      MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
      MuseScore 2 (HKLM\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
      MySQL Servers and Clients 3.23.52 (HKLM\...\MySQL Servers and Clients 3.23.52) (Version: - )
      NVIDIA Controlador de gráficos 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
      NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
      Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
      Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
      Panel de control de NVIDIA 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 309.08 - NVIDIA Corporation) Hidden
      Paquete de compatibilidad para 2007 Office system (HKLM\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Revisión para Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{6D972506-DC01-39BC-A5DD-06DA86E00031}.KB947789) (Version: 1 - Microsoft Corporation)
      Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
      SAM2 (remove only) (HKLM\...\SAM2) (Version: - )
      Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
      Scribus 1.4.6 (HKLM\...\Scribus 1.4.6) (Version: 1.4.6 - The Scribus Team)
      Scribus 1.5.2 (HKLM\...\Scribus 1.5.2) (Version: 1.5.2 - The Scribus Team)
      Smart Switch (HKLM\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Hidden
      Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.)
      SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
      Vegas Pro 11.0 (HKLM\...\{09771440-269F-11E1-89B1-F04DA23A5C58}) (Version: 11.0.510 - Sony)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
      Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
      ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
      ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-11-08] (ESET)
      ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2014-11-17] (Foxit Software Inc.)
      ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
      ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-11-08] (ESET)
      ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
      ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation)
      ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
      ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-11-08] (ESET)
      ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {05240197-51E9-446A-BDC3-D9DFD55776A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-24] (Google Inc.)
      Task: {108D3AC8-E5E8-40F8-B3AC-1A7BAB98462B} - System32\Tasks\{ED59EDE6-91A3-450A-969F-52F0642AEB2E} => C:\Windows\system32\pcalua.exe -a "C:\Users\María Fernanda\Desktop\B2CAppSetup By JC.exe" -d "C:\Users\María Fernanda\Desktop"
      Task: {19657B57-7A1A-4F0F-ABA3-80894FA33E39} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-17] (Adobe Systems Incorporated)
      Task: {1B865303-E372-4C07-9952-253B8002E7B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
      Task: {5270B205-0A22-45C7-A1A7-5402707CDE97} - System32\Tasks\{C6F6FC3B-3FE9-4FEA-83AB-01DF5A8F5759} => C:\Windows\system32\pcalua.exe -a "C:\Users\María Fernanda\Downloads\jre-8u101-windows-i586-iftw.exe" -d "C:\Users\María Fernanda\Downloads"
      Task: {58B4677E-66AE-4FC4-8793-527B6AACD317} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
      Task: {58D0AE01-C1FC-4BC1-BE10-6B1006D5E1CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
      Task: {657B4F1E-0D25-4094-80E3-F95B8B8313BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
      Task: {83888111-3697-4C54-A627-E7A9F878C279} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
      Task: {93D5D20B-4DC7-4310-A08F-9B20F4A489D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-24] (Google Inc.)
      Task: {9677240E-F879-49C0-B967-6515D5A4C3BE} - System32\Tasks\PPTAssistantUpdateTask_María Fernanda => C:\Users\María Fernanda\AppData\Local\PPTAssist\assistupdate.exe <==== ATTENTION
      Task: {BBAB1836-5F05-48AD-8B00-56CD0B3FA690} - System32\Tasks\{11E18CBF-9F43-4D18-8F65-2DBCC2F72D00} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
      Task: {C87502DA-EFDB-4CD9-9AA8-DB0762A6724A} - System32\Tasks\{18EFE6D8-B40E-462D-B31C-E2F3F5D65260} => C:\Windows\system32\pcalua.exe -a "C:\Users\María Fernanda\Downloads\LGMobileSupportTool.exe" -d "C:\Users\María Fernanda\Downloads"
      Task: {D64EB14D-3C11-4F6C-9644-A5D113F00CE7} - System32\Tasks\PPTAssistantNotifyTask_María Fernanda => C:\Users\María Fernanda\AppData\Local\PPTAssist\notify.exe <==== ATTENTION
      Task: {D9E7FE9D-D06D-466D-A199-98D1059C608B} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2016-11-04] (Glarysoft Ltd)
      Task: {EE6BFD6E-7635-49BB-9222-B1068A9697FB} - System32\Tasks\{FB2AF08E-3422-41DB-A257-B8494E771022} => C:\Windows\system32\pcalua.exe -a "C:\Users\María Fernanda\Downloads\B2CAppSetup (1).exe" -d "C:\Users\María Fernanda\Downloads"
      Task: {F87A7BCB-3ECE-4A8E-AAF6-6BCA48C25350} - System32\Tasks\GlaryUpdate 5 => C:\Program Files\Glary Utilities 5\CheckUpdate.exe [2016-11-04] (Glarysoft Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Users\María Fernanda\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

      ==================== Loaded Modules (Whitelisted) ==============

      2016-08-14 15:31 - 2002-08-14 03:33 - 001130496 _____ () C:\mysql\bin\mysqld-nt.exe

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\localhost -> localhost
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\008i.com -> 008i.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\008k.com -> 008k.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\00hq.com -> 00hq.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0190-dialers.com -> 0190-dialers.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\01i.info -> 01i.info
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0411dd.com -> 0411dd.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0511zfhl.com -> 0511zfhl.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\05p.com -> 05p.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0632qyw.com -> 0632qyw.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0calories.net -> 0calories.net
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0cj.net -> 0cj.net
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\0scan.com -> 0scan.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\1-se.com -> 1-se.com
      IE restricted site: HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\...\1001movie.com -> 1001movie.com

      There are 6091 more sites.


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:04 - 2016-12-01 22:57 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\María Fernanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: Media is not connected to internet.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
      mpsdrv => Firewall Service is not running.
      MpsSvc => Firewall Service is not running.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
      MSCONFIG\Services: AdobeUpdateService => 2
      MSCONFIG\Services: FoxitCloudUpdateService => 2
      MSCONFIG\Services: MozillaMaintenance => 3
      MSCONFIG\Services: PSI_SVC_2 => 2
      MSCONFIG\startupfolder: C:^Users^María Fernanda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Enviar a OneNote.lnk => C:\Windows\pss\Enviar a OneNote.lnk.Startup
      MSCONFIG\startupreg: ArgenteRC => "C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe" /AutoClean
      MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
      MSCONFIG\startupreg: SmartSwitchPDLR.exe => C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
      MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{3C276C4E-D49F-45B9-9076-B9CBFD2594AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      FirewallRules: [{EB84D01E-232C-49BE-924D-8D5F0F4D6A73}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      FirewallRules: [{967AA32E-C452-4B84-A57D-B6BC723A2E53}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

      ==================== Restore Points =========================

      16-11-2017 19:20:35 Punto de control programado
      18-11-2017 17:49:41 JRT Pre-Junkware Removal
      Check "winmgmt" service or repair WMI.


      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/15/2017 10:59:39 PM) (Source: VSS) (EventID: 8193) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
      .

      Error: (11/15/2017 10:59:39 PM) (Source: VSS) (EventID: 13) (User: )
      Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
      ]

      Error: (11/15/2017 10:59:38 PM) (Source: VSS) (EventID: 8193) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
      .

      Error: (11/15/2017 10:59:38 PM) (Source: VSS) (EventID: 13) (User: )
      Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
      ]

      Error: (11/14/2017 09:05:47 PM) (Source: VSS) (EventID: 8193) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
      .

      Error: (11/14/2017 09:05:47 PM) (Source: VSS) (EventID: 13) (User: )
      Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
      ]

      Error: (11/14/2017 07:28:50 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/13/2017 07:56:22 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/12/2017 09:26:18 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/11/2017 09:21:50 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
      No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.


      System errors:
      =============
      Error: (11/18/2017 05:51:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio NVIDIA Display Driver Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/18/2017 08:28:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
      Description: El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143 = No hay más extremos disponibles desde el asignador de extremos..

      Error: (11/18/2017 08:28:18 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
      Description: Error de hardware irrecuperable.

      Informado por el componente: núcleo del procesador
      Origen del error: 3
      Tipo de error: 256
      Id. de procesador: 1

      La vista de detalles de esta entrada contiene más información.

      Error: (11/18/2017 08:28:18 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
      Description: Error de hardware irrecuperable.

      Informado por el componente: núcleo del procesador
      Origen del error: 3
      Tipo de error: 256
      Id. de procesador: 1

      La vista de detalles de esta entrada contiene más información.

      Error: (11/18/2017 08:28:18 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
      Description: Error de hardware irrecuperable.

      Informado por el componente: núcleo del procesador
      Origen del error: 3
      Tipo de error: 256
      Id. de procesador: 1

      La vista de detalles de esta entrada contiene más información.

      Error: (11/17/2017 09:24:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
      Description: El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143 = No hay más extremos disponibles desde el asignador de extremos..

      Error: (11/17/2017 1131 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
      Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.257.586.0).

      Error: (11/17/2017 10:59:54 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
      Description: El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143 = No hay más extremos disponibles desde el asignador de extremos..

      Error: (11/17/2017 10:58:20 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
      Description: Error de hardware irrecuperable.

      Informado por el componente: núcleo del procesador
      Origen del error: 3
      Tipo de error: 256
      Id. de procesador: 1

      La vista de detalles de esta entrada contiene más información.

      Error: (11/17/2017 10:58:20 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
      Description: Error de hardware irrecuperable.

      Informado por el componente: núcleo del procesador
      Origen del error: 3
      Tipo de error: 256
      Id. de procesador: 1

      La vista de detalles de esta entrada contiene más información.


      ==================== Memory info ===========================

      Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
      Percentage of memory in use: 39%
      Total physical RAM: 1919.3 MB
      Available physical RAM: 1163.88 MB
      Total Virtual: 3838.61 MB
      Available Virtual: 2987.59 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:148.95 GB) (Free:15.25 GB) NTFS
      Drive e: (READY BOOST) (Removable) (Total:3.61 GB) (Free:0.1 GB) exFAT

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 4D934D93)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Hola MFBG

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      CHR Extension: (Presentaciones) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Learn French - Très Bien) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2016-04-24]
      CHR Extension: (Documentos) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
      CHR Extension: (Chrome Media Router) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Extension: (Diapositivas de Google) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-30]
      CHR Extension: (Google Docs) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-30]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
      CHR Extension: (Chrome Media Router) - C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
      2017-11-02 16:46 - 2017-11-02 16:46 - 000000043 _____ C:\Users\María Fernanda\Downloads\hbpix
      ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
      ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      Task: {9677240E-F879-49C0-B967-6515D5A4C3BE} - System32\Tasks\PPTAssistantUpdateTask_María Fernanda => C:\Users\María Fernanda\AppData\Local\PPTAssist\assistupdate.exe <==== ATTENTION
      Task: {D64EB14D-3C11-4F6C-9644-A5D113F00CE7} - System32\Tasks\PPTAssistantNotifyTask_María Fernanda => C:\Users\María Fernanda\AppData\Local\PPTAssist\notify.exe <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de MFBG
      Registrado
      sep 2005
      Ubicación
      Argentina
      Mensajes
      98

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Muchas gracias Daniela!

      Te paso el reporte del fixlog
      Agradecida!
      Esperemos que se haya limpiado.
      María Fernanda

      Fix result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
      Ran by María Fernanda (19-11-2017 17:21:13) Run:1
      Running from C:\Users\María Fernanda\Desktop
      Loaded Profiles: María Fernanda (Available Profiles: María Fernanda & UpdatusUser)
      Boot Mode: Safe Mode (with Networking)

      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      CHR Extension: (Presentaciones) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Learn French - Tr�s Bien) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2016-04-24]
      CHR Extension: (Documentos) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
      CHR Extension: (Chrome Media Router) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Extension: (Diapositivas de Google) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-30]
      CHR Extension: (Google Docs) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-30]
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
      CHR Extension: (Chrome Media Router) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
      2017-11-02 16:46 - 2017-11-02 16:46 - 000000043 _____ C:\Users\Mar�a Fernanda\Downloads\hbpix
      ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
      ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
      ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      Task: {9677240E-F879-49C0-B967-6515D5A4C3BE} - System32\Tasks\PPTAssistantUpdateTask_Mar�a Fernanda => C:\Users\Mar�a Fernanda\AppData\Local\PPTAssist\assistupdate.exe <==== ATTENTION
      Task: {D64EB14D-3C11-4F6C-9644-A5D113F00CE7} - System32\Tasks\PPTAssistantNotifyTask_Mar�a Fernanda => C:\Users\Mar�a Fernanda\AppData\Local\PPTAssist\notify.exe <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      C:\Windows\system32\GroupPolicy\Machine => moved successfully
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully.
      CHR Extension: (Presentaciones) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Learn French - Tr�s Bien) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2016-04-24] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] => Error: No automatic fix found for this entry.
      CHR Extension: (Diapositivas de Google) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-30] => Error: No automatic fix found for this entry.
      CHR Extension: (Google Docs) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-30] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10] => Error: No automatic fix found for this entry.
      "C:\Users\Mar�a Fernanda\Downloads\hbpix" => not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1 => key removed successfully.
      HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2 => key removed successfully.
      HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => key not found.
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3 => key removed successfully.
      HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => key not found.
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => key removed successfully.
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
      HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => key removed successfully.
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
      HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully.
      HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
      HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully.
      HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9677240E-F879-49C0-B967-6515D5A4C3BE} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9677240E-F879-49C0-B967-6515D5A4C3BE} => key removed successfully.
      C:\Windows\System32\Tasks\PPTAssistantUpdateTask_Mar�a Fernanda => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPTAssistantUpdateTask_Mar�a Fernanda => key not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D64EB14D-3C11-4F6C-9644-A5D113F00CE7} => key removed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D64EB14D-3C11-4F6C-9644-A5D113F00CE7} => key removed successfully.
      C:\Windows\System32\Tasks\PPTAssistantNotifyTask_Mar�a Fernanda => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPTAssistantNotifyTask_Mar�a Fernanda => key not found.
      C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local 2 mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet Conexi¢n de *rea local 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . : home
      Direcci¢n IPv6 . . . . . . . . . . : fd9c:b2b2:de5e:8a00:c0f1:a3e3:edb4:3a83
      Direcci¢n IPv6 temporal. . . . . . : fd9c:b2b2:de5e:8a00:c43:461d:722b:eda0
      V¡nculo: direcci¢n IPv6 local. . . : fe80::c0f1:a3e3:edb4:3a83%10
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.2
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.home:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{3B309468-6688-4044-B30A-4D2B2A6712F7}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c
      No se puede iniciar el servicio o grupo de dependencia.



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9952781 B
      Java, Flash, Steam htmlcache => 0 B
      Windows/system/drivers => 441330 B
      Edge => 0 B
      Chrome => 219607205 B
      Firefox => 12467260 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 128 B
      LocalService => 0 B
      NetworkService => 0 B
      María Fernanda => 36355482 B
      UpdatusUser => 0 B

      RecycleBin => 0 B
      EmptyTemp: => 265.9 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 17:21:56 ====

    6. #6
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Hola Marìa Fernanda

      Cómo sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de MFBG
      Registrado
      sep 2005
      Ubicación
      Argentina
      Mensajes
      98

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Hola Daniela.
      Hice todo lo que me indicaste y esperé a ver qué pasa.

      Hoy, en el scaneo del Malwarebytes volvió a salir el mismo Adware.Elex.ShrtCln.
      Fijate abajo en el informe, aparece como un archivo de la carpeta de Chrome

      Abrazo y gracias por tu ayuda
      María Fernanda


      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 21/11/17
      Hora del análisis: 15:44
      Archivo de registro: f410f189-ceeb-11e7-9d4e-00e052e03584.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3313
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x86
      Sistema de archivos: NTFS
      Usuario: PC\Mar\u00c3\u00ada Fernanda

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 283715
      Amenazas detectadas: 1
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 32 min, 49 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 1
      Adware.Elex.ShrtCln, C:\USERS\MARíA FERNANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, [2306], [454721],1.0.3313

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Hola María Fernanda

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      CHR Profile: C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\Default [2017-11-18]
      CHR Profile: C:\Users\María Fernanda\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-18] 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de MFBG
      Registrado
      sep 2005
      Ubicación
      Argentina
      Mensajes
      98

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Hola Daniela.
      Hice anoche tal como me indicaste y en el scan de esta mañana con el malwarebytes volvió a salir nuevamente este molesto Adware.Elex.ShrtCln.

      Paso el reporte del ultimo fixlog y luego el malwarebytes de esta mañana.
      ¡Muchas gracias por tu dedicación!
      María Fernanda


      Fix result of Farbar Recovery Scan Tool (x86) Version: 22-11-2017
      Ran by María Fernanda (22-11-2017 17:56:44) Run:2
      Running from C:\Users\María Fernanda\Desktop
      Loaded Profiles: María Fernanda (Available Profiles: María Fernanda & UpdatusUser)
      Boot Mode: Safe Mode (with Networking)

      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      CHR Profile: C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default [2017-11-18]
      CHR Profile: C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-18]

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\Default => not found
      C:\Users\Mar�a Fernanda\AppData\Local\Google\Chrome\User Data\System Profile => not found

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local 2 mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet Conexi¢n de *rea local 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . : home
      Direcci¢n IPv6 . . . . . . . . . . : fd9c:b2b2:de5e:8a00:c0f1:a3e3:edb4:3a83
      Direcci¢n IPv6 temporal. . . . . . : fd9c:b2b2:de5e:8a00:e08e:63c6:3f29:2e9b
      V¡nculo: direcci¢n IPv6 local. . . : fe80::c0f1:a3e3:edb4:3a83%10
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.2
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.home:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{3B309468-6688-4044-B30A-4D2B2A6712F7}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c
      No se puede iniciar el servicio o grupo de dependencia.



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-3224671148-4119020339-2458528890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16975258 B
      Java, Flash, Steam htmlcache => 0 B
      Windows/system/drivers => 471866 B
      Edge => 0 B
      Chrome => 291284852 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 128 B
      LocalService => 0 B
      NetworkService => 0 B
      María Fernanda => 55610020 B
      UpdatusUser => 0 B

      RecycleBin => 39175 B
      EmptyTemp: => 347.5 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 17:57:02 ====

      -------------


      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 23/11/17
      Hora del análisis: 10:58
      Archivo de registro: 541318c0-d056-11e7-8e40-00e052e03584.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3331
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x86
      Sistema de archivos: NTFS
      Usuario: PC\Mar\u00c3\u00ada Fernanda

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 284129
      Amenazas detectadas: 1
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 36 min, 26 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 1
      Adware.Elex.ShrtCln, C:\USERS\MARíA FERNANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, [2306], [454721],1.0.3331

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.349

      Re: Infección reiterada con Adaware.Elex.Shrt Cln pese a scanear y limpiar registro

      Hola

      En el reporte dice que no se tomaron medidas por el usuario, tienes que marcar todo para eliminar,

      Resetea Google Chrome

      Nos comentas como sigue.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo