• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    No se va el VIRUS "1.vbs"

    ...

    1. #1
      Usuario Avatar de atessa61
      Registrado
      feb 2006
      Ubicación
      Tafi Viejo-Arge
      Mensajes
      174

      No se va el VIRUS "1.vbs"



      Cada vez que reinicio me aparece el siguiente cartel y no se cómo eliminarlo. Me pueden orientar? Tengo Windows 7 y es una Notebock

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.504

      Re: No se va el VIRUS "1.vbs"

      Buenas atessa61.

      Para revisar tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

      Paso 1.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras realizamos TODOS los pasos.

      Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


      Una vez descargadas, desconectas tu equipo de Internet(apaga el router) << Muy Importante, y Cierras también cualquier otro programa que tengas abierto.

      Paso 2.- Ejecutas las herramientas de una en una y en el orden indicado :

      Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador" para Todos los programas.
      CCleaner.-
      • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
      • Úsalo primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

      Malwarebytes.-
      • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
      • Realiza un Análisis Completo.
      • Seleccionando "TODOS a Cuarentena" para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

      AdwCleaner.-
      • Ejecuta Adwcleaner.exe.
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\Program Files(x86)\AdwCleaner\AdwCleaner[C1].txt"

      Junkware Removal Tool.-
      • Ejecuta JRT.exe.
      • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
      • Si en algún momento te pide Reiniciar hazlo.
      • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

      Farbar Recovery Scan Tool.-
      • Ejecuta FRST.exe.
      • En el mensaje de la ventana del Disclaimer, pulsamos Yes.
      • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el análisis.
      • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

      Paso 3.- Poner los informes en tu próxima respuesta de :

      • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.


      Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de atessa61
      Registrado
      feb 2006
      Ubicación
      Tafi Viejo-Arge
      Mensajes
      174

      Re: No se va el VIRUS "1.vbs"

      Hola y Gracias por responder. No se que pasó con el informe MBAM que lo había guardado en una carpeta aparte del programa y no lo encuentro. Bien lo tenga te lo subo, pero puedo decirte que luego de pasar el Malwarebytes y reiniciar el cartel de la imagen que les compartí, ya no apareció mas. De todos modos continué con el proceso recomendado y comienzo a pegar aqui los informes;
      AdwCleaner:
      # AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 24 01:54:00 2017
      # Updated on 2017/27/10 by Malwarebytes
      # Running on Windows 7 Starter (X86)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      Deleted: C:\Program Files\Common Files\AVG Secure Search
      Deleted: C:\Users\claudia\AppData\Roaming\Yahoo!\Companion
      Deleted: C:\ProgramData\avg web tuneup
      Deleted: C:\ProgramData\Application Data\avg web tuneup
      Deleted: C:\Program Files\avg web tuneup
      Deleted: C:\Users\All Users\avg web tuneup
      Deleted: C:\Users\claudia\AppData\Local\avg web tuneup
      Deleted: C:\Users\Ramon\AppData\Local\avg web tuneup
      Deleted: C:\Program Files\Bandoo
      Deleted: C:\Users\claudia\AppData\LocalLow\Bandoo
      Deleted: C:\Users\claudia\AppData\Roaming\Bandoo
      Deleted: C:\Users\Invitado\AppData\LocalLow\Bandoo
      Deleted: C:\Program Files\Conduit
      Deleted: C:\Users\claudia\AppData\Roaming\DRPSu


      ***** [ Files ] *****

      Deleted: C:\Windows\System32\conduitEngine.tmp
      Deleted: C:\Users\claudia\AppData\Local\Temp\searchqutoolbar-manifest.xml
      Deleted: C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg


      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      No malicious tasks deleted.

      ***** [ Registry ] *****

      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
      Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
      Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
      Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
      Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
      Deleted: [Key] - HKLM\SOFTWARE\Conduit
      Deleted: [Key] - HKLM\SOFTWARE\Reimage


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [5811 B] - [2017/11/24 1:52:28]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    4. #4
      Usuario Avatar de atessa61
      Registrado
      feb 2006
      Ubicación
      Tafi Viejo-Arge
      Mensajes
      174

      Re: No se va el VIRUS "1.vbs"

      JRT:

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Starter x86
      Ran by Ramon (Administrator) on 23/11/2017 at 22:57:31.39
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 24

      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KRD6K7W (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YVB6R4T (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GM4VRWH (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1O9AR8L (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCRPW69E (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7F2DK60 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJWLZBUZ (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYZQ6V47 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMHZB6RV (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAFKCSWU (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUVBL7DU (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMYNGUKQ (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KRD6K7W (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YVB6R4T (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GM4VRWH (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1O9AR8L (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCRPW69E (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7F2DK60 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJWLZBUZ (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYZQ6V47 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMHZB6RV (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAFKCSWU (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUVBL7DU (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMYNGUKQ (Temporary Internet Files Folder)



      Registry: 4

      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
      Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
      Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{9c905b42-976e-43c1-bc30-fc5937017909} (Registry Value)




      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 23/11/2017 at 23:00:31.98
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    5. #5
      Usuario Avatar de atessa61
      Registrado
      feb 2006
      Ubicación
      Tafi Viejo-Arge
      Mensajes
      174

      Re: No se va el VIRUS "1.vbs"

      FRST:

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2017
      Ran by Ramon (administrator) on CLAUDIA-PC (23-11-2017 2326)
      Running from C:\Users\Ramon\Desktop
      Loaded Profiles: Ramon (Available Profiles: claudia & Ramon & Invitado)
      Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
      (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
      (Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
      (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
      (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
      (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      "Path" (%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\EgisTec MyWinLocker\x86;C:\Program Files\EgisTec MyWinLocker\x64;C:\Program Files\QuickTime\QTSystem\ -> %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\EgisTec MyWinLocker\x86;C:\Program Files\EgisTec MyWinLocker\x64;C:\Program Files\QuickTime\QTSystem\) <==== Repaired successfully
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
      HKLM\...\Run: [SuiteTray] => C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
      HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
      HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
      HKU\S-1-5-21-3004230169-933821565-82608703-1003\...\Run: [Google Update] => C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
      HKU\S-1-5-21-3004230169-933821565-82608703-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
      HKU\S-1-5-21-3004230169-933821565-82608703-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-23] ()
      HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-06] (Microsoft Corporation)
      Startup: C:\Users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IeServise.lnk [2017-06-04]
      ShortcutTarget: IeServise.lnk -> C:\Users\Ramon\AppData\Roaming\IeServise\IeServise.vbs (No File)
      Startup: C:\Users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-06-13]
      ShortcutTarget: MEGAsync.lnk -> C:\Users\Ramon\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{314AEA43-C693-427A-A611-DC7B34518CC3}: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{E8B34BB2-1B4B-4640-8828-E33BE6E7920A}: [DhcpNameServer] 10.0.0.2

      Internet Explorer:
      ==================
      HKU\S-1-5-21-3004230169-933821565-82608703-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
      URLSearchHook: HKLM - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} - No File
      SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL =
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
      SearchScopes: HKU\S-1-5-21-3004230169-933821565-82608703-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
      BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
      BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
      BHO: Windows Live Aplicación auxiliar de inicio de sesión -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
      Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
      Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
      Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

      FireFox:
      ========
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
      FF Plugin HKU\S-1-5-21-3004230169-933821565-82608703-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3004230169-933821565-82608703-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
      CHR Profile: C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
      CHR Extension: (Google Drive) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
      CHR Extension: (YouTube) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-05]
      CHR Extension: (Búsqueda de Google) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-05]
      CHR Extension: (Chrome Media Router) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      StartMenuInternet: Google Chrome.CMRUGB3PE7PGQYKN2QENWMDK4A - C:\Users\claudia\AppData\Local\Google\Chrome\Application\chrome.exe

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated)
      R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
      R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
      R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
      S3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
      S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
      R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
      R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
      R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-23] (Malwarebytes)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
      R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-03] (Egis Technology Inc.)
      R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-03] (Egis Technology Inc.)
      R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-03] (Egis Technology Inc.)
      R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [15360 2010-04-19] (NTI Corporation)
      R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [14848 2010-07-09] (NTI Corporation)
      S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [104960 2009-10-21] (ZTE Incorporated) [File not signed]
      S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [104960 2009-10-21] (ZTE Incorporated) [File not signed]
      S3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [104960 2009-10-21] (ZTE Incorporated) [File not signed]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-23 23:10 - 2017-11-23 23:11 - 000012140 _____ C:\Users\Ramon\Desktop\FRST.txt
      2017-11-23 23:10 - 2017-11-23 23:10 - 000000000 ____D C:\FRST
      2017-11-23 23:00 - 2017-11-23 23:00 - 000005037 _____ C:\Users\Ramon\Desktop\JRT.txt
      2017-11-23 22:50 - 2017-11-23 22:54 - 000000000 ____D C:\AdwCleaner
      2017-11-23 22:21 - 2017-11-23 22:21 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2017-11-23 22:21 - 2017-11-23 22:21 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-11-23 22:21 - 2017-11-23 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-11-23 22:21 - 2017-11-23 22:21 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-23 22:21 - 2017-11-23 22:21 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-11-23 22:21 - 2017-11-01 08:54 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
      2017-11-23 22:13 - 2017-11-23 22:13 - 001789440 _____ (Farbar) C:\Users\Ramon\Desktop\FRST.exe
      2017-11-23 22:03 - 2017-11-23 22:03 - 001790024 _____ (Malwarebytes) C:\Users\Ramon\Desktop\JRT.exe
      2017-11-23 22:02 - 2017-11-23 22:02 - 008261584 _____ (Malwarebytes) C:\Users\Ramon\Desktop\AdwCleaner.exe
      2017-11-23 22:01 - 2017-11-23 22:01 - 078346672 _____ (Malwarebytes ) C:\Users\Ramon\Desktop\mb3-setup-consumer-3.3.1.2183.exe
      2017-11-23 20:42 - 2017-11-23 23:09 - 000000000 ____D C:\CAPTURAS
      2017-11-21 19:25 - 2017-11-21 19:25 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-11-21 19:25 - 2017-11-21 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-11-21 19:23 - 2017-11-21 19:24 - 010849904 _____ (Piriform Ltd) C:\Users\Ramon\Downloads\ccsetup537.exe
      2017-11-17 19:13 - 2017-11-17 19:13 - 000000000 ____D C:\Program Files\Apple Software Update
      2017-11-14 18:15 - 2017-10-18 03:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-11-14 18:15 - 2017-10-17 22:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2017-11-14 18:15 - 2017-10-17 22:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2017-11-14 18:15 - 2017-10-16 19:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-11-14 18:15 - 2017-10-16 19:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-11-14 18:15 - 2017-10-16 18:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2017-11-14 18:15 - 2017-10-14 04:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-11-14 18:15 - 2017-10-14 03:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-11-14 18:15 - 2017-10-14 03:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-11-14 18:15 - 2017-10-14 03:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-11-14 18:15 - 2017-10-14 03:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-11-14 18:15 - 2017-10-14 03:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-11-14 18:15 - 2017-10-14 03:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-11-14 18:15 - 2017-10-14 03:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-11-14 18:15 - 2017-10-14 03:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-11-14 18:15 - 2017-10-14 03:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-11-14 18:15 - 2017-10-14 03:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-11-14 18:15 - 2017-10-14 03:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-11-14 18:15 - 2017-10-14 03:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-11-14 18:15 - 2017-10-14 03:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-11-14 18:15 - 2017-10-11 21:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-11-14 18:15 - 2017-10-11 21:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2017-11-14 18:15 - 2017-10-11 21:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-11-14 18:15 - 2017-10-11 21:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-11-14 18:15 - 2017-10-11 21:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-11-14 18:15 - 2017-10-11 21:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-11-14 18:15 - 2017-10-11 21:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
      2017-11-14 18:15 - 2017-09-07 10:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2017-11-14 18:15 - 2017-09-07 10:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2017-11-14 18:14 - 2017-10-17 22:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2017-11-14 18:14 - 2017-10-17 22:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2017-11-14 18:14 - 2017-10-17 22:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2017-11-14 18:14 - 2017-10-17 22:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2017-11-14 18:14 - 2017-10-17 22:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2017-11-14 18:14 - 2017-10-14 04:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-11-14 18:14 - 2017-10-14 04:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-11-14 18:14 - 2017-10-14 03:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-11-14 18:14 - 2017-10-14 03:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-11-14 18:14 - 2017-10-14 03:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-11-14 18:14 - 2017-10-14 03:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-11-14 18:14 - 2017-10-14 03:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-11-14 18:14 - 2017-10-14 03:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-11-14 18:14 - 2017-10-14 03:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-11-14 18:14 - 2017-10-14 03:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-11-14 18:14 - 2017-10-14 03:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-11-14 18:14 - 2017-10-14 03:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-11-14 18:14 - 2017-10-14 03:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-11-14 18:14 - 2017-10-14 03:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-11-14 18:14 - 2017-10-14 03:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-11-14 18:14 - 2017-10-14 03:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-11-14 18:14 - 2017-10-14 03:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-11-14 18:14 - 2017-10-14 03:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-11-14 18:14 - 2017-10-14 03:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-11-14 18:14 - 2017-10-14 03:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-11-14 18:14 - 2017-10-14 03:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2017-11-14 18:14 - 2017-10-11 21:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-11-14 18:14 - 2017-10-11 21:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-11-14 18:14 - 2017-10-11 21:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-11-14 18:14 - 2017-10-11 21:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-11-14 18:14 - 2017-10-11 21:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-11-14 18:14 - 2017-10-11 21:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-11-14 18:14 - 2017-10-11 21:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
      2017-11-14 18:14 - 2017-10-11 21:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
      2017-11-14 18:14 - 2017-10-11 21:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
      2017-11-14 18:14 - 2017-10-11 21:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-11-14 18:11 - 2017-10-17 23:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2017-11-14 18:11 - 2017-10-17 23:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2017-11-14 18:11 - 2017-10-15 19:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2017-11-14 18:11 - 2017-10-04 10:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2017-11-14 18:11 - 2017-10-04 10:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2017-11-14 18:11 - 2017-10-04 10:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2017-11-14 18:11 - 2017-10-04 10:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2017-11-14 18:11 - 2017-10-04 10:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2017-11-14 18:11 - 2017-10-04 10:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2017-11-14 18:11 - 2017-10-04 10:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2017-11-14 14:05 - 2017-11-21 17:53 - 000000000 ____D C:\Users\Ramon\AppData\Roaming\mnaxz
      2017-11-10 22:19 - 2017-11-10 22:19 - 000000043 _____ C:\Users\Ramon\Downloads\hbpix
      2017-10-29 14:23 - 2017-11-13 21:35 - 000000000 ____D C:\Users\Ramon\AppData\Roaming\mnxz

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-23 23:09 - 2009-07-14 01:34 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-23 23:09 - 2009-07-14 01:34 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-23 23:00 - 2011-01-15 21:59 - 000748438 _____ C:\Windows\system32\perfh00A.dat
      2017-11-23 23:00 - 2011-01-15 21:59 - 000159620 _____ C:\Windows\system32\perfc00A.dat
      2017-11-23 23:00 - 2010-12-09 01:54 - 001679842 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-23 23:00 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
      2017-11-23 22:55 - 2011-10-25 18:56 - 000065536 _____ C:\Windows\system32\Ikeext.etl
      2017-11-23 22:55 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-23 22:53 - 2013-08-25 20:52 - 000000000 ____D C:\Users\claudia\AppData\Roaming\Yahoo!
      2017-11-23 22:36 - 2017-10-23 13:51 - 000000000 ____D C:\Users\Ramon\AppData\Roaming\msvc
      2017-11-23 22:34 - 2017-05-11 14:34 - 000000000 ____D C:\Users\Ramon\AppData\Roaming\IeServise
      2017-11-23 22:25 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\tracing
      2017-11-23 22:20 - 2017-05-25 18:57 - 000000000 ____D C:\Program Files\TeamViewer
      2017-11-23 17:24 - 2017-06-12 20:42 - 000000000 ____D C:\stremio-cache
      2017-11-21 19:28 - 2016-12-29 23:32 - 000000000 ____D C:\Windows\Minidump
      2017-11-21 19:28 - 2016-08-30 14:35 - 000000000 ____D C:\Users\Ramon\Tracing
      2017-11-21 19:25 - 2013-08-25 20:52 - 000000000 ____D C:\Program Files\CCleaner
      2017-11-21 18:49 - 2016-01-01 11:56 - 000016800 _____ C:\Users\Ramon\Desktop\control pagos.xlsx
      2017-11-21 17:54 - 2017-10-23 13:51 - 000000000 ____D C:\Users\Ramon\AppData\Roaming\AsCDPro
      2017-11-21 13:45 - 2016-01-22 13:48 - 000000000 ____D C:\Users\Ramon\AppData\Roaming\Apple Computer
      2017-11-21 13:45 - 2013-08-25 22:40 - 000000000 ____D C:\Program Files\Common Files\Apple
      2017-11-21 13:44 - 2017-01-28 09:47 - 000000000 ____D C:\Program Files\iPod
      2017-11-21 13:39 - 2017-05-25 18:57 - 000000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
      2017-11-21 13:39 - 2017-05-25 18:57 - 000000921 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
      2017-11-20 17:32 - 2013-08-25 21:15 - 000450720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2017-11-19 22:34 - 2011-04-23 00:10 - 000002382 _____ C:\Users\claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-19 22:34 - 2011-04-23 00:10 - 000002374 _____ C:\Users\claudia\Desktop\Google Chrome.lnk
      2017-11-19 22:22 - 2011-04-23 00:05 - 000000000 ____D C:\Users\claudia\AppData\Local\Google
      2017-11-19 22:20 - 2009-07-14 01:53 - 000032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2017-11-18 22:21 - 2016-07-28 21:17 - 000000000 ___RD C:\Users\Ramon\Desktop\previsional
      2017-11-17 19:13 - 2013-08-25 22:40 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
      2017-11-17 11:52 - 2017-06-13 21:53 - 000000000 ____D C:\Users\Ramon\AppData\Local\MEGAsync
      2017-11-16 14:32 - 2016-09-26 14:57 - 000002364 _____ C:\Users\Ramon\Desktop\Google Chrome.lnk
      2017-11-16 14:32 - 2016-01-05 19:46 - 000002372 _____ C:\Users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 12:08 - 2009-07-14 01:33 - 000348040 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-11-16 12:05 - 2014-12-15 22:23 - 000000000 ____D C:\Windows\system32\appraiser
      2017-11-14 22:53 - 2017-10-11 14:29 - 124282896 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-11-14 22:53 - 2013-08-01 00:35 - 000000000 ____D C:\Windows\system32\MRT
      2017-11-14 22:53 - 2011-10-14 19:52 - 124282896 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-11-14 22:44 - 2017-05-04 13:27 - 000000000 ___RD C:\Users\Ramon\Desktop\Cine
      2017-11-09 12:22 - 2016-04-01 13:53 - 000000000 ___RD C:\Users\Ramon\Desktop\juegos
      2017-11-09 11:18 - 2016-03-10 10:20 - 000000000 ____D C:\Users\Ramon\Desktop\varios
      2017-11-09 11:17 - 2016-04-01 13:55 - 000000000 ____D C:\Users\Ramon\Desktop\for well
      2017-11-06 13:33 - 2016-01-01 11:43 - 000000000 ___RD C:\Users\Ramon\Desktop\ramon

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2013-08-01 21:44

      ==================== End of FRST.txt ============================

    6. #6
      Usuario Avatar de atessa61
      Registrado
      feb 2006
      Ubicación
      Tafi Viejo-Arge
      Mensajes
      174

      Re: No se va el VIRUS "1.vbs"

      ADDITION;

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2017
      Ran by Ramon (23-11-2017 23:11:36)
      Running from C:\Users\Ramon\Desktop
      Microsoft Windows 7 Starter Service Pack 1 (X86) (2011-03-16 23:13:21)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3004230169-933821565-82608703-500 - Administrator - Disabled)
      claudia (S-1-5-21-3004230169-933821565-82608703-1000 - Administrator - Enabled) => C:\Users\claudia
      Invitado (S-1-5-21-3004230169-933821565-82608703-501 - Limited - Disabled) => C:\Users\Invitado
      Ramon (S-1-5-21-3004230169-933821565-82608703-1003 - Administrator - Enabled) => C:\Users\Ramon

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
      AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
      Acer Crystal Eye webcam (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
      Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
      Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
      Acer GameZone Console (HKLM\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
      Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
      Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
      Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
      Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
      Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
      Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
      Airport Mania First Flight (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
      Amazonia (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
      Apple Application Support (32 bits) (HKLM\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{2218B6FE-7215-4EC9-B0E7-F47674AFA2F5}) (Version: 11.0.1.2 - Apple Inc.)
      Apple Software Update (HKLM\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
      Ares 3.1.7.3042 (HKLM\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.7.3042 - Ares)
      Ares Conecting para todas las versiones (HKLM\...\Ares Conecting para todas las versiones) (Version: - )
      AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
      Backup Manager Basic (HKLM\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden
      Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
      Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
      CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
      Compresor WinRAR (HKLM\...\WinRAR archiver) (Version: - )
      CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
      eSobi v2 (HKLM\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
      eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
      Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
      Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
      Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
      Galería fotográfica de Windows Live (HKLM\...\{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
      Google Chrome (HKU\S-1-5-21-3004230169-933821565-82608703-1003\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
      Hacer clic y ejecutar de Microsoft Office 2010 (HKLM\...\{90140000-006D-0C0A-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
      Hacer clic y ejecutar de Microsoft Office 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
      Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
      Herramienta de carga de Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
      Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
      Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
      Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
      Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
      Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
      Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
      Merriam Websters Spell Jam (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
      Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
      Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
      Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
      Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
      Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
      Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
      Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
      Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
      MyWinLocker (HKLM\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
      MyWinLocker Suite (HKLM\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
      MyWinLocker Suite (HKLM\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
      NTI Media Maker 9 (HKLM\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation) Hidden
      NTI Media Maker 9 (HKLM\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      PHOTOfunSTUDIO 6.0 (HKLM\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
      Poker Pop (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
      QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
      Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
      Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
      Shredder (HKLM\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
      Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
      Spin & Win (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
      Stremio (HKU\S-1-5-21-3004230169-933821565-82608703-1003\...\Stremio) (Version: 3.6.5 - Smart Code Ltd.)
      Super LoiLoScope WebShortcut (HKLM\...\{AC589470-884E-4E15-96D8-437780F8185D}) (Version: 1.0.0 - LoiLo)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
      TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
      Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
      Visor de Microsoft PowerPoint (HKLM\...\{95140000-00AF-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
      Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
      Windows Live Asistente para el inicio de sesión (HKLM\...\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}) (Version: 5.000.818.5 - Microsoft Corporation)
      Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
      Windows Live Sync (HKLM\...\{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}) (Version: 14.0.8117.416 - Microsoft Corporation)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\psuser.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
      CustomCLSID: HKU\S-1-5-21-3004230169-933821565-82608703-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ramon\AppData\Local\Google\Update\1.3.33.7\psuser.dll (Google Inc.)
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll [2017-11-17] ()
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll [2017-11-17] ()
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll [2017-11-17] ()
      ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
      ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files\EgisTec MyWinLocker\x86\mwlshellext.dll [2010-05-27] (Egis Technology Inc.)
      ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll [2017-11-17] ()
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
      ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll [2017-11-17] ()
      ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files\EgisTec Shredder\x86\ShredderContextMenu.dll [2010-04-02] (Egis Technology Inc.)
      ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files\EgisTec MyWinLocker\x86\mwlshellext.dll [2010-05-27] (Egis Technology Inc.)
      ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll [2017-11-17] ()
      ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-02] (Intel Corporation)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {005F500E-615B-4B3B-952A-A426C89419FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004230169-933821565-82608703-1000Core => C:\Users\claudia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
      Task: {2C87DC54-C13A-4D13-ABC6-6A079D022C19} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
      Task: {57F95F70-1336-4472-A2EC-D688BD31FAFC} - System32\Tasks\{FE9FD270-6237-492F-B593-C5D462E64927} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
      Task: {585892C2-F9EE-42E2-87EA-7128DF85A603} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004230169-933821565-82608703-1003Core => C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-05] (Google Inc.)
      Task: {608BF87D-6A53-463D-B920-7AA30B2BBCF7} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3004230169-933821565-82608703-1003 => C:\Users\Ramon\AppData\Local\MEGAsync\MEGAupdater.exe [2017-11-17] (Mega Limited)
      Task: {719B6F73-52D3-4EA8-96D8-F91519E8CDEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
      Task: {A058357D-B394-4EC1-BA16-5209D1707485} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004230169-933821565-82608703-1000UA => C:\Users\claudia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
      Task: {A33C4114-9BF4-422D-83B2-52A3FDE14A82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
      Task: {AD8FA73E-1CB8-4742-B987-12526E2478DA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
      Task: {B4055189-EBF2-42CB-8708-2137ED106A22} - System32\Tasks\{4E130FFD-4754-4E9D-9804-A16FE13E0489} => "c:\users\claudia\appdata\local\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
      Task: {C3FA4007-17DF-4AE7-9287-10461CF6B0A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004230169-933821565-82608703-1003UA => C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-05] (Google Inc.)
      Task: {D8C1FF0B-BD86-4B2A-BD27-4646E8AD284A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ShortcutWithArgument: C:\Users\Ramon\Desktop\Gmail.lnk -> C:\Users\Ramon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia

      ==================== Loaded Modules (Whitelisted) ==============

      2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2016-11-17 01:29 - 2016-11-17 01:29 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2010-06-28 20:20 - 2010-06-28 20:20 - 000465576 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
      2010-06-28 20:12 - 2010-06-28 20:12 - 001081600 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
      2017-11-23 22:21 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-04-26 13:31 - 2017-11-17 11:51 - 000570368 _____ () C:\Users\Ramon\AppData\Local\MEGAsync\ShellExtX32.dll
      2013-08-25 21:42 - 2007-09-20 18:34 - 000129024 _____ () C:\Program Files\WinRAR\rarext.dll
      2017-09-21 12:29 - 2017-09-21 12:29 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\37fc2d150a5569e7ce440b1dd07b7ee9\IsdiInterop.ni.dll
      2010-12-09 01:38 - 2010-04-13 14:52 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [127]
      AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [134]
      AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [150]
      AlternateDataStreams: C:\ProgramData\Temp:798A3728 [124]
      AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [143]
      AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
      AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
      AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [135]
      AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [119]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:04 - 2009-06-10 18:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3004230169-933821565-82608703-1003\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
      DNS Servers: Media is not connected to internet.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.0.lnk.CommonStartup
      MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
      MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
      MSCONFIG\startupreg: EgisUpdate => "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
      MSCONFIG\startupreg: Google Update => "C:\Users\claudia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
      MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{9EE1436C-0A33-49D5-A2EF-C84B0F28A992}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
      FirewallRules: [{DD7CB229-3169-4A50-BDE7-E04722003509}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
      FirewallRules: [{4230FBB4-ADD1-4422-8836-70D3436CC5EB}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      FirewallRules: [{4EE76110-062E-4A61-A8DF-10A16C21A1F2}] => (Allow) svchost.exe
      FirewallRules: [{E61C47F3-1BC7-4440-B4F8-C7D18DAC1995}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
      FirewallRules: [{683F32B4-23C2-495F-8DE3-CE8FF837B397}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
      FirewallRules: [{1CBE94A3-8EB5-472B-9B4A-983C27FAF0CC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [{E2830E6C-E21B-455A-8465-ED1FC930ACDA}] => (Allow) C:\Users\claudia\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
      FirewallRules: [{6D5B503C-63F8-46BA-BA9F-FFBC46DC30B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{62D56DAE-4532-4D05-B483-52FC12419AE0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [TCP Query User{B35D114B-3825-45EA-8B00-06C3988FB2F6}C:\users\ramon\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ramon\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{FCD69715-1707-421C-974E-044F7130EFB9}C:\users\ramon\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ramon\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [TCP Query User{E3A2FE58-CD8F-4EB4-A2C9-8BFF02826CC1}C:\users\ramon\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ramon\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{E88C9466-16BD-48F4-A8AB-D60E6D29B659}C:\users\ramon\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ramon\appdata\local\google\chrome\application\chrome.exe
      FirewallRules: [TCP Query User{02AE65CF-0FC1-465D-B5D3-1B7DF88C1763}C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe
      FirewallRules: [UDP Query User{8716F97A-FFBB-49C8-B284-058E9614E992}C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe
      FirewallRules: [{E6426E02-69A1-4AA3-9C32-DBE8DAF52D3E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
      FirewallRules: [{E51B2B2F-6161-4142-827D-66503401D314}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
      FirewallRules: [{73C2EFE3-F115-4990-BF38-FA2256345DBE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
      FirewallRules: [{33BBF0D0-3A1E-4CB2-AD6B-8FE7CAC79191}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
      FirewallRules: [TCP Query User{F870DFD8-F17A-48DA-AAFF-D4F50DBAFB47}C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe
      FirewallRules: [UDP Query User{FA6E7F3A-CFFD-45FF-91B6-597939DAA670}C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\ramon\appdata\local\programs\lnv\stremio\stremio.exe

      ==================== Restore Points =========================

      21-11-2017 13:42:08 Removed iTunes
      22-11-2017 11:26:15 Windows Update
      23-11-2017 22:57:35 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============

      Name: Atheros AR5B97 Wireless Network Adapter
      Description: Atheros AR5B97 Wireless Network Adapter
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Atheros Communications Inc.
      Service: athr
      Problem: : This device is disabled. (Code 22)
      Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/23/2017 10:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 501871

      Error: (11/23/2017 10:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 501871

      Error: (11/23/2017 10:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (11/23/2017 10:47:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 500841

      Error: (11/23/2017 10:47:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 500841

      Error: (11/23/2017 10:47:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (11/23/2017 10:47:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 499843

      Error: (11/23/2017 10:47:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 499843

      Error: (11/23/2017 10:47:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (11/23/2017 09:58:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 4134979


      System errors:
      =============
      Error: (11/23/2017 10:53:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Application Virtualization Client se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio GREGService se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Updater Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Application Virtualization Service Agent se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio NTI IScheduleSvc se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Acer ePower Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Client Virtualization Handler se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Machine Debug Manager se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/23/2017 10:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Dritek WMI Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


      CodeIntegrity:
      ===================================
      Date: 2015-11-19 21:39:57.390
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:18:46.327
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:18:46.317
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:18:41.065
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:18:41.065
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:18:04.963
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:18:04.963
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:16:10.439
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:16:10.439
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-11-19 14:16:10.429
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\PROGRA~1\COMMON~1\AV\ESETNO~1.0\upgrade.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
      Percentage of memory in use: 36%
      Total physical RAM: 1977.97 MB
      Available physical RAM: 1264.58 MB
      Total Virtual: 3955.95 MB
      Available Virtual: 3104.49 MB

      ==================== Drives ================================

      Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:200.36 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 68B624E8)
      Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
      Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    7. #7
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.504

      Re: No se va el VIRUS "1.vbs"

      Bien...... TODAVÍA quedan cosas por arreglar y desinfectar.... y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :


      • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

      Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

      Y ahora inicia tu equipo desde el >> Modo Seguro – con funciones de Red, de Windows.

      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad: (Se excluye la palabra código)

      Código:
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
      Task: {57F95F70-1336-4472-A2EC-D688BD31FAFC} - System32\Tasks\{FE9FD270-6237-492F-B593-C5D462E64927} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
      Task: {B4055189-EBF2-42CB-8708-2137ED106A22} - System32\Tasks\{4E130FFD-4754-4E9D-9804-A16FE13E0489} => "c:\users\claudia\appdata\local\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
      ShortcutWithArgument: C:\Users\Ramon\Desktop\Gmail.lnk -> C:\Users\Ramon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
      AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [127]
      AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [134]
      AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [150]
      AlternateDataStreams: C:\ProgramData\Temp:798A3728 [124]
      AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [143]
      AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
      AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
      AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [135]
      AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [119]
      "Path" (%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\EgisTec MyWinLocker\x86;C:\Program Files\EgisTec MyWinLocker\x64;C:\Program Files\QuickTime\QTSystem\ -> %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\EgisTec MyWinLocker\x86;C:\Program Files\EgisTec MyWinLocker\x64;C:\Prog... (long line)
      Startup: C:\Users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IeServise.lnk [2017-06-04]
      ShortcutTarget: IeServise.lnk -> C:\Users\Ramon\AppData\Roaming\IeServise\IeServise.vbs (No File)
      URLSearchHook: HKLM - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} - No File
      SearchScopes: HKU\S-1-5-21-3004230169-933821565-82608703-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
      BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
      Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END
      Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio <<< Esto es muy importante.

      Nota: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo



      • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador")
      • Presionar el botón FIX y aguardar a que termine.
      • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).


      Pegar el contenido de este fichero en tu próxima respuesta.

      Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.