• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 16

    Como quitar de mi ordenador un malware y adware que no se borran

    Hola a todos: Desde hace un tiempo un mensaje tipo pup de la empresa ADSLZONE me sale en la parte inferior derecha de mi ordenador todos los días y que yo sepa no he autorizado ...

    1. #1
      Usuario Avatar de excalibur2
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      119

      Como quitar de mi ordenador un malware y adware que no se borran

      Hola a todos:

      Desde hace un tiempo un mensaje tipo pup de la empresa ADSLZONE me sale en la parte inferior derecha de mi ordenador todos los días y que yo sepa no he autorizado a esta empresa a que me envie mensajes. Si he visitado su pagina para leer noticias que me interesan, pero que yo sepa nunca les he permitido introducir en mi ordenador ningún programa que viole mi intimidad.

      He pasado el malwarebytes gratuito y me encuentra unos malware,Adware,PUP, etc, los borro y el malwarebytes me dice que han sido eliminados., pero si apago el ordenador y lo vuelvo a encender ahí estan de nuevo, es decir no se han borrado.

      os envio adjunto el informe del Malwarebytes:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 28/11/17
      Hora del análisis: 10:36
      Archivo de registro: 95b12566-d41f-11e7-9a3d-fcaa14212c0f.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3363
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: MIC-PC\MIC

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 394863
      Amenazas detectadas: 6
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 0 min, 55 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 6
      Adware.Elex.ShrtCln, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sin acciones por parte del usuario, [2307], [454693],1.0.3363
      Adware.Elex.ShrtCln, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sin acciones por parte del usuario, [2307], [454693],1.0.3363
      PUP.Optional.Trovi, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sin acciones por parte del usuario, [4979], [454808],1.0.3363
      Adware.Elex.ShrtCln, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sin acciones por parte del usuario, [2307], [454718],1.0.3363
      PUP.Optional.Taplika, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sin acciones por parte del usuario, [3269], [455261],1.0.3363
      PUP.Optional.SweetPage, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sin acciones por parte del usuario, [2804], [455284],1.0.3363

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      Os agradeceria vuestra ayuda para saber como puedo borrar definitivamente este malware.

      Un saludo.

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.912

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola excalibur2

      En el reporte dice que no se tomaron acciones por parte del usuario, quiere decir que no se mandaron a cuarentena.

      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C0].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de excalibur2
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      119

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola Daniela:

      Aqui te envio los reportes que me has pedido:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 28/11/17
      Hora del análisis: 15:35
      Archivo de registro: 6e9aa59b-d449-11e7-904e-fcaa14212c0f.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3365
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: MIC-PC\MIC

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 394657
      Amenazas detectadas: 6
      Amenazas en cuarentena: 6
      Tiempo transcurrido: 0 min, 45 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 6
      Adware.Elex.ShrtCln, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sustituido, [2307], [454718],1.0.3365
      PUP.Optional.SweetPage, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sustituido, [2804], [455284],1.0.3365
      Adware.Elex.ShrtCln, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sustituido, [2307], [454693],1.0.3365
      Adware.Elex.ShrtCln, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sustituido, [2307], [454693],1.0.3365
      PUP.Optional.Taplika, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sustituido, [3269], [455261],1.0.3365
      PUP.Optional.Trovi, C:\USERS\MIC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Sustituido, [4979], [454808],1.0.3365

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Ultimate x64
      Ran by MIC (Administrator) on 28/11/2017 at 15:44:29,47
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 8

      Successfully deleted: C:\Users\MIC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1REMC7XL (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\MIC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQRL6G0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\MIC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT54N298 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\MIC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTFHCWWT (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1REMC7XL (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQRL6G0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT54N298 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTFHCWWT (Temporary Internet Files Folder)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 28/11/2017 at 15:45:02,82
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      # AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 28 14:50:40 2017
      # Updated on 2017/27/10 by Malwarebytes
      # Running on Windows 7 Ultimate (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      No malicious folders deleted.

      ***** [ Files ] *****

      No malicious files deleted.

      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      No malicious tasks deleted.

      ***** [ Registry ] *****

      No malicious registry entries deleted.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[C0].txt - [2520 B] - [2017/4/5 16:33:26]
      C:/AdwCleaner/AdwCleaner[C2].txt - [2077 B] - [2017/4/25 1415]
      C:/AdwCleaner/AdwCleaner[C3].txt - [2367 B] - [2017/5/28 1820]
      C:/AdwCleaner/AdwCleaner[S0].txt - [2608 B] - [2017/4/5 16:32:15]
      C:/AdwCleaner/AdwCleaner[S10].txt - [2678 B] - [2017/10/11 1758]
      C:/AdwCleaner/AdwCleaner[S11].txt - [1891 B] - [2017/10/11 17:14:58]
      C:/AdwCleaner/AdwCleaner[S12].txt - [1961 B] - [2017/10/12 1726]
      C:/AdwCleaner/AdwCleaner[S13].txt - [2030 B] - [2017/10/14 15:38:28]
      C:/AdwCleaner/AdwCleaner[S14].txt - [2187 B] - [2017/11/27 9:57:19]
      C:/AdwCleaner/AdwCleaner[S15].txt - [2169 B] - [2017/11/28 9:51:44]
      C:/AdwCleaner/AdwCleaner[S16].txt - [2238 B] - [2017/11/28 14:50:30]
      C:/AdwCleaner/AdwCleaner[S1].txt - [2212 B] - [2017/4/25 1447]
      C:/AdwCleaner/AdwCleaner[S2].txt - [2308 B] - [2017/5/28 1852]
      C:/AdwCleaner/AdwCleaner[S3].txt - [2451 B] - [2017/5/28 1819]
      C:/AdwCleaner/AdwCleaner[S4].txt - [2681 B] - [2017/8/20 19:37:0]
      C:/AdwCleaner/AdwCleaner[S5].txt - [1484 B] - [2017/8/20 19:41:30]
      C:/AdwCleaner/AdwCleaner[S6].txt - [1574 B] - [2017/9/1 14:19:38]
      C:/AdwCleaner/AdwCleaner[S7].txt - [1619 B] - [2017/9/5 17:44:49]
      C:/AdwCleaner/AdwCleaner[S8].txt - [1686 B] - [2017/9/8 17:47:12]
      C:/AdwCleaner/AdwCleaner[S9].txt - [1813 B] - [2017/9/29 13:57:6]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

      Ya me dirás algo.


      Al final de este proceso he vuelto a pasar el Malwarebytes free y los ha vuelto a detectar, no se han eliminado, siguen ahí ¿ Habré hecho algo mal?

      Un saludo cordial

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.912

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola

      Al final de este proceso he vuelto a pasar el Malwarebytes free y los ha vuelto a detectar, no se han eliminado, siguen ahí ¿ Habré hecho algo mal?
      No te preocupes, no has hecho nada mal, ya contaba con ello, está dando muchos problema para eliminarlo

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de excalibur2
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      119

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Pués aqui te va el primero :

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2017
      Ran by MIC (administrator) on MIC-PC (28-11-2017 19:00:30)
      Running from C:\Users\MIC\Desktop
      Loaded Profiles: MIC (Available Profiles: MIC)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
      (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
      (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      (Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
      (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
      () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
      () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
      (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
      (Raxco Software, Inc.) D:\Programas\Perfectdisk 14\PDAgent.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Raxco Software, Inc.) D:\Programas\Perfectdisk 14\PDAgentS1.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      () D:\Programas\Everything\Everything.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
      () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      "Path" (C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\) <==== Repaired successfully
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
      HKLM\...\Run: [Everything] => D:\Programas\Everything\Everything.exe [2197608 2017-06-07] ()
      HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [321744 2017-09-14] (Bitdefender)
      HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3924153736-2953970139-281373529-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-04-21]
      ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
      GroupPolicyScripts: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{874A8C96-1009-438C-A6CE-0EF6102C499E}: [DhcpNameServer] 80.58.61.250 80.58.61.254

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKU\S-1-5-21-3924153736-2953970139-281373529-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e7fd4b0a
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e7fd4b0a&q={searchTerms}
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e7fd4b0a&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3924153736-2953970139-281373529-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e7fd4b0a&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3924153736-2953970139-281373529-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3924153736-2953970139-281373529-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e7fd4b0a&q={searchTerms}
      BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-09-14] (Bitdefender)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programas\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-09-14] (Bitdefender)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
      Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-09-14] (Bitdefender)
      Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-09-14] (Bitdefender)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe

      FireFox:
      ========
      FF ProfilePath: C:\Users\MIC\AppData\Roaming\TomTom\HOME\Profiles\2r96p24l.default [2016-10-31]
      FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2016-08-09] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
      FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-11-15] [not signed]
      FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
      FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-11-15] [not signed]
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
      FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Programas\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Programas\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Programas\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Programas\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
      FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programas\Picasa3.9\npPicasa3.dll [2015-10-13] (Google, Inc.)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
      FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

      Chrome:
      =======
      CHR DefaultProfile: ChromeDefaultData
      CHR HomePage: ChromeDefaultData -> hxxp://www.omniboxes.com/?type=hp&ts=1426258465&from=obw&uid=M4-CT128M4SSD2_000000001221090B1EB5
      CHR StartupUrls: ChromeDefaultData -> "hxxp://www.omniboxes.com/?type=hp&ts=1426258465&from=obw&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxp://www.amazon.es/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_es_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_71e24f886772487ab7dab73024345d5e_39_1007_20140130_ES_cr_sp_","hxxp://www.istartsurf.com/?type=hp&ts=1408894959&from=smt&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxps://es.yahoo.com/?fr=hp-avast&type=avastbcl","hxxps://www.google.es/","hxxp://www.sweet-page.com/?type=hp&ts=1417188447&from=cor&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxp://taplika.com/?f=7&a=tpl_idaddy1_15_02&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtCyEzz0BtAtDtAzz0BtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtCtN1L1G1B1V1N2Y1L1Qzu2SyEtCyDzz0CzytBtBtG0D0FtCtAtGtAyB0DzztGzy0FyB0CtGtDyCyEtD0A0A0CtD0A0A0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0ByDyByBtDtG0FtCyE0FtGyE0F0A0AtGzztD0CyDtGyBtC0Bzy0AtAtD0EtDzzyEzy2Q&cr=983111814&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M8B4BCF6B-7B5E-467E-9BA3-6C3FC8C601FC&SearchSource=55&CUI=&UM=8&UP=SPD3A0D792-DA45-4FAD-860C-6CD88723242F&D=031315&SSPV=","hxxp://www.istartsurf.com/?type=hp&ts=1447073646&z=67200373387d6a00d1148cdgez5zemde0m0cec7qfg&from=bpr&uid=CorsairXForceXLSXSSD_14398170000101740434","hxxps://www.google.com/"
      CHR Profile: C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-11-28] <==== ATTENTION
      CHR Extension: (MEGA) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-11-26]
      CHR Extension: (DuckDuckGo Search) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-09-13]
      CHR Extension: (uBlock Origin) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-11]
      CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-27]
      CHR Extension: (Google Maps) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-08-03]
      CHR Extension: (Google Mail Checker) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-08-03]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
      CHR Extension: (Chrome Media Router) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
      CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
      S2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2090152 2017-08-11] (Bitdefender)
      S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
      R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
      R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113160 2015-07-02] (Creative Technology Ltd)
      R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
      S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-06] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-06] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-06] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-10-06] (NVIDIA Corporation)
      S3 PAExec; C:\Windows\PAExec.exe [189112 2017-10-14] (Power Admin LLC)
      R2 PDAgent; D:\Programas\Perfectdisk 14\PDAgent.exe [3162048 2015-12-08] (Raxco Software, Inc.)
      R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
      R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
      R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
      S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [218416 2017-09-14] (Bitdefender)
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1280816 2017-10-27] (Bitdefender)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1019880 2017-09-14] (BitDefender S.R.L. Bucharest, ROMANIA)
      R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-08-23] (BitDefender)
      R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [124424 2017-05-31] (BitDefender LLC)
      R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)
      R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
      R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
      R3 cthda; C:\Windows\System32\drivers\cthda.sys [1067304 2015-07-02] (Creative Technology Ltd)
      S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Windows (R) Win 7 DDK provider)
      S3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2017-06-19] (Windows (R) Win 7 DDK provider)
      S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-28] (Disc Soft Ltd)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-09-28] (DT Soft Ltd)
      R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-09-23] (Intel Corporation)
      R0 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [362664 2017-08-10] (Bitdefender)
      R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-06] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-10-06] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-10-06] (NVIDIA Corporation)
      R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [22880 2013-11-30] (Christian Gulden)
      R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
      S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
      R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
      R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
      R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
      R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      S3 SANDRA; \??\D:\Programas\SiSoftware\SiSoftware Sandra Lite Platinum\WNt600x64\Sandra.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-28 19:00 - 2017-11-28 19:00 - 000023342 _____ C:\Users\MIC\Desktop\FRST.txt
      2017-11-28 18:58 - 2017-11-28 18:58 - 002391552 _____ (Farbar) C:\Users\MIC\Desktop\FRST64.exe
      2017-11-28 16:17 - 2017-11-28 16:17 - 000001222 _____ C:\Users\MIC\Desktop\OsirisNewDawn.exe.lnk
      2017-11-28 16:02 - 2017-11-28 16:02 - 000001862 _____ C:\Users\MIC\Documents\cc_20171128_160225.reg
      2017-11-28 15:56 - 2017-11-28 15:58 - 000000000 ____D C:\Users\MIC\Desktop\Informes infospyware
      2017-11-28 15:48 - 2017-11-28 15:48 - 008261584 _____ (Malwarebytes) C:\Users\MIC\Desktop\adwcleaner_7.0.4.0.exe
      2017-11-26 18:56 - 2017-11-27 22:52 - 000000000 ____D C:\Users\MIC\AppData\LocalLow\uTorrent
      2017-11-15 11:57 - 2017-11-15 11:57 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-11-15 11:57 - 2017-11-15 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-11-15 11:57 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-11-12 20:48 - 2017-11-12 20:48 - 000000000 ____D C:\Users\MIC\AppData\Roaming\NVIDIA
      2017-11-12 18:55 - 2017-11-12 18:55 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-12 18:55 - 2017-11-12 18:55 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-11-12 18:32 - 2017-11-12 18:32 - 000206829 _____ C:\ProgramData\cl.uninstall.1510507562.bdinstall.bin
      2017-11-12 18:24 - 2017-11-12 18:24 - 000020883 _____ C:\ProgramData\dm.1510507465.7396.bin
      2017-11-12 18:22 - 2017-11-12 18:22 - 000022487 _____ C:\ProgramData\agent.uninstall.1510507340.bdinstall.bin
      2017-11-12 16:54 - 2017-11-12 16:57 - 000004542 _____ C:\Users\MIC\Desktop\Cosas de Osiris N.Dawn.txt
      2017-11-10 11:37 - 2017-11-10 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-10 11:10 - 2017-11-10 11:10 - 000000000 ____D C:\Users\MIC\AppData\Temp
      2017-11-09 22:45 - 2017-11-09 22:45 - 000000000 ____D C:\Users\MIC\AppData\LocalLow\Fenix Fire Entertainment
      2017-11-02 11:17 - 2017-11-02 11:17 - 000000733 _____ C:\Users\MIC\Desktop\No Man's Sky 1.38.rar

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-28 19:00 - 2016-11-02 12:45 - 000000000 ____D C:\FRST
      2017-11-28 18:34 - 2010-11-21 08:09 - 001843284 _____ C:\Windows\system32\perfh00A.dat
      2017-11-28 18:34 - 2010-11-21 08:09 - 000519104 _____ C:\Windows\system32\perfc00A.dat
      2017-11-28 18:34 - 2009-07-14 06:13 - 000006434 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-28 16:17 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
      2017-11-28 16:13 - 2015-11-25 12:49 - 000000000 ____D C:\Users\MIC\Desktop\Virus
      2017-11-28 15:59 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-28 15:59 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-28 15:58 - 2017-07-07 15:13 - 000000000 ____D C:\Users\MIC\AppData\Roaming\Everything
      2017-11-28 15:51 - 2017-10-14 17:23 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-11-28 15:51 - 2015-09-26 11:40 - 000000000 __SHD C:\Users\MIC\IntelGraphicsProfiles
      2017-11-28 15:51 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-28 15:50 - 2017-10-27 22:30 - 000025356 _____ C:\bdlog.txt
      2017-11-28 15:50 - 2017-03-30 19:34 - 000000000 ____D C:\AdwCleaner
      2017-11-28 15:37 - 2017-07-07 16:44 - 000000000 ____D C:\Users\MIC\AppData\Local\Everything
      2017-11-28 12:23 - 2015-09-29 16:03 - 000000000 ____D C:\Users\MIC\Desktop\Rastreos
      2017-11-28 10:53 - 2015-10-13 14:14 - 000000000 ____D C:\Users\MIC\AppData\Roaming\uTorrent
      2017-11-27 22:32 - 2017-04-02 19:33 - 000000000 ___SD C:\Users\MIC\AppData\LocalLow\Temp
      2017-11-27 10:54 - 2017-03-31 09:32 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-27 10:52 - 2017-10-14 14:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
      2017-11-26 23:55 - 2015-09-26 20:07 - 000000000 ____D C:\Users\MIC\AppData\Roaming\vlc
      2017-11-15 21:51 - 2016-07-29 07:00 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-15 21:51 - 2016-07-29 07:00 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-15 12:52 - 2017-02-23 09:37 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-11-15 12:52 - 2017-02-23 09:37 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-15 12:52 - 2017-02-23 09:37 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-11-15 12:52 - 2017-02-23 09:37 - 000000000 ____D C:\Windows\system32\Macromed
      2017-11-15 12:52 - 2017-02-11 16:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-11-15 11:49 - 2015-09-25 11:44 - 000000000 ____D C:\Users\MIC
      2017-11-15 11:46 - 2017-10-27 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
      2017-11-15 11:46 - 2017-10-27 16:14 - 000000000 ____D C:\ProgramData\Bitdefender
      2017-11-15 11:46 - 2017-10-27 16:14 - 000000000 ____D C:\Program Files\Bitdefender
      2017-11-15 11:46 - 2017-10-27 16:13 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
      2017-11-15 11:46 - 2017-08-21 14:45 - 000000000 ____D C:\Program Files (x86)\GPU-Z
      2017-11-15 11:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
      2017-11-12 19:24 - 2017-02-23 20:05 - 000000000 ____D C:\Users\MIC\Documents\ALI213
      2017-11-12 18:40 - 2016-04-01 15:31 - 000000000 ____D C:\Users\MIC\AppData\Local\CrashDumps
      2017-11-10 13:17 - 2015-10-03 16:29 - 000000000 ____D C:\Users\MIC\AppData\Roaming\Skype
      2017-11-10 11:37 - 2015-12-29 13:27 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-10 11:37 - 2015-10-03 16:29 - 000000000 ____D C:\ProgramData\Skype
      2017-11-09 19:09 - 2015-12-01 21:29 - 000000069 _____ C:\Windows\NeroDigital.ini
      2017-11-03 18:23 - 2015-09-26 11:31 - 000000000 ____D C:\Users\MIC\AppData\Local\ElevatedDiagnostics
      2017-10-30 16:46 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\Offline Web Pages
      2017-10-30 16:46 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\Downloaded Program Files

      ==================== Files in the root of some directories =======

      2017-08-11 15:59 - 2017-08-11 15:59 - 000000000 _____ () C:\Users\MIC\AppData\Local\Driver_LOM_8161Present.flag
      2017-04-29 16:22 - 2017-04-29 16:22 - 000000000 ___SH () C:\Users\MIC\AppData\Local\LumaEmu
      2017-08-20 15:01 - 2017-08-20 15:04 - 000007679 _____ () C:\Users\MIC\AppData\Local\resmon.resmoncfg

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-26 19:23

      ==================== End of FRST.txt ============================

    6. #6
      Usuario Avatar de excalibur2
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      119

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Aqui te va el segundo:

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
      Ran by MIC (28-11-2017 19:00:47)
      Running from C:\Users\MIC\Desktop
      Windows 7 Ultimate Service Pack 1 (X64) (2015-09-25 10:44:06)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3924153736-2953970139-281373529-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-3924153736-2953970139-281373529-1002 - Limited - Enabled)
      Invitado (S-1-5-21-3924153736-2953970139-281373529-501 - Limited - Enabled)
      MIC (S-1-5-21-3924153736-2953970139-281373529-1000 - Administrator - Enabled) => C:\Users\MIC

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
      AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: Bitdefender Cortafuego (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      . . (HKLM\...\{8FD6FE5A-E1E1-47F3-BBE6-FE2B1364DCB8}) (Version: 7.1 - Intel) Hidden
      . . . (HKLM-x32\...\{2394186A-5445-4293-B739-352009350342}) (Version: 3.0.0.9 - Intel) Hidden
      µTorrent (HKU\S-1-5-21-3924153736-2953970139-281373529-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
      Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
      Actualización de NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
      Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      Adobe Shockwave Player 12.2 (HKLM-x32\...\{A2116AF9-FA9D-41EA-9874-1E40B227D4DE}) (Version: 12.2.5.195 - Adobe Systems, Inc)
      Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 387.92 - NVIDIA Corporation) Hidden
      Ashes of the Singularity Escalation Inception (HKLM-x32\...\Ashes of the Singularity Escalation Inception_is1) (Version: - )
      Atlas de anatomía humana edición 2017 versión 2017.1 (HKLM-x32\...\{BED25A37-F26D-4ACF-B761-D9FF5CDB834E}_is1) (Version: 2017.1 - Visible Body)
      Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.12.161 - Bitdefender)
      CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
      CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
      Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
      Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.5.930 - Foxit Software Inc.)
      Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.7.425 - DVDVideoSoft Ltd.)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      HL-2250DN (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
      Human Anatomy Atlas version 7.4.01 (HKLM-x32\...\{0DDE4272-3433-4C74-ADA6-72350805D612}_is1) (Version: 7.4.01 - Visible Body - m!DVT)
      Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
      Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
      Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
      Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
      Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
      Intel® Driver & Support Assistant (HKLM-x32\...\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}) (Version: 3.0.0.9 - Intel)
      Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
      JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
      KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Master PDF Editor 4.0 (HKLM\...\Master PDF Editor 4_is1) (Version: 4.0.60 - Code Industry Ltd.)
      MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
      Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{63DF5C4B-E3BF-3346-A033-C57B22F44C9E}) (Version: 4.6.01590 - Microsoft Corporation)
      Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
      Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{82f2609e-68ba-408d-963f-530ad8809435}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{577ff5ba-39aa-4d8c-a3a9-f95012763438}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
      Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
      Nero 7.10.1.0 (HKLM-x32\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG)
      Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
      No Mans Sky MULTi14 - ElAmigos versión 1.38 (HKLM-x32\...\{1F1B9588-9067-4CE3-B02B-9891C8647F15}_is1) (Version: 1.38 - Hello Games)
      NVIDIA Controlador de gráficos 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 387.92 - NVIDIA Corporation)
      NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
      NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
      Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
      Panel de control de NVIDIA 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 387.92 - NVIDIA Corporation) Hidden
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.885 - Raxco Software Inc.)
      Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
      Python 3.5.1 (64-bit) (HKU\S-1-5-21-3924153736-2953970139-281373529-1000\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
      Python 3.5.1 Core Interpreter (64-bit) (HKLM\...\{2690DE23-49CD-4973-AA74-F77C4C852189}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
      Python 3.5.1 Development Libraries (64-bit) (HKLM\...\{70D9C8DA-F1A1-43B0-B325-6263CD21E535}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
      Python 3.5.1 Executables (64-bit) (HKLM\...\{39F30A3E-99D9-46E3-8582-7422FE54A1FB}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
      Python 3.5.1 Standard Library (64-bit) (HKLM\...\{0F774261-D55F-4180-B266-A9E1C6F4CD7A}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
      Python 3.5.1 Utility Scripts (64-bit) (HKLM\...\{34E72E6D-77E8-4C17-99B8-42497B7308C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
      Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
      Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
      Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
      Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
      Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
      Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
      Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
      Sound Blaster Recon3Di (HKLM-x32\...\{35F6AC62-F1A7-4BE2-A8AF-C909AC0B824D}) (Version: 1.03.11 - Creative Technology Limited)
      Sound Blaster Recon3Di Extras (HKLM-x32\...\{536BDBFC-CA1A-4AC0-A8EB-BB2D0F1F522E}) (Version: 1.0 - Creative Technology Limited)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
      Tom Clancy's Ghost Recon Wildlands (HKLM\...\Tom Clancys Ghost Recon Wildlands_is1) (Version: 1.0 - )
      TomTom HOME (HKLM-x32\...\{B581E191-A2C1-4CE3-907E-9FE3C728750C}) (Version: 2.9.91 - Nombre de su organización)
      Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
      VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
      Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
      WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3924153736-2953970139-281373529-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
      ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-09-14] (Bitdefender)
      ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => -> No File
      ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson)
      ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Programas\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programas\Winrar\rarext.dll [2016-02-04] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programas\Winrar\rarext32.dll [2016-02-04] (Alexander Roshal)
      ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Programas\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
      ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-09-14] (Bitdefender)
      ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-09-14] (Bitdefender)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
      ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2017-01-24] (Intel Corporation)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
      ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-09-14] (Bitdefender)
      ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Programas\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
      ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programas\Winrar\rarext.dll [2016-02-04] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programas\Winrar\rarext32.dll [2016-02-04] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {14506462-56FB-4919-ADA7-1939E8F6F763} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-06] (NVIDIA Corporation)
      Task: {247D474A-E506-4646-84F0-03CCCC414689} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-06] (NVIDIA Corporation)
      Task: {26C8A612-B675-43C7-B3B4-19AB6DA09E26} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-06] (NVIDIA Corporation)
      Task: {3BE3B946-9EA1-4971-80F3-DAD8D6923DAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
      Task: {6175ACC1-7A54-4FAA-9984-8C526AC6B6C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
      Task: {7CC3FF09-A458-429A-A556-6F13EAC278F0} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
      Task: {8756EA48-EAB9-4DB1-B9CA-42C2A50C28E1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-06] (NVIDIA Corporation)
      Task: {966BDB12-BE9B-412A-A35A-DC8BF48B41AC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-06] (NVIDIA Corporation)
      Task: {B3CC0FEE-D97E-45FE-B8DD-A3415F18FD50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
      Task: {B6D15058-CD9D-4C98-B016-5082A1B33713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
      Task: {B9FA13A8-1614-405F-B899-71FE528B3438} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-06] (NVIDIA Corporation)
      Task: {BD5A370E-75D6-40A5-BEB8-D354E7201322} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-06] (NVIDIA Corporation)
      Task: {CF02E03E-C29B-4444-8117-5E18FFFF6C11} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
      Task: {D6F40AFC-9648-47E1-88F6-F56D05004F71} - \{D47FE294-6312-463F-AF50-05AF132750A5} -> No File <==== ATTENTION
      Task: {DB6D2B6E-A459-4E15-A84B-8E633C7ABA49} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-06] (NVIDIA Corporation)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-10-27 16:14 - 2013-09-03 13:29 - 000111832 _____ () C:\Program Files\Bitdefender\Bitdefender Security\bdmetrics.dll
      2015-06-23 21:11 - 2015-06-23 21:11 - 000187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
      2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
      2017-07-07 15:13 - 2017-06-07 02:42 - 002197608 _____ () D:\Programas\Everything\Everything.exe
      2016-12-16 21:03 - 2012-12-21 13:33 - 000020288 _____ () C:\Program Files\CCleaner\branding.dll
      2017-02-08 03:53 - 2017-02-08 03:53 - 000073728 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2013-08-08 14:30 - 2013-08-08 14:30 - 000283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
      2017-11-15 12:06 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
      2017-11-15 12:06 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
      2014-03-20 10:43 - 2014-03-20 10:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData:gs5sys [3328]
      AlternateDataStreams: C:\Users\All Users:gs5sys [3328]
      AlternateDataStreams: C:\Users\MIC:gs5sys [2816]
      AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3328]
      AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [3328]
      AlternateDataStreams: C:\ProgramData\Plantillas:gs5sys [2560]
      AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
      AlternateDataStreams: C:\Users\MIC\Configuración local:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Cookies:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Datos de programa:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Plantillas:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Roaming:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local\Datos de programa:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local\Historial:gs5sys [2560]
      AlternateDataStreams: C:\Users\MIC\Documents\desktop.ini:gs5sys [2816]
      AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-3924153736-2953970139-281373529-1000\...\google.com.es -> hxxps://google.com.es

      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-14 03:34 - 2017-11-12 18:12 - 000000507 _____ C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 mercury-cert.ubi.com
      127.0.0.1 ubiservices.ubi.com
      127.0.0.1 public-ubiservices.ubi.com
      127.0.0.1 useast1-public.aws-ubiservices.ubi.com
      127.0.0.1 lb-web-us.ubisoft.com
      127.0.0.1 ghostreconnetwork.ubi.com
      127.0.0.1 uat-beta.ubi.com
      127.0.0.1 uat-payments.ubi.com
      127.0.0.1 mercury.ubi.com

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3924153736-2953970139-281373529-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MIC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 80.58.61.250 - 80.58.61.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\Services: AdobeARMservice => 2
      MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
      MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      MSCONFIG\startupreg: Sound Blaster Recon3Di SBX Control Panel => "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
      MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
      MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{E48EF566-87EC-4651-AFE5-B1C6C5E222AB}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
      FirewallRules: [{0E771FFA-FEAD-4304-9E0F-548F41480384}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
      FirewallRules: [{62FB136F-FE96-4521-BEF6-845C1CD9A94F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
      FirewallRules: [{90DB27AC-B846-435D-9310-1483ACA93F38}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
      FirewallRules: [{607D1AD2-CBA9-4926-8B64-2F13DE31F885}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
      FirewallRules: [{1EC99AEF-37E1-4994-83C6-75D5DB9F5E95}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
      FirewallRules: [{53045DFC-D239-476B-8801-C510033E6F38}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
      FirewallRules: [{F010B9F1-89A4-4854-9B47-D7B4C64CEB07}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
      FirewallRules: [{79D33AD7-DC71-455C-BD7E-ADD481AE7298}] => (Allow) LPort=9143
      FirewallRules: [{0FB057D7-3124-4DD0-BF3C-D1C32BB67FD5}] => (Allow) LPort=2333
      FirewallRules: [{3F530C3D-6283-4BBB-89A5-D14134D933D6}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{784CB3D9-51E3-413C-848A-F4DC23DB51B4}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{C2F58C2E-8EE0-4A4D-B705-FE36E8AC053C}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{41ED4F66-F9B5-4A75-B98A-AB35857995C5}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{DDAF75B8-3406-42CF-9EBB-73FF933012D6}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{64FFE3BA-F8F7-4AFD-9E52-722A4A1427E4}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{586267BF-9F72-4A70-A090-A8C807301CDA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [{6B5F49F8-7361-46AB-9FF9-D23BA7AD3525}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{3A1657ED-65C4-410F-BD3A-5C557EB9C529}] => (Allow) C:\Users\MIC\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{B5F561D8-5054-4770-84ED-FEFA5543F114}] => (Allow) LPort=1688
      FirewallRules: [{2A6F2B99-18D5-413B-9681-968C592106A4}] => (Allow) D:\Programas\Activador Offcie 2010 KMSpico\AutoPico.exe
      FirewallRules: [{D1B45AFA-14B3-42B5-BDBE-42D0CAC80270}] => (Allow) D:\Programas\Activador Offcie 2010 KMSpico\AutoPico.exe
      FirewallRules: [{ED259CAC-A56E-497E-BDA9-981A00C31FE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{00B96459-88E5-4F32-9BD5-BD3DEA93ED09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{4FA43B4D-7A36-404B-A645-F76AB174402A}] => (Block) %ProgramFiles%\CCleaner\CCleaner64.exe
      FirewallRules: [{A15CFB62-D337-4798-9E0E-0BE1C4164DF3}] => (Block) %ProgramFiles%\CCleaner\CCleaner64.exe
      FirewallRules: [{EF2A2B75-9D91-4EDB-985F-7D0396D5F0AF}] => (Block) %ProgramFiles%\CCleaner\CCleaner.exe
      FirewallRules: [{55096EE9-8A6C-4D60-9ED7-0C5256BBAEFC}] => (Block) %ProgramFiles%\CCleaner\CCleaner.exe
      FirewallRules: [{8749FA08-1975-405D-9B81-6FFD6568889C}] => (Block) D:\Games\Tom Clancy's Ghost Recon Wildlands\stp-grw.exe
      FirewallRules: [{785CF678-7CA4-4785-8F29-AAA4FA04169B}] => (Block) D:\Games\Tom Clancy's Ghost Recon Wildlands\stp-grw.exe
      FirewallRules: [TCP Query User{C84F17FD-F5A0-4660-A3A0-D6AD85D1EBAF}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
      FirewallRules: [UDP Query User{40096CA6-2ADA-4338-9ECA-C9E4EEE026DA}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
      FirewallRules: [{4F7134A5-2D1C-44F9-BD2A-F06C37D73BC4}] => (Block) D:\Games\Tom Clancy's Ghost Recon Wildlands\GRW.exe
      FirewallRules: [{E528F215-D784-4CFF-8191-D0A33B32B099}] => (Block) D:\Games\Tom Clancy's Ghost Recon Wildlands\GRW.exe
      FirewallRules: [{39E1B3B7-83E2-4AAD-A8D4-BDF5E5EDB004}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{55C9310F-0BEC-4590-B5FB-403853F90429}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{A829A9F3-CB62-436B-A875-B0B7584CF6B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{F48AE802-1A8B-4474-B9FC-064F5A17A02B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{5620E018-37B5-41A9-AC5D-D57BD9FF9C18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{01A24E7A-A0D8-4C5F-A45B-9FF90C77991F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      03-11-2017 19:08:54 Punto de control programado
      11-11-2017 00:00:01 Punto de control programado
      12-11-2017 18:22:16 Revo Uninstaller Pro's restore point - Bitdefender Agent
      12-11-2017 18:24:21 Revo Uninstaller Pro's restore point - Bitdefender Device Management
      12-11-2017 18:25:59 Revo Uninstaller Pro's restore point - Bitdefender Total Security
      26-11-2017 19:30:36 Punto de control programado
      28-11-2017 15:44:29 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/28/2017 06:34:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (11/28/2017 06:34:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/28/2017 06:34:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/28/2017 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: IAStorDataMgrSvc.exe, versión: 13.0.3.1001, marca de tiempo: 0x533de83f
      Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.23915, marca de tiempo: 0x59b94abb
      Código de excepción: 0xe0434352
      Desplazamiento de errores: 0x0000c54f
      Id. del proceso con errores: 0x1694
      Hora de inicio de la aplicación con errores: 0x01d368589d7f0dd3
      Ruta de acceso de la aplicación con errores: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      Ruta de acceso del módulo con errores: C:\Windows\syswow64\KERNELBASE.dll
      Id. del informe: db92c706-d44b-11e7-96f8-fcaa14212c0f

      Error: (11/28/2017 03:53:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Aplicación: IAStorDataMgrSvc.exe
      Versión de Framework: v4.0.30319
      Descripción: el proceso terminó debido a una excepción no controlada.
      Información de la excepción: System.FormatException
      en System.Text.StringBuilder.AppendFormatHelper(System.IFormatProvider, System.String, System.ParamsArray)
      en System.String.FormatHelper(System.IFormatProvider, System.String, System.ParamsArray)
      en System.String.Format(System.IFormatProvider, System.String, System.Object[])
      en IAStorDataMgr.EventRelay.formatStrings(System.String, System.Object[])
      en IAStorDataMgr.EventRelay.translateEventType(IAStorUtil.Events.DiskEventArgs, IAStorUtil.LogLevel)
      en IAStorDataMgr.EventRelay.SDM_ComprehensiveHandler(System.Object, IAStorUtil.Events.ComprehensiveEventArgs)
      en IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
      en IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
      en IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
      en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
      en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
      en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
      en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
      en System.Threading.ThreadPoolWorkQueue.Dispatch()
      en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

      Error: (11/28/2017 03:53:13 PM) (Source: IAStorDataMgrSvc) (EventID: 7001) (User: )
      Description: Internal program error: missing resource string DM_1_0_7

      Error: (11/28/2017 03:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/28/2017 03:50:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (11/28/2017 03:50:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/28/2017 03:50:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.


      System errors:
      =============
      Error: (11/28/2017 06:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 20 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 06:44:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 19 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 06:34:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 18 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 06:24:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 17 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 06:14:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 16 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 06:04:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 15 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 05:54:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 14 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 05:44:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 13 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 05:34:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 12 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.

      Error: (11/28/2017 05:24:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Bitdefender RedLine Service terminó inesperadamente. Esto se ha repetido 11 veces. Se realizará la siguiente acción correctora en 600000 milisegundos: Reiniciar el servicio.


      CodeIntegrity:
      ===================================
      Date: 2015-10-17 19:54:26.557
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:54:26.542
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:54:26.526
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:53:45.270
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:53:45.255
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:53:45.239
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:52:38.938
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:52:38.923
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:52:38.907
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2015-10-17 19:52:38.907
      Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
      Percentage of memory in use: 15%
      Total physical RAM: 16245.32 MB
      Available physical RAM: 13689.33 MB
      Total Virtual: 32788.82 MB
      Available Virtual: 30136.91 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:223.08 GB) (Free:142.01 GB) NTFS
      Drive d: () (Fixed) (Total:2794.39 GB) (Free:1327.72 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 5676DEB9)
      Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=223.1 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    7. #7
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.912

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      GroupPolicyScripts: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2016-08-09] [Lagacy] [not signed]
      FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-11-15] [not signed]
      FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-11-15] [not signed]
      CHR HomePage: ChromeDefaultData -> hxxp://www.omniboxes.com/?type=hp&ts=1426258465&from=obw&uid=M4-CT128M4SSD2_000000001221090B1EB5
      CHR StartupUrls: ChromeDefaultData -> "hxxp://www.omniboxes.com/?type=hp&ts=1426258465&from=obw&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxp://www.amazon.es/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_es_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_71e24f886772487ab7dab73024345d5e_39_1007_20140130_ES_cr_sp_","hxxp://www.istartsurf.com/?type=hp&ts=1408894959&from=smt&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxps://es.yahoo.com/?fr=hp-avast&type=avastbcl","hxxps://www.google.es/","hxxp://www.sweet-page.com/?type=hp&ts=1417188447&from=cor&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxp://taplika.com/?f=7&a=tpl_idaddy1_15_02&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtCyEzz0BtAtDtAzz0BtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtCtN1L1G1B1V1N2Y1L1Qzu2SyEtCyDzz0CzytBtBtG0D0FtCtAtGtAyB0DzztGzy0FyB0CtGtDyCyEtD0A0A0CtD0A0A0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0ByDyByBtDtG0FtCyE0FtGyE0F0A0AtGzztD0CyDtGyBtC0Bzy0AtAtD0EtDzzyEzy2Q&cr=983111814&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M8B4BCF6B-7B5E-467E-9BA3-6C3FC8C601FC&SearchSource=55&CUI=&UM=8&UP=SPD3A0D792-DA45-4FAD-860C-6CD88723242F&D=031315&SSPV=","hxxp://www.istartsurf.com/?type=hp&ts=1447073646&z=67200373387d6a00d1148cdgez5zemde0m0cec7qfg&from=bpr&uid=CorsairXForceXLSXSSD_14398170000101740434","hxxps://www.google.com/"
      CHR Profile: C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-11-28] <==== ATTENTION
      CHR Extension: (MEGA) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-11-26]
      CHR Extension: (DuckDuckGo Search) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-09-13]
      CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-27]
      CHR Extension: (Google Mail Checker) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-08-03]
      CHR Extension: (Chrome Media Router) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
      CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      S3 SANDRA; \??\D:\Programas\SiSoftware\SiSoftware Sandra Lite Platinum\WNt600x64\Sandra.sys [X]
      ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => -> No File
      ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      Task: {D6F40AFC-9648-47E1-88F6-F56D05004F71} - \{D47FE294-6312-463F-AF50-05AF132750A5} -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData:gs5sys [3328]
      AlternateDataStreams: C:\Users\All Users:gs5sys [3328]
      AlternateDataStreams: C:\Users\MIC:gs5sys [2816]
      AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3328]
      AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [3328]
      AlternateDataStreams: C:\ProgramData\Plantillas:gs5sys [2560]
      AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
      AlternateDataStreams: C:\Users\MIC\Configuración local:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Cookies:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Datos de programa:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Plantillas:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Roaming:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local\Datos de programa:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local\Historial:gs5sys [2560]
      AlternateDataStreams: C:\Users\MIC\Documents\desktop.ini:gs5sys [2816]
      AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]
      C:\Users\MIC\appdata\Local\Google\Chrome 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de excalibur2
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      119

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola Daniela:

      Aqui te va el informe " Fixlog.txt" y tambien te envio el informe del Malwarebytes, donde veo que ya no sale en malware que antes salia. Ahora dime si hay que hacer algo más....

      Tambien te agradeceria, si no es mucho pedir, que me digas en donde estaba el problema y como se coló ese malware en mi ordenador para no cometer de nuevo el mismo error. Gracias

      Fix result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
      Ran by MIC (29-11-2017 20:34:23) Run:1
      Running from C:\Users\MIC\Desktop
      Loaded Profiles: MIC (Available Profiles: MIC)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      GroupPolicyScripts: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2016-08-09] [Lagacy] [not signed]
      FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-11-15] [not signed]
      FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-11-15] [not signed]
      CHR HomePage: ChromeDefaultData -> hxxp://www.omniboxes.com/?type=hp&ts=1426258465&from=obw&uid=M4-CT128M4SSD2_000000001221090B1EB5
      CHR StartupUrls: ChromeDefaultData -> "hxxp://www.omniboxes.com/?type=hp&ts=1426258465&from=obw&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxp://www.amazon.es/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_es_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_71e24f886772487ab7dab73024345d5e_39_1007_20140130_ES_cr_sp_","hxxp://www.istartsurf.com/?type=hp&ts=1408894959&from=smt&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxps://es.yahoo.com/?fr=hp-avast&type=avastbcl","hxxps://www.google.es/","hxxp://www.sweet-page.com/?type=hp&ts=1417188447&from=cor&uid=M4-CT128M4SSD2_000000001221090B1EB5","hxxp://taplika.com/?f=7&a=tpl_idaddy1_15_02&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtCyEzz0BtAtDtAzz0BtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtCtN1L1G1B1V1N2Y1L1Qzu2SyEtCyDzz0CzytBtBtG0D0FtCtAtGtAyB0DzztGzy0FyB0CtGtDyCyEtD0A0A0CtD0A0A0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0ByDyByBtDtG0FtCyE0FtGyE0F0A0AtGzztD0CyDtGyBtC0Bzy0AtAtD0EtDzzyEzy2Q&cr=983111814&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M8B4BCF6B-7B5E-467E-9BA3-6C3FC8C601FC&SearchSource=55&CUI=&UM=8&UP=SPD3A0D792-DA45-4FAD-860C-6CD88723242F&D=031315&SSPV=","hxxp://www.istartsurf.com/?type=hp&ts=1447073646&z=67200373387d6a00d1148cdgez5zemde0m0cec7qfg&from=bpr&uid=CorsairXForceXLSXSSD_14398170000101740434","hxxps://www.google.com/"
      CHR Profile: C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-11-28] <==== ATTENTION
      CHR Extension: (MEGA) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-11-26]
      CHR Extension: (DuckDuckGo Search) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-09-13]
      CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-27]
      CHR Extension: (Google Mail Checker) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-08-03]
      CHR Extension: (Chrome Media Router) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
      CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      S3 SANDRA; \??\D:\Programas\SiSoftware\SiSoftware Sandra Lite Platinum\WNt600x64\Sandra.sys [X]
      ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => -> No File
      ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
      ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
      ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => -> No File
      Task: {D6F40AFC-9648-47E1-88F6-F56D05004F71} - \{D47FE294-6312-463F-AF50-05AF132750A5} -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData:gs5sys [3328]
      AlternateDataStreams: C:\Users\All Users:gs5sys [3328]
      AlternateDataStreams: C:\Users\MIC:gs5sys [2816]
      AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3328]
      AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [3328]
      AlternateDataStreams: C:\ProgramData\Plantillas:gs5sys [2560]
      AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
      AlternateDataStreams: C:\Users\MIC\Configuraci�n local:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Cookies:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Datos de programa:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\Plantillas:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Roaming:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local\Datos de programa:gs5sys [2816]
      AlternateDataStreams: C:\Users\MIC\AppData\Local\Historial:gs5sys [2560]
      AlternateDataStreams: C:\Users\MIC\Documents\desktop.ini:gs5sys [2816]
      AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]
      C:\Users\MIC\appdata\Local\Google\Chrome

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
      C:\Windows\system32\GroupPolicy\Machine => moved successfully
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully
      C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => moved successfully
      C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => path removed successfully
      C:\Program Files\Bitdefender\Bitdefender Security\bdwteff => moved successfully
      C:\Program Files\Bitdefender\Bitdefender Security\bdtbext => moved successfully
      Chrome HomePage => removed successfully
      Chrome StartupUrls => removed successfully
      C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
      CHR Extension: (MEGA) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-11-26] => Error: No automatic fix found for this entry.
      CHR Extension: (DuckDuckGo Search) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-09-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-27] => Error: No automatic fix found for this entry.
      CHR Extension: (Google Mail Checker) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-08-03] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\MIC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15] => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl => key removed successfully
      HKLM\System\CurrentControlSet\Services\gdrv => key removed successfully
      gdrv => service removed successfully
      HKLM\System\CurrentControlSet\Services\SANDRA => key removed successfully
      SANDRA => service removed successfully
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Foxit_ConvertToPDF_Reader => key removed successfully
      HKLM\Software\Classes\CLSID\{A94757A0-0226-426F-B4F1-4DF381C630D3} => key not found
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => key removed successfully
      HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => key removed successfully
      HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => key not found
      HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => key removed successfully
      HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found
      HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\UltraISO => key removed successfully
      HKLM\Software\Classes\CLSID\{AD392E40-428C-459F-961E-9B147782D099} => key not found
      HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
      HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UltraISO => key removed successfully
      HKLM\Software\Classes\CLSID\{AD392E40-428C-459F-961E-9B147782D099} => key not found
      HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
      HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
      HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => key removed successfully
      HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => key not found
      HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => key removed successfully
      HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found
      HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => key removed successfully
      HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => key not found
      HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UltraISO => key removed successfully
      HKLM\Software\Classes\CLSID\{AD392E40-428C-459F-961E-9B147782D099} => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6F40AFC-9648-47E1-88F6-F56D05004F71} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6F40AFC-9648-47E1-88F6-F56D05004F71} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D47FE294-6312-463F-AF50-05AF132750A5} => key removed successfully
      C:\ProgramData => ":gs5sys" ADS removed successfully
      "C:\Users\All Users" => ":gs5sys" ADS not found.
      C:\Users\MIC => ":gs5sys" ADS removed successfully
      "C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
      "C:\ProgramData\Datos de programa" => ":gs5sys" ADS not found.
      C:\ProgramData\Plantillas => ":gs5sys" ADS removed successfully
      "C:\ProgramData\Templates" => ":gs5sys" ADS not found.
      "C:\Users\MIC\Configuraci�n local" => ":gs5sys" ADS not found.
      C:\Users\MIC\Cookies => ":gs5sys" ADS removed successfully
      C:\Users\MIC\Datos de programa => ":gs5sys" ADS removed successfully
      C:\Users\MIC\Plantillas => ":gs5sys" ADS removed successfully
      C:\Users\MIC\AppData\Local => ":gs5sys" ADS removed successfully
      "C:\Users\MIC\AppData\Roaming" => ":gs5sys" ADS not found.
      "C:\Users\MIC\AppData\Local\Datos de programa" => ":gs5sys" ADS not found.
      C:\Users\MIC\AppData\Local\Historial => ":gs5sys" ADS removed successfully
      C:\Users\MIC\Documents\desktop.ini => ":gs5sys" ADS removed successfully
      C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully
      C:\Users\MIC\appdata\Local\Google\Chrome => moved successfully

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . : Home
      V¡nculo: direcci¢n IPv6 local. . . : fe80::9eb:f53a:b8d7:3918%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.37
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.Home:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c
      No se puede iniciar el servicio o grupo de dependencia.



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-3924153736-2953970139-281373529-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-3924153736-2953970139-281373529-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17565836 B
      Java, Flash, Steam htmlcache => 24326409 B
      Windows/system/drivers => 9925320 B
      Edge => 0 B
      Chrome => 0 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 128 B
      systemprofile32 => 128 B
      LocalService => 0 B
      NetworkService => 0 B
      MIC => 27179583 B

      RecycleBin => 111508 B
      EmptyTemp: => 75.4 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 20:34:37 ====

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 29/11/17
      Hora del análisis: 20:36
      Archivo de registro: a888fe3f-d53c-11e7-bbcb-fcaa14212c0f.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3374
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: MIC-PC\MIC

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 394408
      Amenazas detectadas: 0
      (No hay elementos maliciosos detectados)
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 0 min, 56 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 0
      (No hay elementos maliciosos detectados)

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

    9. #9
      Usuario Avatar de excalibur2
      Registrado
      abr 2008
      Ubicación
      España
      Mensajes
      119

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola de nuevo Daniela:

      Estoy usando el Chrome como navegador por defecto y está todo desconfigurado y han desaparecido todos los marcadores que tenia...¿Puedo recuperarlos?...tenia muchísimos

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.912

      Re: Como quitar de mi ordenador un malware y adware que no se borran

      Hola

      Cita Originalmente publicado por excalibur2 Ver Mensaje
      Hola de nuevo Daniela:

      Estoy usando el Chrome como navegador por defecto y está todo desconfigurado y han desaparecido todos los marcadores que tenia...¿Puedo recuperarlos?...tenia muchísimos
      Qué raro!!!

      Reinicia un par de veces el equipo y compruebas, si sigue igual reinstala Chrome, ahora ya da la opción de recuperar lo que tenías anteriormente.

      Me comentas.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo