• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    Ayuda con la eliminacion de "http://chromesearch.win" (Solucionado)

    Hola a todos, este es mi primer posteo y espero alguien me sea de ayuda El problema en concreto es esto: https://k60.kn3.net/0/0/1/B/A/4/54B.jpg Esto es lo que aparece al buscar algo sobre la barra: https://k60.kn3.net/6/2/4/3/6/1/F8A.jpg Eh ...

          
    1. #1
      Usuario Avatar de yosantiyo
      Registrado
      dic 2017
      Ubicación
      Argentina
      Mensajes
      7

      Ayuda con la eliminacion de "http://chromesearch.win" (Solucionado)

      Hola a todos, este es mi primer posteo y espero alguien me sea de ayuda

      El problema en concreto es esto:

      https://k60.kn3.net/0/0/1/B/A/4/54B.jpg

      Esto es lo que aparece al buscar algo sobre la barra:

      https://k60.kn3.net/6/2/4/3/6/1/F8A.jpg

      Eh probado desde desistalar completamente el navegador con RevoUninstaller, eh utilizado CCleaner, eh tratado de descargar algun AntiMalware o algo pero todo lo que encuentro son mas y mas virus para descargar y hasta eh reseteado el navegador a 0 totalmente pero sigue apareciendo ahi, asi que si alguien me puede ayudar se lo agradeceria muchisimo, gracias!

      Agrego que ya pase Malwarebites y adwCleaner(aunque este aun no en modo seguro)

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola yosantiyo


      Pon los reportes de Malwarebytes y AdwCleaner para revisarlos.

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de yosantiyo
      Registrado
      dic 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola Daniela, perdón si incumplo normas del foro en cuanto el posteo, como dije recien conozco el foro, se agradece la respuesta, aqui adjunto lo que pides:

      AdwCleaner:(El primer escaneo, ya que el segundo en Modo Seguro no arrojo resultados)

      # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 03 00:34:40 2017
      # Updated on 2017/29/11 by Malwarebytes
      # Running on Windows 7 Ultimate (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      Deleted: C:\ProgramData\IObit\Advanced SystemCare
      Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
      Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
      Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
      Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\Users\All Users\IObit\Advanced SystemCare
      Deleted: C:\Users\Usuario\AppData\LocalLow\IObit\Advanced SystemCare
      Deleted: C:\Users\Usuario\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\ProgramData\IObit\ASCDownloader
      Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
      Deleted: C:\Users\All Users\IObit\ASCDownloader


      ***** [ Files ] *****

      No malicious files deleted.

      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      No malicious tasks deleted.

      ***** [ Registry ] *****

      Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
      Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
      Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
      Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
      Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
      Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [2629 B] - [2017/12/3 0:32:9]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

      Y este es el informe del MarwareBites:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 2/12/17
      Hora del análisis: 19:18
      Archivo de registro: bbb1f1ea-d7ae-11e7-a788-000000000000.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.236
      Versión del paquete de actualización: 1.0.3151
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: Usuario-PC\Usuario

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 384332
      Amenazas detectadas: 31
      Amenazas en cuarentena: 31
      Tiempo transcurrido: 3 min, 12 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 22
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, En cuarentena, [1070], [327193],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, En cuarentena, [1070], [327197],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, En cuarentena, [1070], [327193],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A1424B7E-C183-4520-A02F-29B618BBCD00}, En cuarentena, [1070], [332365],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, En cuarentena, [1070], [336077],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ReimageUpdater, En cuarentena, [1070], [332364],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, En cuarentena, [1070], [327193],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, En cuarentena, [1070], [327206],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, En cuarentena, [1070], [332494],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, En cuarentena, [1070], [332494],1.0.3151
      PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, En cuarentena, [1070], [332494],1.0.3151

      Valor del registro: 1
      PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A1424B7E-C183-4520-A02F-29B618BBCD00}|PATH, En cuarentena, [1070], [332365],1.0.3151

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 8
      PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, En cuarentena, [1070], [334717],1.0.3151
      PUP.Optional.Reimage, C:\WINDOWS\SYSTEM32\TASKS\REIMAGEUPDATER, En cuarentena, [1070], [327190],1.0.3151
      PUP.Optional.Reimage, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, En cuarentena, [1070], [384803],1.0.3151
      PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, En cuarentena, [1070], [412667],1.0.3151
      PUP.Optional.Reimage, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\~NSU.TMP\BU_.EXE, En cuarentena, [1070], [388085],1.0.3151
      PUP.Optional.Reimage, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\NSC7132.TMP\PROTECTORUPDATER.EXE, En cuarentena, [1070], [388085],1.0.3151
      PUP.Optional.Reimage, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE, En cuarentena, [1070], [331559],1.0.3151
      PUP.Optional.Reimage, C:\USERS\USUARIO\DOWNLOADS\REIMAGEREPAIR.EXE, En cuarentena, [1070], [331559],1.0.3151

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

    4. #4
      Usuario Avatar de yosantiyo
      Registrado
      dic 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Informe de Frst.txt:

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
      Ran by Usuario (administrator) on USUARIO-PC (02-12-2017 23:00:16)
      Running from C:\Users\Usuario\Desktop
      Loaded Profiles: Usuario (Available Profiles: Usuario)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (AMD) C:\Windows\System32\atiesrxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
      (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
      (f.lux Software LLC) C:\Users\Usuario\AppData\Local\FluxSoftware\Flux\flux.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      () C:\Program Files (x86)\DFX\DFX.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
      () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-10] (AVAST Software)
      HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1595384 2016-06-23] ()
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\...\Run: [f.lux] => C:\Users\Usuario\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
      HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
      Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Control de las alertas de los cartuchos - HP DJ 2130 series.lnk [2017-12-02]
      ShortcutTarget: Control de las alertas de los cartuchos - HP DJ 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (HP Inc.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      ProxyServer: [S-1-5-21-4237186871-643376709-1415410202-1000] => http=;ftp=;https=;
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
      Tcpip\..\Interfaces\{65204DB5-A604-4177-A47D-F5B7FB7B4BC2}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{87D567BD-3D3A-4E69-9285-A8A4C8D6F198}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{9E15DFB5-E2C2-4B3B-93AA-D3FE78A41060}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{A064B4A2-7064-4F60-B779-6D682F2767C9}: [DhcpNameServer] 192.168.1.1 0.0.0.0

      Internet Explorer:
      ==================
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-4237186871-643376709-1415410202-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-4237186871-643376709-1415410202-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-10] (AVAST Software)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-10] (AVAST Software)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

      FireFox:
      ========
      FF DefaultProfile: ph5et5nq.default-1511034946806
      FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ph5et5nq.default-1511034946806 [2017-12-02]
      FF Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ph5et5nq.default-1511034946806\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-18]
      FF Extension: (Disable Media WMF NV12 format) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ph5et5nq.default-1511034946806\features\{db27eaf0-45a9-46a7-b4a8-b0856b66b03a}\[email protected] [2017-12-02] [Lagacy]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2017-12-02]
      CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-02]
      CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-02]
      CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-02]
      CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-02]
      CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-02]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-02]
      CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [kadalpbldokjhijcgndnldpheokmaeje] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-10] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-10] (AVAST Software)
      R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
      S3 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
      S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
      R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267560 2007-07-04] (Nero AG)
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7770888 2017-05-09] (INCA Internet Co., Ltd.)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-28] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-10] (AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-10] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-10] (AVAST Software s.r.o.)
      R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-10] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-10] (AVAST Software s.r.o.)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-10] (AVAST Software)
      R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-10] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-10] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-10] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-10] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-15] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-10] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-10] (AVAST Software)
      S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
      R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
      R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-06-19] (Disc Soft Ltd)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes)
      S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
      S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-02 23:00 - 2017-12-02 23:00 - 000014717 _____ C:\Users\Usuario\Desktop\FRST.txt
      2017-12-02 22:59 - 2017-12-02 22:59 - 002391552 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
      2017-12-02 22:54 - 2017-12-02 22:54 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2017-12-02 22:54 - 2017-12-02 22:54 - 000005414 _____ C:\Users\Usuario\Desktop\Informe.txt
      2017-12-02 22:49 - 2017-12-02 23:00 - 000000000 ____D C:\FRST
      2017-12-02 22:49 - 2017-12-02 22:49 - 002391552 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
      2017-12-02 21:38 - 2017-12-02 21:38 - 000002399 _____ C:\Users\Usuario\Desktop\AdwCleaner[C0].txt
      2017-12-02 21:29 - 2017-12-02 22:15 - 000000000 ____D C:\AdwCleaner
      2017-12-02 21:28 - 2017-12-02 21:28 - 008187336 _____ (Malwarebytes) C:\Users\Usuario\Downloads\adwcleaner_7.0.5.0.exe
      2017-12-02 21:27 - 2017-12-02 21:30 - 000000000 ____D C:\Users\Usuario\Desktop\Ashampoo Snap 6
      2017-12-02 20:36 - 2017-12-02 20:36 - 001129816 _____ (Google Inc.) C:\Users\Usuario\Downloads\ChromeSetup(1).exe
      2017-12-02 20:36 - 2017-12-02 20:36 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-02 20:36 - 2017-12-02 20:36 - 000002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-02 20:03 - 2017-12-02 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
      2017-12-02 20:03 - 2017-12-02 20:03 - 000000000 ____D C:\Program Files (x86)\Windows Kits
      2017-12-02 19:30 - 2017-12-02 19:30 - 012052552 _____ (VS Revo Group ) C:\Users\Usuario\Downloads\RevoUninProSetup.exe
      2017-12-02 19:30 - 2017-12-02 19:30 - 000001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
      2017-12-02 19:30 - 2017-12-02 19:30 - 000000000 ____D C:\Users\Usuario\AppData\Local\VS Revo Group
      2017-12-02 19:30 - 2017-12-02 19:30 - 000000000 ____D C:\ProgramData\VS Revo Group
      2017-12-02 19:30 - 2017-12-02 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
      2017-12-02 19:30 - 2017-12-02 19:30 - 000000000 ____D C:\Program Files\VS Revo Group
      2017-12-02 19:30 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
      2017-12-02 19:18 - 2017-12-02 19:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-12-02 19:18 - 2017-12-02 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-12-02 19:18 - 2017-12-02 19:18 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-12-02 19:18 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-12-02 19:04 - 2017-12-02 19:04 - 001129816 _____ (Google Inc.) C:\Users\Usuario\Downloads\ChromeSetup.exe
      2017-12-02 18:53 - 2017-12-02 18:53 - 000000000 _____ C:\autoexec.bat
      2017-12-02 18:49 - 2017-12-02 18:50 - 002755584 _____ C:\Users\Usuario\Downloads\SH-Alt-Install.exe
      2017-12-02 18:22 - 2017-12-02 18:22 - 006625600 _____ (Zemana Ltd. ) C:\Users\Usuario\Downloads\Zemana.AntiMalware.Setup.exe
      2017-12-02 18:10 - 2017-12-02 18:22 - 000000000 ____D C:\ProgramData\HitmanPro
      2017-12-02 18:10 - 2017-12-02 18:10 - 000000000 ____D C:\Program Files\HitmanPro
      2017-12-02 18:07 - 2017-12-02 18:07 - 000001736 __RSH C:\ProgramData\ntuser.pol
      2017-12-02 18:02 - 2017-12-02 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-12-02 17:46 - 2017-12-02 17:48 - 078346672 _____ (Malwarebytes ) C:\Users\Usuario\Downloads\mb3-setup-consumer-3.3.1.2183.exe
      2017-12-02 17:46 - 2017-12-02 17:48 - 011584088 _____ (SurfRight B.V.) C:\Users\Usuario\Downloads\hitmanpro_x64.exe
      2017-12-01 22:59 - 2017-12-01 23:08 - 000000000 ____D C:\Users\Usuario\Downloads\TT23423
      2017-12-01 22:59 - 2017-12-01 23:07 - 000000000 ____D C:\Users\Usuario\Downloads\FF432432
      2017-12-01 22:59 - 2017-12-01 23:07 - 000000000 ____D C:\Users\Usuario\Downloads\AA321
      2017-12-01 20:31 - 2017-12-01 20:31 - 000000000 ____D C:\Users\Usuario\Downloads\AIDA64.Extreme.Edition.5.95.4500
      2017-11-19 00:03 - 2017-11-19 00:04 - 000000000 ___RD C:\Users\Usuario\Documents\MEGA
      2017-11-19 00:02 - 2017-11-19 00:04 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
      2017-11-19 00:02 - 2017-11-19 00:02 - 000000000 ____D C:\Users\Usuario\AppData\Local\Mega Limited
      2017-11-17 15:22 - 2017-11-17 15:22 - 004957771 _____ C:\Users\Usuario\Downloads\Leatrix_Latency_Fix_3.03.zip
      2017-11-12 00:38 - 2017-11-12 00:38 - 000000000 ____D C:\ProgramData\Google
      2017-11-11 11:27 - 2017-05-09 22:17 - 007770888 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
      2017-11-11 11:26 - 2017-11-11 11:26 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
      2017-11-10 22:08 - 2017-11-10 22:08 - 000001437 _____ C:\Users\Usuario\Desktop\MU_LEGEND.lnk
      2017-11-10 22:08 - 2017-11-10 22:08 - 000000000 ____D C:\Users\Usuario\AppData\Local\VCLStylesSkin
      2017-11-10 22:08 - 2017-11-10 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MU LEGEND GLOBAL
      2017-11-10 21:56 - 2017-11-10 21:56 - 000000000 ____D C:\Program Files (x86)\Webzen
      2017-11-10 17:19 - 2017-11-10 21:41 - 000000000 ____D C:\Mu
      2017-11-10 17:19 - 2017-11-10 17:19 - 000000000 ____D C:\ProgramData\WEBZEN
      2017-11-10 17:13 - 2017-11-10 21:18 - 000000000 ____D C:\Users\Usuario\Desktop\Juegasoss
      2017-11-10 17:12 - 2017-12-01 20:26 - 000000000 ____D C:\Users\Usuario\Desktop\Programitasss
      2017-11-10 17:08 - 2017-11-10 17:08 - 000000000 ____D C:\Windows\system32\appmgmt
      2017-11-10 16:23 - 2017-11-10 16:23 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-11-10 16:23 - 2017-11-10 16:23 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-02 22:46 - 2017-06-17 15:49 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
      2017-12-02 22:42 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-02 22:42 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-02 22:35 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-02 22:15 - 2017-09-23 11:07 - 000525476 _____ C:\Windows\ntbtlog.txt
      2017-12-02 22:13 - 2017-06-17 15:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-02 22:13 - 2017-06-17 15:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-02 22:08 - 2016-10-15 14:56 - 000005120 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-12-02 21:34 - 2017-07-20 12:12 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\ProgramData\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\Program Files (x86)\IObit
      2017-12-02 20:47 - 2017-07-25 23:04 - 000000392 _____ C:\Windows\Tasks\update-sys.job
      2017-12-02 20:36 - 2016-06-13 18:44 - 000000000 ____D C:\Users\Usuario\AppData\Local\Google
      2017-12-02 20:36 - 2016-06-13 18:44 - 000000000 ____D C:\Program Files (x86)\Google
      2017-12-02 19:56 - 2017-07-25 23:05 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-4237186871-643376709-1415410202-1000.job
      2017-12-02 19:41 - 2011-04-12 06:10 - 000746992 _____ C:\Windows\system32\perfh00A.dat
      2017-12-02 19:41 - 2011-04-12 06:10 - 000158464 _____ C:\Windows\system32\perfc00A.dat
      2017-12-02 19:41 - 2009-07-14 02:13 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-02 19:41 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
      2017-12-02 19:13 - 2017-07-01 15:50 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
      2017-12-02 19:12 - 2017-07-01 15:50 - 000047955 _____ C:\Windows\ZAM_Guard.krnl.trace
      2017-12-02 18:52 - 2016-06-13 11:25 - 000000000 ____D C:\Users\Usuario
      2017-12-02 18:26 - 2017-07-01 15:50 - 000004615 _____ C:\Windows\ZAM.krnl.trace
      2017-12-02 18:07 - 2009-07-14 00:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
      2017-12-02 18:07 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
      2017-12-02 13:00 - 2017-07-20 12:12 - 000000000 ____D C:\ProgramData\ProductData
      2017-12-01 23:22 - 2017-06-11 16:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\JDownloader v2.0
      2017-11-25 11:02 - 2017-06-23 19:40 - 000000000 ____D C:\AMD
      2017-11-24 21:06 - 2017-06-10 11:02 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-11-19 02:21 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
      2017-11-18 16:54 - 2017-06-17 15:49 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-18 16:54 - 2017-06-17 15:49 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Mozilla
      2017-11-15 20:53 - 2017-07-25 23:34 - 000002091 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
      2017-11-15 20:08 - 2016-06-13 18:44 - 000003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-15 20:08 - 2016-06-13 18:44 - 000003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-15 20:05 - 2016-06-13 19:01 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-11-11 10:42 - 2009-07-14 02:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2017-11-10 21:20 - 2017-06-19 19:34 - 000000306 _____ C:\Users\Usuario\Desktop\CUENTAS.txt
      2017-11-10 21:20 - 2017-06-12 11:32 - 000000344 _____ C:\Users\Usuario\Desktop\Metin2.txt
      2017-11-10 21:19 - 2017-08-25 22:00 - 000000117 _____ C:\Users\Usuario\Desktop\YAHOO.txt
      2017-11-10 17:08 - 2016-10-18 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
      2017-11-10 17:08 - 2016-10-18 16:55 - 000000000 ____D C:\Program Files (x86)\Rovio
      2017-11-10 17:08 - 2016-09-18 16:56 - 000000000 _____ C:\Windows\SysWOW64\last.dump
      2017-11-10 17:08 - 2009-07-14 02:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2017-11-10 16:23 - 2016-06-13 19:01 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-11-10 16:23 - 2016-06-13 19:01 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-11-10 16:23 - 2016-06-13 19:01 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-11-10 16:23 - 2016-06-13 19:01 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-11-10 16:23 - 2016-06-13 19:01 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-11-10 16:23 - 2016-06-13 19:01 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-11-10 16:22 - 2017-06-10 11:01 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
      2017-11-10 16:22 - 2017-06-10 11:01 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-11-10 16:22 - 2017-06-10 11:01 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-11-10 16:22 - 2017-06-10 11:01 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-11-10 16:22 - 2016-06-13 19:01 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-11-10 16:20 - 2016-06-19 20:44 - 000000000 ____D C:\Windows\System32\Tasks\Games

      ==================== Files in the root of some directories =======

      2016-10-15 14:56 - 2017-12-02 22:08 - 000005120 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2016-11-27 15:53 - 2016-11-27 15:53 - 000007602 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
      2017-07-25 23:04 - 2017-07-25 23:04 - 000000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
      2017-07-25 23:05 - 2017-07-25 23:05 - 000000425 _____ () C:\Users\Usuario\AppData\Local\UserProducts.xml

      Some files in TEMP:
      ====================
      2017-09-23 11:19 - 2017-09-23 11:19 - 001138176 _____ () C:\Users\Usuario\AppData\Local\Temp\AMDCleanupUtility.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000232960 _____ () C:\Users\Usuario\AppData\Local\Temp\Cleanup.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\Usuario\AppData\Local\Temp\ddu.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000414152 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\difxapi.dll
      2017-07-19 14:18 - 2017-07-19 14:18 - 000739904 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-10-21 18:09 - 2017-10-21 18:09 - 001856576 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u151-windows-au.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000516096 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcm80.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 001061376 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcp80.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 000796672 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcr80.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole6123474948965931044.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole8169867983716609098.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole8932101361315660852.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-12-02 14:24

      ==================== End of FRST.txt ============================

    5. #5
      Usuario Avatar de yosantiyo
      Registrado
      dic 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Informe de Addition.txt

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
      Ran by Usuario (02-12-2017 23:01:08)
      Running from C:\Users\Usuario\Desktop
      Windows 7 Ultimate Service Pack 1 (X64) (2016-06-13 14:25:47)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-4237186871-643376709-1415410202-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-4237186871-643376709-1415410202-1003 - Limited - Enabled)
      Invitado (S-1-5-21-4237186871-643376709-1415410202-501 - Limited - Disabled)
      Usuario (S-1-5-21-4237186871-643376709-1415410202-1000 - Administrator - Enabled) => C:\Users\Usuario

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
      Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
      AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
      Aplicación Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      Apowersoft Online Launcher versión 1.4.5 (HKU\S-1-5-21-4237186871-643376709-1415410202-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED)
      Ashampoo Snap 6 v.6.0.6 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.6 - Ashampoo GmbH & Co. KG)
      Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
      Catalyst Control Center Next Localization BR (HKLM\...\{0AAE5E7A-2F6D-72D9-D0DF-80F194BD7A5A}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{0500A3FF-F5A1-3313-58CD-7DBC0126BDB0}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{2E866797-6A86-D485-08EE-7EDF2FF58758}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{ECFBE513-0699-58BF-E02C-9FF4F5E7EF89}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{F2691442-6098-2100-B54E-FA8B834E8437}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{8E8075B9-F175-9406-5CB6-D4E0DC559715}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{17DE6391-FC9A-FBC9-D7F6-733B5DC4610F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{6FF45160-0439-645E-8450-DD06558CED11}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{F3441830-D747-C1FA-1D64-5115FA200754}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{89434C70-A75C-8D5B-3E62-180F144E327E}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{B76DE8AB-9E9B-019B-4155-3426BD56DF3B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{6611961A-B0E7-8CC0-B37D-B8427E4465CA}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{88FA6A6D-6441-A1E1-A318-7C78BFD42129}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{064C9A53-41BD-48A7-E6D6-B8B602DAD865}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{D8EEF488-861F-4A2D-6DF7-E5DD10409B75}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{8CE00A89-56EF-E816-E6BB-47AE6F88E395}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{D5A61AA0-63BB-CD18-03FC-603334B7E961}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{BA45B0B3-E1D3-E7A1-964C-D8F56A6451F2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{07F21799-880A-FFE0-7832-04B6E57877B3}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{AFE15987-06A8-175A-B04B-B883440C96CC}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{6304B126-A90A-AF9F-B474-7D964C38FA75}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
      Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
      Chuzzle Deluxe 1.0 (HKLM-x32\...\Chuzzle Deluxe 1.0) (Version: - )
      Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
      Counter-Strike Xtreme V5 (HKLM-x32\...\Counter-Strike Xtreme V5) (Version: - )
      CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
      DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
      DFX (HKLM-x32\...\DFX) (Version: 12.017.0.0 - Power Technology)
      Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
      f.lux (HKU\S-1-5-21-4237186871-643376709-1415410202-1000\...\Flux) (Version: - f.lux Software LLC)
      Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
      FreeMouseAutoClicker 3.8.2 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version: - Advanced Mouse Auto Clicker ltd.)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
      HP DeskJet 2130 series Ayuda (HKLM-x32\...\{0ABC47CC-14F8-4D01-B877-4203635C0B06}) (Version: 35.0.0 - Hewlett Packard)
      HP DeskJet 2130 series Software básico del dispositivo (HKLM\...\{985B2E7E-994C-4D0C-A881-72317A4C8E56}) (Version: 40.11.1124.17107 - HP Inc.)
      HP Dropbox Plugin (HKLM-x32\...\{7BEBB31E-58C4-4FA5-9AD1-ACBE32BF0D12}) (Version: 36.0.41.58587 - HP)
      HP Google Drive Plugin (HKLM-x32\...\{63BD9C12-5CE9-4294-B1C3-A09F971FAFB5}) (Version: 36.0.41.58587 - HP)
      Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
      Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
      Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{246dcb72-b18c-4ab9-9de9-8a996296b01d}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
      Mozilla Firefox 57.0.1 (x64 es-AR) (HKLM\...\Mozilla Firefox 57.0.1 (x64 es-AR)) (Version: 57.0.1 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
      MU LEGEND GLOBAL (HKLM-x32\...\{MU2GB92C-VH2O-Z2AQ-N26J-M2VJEWJEUE52}_is1) (Version: 1.0.0.0 - Webzen)
      Nero 7 Essentials (HKLM-x32\...\{3BDEE284-1516-40E8-B784-00FEBE1B1033}) (Version: 7.02.9769 - Nero AG)
      Path of Exile (HKLM-x32\...\{645c3814-50eb-458f-a2e8-ee457d0d0485}) (Version: 3.0.1.19006 - Grinding Gear Games)
      Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.0.1.19006 - Grinding Gear Games) Hidden
      Plantas Contra Zombis (HKLM-x32\...\Plantas Contra Zombis) (Version: - )
      Platinum Hide IP (HKLM-x32\...\PlatinumHideIP) (Version: 3.5.7.6 - )
      Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
      SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
      SoftPerfect WiFi Guard version 1.0.3 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.3 - SoftPerfect Research)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
      Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
      Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
      WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
      ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal)
      ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-02-26] (Advanced Micro Devices, Inc.)
      ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {16554B4C-9BC1-41E7-96DE-5B04AB09215E} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
      Task: {19CE3385-CE04-4FCA-8B35-FE675FE3210D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
      Task: {2A2E7BE7-E8DC-46CF-B01B-1A2725E47CD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
      Task: {59C6F775-0F7C-44BA-BB86-1550F436F4E5} - System32\Tasks\SafeZone scheduled Autoupdate 1465855962 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
      Task: {7BD73F2C-B857-46C5-9C37-38DCDDDBE1AB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
      Task: {82686692-B7CE-466E-B38F-84543086B074} - System32\Tasks\{9329317B-473D-4997-B101-8B7354A6F1F7} => C:\Users\Usuario\Desktop\Metin2Crytek\CrytekMt2.exe
      Task: {8BD5261B-232A-41D3-9D75-6458565E6663} - System32\Tasks\update-S-1-5-21-4237186871-643376709-1415410202-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
      Task: {8D49D959-444D-4FC6-AFD6-9600CED9F251} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
      Task: {E1258C7F-13EC-4D5B-9907-5E708CC8D348} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
      Task: {EB0A2F45-2EFC-4E05-A398-44E0351A68F5} - System32\Tasks\{CDD30A42-5CB6-491C-B6EB-623833543F05} => C:\Users\Usuario\Desktop\Metin2Crytek\CrytekMt2.exe
      Task: {EDDE86D4-CE18-430C-89D1-4401F4508FA7} - System32\Tasks\{6E1660D2-7064-49D8-B411-A006E7353F9D} => D:\zGames\Metin2Crytek\CrytekMt2.exe
      Task: {FE8BA886-AFC6-4B54-B6C7-DEF39B49C02C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
      Task: {FE8D78DF-A915-4447-BDA3-3CA55CA12321} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-10] (AVAST Software)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\update-S-1-5-21-4237186871-643376709-1415410202-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
      2015-06-25 17:34 - 2015-06-25 17:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
      2015-06-25 17:37 - 2015-06-25 17:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
      2015-06-25 17:35 - 2015-06-25 17:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
      2015-06-25 17:38 - 2015-06-25 17:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
      2015-06-25 16:53 - 2015-06-25 16:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
      2015-06-25 16:51 - 2015-06-25 16:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
      2016-06-22 13:04 - 2016-06-23 10:44 - 001595384 _____ () C:\Program Files (x86)\DFX\DFX.exe
      2016-06-22 12:52 - 2016-06-22 12:52 - 000161784 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
      2016-06-22 12:59 - 2016-06-22 12:59 - 000176120 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
      2016-06-22 13:57 - 2016-06-22 13:57 - 000098296 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
      2017-11-10 16:23 - 2017-11-10 16:23 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
      2017-11-10 16:23 - 2017-11-10 16:23 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
      2017-11-10 16:23 - 2017-11-10 16:23 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
      2017-12-02 19:18 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
      2017-12-02 13:00 - 2017-12-02 13:00 - 005892848 _____ () C:\Program Files\AVAST Software\Avast\defs\17120202\algo.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
      2017-07-12 20:50 - 2017-07-12 20:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2017-11-10 16:22 - 2017-11-10 16:22 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
      2016-06-22 13:49 - 2016-06-22 13:49 - 000083960 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2017-12-02 18:53 - 2017-12-02 18:53 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla y Selector de OneNote 2010.lnk => C:\Windows\pss\Recorte de pantalla y Selector de OneNote 2010.lnk.Startup
      MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
      MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
      MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
      MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [TCP Query User{EED00207-8545-4717-91FB-C93CAE1F04F2}C:\program files\counter-strike xtreme v5\hl.exe] => (Allow) C:\program files\counter-strike xtreme v5\hl.exe
      FirewallRules: [UDP Query User{41B00792-54D5-456E-A970-FCD0F08A9D4D}C:\program files\counter-strike xtreme v5\hl.exe] => (Allow) C:\program files\counter-strike xtreme v5\hl.exe
      FirewallRules: [TCP Query User{A9B172A4-3441-4F66-BF75-067485566D80}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
      FirewallRules: [UDP Query User{15BB7571-7BEE-4919-967F-0EF98D80EC59}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
      FirewallRules: [TCP Query User{6A115866-0909-4518-AAFF-970DDF733C16}C:\program files (x86)\counter-strike 1.6\hlds.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hlds.exe
      FirewallRules: [UDP Query User{A790F913-E2D4-4A68-A8AD-A4AF50BCBE7D}C:\program files (x86)\counter-strike 1.6\hlds.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hlds.exe
      FirewallRules: [TCP Query User{D96B5295-83C5-4515-907D-EE28636F7C81}C:\program files (x86)\need for speed - most wanted\speed.exe] => (Allow) C:\program files (x86)\need for speed - most wanted\speed.exe
      FirewallRules: [UDP Query User{435AB679-0D18-4674-84A3-2CB89FD681EE}C:\program files (x86)\need for speed - most wanted\speed.exe] => (Allow) C:\program files (x86)\need for speed - most wanted\speed.exe
      FirewallRules: [{3CE033E1-C863-4B31-B489-B7B699F327D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{99FE886D-FDC3-4D67-A7B8-00D65693F8C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{4EC442B8-C2AE-433D-A9EC-FBCB22DC7E80}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
      FirewallRules: [{2CFC6ECD-A639-488E-92D5-1F0BE956854D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
      FirewallRules: [{2640A383-6DE3-4BE8-8EE3-BCA18416DFD9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
      FirewallRules: [{A49777DC-E97E-4BA2-9286-76C45721EF53}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
      FirewallRules: [{91F3FD28-8DDD-4F94-A9E0-A5BCAB04754F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{B3CCF04F-6B10-44BB-B041-9C4DACF51196}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{DEE5CFD6-F317-4376-9128-DBB249F2E1C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{3B39CF21-00BB-4738-A396-787310D0D07D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{E306DE30-EBCA-452F-A9A1-BD3A27E5827C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
      FirewallRules: [{21C2DAC4-97A7-40DF-B9B9-80736938A64D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
      FirewallRules: [{DD3933B1-7592-4358-AC3D-F93FB1243400}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
      FirewallRules: [{D50370BF-61AB-4197-B07B-6B6DCC599354}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
      FirewallRules: [{FBB36BFA-1E63-449C-869A-DD2C18B7E304}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
      FirewallRules: [{18C9E286-007D-48F6-9CBA-49A19EE22475}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
      FirewallRules: [{679D14E1-0393-4131-917A-148B8CC44924}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
      FirewallRules: [{21DD400B-D542-446A-80A8-749EF3BB5BFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      18-11-2017 13:01:05 Punto de control programado
      26-11-2017 10:55:10 Punto de control programado
      02-12-2017 19:31:27 Revo Uninstaller Pro's restore point - Google Chrome
      02-12-2017 19:32:17 Revo Uninstaller Pro's restore point - Google Chrome
      02-12-2017 20:32:09 Revo Uninstaller Pro's restore point - PlaysTV
      02-12-2017 20:33:39 Revo Uninstaller Pro's restore point - Raptr

      ==================== Faulty Device Manager Devices =============

      Name: ZAM Helper Driver
      Description: ZAM Helper Driver
      Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
      Manufacturer:
      Service: ZAM
      Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
      Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
      Devices stay in this state if they have been prepared for removal.
      After you remove the device, this error disappears.Remove the device, and this error should be resolved.

      Name: ZAM Guard Driver
      Description: ZAM Guard Driver
      Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
      Manufacturer:
      Service: ZAM_Guard
      Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
      Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
      Devices stay in this state if they have been prepared for removal.
      After you remove the device, this error disappears.Remove the device, and this error should be resolved.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (12/02/2017 10:35:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (12/02/2017 10:34:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
      Description: Los Servicios de cifrado no pudieron inicializar el objeto "System Writer" de la copia de seguridad de VSS.

      Details:
      Could not query the status of the EventSystem service.

      System Error:
      Se está cerrando el sistema.
      .

      Error: (12/02/2017 10:15:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (12/02/2017 09:36:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (12/02/2017 08:32:08 PM) (Source: VSS) (EventID: 8194) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
      .
      A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


      Operación:
      Recopilando datos del escritor

      Contexto:
      Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
      Nombre del escritor: System Writer
      Id. de instancia del escritor: {934280e7-7b95-4cda-bd8b-f3e797c499c2}

      Error: (12/02/2017 08:29:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (12/02/2017 08:14:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (12/02/2017 07:31:25 PM) (Source: VSS) (EventID: 8194) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
      .
      A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


      Operación:
      Recopilando datos del escritor

      Contexto:
      Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
      Nombre del escritor: System Writer
      Id. de instancia del escritor: {e450e91a-ce48-48e7-a15e-d7783cd6a3dd}

      Error: (12/02/2017 07:25:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (12/02/2017 07:17:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


      System errors:
      =============
      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/02/2017 10:13:43 PM) (Source: DCOM) (EventID: 10005) (User: )
      Description: Error de DCOM "1068" al intentar iniciar el servicio netprofm con argumentos "" para ejecutar el servidor:
      {A47979D2-C419-11D9-A5B4-001185AD2B89}

      Error: (12/02/2017 10:13:43 PM) (Source: DCOM) (EventID: 10005) (User: )
      Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
      {9E175B6D-F52A-11D8-B9A5-505054503030}


      CodeIntegrity:
      ===================================
      Date: 2017-12-01 20:32:41.304
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme595\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:32:41.252
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme595\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:26:30.458
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme595\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:26:30.405
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme595\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:25:15.878
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Usuario\Downloads\aida64extreme595\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:25:15.822
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Users\Usuario\Downloads\aida64extreme595\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:21:00.374
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme_build_3958_ncp6bwrt8j\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-12-01 20:21:00.322
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme_build_3958_ncp6bwrt8j\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-11-26 18:34:04.559
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme_build_3958_ncp6bwrt8j\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-11-26 18:34:04.512
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\zProgramas\AIDA\aida64extreme_build_3958_ncp6bwrt8j\kerneld.x64 porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.


      ==================== Memory info ===========================

      Processor: AMD Phenom(tm) II X2 560 Processor
      Percentage of memory in use: 41%
      Total physical RAM: 6143.18 MB
      Available physical RAM: 3571.87 MB
      Total Virtual: 12284.54 MB
      Available Virtual: 9346.64 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:465.66 GB) (Free:365.84 GB) NTFS
      Drive d: () (Fixed) (Total:149.05 GB) (Free:42.67 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0F0F0F0)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7D147D14)
      Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

      Se alargó a 3 mensajes, perdón.

    6. #6
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola

      Cita Originalmente publicado por yosantiyo Ver Mensaje
      Hola Daniela, perdón si incumplo normas del foro en cuanto el posteo, como dije recien conozco el foro,
      No te preocupes, lo estás haciendo muy bien


      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Extension: (Disable Media WMF NV12 format) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ph5et5nq.default-1511034946806\features\{db27eaf0-45a9-46a7-b4a8-b0856b66b03a}\[email protected] [2017-12-02] [Lagacy]
      CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-02]
      CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-02]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [kadalpbldokjhijcgndnldpheokmaeje] - hxxps://clients2.google.com/service/update2/crx
      S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
      S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
      2017-12-02 21:34 - 2017-07-20 12:12 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\ProgramData\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\Program Files (x86)\IObit
      2017-09-23 11:19 - 2017-09-23 11:19 - 001138176 _____ () C:\Users\Usuario\AppData\Local\Temp\AMDCleanupUtility.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000232960 _____ () C:\Users\Usuario\AppData\Local\Temp\Cleanup.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\Usuario\AppData\Local\Temp\ddu.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000414152 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\difxapi.dll
      2017-07-19 14:18 - 2017-07-19 14:18 - 000739904 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-10-21 18:09 - 2017-10-21 18:09 - 001856576 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u151-windows-au.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000516096 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcm80.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 001061376 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcp80.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 000796672 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcr80.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole6123474948965931044.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole8169867983716609098.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole8932101361315660852.dll
      ShellIconOverlayIdentifiers: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de yosantiyo
      Registrado
      dic 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola de nuevo Daniela, sinceramente no puedo estar mas satisfecho...
      Antes del Fix Chrome aparecía con "New Tab" en vez de "Nueva Pestaña", ahora volvio a la normalidad.
      El problema con chromesearch.win desapareció, pude eliminarlo de los motores de búsqueda.
      El navegador volvió a la normalidad por completo!

      Acá te pongo lo que me pediste y nuevamente muchisimas gracias por todo, si hay que realizar un último paso voy a estar atento al Post a ver que dices.

      Fixlog:

      Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
      Ran by Usuario (03-12-2017 17:24:43) Run:1
      Running from C:\Users\Usuario\Desktop
      Loaded Profiles: Usuario (Available Profiles: Usuario)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Extension: (Disable Media WMF NV12 format) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ph5et5nq.default-1511034946806\features\{db27eaf0-45a9-46a7-b4a8-b0856b66b03a}\[email protected] [2017-12-02] [Lagacy]
      CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-02]
      CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-02]
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [kadalpbldokjhijcgndnldpheokmaeje] - hxxps://clients2.google.com/service/update2/crx
      S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
      S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
      2017-12-02 21:34 - 2017-07-20 12:12 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\ProgramData\IObit
      2017-12-02 21:34 - 2017-07-20 12:11 - 000000000 ____D C:\Program Files (x86)\IObit
      2017-09-23 11:19 - 2017-09-23 11:19 - 001138176 _____ () C:\Users\Usuario\AppData\Local\Temp\AMDCleanupUtility.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000232960 _____ () C:\Users\Usuario\AppData\Local\Temp\Cleanup.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\Usuario\AppData\Local\Temp\ddu.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000414152 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\difxapi.dll
      2017-07-19 14:18 - 2017-07-19 14:18 - 000739904 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-10-21 18:09 - 2017-10-21 18:09 - 001856576 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u151-windows-au.exe
      2017-09-23 11:19 - 2017-09-23 11:19 - 000516096 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcm80.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 001061376 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcp80.dll
      2017-09-23 11:19 - 2017-09-23 11:19 - 000796672 _____ (Microsoft Corporation) C:\Users\Usuario\AppData\Local\Temp\msvcr80.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole6123474948965931044.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole8169867983716609098.dll
      2017-12-01 23:21 - 2017-12-01 23:21 - 000040448 ____N () C:\Users\Usuario\AppData\Local\Temp\proxy_vole8932101361315660852.dll
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
      C:\Windows\system32\GroupPolicy\Machine => moved successfully
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
      HKLM\SOFTWARE\Policies\Google => key removed successfully
      C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ph5et5nq.default-1511034946806\features\{db27eaf0-45a9-46a7-b4a8-b0856b66b03a}\[email protected] => moved successfully
      CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-02] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-02] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos de Google sin conexi�n) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02] => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kadalpbldokjhijcgndnldpheokmaeje => key removed successfully
      HKLM\System\CurrentControlSet\Services\EsgScanner => key removed successfully
      EsgScanner => service removed successfully
      HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
      VGPU => service removed successfully
      HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
      ZAM => service removed successfully
      HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
      ZAM_Guard => service removed successfully
      C:\Users\Usuario\AppData\LocalLow\IObit => moved successfully
      C:\Users\Usuario\AppData\Roaming\IObit => moved successfully
      C:\ProgramData\IObit => moved successfully
      C:\Program Files (x86)\IObit => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\AMDCleanupUtility.exe => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\Cleanup.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\ddu.exe => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\difxapi.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\jre-8u141-windows-au.exe => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\jre-8u151-windows-au.exe => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\msvcm80.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\msvcp80.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\msvcr80.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\proxy_vole6123474948965931044.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\proxy_vole8169867983716609098.dll => moved successfully
      C:\Users\Usuario\AppData\Local\Temp\proxy_vole8932101361315660852.dll => moved successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
      HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
      HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
      HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
      HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
      HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
      HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare => key removed successfully
      HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => key not found
      HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
      HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
      HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
      HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::80ce:28db:590:7e92%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.{A064B4A2-7064-4F60-B779-6D682F2767C9}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c

      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-4237186871-643376709-1415410202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44355362 B
      Java, Flash, Steam htmlcache => 10103432 B
      Windows/system/drivers => 2851122 B
      Edge => 0 B
      Chrome => 115240304 B
      Firefox => 386877587 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 16802 B
      systemprofile32 => 80786 B
      LocalService => 0 B
      NetworkService => 7864 B
      Usuario => 2044987649 B

      RecycleBin => 0 B
      EmptyTemp: => 2.4 GB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 17:25:37 ====

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola

      Nos quedaría eliminar las herramientas utilizadas:


      • Utiliza de nuevo >> Descarga >> DelFix

        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca todas las casillas.

      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), revisa que se hayan eliminado las herramientas utilizadas.


      Confirmamos si sigue bien.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de yosantiyo
      Registrado
      dic 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola aquí adjunto el informe:

      # DelFix v1.011 - Logfile created 03/12/2017 at 18:47:31
      # Updated 18/08/2015 by Xplode
      # Username : Usuario - USUARIO-PC
      # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

      ~ Activating UAC ... OK

      ~ Removing disinfection tools ...

      Deleted : C:\FRST
      Deleted : C:\AdwCleaner
      Deleted : C:\Users\Usuario\Desktop\Addition.txt
      Deleted : C:\Users\Usuario\Desktop\AdwCleaner[C0].txt
      Deleted : C:\Users\Usuario\Desktop\Fixlog.txt
      Deleted : C:\Users\Usuario\Desktop\FRST.txt
      Deleted : C:\Users\Usuario\Desktop\FRST64.exe
      Deleted : C:\Users\Usuario\Desktop\Informe.txt
      Deleted : C:\Users\Usuario\Downloads\adwcleaner_7.0.5.0.exe
      Deleted : C:\Users\Usuario\Downloads\FRST64.exe

      ~ Creating registry backup ... OK

      ~ Cleaning system restore ...

      Deleted : RP #68 [Punto de control programado | 11/18/2017 16:01:05]
      Deleted : RP #69 [Punto de control programado | 11/26/2017 13:55:10]
      Deleted : RP #71 [Revo Uninstaller Pro's restore point - Google Chrome | 12/02/2017 22:31:27]
      Deleted : RP #73 [Revo Uninstaller Pro's restore point - Google Chrome | 12/02/2017 22:32:17]
      Deleted : RP #75 [Revo Uninstaller Pro's restore point - PlaysTV | 12/02/2017 23:32:09]
      Deleted : RP #77 [Revo Uninstaller Pro's restore point - Raptr | 12/02/2017 23:33:39]

      New restore point created !

      ~ Resetting system settings ... OK

      ########## - EOF - ##########

      Problema solucionado,MUCHAS GRACIAS POR TODO

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Ayuda con la eliminacion de "http://chromesearch.win"

      Hola yosantiyo

      Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte

      Nos alegramos que se te haya resuelto Damos el tema por solucionado.


      Si deseas REABRIR ESTE TEMA presiona para reportarlo Como Reportar Mensajes?.

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, para estar al tanto de los nuevos malwares y cómo prevenirlos.

      *** Tema solucionado ***


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.