• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 20

    Otro con la doble tilde.(Solucionado)

    ...

          
    1. #1
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14

      Otro con la doble tilde.(Solucionado)

      Hola, hace unos días que padezco la doble tilde en el pc y el portátil. He probado con el DT-kill, Malwarebytes y Ccleaner tal y como aparece en una guía de este foro. He mirado otros mensajes y como se solucionaron y no he obtenida resultados. Mi pericia es baja en estos temas, a lo mejor cometo un error en algún momento.

      Reporto el DT-kill.txt del sobremesa para ver si alguien me puede ayudar (si hace falta el del portátil avisarme, yo he supuesto que sera lo mismo con idéntica solución):

      Usuario: ***| (Administrador)


      ============================ Malwares Eliminados ============================


      ============================ Startup ============================

      HKLM64 - Run: [NvBackend] - "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      HKLM64 - Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM64 - Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      HKLM64 - Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe
      HKLM64 - Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      HKLM64 - Run: [Windows Mobile Device Center] - %windir%\WindowsMobile\wmdc.exe
      HKLM64 - Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe" /launch /hide
      HKLM - Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      HKLM - Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      HKLM - Run: [Dropbox] - "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
      HKLM - Run: [QfinderPro] - "C:\Program Files (x86)\QNAP\Qfinder\QfinderPro.exe" /min /auto
      HKLM - Run: [Qsync] - "C:\Program Files (x86)\QNAP\Qsync\Qsync.exe" /launch_qsync
      HKLM - Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKLM - Run: [] -
      HKCU - Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      HKCU - Run: [CCleaner Monitoring] - "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      HKCU - Run: [AdobeBridge] -


      ============================ Scan Suplementario ============================

      C:\ProgramData\Adobe
      C:\ProgramData\Apple
      C:\ProgramData\Application Data
      C:\ProgramData\CanonBJ
      C:\ProgramData\Common Files
      C:\ProgramData\Datos de programa
      C:\ProgramData\Desktop
      C:\ProgramData\Documentos
      C:\ProgramData\Documents
      C:\ProgramData\Dropbox
      C:\ProgramData\Escritorio
      C:\ProgramData\ESET
      C:\ProgramData\Favorites
      C:\ProgramData\Favoritos
      C:\ProgramData\Malwarebytes
      C:\ProgramData\Menú Inicio
      C:\ProgramData\Microsoft
      C:\ProgramData\Microsoft Help
      C:\ProgramData\ntuser.pol
      C:\ProgramData\NVIDIA
      C:\ProgramData\NVIDIA Corporation
      C:\ProgramData\Oracle
      C:\ProgramData\Package Cache
      C:\ProgramData\Plantillas
      C:\ProgramData\postgresql
      C:\ProgramData\regid.1986-12.com.adobe
      C:\ProgramData\regid.1991-06.com.microsoft
      C:\ProgramData\Start Menu
      C:\ProgramData\Templates
      C:\ProgramData\TomTom
      C:\ProgramData\TuneUp Software
      C:\ProgramData\{A4B1E745-300F-4728-A3CA-E28006D5D739}
      C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
      C:\Users\IFS\AppData\Roaming\Adobe
      C:\Users\IFS\AppData\Roaming\Canon
      C:\Users\IFS\AppData\Roaming\dclogs
      C:\Users\IFS\AppData\Roaming\Dell Touch Zone
      C:\Users\IFS\AppData\Roaming\Dropbox
      C:\Users\IFS\AppData\Roaming\ESET
      C:\Users\IFS\AppData\Roaming\Fingertapps
      C:\Users\IFS\AppData\Roaming\Google
      C:\Users\IFS\AppData\Roaming\Identities
      C:\Users\IFS\AppData\Roaming\iSignage
      C:\Users\IFS\AppData\Roaming\Kodi
      C:\Users\IFS\AppData\Roaming\Macromedia
      C:\Users\IFS\AppData\Roaming\Media Center Programs
      C:\Users\IFS\AppData\Roaming\Microsoft
      C:\Users\IFS\AppData\Roaming\Motorola
      C:\Users\IFS\AppData\Roaming\Motorola Mobility
      C:\Users\IFS\AppData\Roaming\Mozilla
      C:\Users\IFS\AppData\Roaming\NVIDIA
      C:\Users\IFS\AppData\Roaming\Opera Software
      C:\Users\IFS\AppData\Roaming\RHEng
      C:\Users\IFS\AppData\Roaming\Sun
      C:\Users\IFS\AppData\Roaming\TomTom
      C:\Users\IFS\AppData\Roaming\TuneUp Software
      C:\Users\IFS\AppData\Roaming\vlc
      C:\Users\IFS\AppData\Roaming\WinRAR
      C:\Users\IFS\AppData\Local\Temp\NVIDIA Corporation
      C:\Users\IFS\AppData\Local\Temp\~DFB3EBA1E4F34A7D42.TMP


      ============================ 03/01/2018 - 17:13:37 ============================


      Muchas gracias de antemano-

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.472

      Re: Otro con la doble tilde

      Buenas ifs. al Foro.

      Temas que interesa revisar y leer :

      Consejos para antes de publicar un nuevo mensaje.

      Políticas del Foro de InfoSpyware.

      Políticas Foro Oficial de HijackThis en español.

      ¿Cómo subir imágenes al Foro? *TUTORIAL*
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Y ahora para revisar tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

      Céntrate al hacerlos en la misma maquina de la que pusiste el informe anterior, posteriormente para veremos de analizar la otra, y los pasos aunque puedan ser parecidos NUNCA son idénticos en maquinas distintas.

      Paso 1.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras realizamos TODOS los pasos.

      Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


      Una vez descargadas, desconectas tu equipo de Internet(apaga el router) << Muy Importante, y Cierras también cualquier otro programa que tengas abierto.

      Paso 2.- Ejecutas las herramientas de una en una y en el orden indicado :

      Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador" para Todos los programas.
      CCleaner.-
      • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
      • Úsalo primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

      Malwarebytes.-
      • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
      • Realiza un Análisis Completo.
      • Seleccionando "TODOS a Cuarentena" para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

      AdwCleaner.-
      • Ejecuta Adwcleaner.exe.
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\Program Files(x86)\AdwCleaner\AdwCleaner[C1].txt"

      Junkware Removal Tool.-
      • Ejecuta JRT.exe.
      • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
      • Si en algún momento te pide Reiniciar hazlo.
      • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

      Farbar Recovery Scan Tool.-
      • Ejecuta FRST.exe.
      • En el mensaje de la ventana del Disclaimer, pulsamos Yes.
      • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el análisis.
      • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

      Paso 3.- Poner los informes en tu próxima respuesta de :

      • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.


      Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14
      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 4/1/18
      Hora del análisis: 13:44
      Archivo de registro: f7072c12-f14c-11e7-bb9a-90e6ba5d14f9.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.262
      Versión del paquete de actualización: 1.0.3620
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: IFS-PC\IFS

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 262238
      Amenazas detectadas: 5
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 1 min, 29 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 2
      PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Sin acciones por parte del usuario, [2336], [243667],1.0.3620
      Backdoor.DarkComet.Trace, HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\SOFTWARE\DC3_FEXEC, Sin acciones por parte del usuario, [13460], [246706],1.0.3620

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 1
      Trojan.StolenData, C:\USERS\IFS\APPDATA\ROAMING\DCLOGS, Sin acciones por parte del usuario, [1050], [250094],1.0.3620

      Archivo: 2
      Trojan.StolenData, C:\USERS\IFS\APPDATA\ROAMING\DCLOGS\2018-01-03-4.dc, Sin acciones por parte del usuario, [1050], [250094],1.0.3620
      Trojan.StolenData, C:\Users\IFS\AppData\Roaming\dclogs\2018-01-04-5.dc, Sin acciones por parte del usuario, [1050], [250094],1.0.3620

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      # AdwCleaner 7.0.5.0 - Logfile created on Thu Jan 04 13:04:44 2018
      # Updated on 2017/29/11 by Malwarebytes
      # Running on Windows 7 Enterprise (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      Deleted: C:\Users\IFS\AppData\Roaming\RHEng


      ***** [ Files ] *****

      No malicious files deleted.

      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      No malicious tasks deleted.

      ***** [ Registry ] *****

      Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
      Deleted: [Key] - HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\Software\DC3_FEXEC
      Deleted: [Key] - HKCU\Software\DC3_FEXEC


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [1184 B] - [2018/1/4 1338]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Enterprise x64
      Ran by IFS (Administrator) on 04/01/2018 at 14:14:07,04
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 16

      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQB4X0NS (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0D1TZD0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TT1DRZH5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6XWFVGN (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQB4X0NS (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0D1TZD0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TT1DRZH5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6XWFVGN (Temporary Internet Files Folder)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 04/01/2018 at 14:16:26,88
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    4. #4
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14

      Re: Otro con la doble tilde

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
      Ran by IFS (administrator) on IFS-PC (04-01-2018 14:20:05)
      Running from C:\Users\IFS\Desktop
      Loaded Profiles: IFS (Available Profiles: IFS)
      Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
      () C:\Windows\[email protected]
      () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
      (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
      (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      () C:\Windows\[email protected]
      () C:\Windows\[email protected]
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Corporation) C:\Users\IFS\oxdee.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
      HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
      HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
      HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [324216 2017-10-22] (ESET)
      HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
      HKLM-x32\...\Run: [QfinderPro] => C:\Program Files (x86)\QNAP\Qfinder\QfinderPro.exe [8228664 2016-07-06] ()
      HKLM-x32\...\Run: [Qsync] => C:\Program Files (x86)\QNAP\Qsync\Qsync.exe [25826104 2017-05-15] (QNAP Systems, Inc.)
      HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-27] (Adobe Systems Inc.)
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\...\Run: [AdobeBridge] => [X]
      HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
      IFEO\OSPPSVC.EXE: [Debugger] [email protected]
      IFEO\sppsvc.exe: [Debugger] [email protected]
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 213.60.205.175 213.60.205.173 212.51.32.254
      Tcpip\..\Interfaces\{877FDF97-BB23-4099-94B9-59AA29CF8519}: [DhcpNameServer] 213.60.205.175 213.60.205.173 212.51.32.254

      Internet Explorer:
      ==================
      HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-1785957807-1374413776-2740454749-1001 -> {D44728DE-10B4-4EA1-AD83-9E81221946C2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-09-20] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-27] (Adobe Systems Incorporated)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
      BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-27] (Adobe Systems Incorporated)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
      BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-27] (Adobe Systems Incorporated)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
      BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-27] (Adobe Systems Incorporated)
      Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-27] (Adobe Systems Incorporated)
      Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-27] (Adobe Systems Incorporated)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe

      FireFox:
      ========
      FF ProfilePath: C:\Users\IFS\AppData\Roaming\TomTom\HOME\Profiles\f2dq18nf.default [2017-12-25]
      FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
      FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-18] ()
      FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-18] ()
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> hxxp://www.google.es/
      CHR StartupUrls: Default -> "hxxp://www.google.es/","hxxps://www.google.com/"
      CHR Profile: C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
      CHR Extension: (Presentaciones) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
      CHR Extension: (Documentos) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
      CHR Extension: (Google Drive) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
      CHR Extension: (YouTube) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
      CHR Extension: (Búsqueda de Google) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
      CHR Extension: (Hojas de cálculo) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
      CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-06]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
      CHR Extension: (Gmail) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
      CHR Extension: (Chrome Media Router) - C:\Users\IFS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09]
      CHR HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
      S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-11] (Dropbox, Inc.)
      S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-11] (Dropbox, Inc.)
      R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2648184 2017-10-22] (ESET)
      R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
      R2 [email protected]; C:\Windows\[email protected] [26112 2017-10-22] () [File not signed]
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
      R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
      S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
      R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-19] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-10-22] (ESET)
      U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-22] (ESET)
      R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77736 2017-10-22] (ESET)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
      R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-04] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-04] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-04] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-04] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-04] (Malwarebytes)
      S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
      R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
      R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
      S3 seacusb; C:\Windows\System32\Drivers\seacusb.sys [27648 2009-07-13] (Seac Banche)
      S3 dbx; system32\DRIVERS\dbx.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-01-04 14:20 - 2018-01-04 14:20 - 000017393 _____ C:\Users\IFS\Desktop\FRST.txt
      2018-01-04 14:18 - 2018-01-04 14:18 - 000000861 _____ C:\Users\IFS\Desktop\FRST64 - Acceso directo.lnk
      2018-01-04 14:17 - 2018-01-04 14:20 - 000000000 ____D C:\FRST
      2018-01-04 14:16 - 2018-01-04 14:16 - 000003159 _____ C:\Users\IFS\Desktop\JRT.txt
      2018-01-04 14:13 - 2018-01-04 14:13 - 000001360 _____ C:\Users\IFS\Desktop\AdwCleaner[C1].txt
      2018-01-04 14:06 - 2018-01-04 14:06 - 000001314 _____ C:\Users\IFS\Desktop\AdwCleaner[C0].txt
      2018-01-04 13:53 - 2018-01-04 14:13 - 000000000 ____D C:\Users\IFS\AppData\Roaming\dclogs
      2018-01-04 13:50 - 2018-01-04 14:11 - 000000000 ____D C:\AdwCleaner
      2018-01-04 13:48 - 2018-01-04 13:48 - 004994536 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-01-04 13:46 - 2018-01-04 13:46 - 000002098 _____ C:\Users\IFS\Desktop\MBM.txt
      2018-01-04 13:41 - 2018-01-04 14:12 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-01-04 13:41 - 2018-01-04 14:12 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-01-04 13:41 - 2018-01-04 14:12 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-01-04 13:41 - 2018-01-04 13:41 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-01-04 13:40 - 2018-01-04 14:12 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-01-04 13:40 - 2018-01-04 13:40 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-01-04 13:40 - 2018-01-04 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-01-04 13:40 - 2018-01-04 13:40 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-01-04 13:40 - 2018-01-04 13:40 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-01-04 13:40 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2018-01-04 13:34 - 2018-01-04 13:34 - 000001284 _____ C:\Users\IFS\Desktop\REGISTRO CCLEANER.reg
      2018-01-04 13:30 - 2018-01-04 13:30 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
      2018-01-04 13:30 - 2018-01-04 13:30 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2018-01-04 13:30 - 2018-01-04 13:30 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2018-01-04 13:30 - 2018-01-04 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2018-01-04 13:30 - 2018-01-04 13:30 - 000000000 ____D C:\Program Files\CCleaner
      2018-01-04 12:58 - 2018-01-04 12:58 - 002393088 _____ (Farbar) C:\Users\IFS\Desktop\FRST64.exe
      2018-01-04 12:58 - 2018-01-04 12:58 - 001790024 _____ (Malwarebytes) C:\Users\IFS\Desktop\JRT.exe
      2018-01-04 12:57 - 2018-01-04 12:57 - 008187336 _____ (Malwarebytes) C:\Users\IFS\Desktop\AdwCleaner.exe
      2017-12-27 14:19 - 2017-12-27 14:19 - 000000000 ____D C:\Users\IFS\Downloads\BBS Tools Light 1
      2017-12-27 01:50 - 2017-12-27 01:50 - 000002739 _____ C:\Users\IFS\Desktop\TomTom HOME 2.lnk
      2017-12-26 21:48 - 2017-12-27 13:40 - 000000000 ____D C:\Users\IFS\Downloads\Iberia 1000 8641(GO )
      2017-12-25 23:08 - 2017-12-25 23:08 - 000000000 ____D C:\Users\IFS\Downloads\King of the Roads (by mt) Pack TT 2GB
      2017-12-25 22:02 - 2017-12-25 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
      2017-12-25 21:56 - 2017-12-27 13:40 - 000000000 ____D C:\Users\IFS\Downloads\King of the Roads (by mt) Comp 456MB
      2017-12-18 16:57 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-12-18 16:57 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-12-18 16:57 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-12-18 16:57 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-12-18 16:57 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-12-18 16:57 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-12-18 16:57 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-12-18 16:57 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-12-18 16:57 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-12-18 16:57 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-12-18 16:57 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-12-18 16:57 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-12-18 16:57 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-12-18 16:57 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-12-18 16:57 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-12-18 16:57 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-12-18 16:57 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-12-18 16:57 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-12-18 16:57 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-12-18 16:57 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-12-18 16:57 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-12-18 16:57 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-12-18 16:57 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-12-18 16:57 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-12-18 16:57 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-12-18 16:57 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-12-18 16:57 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-12-18 16:57 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-12-18 16:57 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-12-18 16:57 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-12-18 16:57 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-12-18 16:57 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-12-18 16:57 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-12-18 16:57 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-12-18 16:57 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-12-18 16:57 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-12-18 16:57 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-12-18 16:57 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-12-18 16:57 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-12-18 16:57 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2017-12-18 16:57 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-12-18 16:57 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-12-18 16:57 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-12-18 16:57 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-12-18 16:57 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-12-18 16:57 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2017-12-18 16:57 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2017-12-18 16:57 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2017-12-18 16:57 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2017-12-18 16:57 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-12-18 16:57 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2017-12-18 16:57 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2017-12-18 16:57 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2017-12-18 16:57 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-12-18 16:57 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2017-12-18 16:57 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2017-12-18 16:57 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2017-12-18 16:57 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2017-12-18 16:57 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2017-12-18 16:57 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-12-18 16:57 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2017-12-18 16:57 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2017-12-18 16:57 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-12-18 16:57 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-12-18 16:57 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-12-18 16:57 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2017-12-18 16:57 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-12-18 16:57 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-12-18 16:57 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-12-18 16:57 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2017-12-18 16:57 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2017-12-18 16:57 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2017-12-18 16:57 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2017-12-18 16:57 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2017-12-18 16:57 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2017-12-18 16:57 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
      2017-12-18 16:57 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
      2017-12-18 16:57 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
      2017-12-18 16:57 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
      2017-12-18 16:57 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
      2017-12-18 16:57 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
      2017-12-18 16:57 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
      2017-12-18 16:57 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
      2017-12-18 16:57 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
      2017-12-18 16:57 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
      2017-12-18 16:57 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
      2017-12-09 19:10 - 2018-01-04 14:12 - 000000000 ____D C:\Temp
      2017-12-09 19:10 - 2017-12-09 19:10 - 000000000 ____D C:\Users\IFS\AppData\Roaming\Motorola Mobility
      2017-12-09 17:51 - 2017-12-09 17:51 - 000001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
      2017-12-09 16:55 - 2017-12-09 16:55 - 000000000 ____D C:\Users\IFS\AppData\Local\SolidDocuments
      2017-12-08 14:49 - 2017-12-08 14:49 - 000000000 ____D C:\Program Files (x86)\PainteR
      2017-12-08 14:42 - 2017-12-08 14:48 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
      2017-12-08 14:42 - 2017-12-08 14:48 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
      2017-12-08 14:38 - 2017-12-08 14:38 - 000003544 _____ C:\Windows\System32\Tasks\mgcih
      2017-12-08 14:38 - 2017-12-08 14:38 - 000000000 __SHD C:\Users\IFS\mgcih
      2017-12-08 14:38 - 2017-04-21 13:53 - 000045176 ___SH (Microsoft Corporation) C:\Users\IFS\oxdee.exe
      2017-12-08 14:36 - 2017-12-08 14:36 - 000000000 ____D C:\Program Files (x86)\Adobe Systems Incorporated
      2017-12-07 18:40 - 2017-12-07 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
      2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
      2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
      2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
      2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-01-04 14:17 - 2011-04-12 10:05 - 000747396 _____ C:\Windows\system32\perfh00A.dat
      2018-01-04 14:17 - 2011-04-12 10:05 - 000158868 _____ C:\Windows\system32\perfc00A.dat
      2018-01-04 14:17 - 2009-07-14 06:13 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-01-04 14:17 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
      2018-01-04 14:12 - 2015-11-29 19:48 - 000000000 ___RD C:\Users\IFS\Qsync
      2018-01-04 14:12 - 2015-07-21 08:57 - 000000982 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
      2018-01-04 14:12 - 2015-04-04 21:13 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-01-04 14:12 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-01-04 14:11 - 2009-07-14 05:45 - 000019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-01-04 14:11 - 2009-07-14 05:45 - 000019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-01-04 13:38 - 2015-07-21 08:57 - 000000986 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
      2018-01-04 12:21 - 2015-04-04 21:09 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-29 01:23 - 2016-01-02 14:31 - 000000282 __RSH C:\ProgramData\ntuser.pol
      2017-12-27 14:35 - 2016-01-02 14:31 - 000000000 ____D C:\Users\IFS\AppData\Local\JDownloader v2.0
      2017-12-27 13:43 - 2017-09-09 18:54 - 000000000 ____D C:\Users\IFS\Desktop\Yolanda
      2017-12-27 12:51 - 2015-04-04 21:08 - 000000000 ____D C:\Users\IFS\AppData\Local\Deployment
      2017-12-26 22:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
      2017-12-25 22:02 - 2015-04-04 22:22 - 000000000 ____D C:\Program Files (x86)\TomTom HOME 2
      2017-12-25 22:01 - 2015-04-04 22:22 - 000000000 ____D C:\Users\IFS\AppData\Local\Downloaded Installations
      2017-12-25 21:58 - 2016-01-02 14:39 - 000000000 ____D C:\Users\IFS\Downloads\relink.us - Iberia_960_7056 - IDe9257081be1ac4f088d7cbde7485c4
      2017-12-20 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
      2017-12-20 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
      2017-12-18 17:57 - 2015-04-05 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2017-12-18 17:57 - 2015-04-05 01:26 - 000000000 ____D C:\Windows\system32\MRT
      2017-12-18 17:53 - 2017-10-18 19:57 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-12-18 17:53 - 2015-04-05 01:26 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-12-18 17:14 - 2015-04-05 11:00 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-18 17:14 - 2015-04-05 10:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-18 17:14 - 2015-04-05 10:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-18 17:14 - 2015-04-05 10:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-18 17:14 - 2015-04-05 10:59 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-10 11:31 - 2016-04-02 12:13 - 000000000 ____D C:\Users\IFS\AppData\Roaming\vlc
      2017-12-09 19:10 - 2015-04-04 22:29 - 000003482 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
      2017-12-09 19:10 - 2015-04-04 22:29 - 000003290 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
      2017-12-09 19:10 - 2015-04-04 22:29 - 000000000 ____D C:\Program Files (x86)\Motorola Mobility
      2017-12-09 18:42 - 2016-08-22 18:28 - 000000000 ___RD C:\Users\IFS\Dropbox
      2017-12-09 18:42 - 2015-07-21 08:57 - 000000000 ____D C:\Users\IFS\AppData\Local\Dropbox
      2017-12-09 16:51 - 2015-04-04 21:07 - 000000000 ____D C:\Users\IFS\AppData\Roaming\Adobe
      2017-12-08 14:48 - 2015-04-05 01:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-12-08 14:44 - 2015-04-04 22:17 - 000000000 ____D C:\Users\IFS\AppData\Local\Adobe
      2017-12-08 14:43 - 2016-06-26 13:21 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
      2017-12-08 14:43 - 2015-04-04 20:59 - 000000000 ____D C:\Users\IFS
      2017-12-08 14:42 - 2015-11-09 11:30 - 000000000 ____D C:\Program Files (x86)\Adobe
      2017-12-08 14:34 - 2015-04-05 01:44 - 000000000 ____D C:\Users\IFS\AppData\Local\ESET
      2017-12-07 18:40 - 2015-07-21 08:57 - 000000000 ____D C:\Program Files (x86)\Dropbox

      ==================== Files in the root of some directories =======

      2017-12-08 14:38 - 2017-04-21 13:53 - 000045176 ___SH (Microsoft Corporation) C:\Users\IFS\oxdee.exe
      2009-11-25 14:57 - 2009-11-25 14:57 - 000593920 _____ () C:\Program Files (x86)\drvinst_x86_x64.exe
      2015-09-04 08:30 - 2015-09-04 08:30 - 000000000 _____ () C:\Users\IFS\AppData\Local\{4355C6E8-16D7-426F-8C33-F6CC740EC05F}
      2016-01-27 14:03 - 2016-01-27 14:03 - 000000000 _____ () C:\Users\IFS\AppData\Local\{B48691FE-4153-4F72-8A1A-6D63F67C5E35}

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-12-26 22:06

      ==================== End of FRST.txt ============================

    5. #5
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14
      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
      Ran by IFS (04-01-2018 14:20:30)
      Running from C:\Users\IFS\Desktop
      Windows 7 Enterprise Service Pack 1 (X64) (2015-04-04 19:59:23)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1785957807-1374413776-2740454749-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-1785957807-1374413776-2740454749-1002 - Limited - Enabled)
      IFS (S-1-5-21-1785957807-1374413776-2740454749-1001 - Administrator - Enabled) => C:\Users\IFS
      Invitado (S-1-5-21-1785957807-1374413776-2740454749-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
      AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Acrobat DC 1.0.8.1 (HKLM-x32\...\Acrobat DC 1.0.8.1) (Version: 1.0.8.1 - Adobe Systems Incorporated)
      Actualización de NVIDIA 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
      Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
      Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
      Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
      Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
      Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
      BBS Tools (HKLM-x32\...\BBS Tools) (Version: 1.0.84 - BBS_Tools)
      Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
      Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
      Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
      CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version: - )
      CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
      Centro de dispositivos de Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
      Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
      Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
      Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
      Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      ESET NOD32 Antivirus (HKLM\...\{66BDE12D-83F8-40FC-8A0C-937B100FF175}) (Version: 10.1.219.1 - ESET, spol. s r.o.)
      Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
      JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
      Kodi (HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\...\Kodi) (Version: - XBMC-Foundation)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
      Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
      Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
      Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
      Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
      MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
      MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
      NEXGEN-RD1000-DLL (HKLM-x32\...\{688C9E3D-E9C6-4EE5-97F4-0B8B220D5DC7}) (Version: 1.0 - SEAC BANCHE IBERIDA) Hidden
      NEXGEN-RD1000-DLL (HKLM-x32\...\NEXGEN-RD1000-DLL) (Version: - SEAC BANCHE IBERICA)
      NVIDIA Controlador de 3D Vision 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
      NVIDIA Controlador de gráficos 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
      NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
      NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
      NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
      OneClickUpdate (HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\...\b0ab6e1a8233cc34) (Version: 1.1.2.6 - Vexia Econav)
      Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Panel de control de NVIDIA 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.44 - NVIDIA Corporation) Hidden
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
      ProxyEmu 0.9.2.0 (HKLM-x32\...\ProxyEmu 0.9.2.0) (Version: 0.9.2.0 - PainteR)
      QNAP Qfinder Pro (HKLM-x32\...\QNAP_FINDER) (Version: 5.3.1.0706 - QNAP Systems, Inc.)
      QNAP Qsync Client (HKLM-x32\...\Qsync) (Version: 4.2.0.0515 - QNAP Systems, Inc.)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
      Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
      SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.1000 - NVIDIA Corporation) Hidden
      SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
      TomTom HOME (HKLM-x32\...\{0E778C56-3A87-497E-BEF0-EF0D3EE4871C}) (Version: 2.10.2 - Nombre de su organización)
      TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
      Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version: - Yury Sidorov)
      UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version: - )
      Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ QsyncEx_Icon1] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ShellIconOverlayIdentifiers: [ QsyncEx_Icon2] -> {9959985C-14EF-47B9-AF21-185CE101CB13} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ShellIconOverlayIdentifiers: [ QsyncEx_Icon3] -> {7855A219-97EE-475B-BD69-C22B89D0FE5B} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ShellIconOverlayIdentifiers: [ QsyncEx_Icon4] -> {85D370C6-0D9A-4ED8-8E1B-6D270E944275} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
      ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-10-22] (ESET)
      ContextMenuHandlers1: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
      ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-10-22] (ESET)
      ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers4: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
      ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
      ContextMenuHandlers5: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
      ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-10-22] (ESET)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2017-04-17] ()
      ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0847E8C4-2E6E-4021-B346-5EFD990A479A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
      Task: {17D3A52C-8864-434A-B0FC-115251D912BF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
      Task: {2167F2FA-6D05-4199-B03A-89751331DDD2} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2016-07-06] ()
      Task: {244A5539-BC99-4EEC-BE9F-8A4E66A390B2} - System32\Tasks\[email protected]\Windows61Enterprise => wmic [Argument = path SoftwareLicensingProduct where (ID="ae2ee509-1b34-41c0-acb7-6d4650168915") call Activate]
      Task: {2468B3FA-13A0-4488-BC1F-D1CF02E0D4BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {256BBEDB-6157-466B-BDBA-2A22A43C2998} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-11] (Dropbox, Inc.)
      Task: {2F7C31F3-E620-4881-824E-0ACE6B105A61} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
      Task: {3DF57024-53C0-49A4-B449-B58E65576B0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
      Task: {7221F603-61FD-43FA-A000-455A382A3AD9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
      Task: {8A2A2142-9EED-412B-9304-51F40F92A7AB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
      Task: {8D19B326-F3E8-4D0F-BE9D-A4CB18D9DB07} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
      Task: {8E4CD688-6162-4F3D-979A-8253B9D6E743} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
      Task: {91CDC927-00A6-4595-9244-0AD5ACDFBAF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-18] (Adobe Systems Incorporated)
      Task: {A3A84CAE-43D6-4EB0-9D98-5F05AAF334DF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-11] (Dropbox, Inc.)
      Task: {A571ED51-0754-4CD5-828E-94FD5C5AC731} - System32\Tasks\mgcih => C:\Users\IFS\mgcih\oxdee.exe [2016-10-09] (AutoIt Team)
      Task: {B47AD24C-7554-4799-AFCD-DA82BFD11949} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
      Task: {BD855696-220C-4270-8980-94CC39F0BCE0} - System32\Tasks\[email protected]\Office15ProPlus => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
      Task: {F5A8D8F8-B493-4965-8853-5FF4E7C177DD} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
      Task: {F7BE07B3-FC0A-49DE-A6AE-9549664D70B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-04-17 11:37 - 2017-04-17 11:37 - 000375096 _____ () C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll
      2017-10-22 16:39 - 2017-10-22 16:39 - 000026112 _____ () C:\Windows\[email protected]
      2015-04-04 21:53 - 2016-07-06 08:19 - 001739576 _____ () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
      2017-12-13 19:04 - 2017-12-13 19:04 - 000087936 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2018-01-04 13:40 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-01-04 13:40 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-10-22 16:39 - 2017-10-22 16:39 - 000004608 _____ () C:\Windows\[email protected]
      2014-04-07 15:31 - 2014-04-07 15:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Users\IFS\Desktop\Boda Noe y Pardo:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\IFS\Desktop\Memoria de Practicas.doc:com.dropbox.attributes [168]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\IFS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: Media is not connected to internet.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [{0CAB79EA-546F-4AF2-8520-F5625CE4D4E0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      FirewallRules: [{C06E0D8B-B0DC-4917-8BDF-E37D0328EB7B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      FirewallRules: [{34AD8333-FEE9-4770-94B3-B57F562169A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
      FirewallRules: [{03E6EBEF-8C71-475B-8D8B-10CBDC0F29E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
      FirewallRules: [{69868BDA-AB08-4047-9D4B-5977C8A6B039}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{54484F41-70BD-4438-9AB9-68B097CA855B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{A50F4C24-45C6-4378-8641-86DB463F6943}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{8A774694-18B0-4309-AA77-A9DAB8648946}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{AF1A82B9-3274-4504-807E-A0DAEA585424}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{F5CEDF07-314C-404A-8584-004C0B3234B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{A2576089-4830-4623-8D4C-91B524DD673F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{6641E546-7EF5-46A2-8D8C-DECE224E2154}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{AC5DC635-C9D4-44FA-BD64-AC8792A27773}] => (Allow) LPort=1688
      FirewallRules: [TCP Query User{40B2B1B3-90C8-48F6-9E73-95DC55B838FC}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
      FirewallRules: [UDP Query User{B1D10DA6-970C-41CB-AA64-3BF5A13133CC}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
      FirewallRules: [TCP Query User{1CD94665-AEB1-40EB-851E-8CB07F451812}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
      FirewallRules: [UDP Query User{1FD4744C-08B0-43CB-B590-BAF582788D9E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
      FirewallRules: [{535D4738-37B6-4F6F-A7CA-25BD895DE607}] => (Allow) C:\Windows\[email protected]
      FirewallRules: [{588B61C6-7BEB-4C98-BD26-49EC1F16E576}] => (Allow) C:\Windows\[email protected]
      FirewallRules: [{8AE95328-C59C-4FE3-9199-710DD5FA43B8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      FirewallRules: [{13497D33-2C72-4CAF-B639-6D422AC1541F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      18-12-2017 16:53:15 Windows Update
      18-12-2017 17:53:07 Windows Update
      23-12-2017 18:00:42 Windows Update
      25-12-2017 22:01:48 Installed TomTom HOME.
      26-12-2017 21:54:05 Windows Update
      03-01-2018 13:04:03 Windows Update
      03-01-2018 21:52:48 Windows Update
      04-01-2018 14:14:07 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (01/04/2018 02:14:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/04/2018 02:07:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/04/2018 01:50:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/04/2018 01:48:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
      Description: No se puede inicializar el índice.

      Detalles:
      El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (01/04/2018 01:48:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
      Description: No se puede inicializar la aplicación.

      Contexto: aplicación Windows

      Detalles:
      El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (01/04/2018 01:48:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
      Description: No se puede inicializar el objeto Recopilador.

      Contexto: aplicación Windows, catálogo SystemIndex

      Detalles:
      El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (01/04/2018 01:48:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
      Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

      Contexto: aplicación Windows, catálogo SystemIndex

      Detalles:
      No se ha encontrado el elemento. (HRESULT : 0x80070490) (0x80070490)

      Error: (01/04/2018 01:48:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
      Description: No se puede inicializar el complemento <Search.JetPropStore>.

      Contexto: aplicación Windows, catálogo SystemIndex

      Detalles:
      El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (01/04/2018 01:48:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
      Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

      Contexto: aplicación Windows, catálogo SystemIndex

      Detalles:
      La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800) (0xc0041800)

      Error: (01/04/2018 01:48:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
      Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

      Detalles:
      El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)


      System errors:
      =============
      Error: (01/04/2018 02:14:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio NVIDIA Streamer Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (01/04/2018 02:14:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio NVIDIA Display Driver Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Office Software Protection Platform se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Motorola Device Manager Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio TomTomHOMEService se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio PST Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio NVIDIA Network Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (01/04/2018 02:11:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio NVIDIA Streamer Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
      Percentage of memory in use: 43%
      Total physical RAM: 4094.05 MB
      Available physical RAM: 2307.25 MB
      Total Virtual: 8186.29 MB
      Available Virtual: 6472.48 MB

      ==================== Drives ================================

      Drive c: (SISTEMA) (Fixed) (Total:119.24 GB) (Free:16.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
      Drive d: (DATOS) (Fixed) (Total:931.51 GB) (Free:636.43 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: FAFBCD64)
      Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 912A912A)
      Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================




      No he notado mejoría, sigo con el problema. Conste que no es instantáneo según enciendo el ordenador. Si abro inmediatamente una aplicación, tarda unos minutos en empezar a hacer la doble tilde. Supongo que se debe al tiempo que tarda en ejecutar el archivo infectado.

    6. #6
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.472

      Re: Otro con la doble tilde

      Bien...... y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :


      • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

      Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

      Y ahora inicia tu equipo desde el >> Modo Seguro – con funciones de Red, de Windows.

      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad: (Se excluye la palabra código)

      Código:
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      Task: {A571ED51-0754-4CD5-828E-94FD5C5AC731} - System32\Tasks\mgcih => C:\Users\IFS\mgcih\oxdee.exe [2016-10-09] (AutoIt Team)
      AlternateDataStreams: C:\Users\IFS\Desktop\Boda Noe y Pardo:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\IFS\Desktop\Memoria de Practicas.doc:com.dropbox.attributes [168]
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\...\Run: [AdobeBridge] => [X]
      IFEO\OSPPSVC.EXE: [Debugger] [email protected]
      IFEO\sppsvc.exe: [Debugger] [email protected]
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      S3 dbx; system32\DRIVERS\dbx.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      2017-12-08 14:38 - 2017-04-21 13:53 - 000045176 ___SH (Microsoft Corporation) C:\Users\IFS\oxdee.exe
      2009-11-25 14:57 - 2009-11-25 14:57 - 000593920 _____ () C:\Program Files (x86)\drvinst_x86_x64.exe
      2015-09-04 08:30 - 2015-09-04 08:30 - 000000000 _____ () C:\Users\IFS\AppData\Local\{4355C6E8-16D7-426F-8C33-F6CC740EC05F}
      2016-01-27 14:03 - 2016-01-27 14:03 - 000000000 _____ () C:\Users\IFS\AppData\Local\{B48691FE-4153-4F72-8A1A-6D63F67C5E35}
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END
      Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio <<< Esto es muy importante.

      Nota: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo



      • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador")
      • Presionar el botón FIX y aguardar a que termine.
      • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).


      Pegar el contenido de este fichero en tu próxima respuesta.

      Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14

      Re: Otro con la doble tilde

      Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
      Ran by IFS (05-01-2018 14:24:14) Run:1
      Running from C:\Users\IFS\Desktop
      Loaded Profiles: IFS (Available Profiles: IFS)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      Task: {A571ED51-0754-4CD5-828E-94FD5C5AC731} - System32\Tasks\mgcih => C:\Users\IFS\mgcih\oxdee.exe [2016-10-09] (AutoIt Team)
      AlternateDataStreams: C:\Users\IFS\Desktop\Boda Noe y Pardo:com.dropbox.attributes [168]
      AlternateDataStreams: C:\Users\IFS\Desktop\Memoria de Practicas.doc:com.dropbox.attributes [168]
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\...\Run: [AdobeBridge] => [X]
      IFEO\OSPPSVC.EXE: [Debugger] [email protected]
      IFEO\sppsvc.exe: [Debugger] [email protected]
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      S3 dbx; system32\DRIVERS\dbx.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      2017-12-08 14:38 - 2017-04-21 13:53 - 000045176 ___SH (Microsoft Corporation) C:\Users\IFS\oxdee.exe
      2009-11-25 14:57 - 2009-11-25 14:57 - 000593920 _____ () C:\Program Files (x86)\drvinst_x86_x64.exe
      2015-09-04 08:30 - 2015-09-04 08:30 - 000000000 _____ () C:\Users\IFS\AppData\Local\{4355C6E8-16D7-426F-8C33-F6CC740EC05F}
      2016-01-27 14:03 - 2016-01-27 14:03 - 000000000 _____ () C:\Users\IFS\AppData\Local\{B48691FE-4153-4F72-8A1A-6D63F67C5E35}
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A571ED51-0754-4CD5-828E-94FD5C5AC731} => could not remove key. ErrorCode1: 0x00000002
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A571ED51-0754-4CD5-828E-94FD5C5AC731}" => removed successfully
      C:\Windows\System32\Tasks\mgcih => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mgcih" => removed successfully
      C:\Users\IFS\Desktop\Boda Noe y Pardo => ":com.dropbox.attributes" ADS could not remove.
      C:\Users\IFS\Desktop\Memoria de Practicas.doc => ":com.dropbox.attributes" ADS removed successfully
      "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
      "HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
      "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSPPSVC.EXE" => removed successfully
      "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sppsvc.exe" => removed successfully
      "HKLM\SOFTWARE\Policies\Google" => removed successfully
      "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2" => removed successfully
      C:\Windows\system32\npDeployJava1.dll => moved successfully
      "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2" => removed successfully
      C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
      "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
      "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
      "HKLM\System\CurrentControlSet\Services\dbx" => removed successfully
      dbx => service removed successfully
      "HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
      VGPU => service removed successfully
      C:\Users\IFS\oxdee.exe => moved successfully
      C:\Program Files (x86)\drvinst_x86_x64.exe => moved successfully
      C:\Users\IFS\AppData\Local\{4355C6E8-16D7-426F-8C33-F6CC740EC05F} => moved successfully
      C:\Users\IFS\AppData\Local\{B48691FE-4153-4F72-8A1A-6D63F67C5E35} => moved successfully
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
      "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
      "HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\S-1-5-21-1785957807-1374413776-2740454749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . : mundo-R.com
      V¡nculo: direcci¢n IPv6 local. . . : fe80::bd59:4586:6f23:9b5d%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.17
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.mundo-R.com:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Conexi¢n de *rea local*:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c
      No se puede iniciar el servicio o grupo de dependencia.



      ========= End of CMD: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Conexi¢n de *rea local:

      Sufijo DNS espec¡fico para la conexi¢n. . : mundo-R.com
      V¡nculo: direcci¢n IPv6 local. . . : fe80::bd59:4586:6f23:9b5d%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.17
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.mundo-R.com:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Conexi¢n de *rea local*:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c
      No se puede iniciar el servicio o grupo de dependencia.



      ========= End of CMD: =========


      ========= netsh advfirewall reset =========

      Aceptar


      ========= End of CMD: =========


      ========= netsh advfirewall set allprofiles state ON =========

      Aceptar


      ========= End of CMD: =========


      ========= netsh int ipv4 reset =========

      Global se restableci¢ correctamente.
      Interfaz se restableci¢ correctamente.
      Ruta se restableci¢ correctamente.
      Reinicie el equipo para completar esta acci¢n.


      ========= End of CMD: =========


      ========= netsh int ipv6 reset =========

      Interfaz se restableci¢ correctamente.
      Reinicie el equipo para completar esta acci¢n.


      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16632081 B
      Java, Flash, Steam htmlcache => 506 B
      Windows/system/drivers => 2528153 B
      Edge => 0 B
      Chrome => 275208439 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 16802 B
      systemprofile32 => 66088 B
      LocalService => 0 B
      NetworkService => 0 B
      IFS => 1984640 B
      postgres => 0 B

      RecycleBin => 95416066 B
      EmptyTemp: => 373.7 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 14:24:17 ====

      -----------------------------------------------

      Ahora ya va todo perfecto

      Me queda el portátil, supongo que el paso inicial será el mismo ¿no?

    8. #8
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.472

      Re: Otro con la doble tilde

      Hola.

      Perfecto.

      Para el otro equipo los pasos que debes dar serian los mismos que te puse en mi primera respuesta.

      Cuando YA los tengas los pones para que podamos verificarlos y nos comentas como han resultado en ese otro equipo.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14

      Re: Otro con la doble tilde

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 6/1/18
      Hora del análisis: 14:28
      Archivo de registro: 7c0bd5fe-f2e5-11e7-b519-544249895785.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.262
      Versión del paquete de actualización: 1.0.0
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: IFS-VAIO\IFS

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 328639
      Amenazas detectadas: 8
      Amenazas en cuarentena: 8
      Tiempo transcurrido: 1 min, 34 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 1
      Backdoor.DarkComet.Trace, HKU\S-1-5-21-2054728115-3813935821-4019051852-1001\SOFTWARE\DC3_FEXEC, En cuarentena, [14842], [246706],1.0.0

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 2
      Trojan.StolenData, C:\USERS\IFS\APPDATA\ROAMING\DCLOGS, En cuarentena, [1107], [250094],1.0.0
      PUP.Optional.BundleInstaller, C:\USERS\IFS\APPDATA\LOCAL\TEMP\44978613, En cuarentena, [20], [463480],1.0.0

      Archivo: 5
      Trojan.StolenData, C:\USERS\IFS\APPDATA\ROAMING\DCLOGS\2018-01-04-5.dc, En cuarentena, [1107], [250094],1.0.0
      Trojan.StolenData, C:\Users\IFS\AppData\Roaming\dclogs\2018-01-05-6.dc, En cuarentena, [1107], [250094],1.0.0
      Trojan.StolenData, C:\Users\IFS\AppData\Roaming\dclogs\2018-01-06-7.dc, En cuarentena, [1107], [250094],1.0.0
      PUP.Optional.BundleInstaller, C:\USERS\IFS\APPDATA\LOCAL\TEMP\44978613\ic-0.d42a34e8958378.exe, En cuarentena, [20], [463480],1.0.0
      PUP.Optional.BundleInstaller, C:\Users\IFS\AppData\Local\Temp\44978613\dlreport, En cuarentena, [20], [463480],1.0.0

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      ------------------------------------

      # AdwCleaner 7.0.5.0 - Logfile created on Sat Jan 06 13:37:15 2018
      # Updated on 2017/29/11 by Malwarebytes
      # Running on Windows 7 Home Premium (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      Deleted: C:\Users\IFS\AppData\Roaming\acestream
      Deleted: C:\Users\IFS\AppData\LocalLow\.acestream
      Deleted: C:\Users\IFS\AppData\Roaming\.acestream
      Deleted: C:\_acestream_cache_
      Deleted: C:\Users\IFS\AppData\Local\AdService
      Deleted: C:\ProgramData\Partner
      Deleted: C:\ProgramData\Application Data\Partner
      Deleted: C:\Users\All Users\Partner


      ***** [ Files ] *****

      No malicious files deleted.

      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      No malicious tasks deleted.

      ***** [ Registry ] *****

      Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{4E91ABA4-E4F8-4B48-ABDB-E737E3606041}C:\users\ifs\appdata\roaming\acestream\engine\ace_engine.exe
      Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{113FDF23-4741-4242-AF38-36B1AA9F89EF}C:\users\ifs\appdata\roaming\acestream\engine\ace_engine.exe
      Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8B52BD0A-319D-49B1-AB7F-562BA2553178}C:\users\ifs\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
      Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5D4AE510-C3DC-416C-93DF-808F6C03DE99}C:\users\ifs\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
      Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [2534 B] - [2018/1/6 13:36:23]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    10. #10
      ifs
      ifs está offline
      Usuario Avatar de ifs
      Registrado
      may 2013
      Ubicación
      as
      Mensajes
      14

      Re: Otro con la doble tilde

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Home Premium x64
      Ran by IFS (Administrator) on 06/01/2018 at 14:40:40,71
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 16

      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPJKP2E8 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZBG3DGL (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UU3703QV (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\IFS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3LM9A24 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPJKP2E8 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZBG3DGL (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UU3703QV (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3LM9A24 (Temporary Internet Files Folder)



      Registry: 2

      Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
      Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 06/01/2018 at 14:43:05,18
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Página 1 de 2 12 ÚltimoÚltimo