• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 18

    Adware que me redirecciona.

    ...

    1. #1
      Usuario Avatar de fernann
      Registrado
      jul 2018
      Ubicación
      Argentina
      Mensajes
      10

      Adware que me redirecciona.

      Hola a todos, buen día. Soy nuevo en este foro y me he creado una cuenta por el siguiente problema:
      Hace ya casi 1 mes tengo un virus de redireccionamiento en google chrome. Al entrar al navegador, y luego de unos minutos navegando, me redirecciona a una página (http://safe.net-bc5.stream) con propaganda diciendo que me gane un iphone, que el sistema está en riesgo, etc.
      Esto sucede solo 1 vez por día, al momento de empezar a utilizar el navegador.
      Ya probe pasando el antivirus de mi PC (Avast), me descargue y pase el Malwarebytes, desinstale el navegador y lo volví a instalar, borré coockies y extensiones, pasé el SUPERAntispyware y nada. Incluso restauré mi PC a 2 meses atrás por si acaso y nada.
      Busco de su ayuda ya que no se que mas hacer, es demasiado molesto y de verdad ya llegué aun punto en el cuál estoy pensando todo el tiempo en esto.
      Gracias y saludos.

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.640

      Re: Virus Adware de redireccionamiento

      Buenas fernann. al Foro.

      Temas que interesa revisar y leer :

      Consejos para antes de publicar un nuevo mensaje.

      Políticas del Foro de InfoSpyware.

      Políticas Foro Oficial de HijackThis en español.

      ¿Cómo subir imágenes al Foro? *TUTORIAL*
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Y ahora para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

      Paso 1.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras realizamos TODOS los pasos.

      Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


      Una vez descargadas, desconectas tu equipo de Internet(apaga el router) << Muy Importante, y Cierras también cualquier otro programa que tengas abierto.

      Paso 2.- Ejecutas las herramientas de una en una y en el orden indicado :

      Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador" para Todos los programas.
      CCleaner.-
      • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
      • Úsalo primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

      Malwarebytes.-
      • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
      • Realiza un Análisis Completo.
      • Seleccionando "TODOS a Cuarentena" para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

      AdwCleaner.-
      • Ejecuta Adwcleaner.exe.
      • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
      • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\Logs\AdwCleaner[C00].txt"

      Junkware Removal Tool.-
      • Ejecuta JRT.exe.
      • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
      • Si en algún momento te pide Reiniciar hazlo.
      • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

      Farbar Recovery Scan Tool.-
      • Ejecuta FRST.exe.
      • En el mensaje de la ventana del Disclaimer, pulsamos Yes.
      • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el análisis.
      • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

      Paso 3.- Poner los informes en tu próxima respuesta de :

      • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.


      Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de fernann
      Registrado
      jul 2018
      Ubicación
      Argentina
      Mensajes
      10

      Re: Virus Adware de redireccionamiento

      Muchas gracias por la pronta respuesta, he realizado todos los pasos. A continuación pego los .txt:

      Malwarebytes:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 9/7/18
      Hora del análisis: 16:05
      Archivo de registro: ffda0167-83aa-11e8-ac36-d050991edbad.json
      Administrador: Sí

      -Información del software-
      Versión: 3.5.1.2522
      Versión de los componentes: 1.0.374
      Versión del paquete de actualización: 1.0.5819
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: Equipo\Usuario

      -Resumen del análisis-
      Tipo de análisis: Análisis personalizado
      Análisis iniciado por:: Manual
      Resultado: Completado
      Objetos analizados: 369725
      Amenazas detectadas: 8
      Amenazas en cuarentena: 8
      Tiempo transcurrido: 43 min, 9 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 1
      RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, En cuarentena, [5837], [133350],1.0.5819

      Módulo: 1
      RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, En cuarentena, [5837], [133350],1.0.5819

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 6
      RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, En cuarentena, [5837], [133350],1.0.5819
      PUP.Optional.Reimage, C:\ADWCLEANER\QUARANTINE\V1\20180709.142927\1\REIMAGEREPAIR.EXE#FB4B934618ACC0B6, En cuarentena, [1362], [331559],1.0.5819
      PUP.Optional.Reimage, C:\ADWCLEANER\QUARANTINE\V1\20180709.142927\15\REIMAGEPACKAGE.EXE#B100470048785446, En cuarentena, [1362], [331559],1.0.5819
      RiskWare.GameHack, C:\PROGRAM FILES (X86)\R.G. MECHANICS\HOW TO SURVIVE - STORM WARNING EDITION\STEAM_API.DLL, En cuarentena, [8169], [305544],1.0.5819
      HackTool.ChewWGA, C:\PROGRAM FILES (X86)\CW.EXE, En cuarentena, [12622], [74347],1.0.5819
      PUP.Optional.Plumbytes, C:\USERS\USUARIO\DOWNLOADS\ANTIMALWARESETUP.EXE, En cuarentena, [3528], [490540],1.0.5819

      Sector físico: 0
      (No hay elementos maliciosos detectados)

      WMI: 0
      (No hay elementos maliciosos detectados)


      (end)

      Adwcleaner:


      # -------------------------------
      # Malwarebytes AdwCleaner 7.2.1.1
      # -------------------------------
      # Build: 07-04-2018
      # Database: 2018-06-19.4
      # Support: https://www.malwarebytes.com/support
      #
      # -------------------------------
      # Mode: Scan
      # -------------------------------
      # Start: 07-09-2018
      # Duration: 00:01:12
      # OS: Windows 7 Ultimate
      # Scanned: 41290
      # Detected: 0


      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries found.

      ***** [ Chromium URLs ] *****

      No malicious Chromium URLs found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries found.

      ***** [ Firefox URLs ] *****

      No malicious Firefox URLs found.


      AdwCleaner[S00].txt - [15597 octets] - [07/07/2018 13:21:25]
      AdwCleaner[C00].txt - [13706 octets] - [07/07/2018 13:24:36]
      AdwCleaner[S01].txt - [1369 octets] - [07/07/2018 13:31:32]
      AdwCleaner[S02].txt - [1430 octets] - [07/07/2018 18:09:37]
      AdwCleaner[C02].txt - [1616 octets] - [07/07/2018 18:11:12]
      AdwCleaner[S03].txt - [3518 octets] - [09/07/2018 14:27:12]
      AdwCleaner[C03].txt - [3304 octets] - [09/07/2018 14:29:36]
      AdwCleaner[S04].txt - [1674 octets] - [09/07/2018 15:17:42]

      JRT:


      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Ultimate x64
      Ran by Usuario (Administrator) on 09/07/2018 at 17:04:53,66
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 24

      Successfully deleted: C:\ai_recyclebin (Folder)
      Successfully deleted: C:\ProgramData\mntemp (File)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\extensions\staged (Folder)
      Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-3623185794-1860153916-2374100090-1000 (Task)
      Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
      Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-3623185794-1860153916-2374100090-1000.job (Task)
      Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J53URS80 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9RSDBN0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S42CM6U2 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY5ELKG0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J53URS80 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9RSDBN0 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S42CM6U2 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY5ELKG0 (Temporary Internet Files Folder)



      Registry: 2

      Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BprotectEx (Registry Key)
      Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\PCFApiUtil (Registry Key)




      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 09/07/2018 at 1726,07
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    4. #4
      Usuario Avatar de fernann
      Registrado
      jul 2018
      Ubicación
      Argentina
      Mensajes
      10

      Re: Virus Adware de redireccionamiento

      Continuación:

      FRST + Addition.txt:


      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
      Ran by Usuario (administrator) on EQUIPO (09-07-2018 17:12:14)
      Running from C:\Users\Usuario\Desktop
      Loaded Profiles: Usuario (Available Profiles: Usuario)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (AMD) C:\Windows\System32\atiesrxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
      (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
      (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
      (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
      HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-30] (AVAST Software)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
      HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
      HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
      HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [896904 2014-10-22] ()
      HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
      HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [17488872 2018-02-15] (Plex, Inc.)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-02] (SUPERAntiSpyware)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\MountPoints2: E - E:\Setup.exe
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\MountPoints2: {dab0b5bd-2ef0-11e4-b8c2-d050991edbad} - E:\PmsDView.exe
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{1E6F4307-F5CE-45C0-BC8C-A6F2A9DB761D}: [DhcpNameServer] 200.49.130.47 200.42.4.203
      Tcpip\..\Interfaces\{39803F6D-D9BB-4FA5-9E31-1143469A76B2}: [NameServer] 77.234.40.79
      Tcpip\..\Interfaces\{7AA881DD-5C71-428C-A5FA-E5386DF0055D}: [DhcpNameServer] 172.20.10.1
      Tcpip\..\Interfaces\{D74C6975-238D-4CC1-9983-B4356D9D930F}: [DhcpNameServer] 10.1.1.1

      Internet Explorer:
      ==================
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.ar/
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-21] (AVAST Software)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-21] (AVAST Software)
      BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
      Handler: WSKVAllmytubechrome - No CLSID Value
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

      FireFox:
      ========
      FF DefaultProfile: c440qpqs.default
      FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default [2018-07-09]
      FF Homepage: Mozilla\Firefox\Profiles\c440qpqs.default -> hxxps://www.google.com/?bcutc=sp-006
      FF NewTab: Mozilla\Firefox\Profiles\c440qpqs.default -> about:newtab
      FF NetworkProxy: Mozilla\Firefox\Profiles\c440qpqs.default -> type", 0
      FF Extension: (anonymoX) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] [2018-05-03] [Legacy]
      FF Extension: (eBesucher Surfbar) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] [2015-01-18] [Legacy] [not signed]
      FF Extension: (Firefox Hotfix) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] [2017-01-23] [Legacy]
      FF Extension: (Tab Auto Reload) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] [2018-05-03] [Legacy]
      FF Extension: (ATM2YOU) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\{8DBC5A4E-A987-11E4-AF59-ABB91D5D46B0}.xpi [2015-07-24] [Legacy] [not signed]
      FF Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-23] [Legacy]
      FF Extension: (Greasemonkey) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-05-03] [Legacy]
      FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\searchplugins\google-avast.xml [2018-07-05]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-30] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-30] ()
      FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
      FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
      FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-09-15] (Reto-Moto ApS)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
      FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
      FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
      FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Usuario\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
      FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3088 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2007-12-21] (RealNetworks, Inc.)
      FF Plugin-x32: @real.com/nprpjplug;version=6.0.11.3006 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2007-12-21] (RealNetworks, Inc.)
      FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-30] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-30] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-3623185794-1860153916-2374100090-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)

      Chrome:
      =======
      CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
      CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2018-07-09]
      CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-30]
      CHR Extension: (Duolingo en la web) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2018-06-29]
      CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-30]
      CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-29]
      CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-29]
      CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-30]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-07]
      CHR Extension: (Avast Online Security) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-07-05]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-30]
      CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-29]
      CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-07]
      CHR HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-30] (AVAST Software)
      S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-21] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-30] (AVAST Software)
      S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-21] (AVAST Software)
      R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
      S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2014-10-02] (Macrovision Europe Ltd.) [File not signed]
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
      S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-31] (Electronic Arts)
      R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2209256 2018-02-15] (Plex, Inc.)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-12-08] ()
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
      S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-06-30] (AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-06-30] (AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-06-30] (AVAST Software)
      R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-06-30] (AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-06-30] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-06-30] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-06-30] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-06-30] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-06-30] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-06-30] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-06-30] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [463080 2018-06-30] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-06-30] (AVAST Software)
      S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-08-02] (The OpenVPN Project)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-06-30] (AVAST Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-28] (Disc Soft Ltd)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-07-07] ()
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-07-09] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-07-09] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-07-09] (Malwarebytes)
      R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-07-09] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-07-09] (Malwarebytes)
      R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [526848 2007-06-14] (PixArt Imaging Inc.)
      S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
      R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
      R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [30264 2016-08-15] (TrusCont Ltd)
      S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2017-04-11] (Western Digital Technologies)
      S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
      R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
      S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-07-09 17:12 - 2018-07-09 17:12 - 000021206 _____ C:\Users\Usuario\Desktop\FRST.txt
      2018-07-09 17:12 - 2018-07-09 17:12 - 000000000 ____D C:\FRST
      2018-07-09 17:10 - 2018-07-09 17:11 - 000004100 _____ C:\Users\Usuario\Desktop\JRT.txt
      2018-07-09 17:04 - 2018-07-09 17:04 - 000001735 _____ C:\Users\Usuario\Desktop\AdwCleaner[S05].txt
      2018-07-09 17:03 - 2018-07-09 17:03 - 000001921 _____ C:\Users\Usuario\Desktop\AdwCleaner[C05].txt
      2018-07-09 16:57 - 2018-07-09 16:57 - 000002343 _____ C:\Users\Usuario\Desktop\malwarebytes2.txt
      2018-07-09 16:53 - 2018-07-09 16:53 - 000002553 _____ C:\Users\Usuario\Desktop\malwarebytes.txt
      2018-07-09 16:04 - 2018-07-09 17:02 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-07-09 16:04 - 2018-07-09 17:02 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-07-09 16:04 - 2018-07-09 17:02 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-07-09 16:04 - 2018-07-09 16:04 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-07-09 16:04 - 2018-07-09 16:04 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-07-09 16:03 - 2018-07-09 16:03 - 000355720 _____ C:\Users\Usuario\Documents\cc_20180709_160308.reg
      2018-07-09 16:03 - 2018-07-09 16:03 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-07-09 16:03 - 2018-07-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-07-09 16:03 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
      2018-07-09 15:58 - 2018-07-09 17:10 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
      2018-07-09 15:58 - 2018-07-09 15:58 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2018-07-09 15:58 - 2018-07-09 15:58 - 000000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2018-07-09 15:58 - 2018-07-09 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2018-07-09 15:58 - 2018-07-09 15:58 - 000000000 ____D C:\Program Files\CCleaner
      2018-07-09 15:57 - 2018-07-09 15:57 - 002412544 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
      2018-07-09 15:57 - 2018-07-09 15:57 - 002412544 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
      2018-07-09 15:57 - 2018-07-09 15:57 - 001790024 _____ (Malwarebytes) C:\Users\Usuario\Downloads\JRT.exe
      2018-07-09 15:57 - 2018-07-09 15:57 - 001790024 _____ (Malwarebytes) C:\Users\Usuario\Desktop\JRT.exe
      2018-07-09 15:56 - 2018-07-09 15:56 - 073185120 _____ (Malwarebytes ) C:\Users\Usuario\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5819.exe
      2018-07-09 15:56 - 2018-07-09 15:56 - 007402192 _____ (Malwarebytes) C:\Users\Usuario\Downloads\AdwCleaner (1).exe
      2018-07-09 15:56 - 2018-07-09 15:56 - 007402192 _____ (Malwarebytes) C:\Users\Usuario\Desktop\AdwCleaner (1).exe
      2018-07-09 15:55 - 2018-07-09 15:56 - 073185120 _____ (Malwarebytes ) C:\Users\Usuario\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5819.exe
      2018-07-09 15:54 - 2018-07-09 15:54 - 015989160 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup544.exe
      2018-07-09 15:54 - 2018-07-09 15:54 - 015989160 _____ (Piriform Ltd) C:\Users\Usuario\Desktop\ccsetup544.exe
      2018-07-09 15:37 - 2018-07-09 15:41 - 040086761 _____ C:\Users\Usuario\Downloads\gj6J6sFRh7HY9.mp4
      2018-07-09 14:25 - 2018-07-09 14:25 - 007402192 _____ (Malwarebytes) C:\Users\Usuario\Downloads\AdwCleaner.exe
      2018-07-07 20:47 - 2018-07-07 20:47 - 000003072 _____ C:\Windows\system32\.crusader
      2018-07-07 20:19 - 2018-07-07 20:49 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-07-07 20:18 - 2018-07-07 20:47 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-07-07 20:15 - 2018-07-07 20:15 - 011576808 _____ (SurfRight B.V.) C:\Users\Usuario\Downloads\hitmanpro_x64.exe
      2018-07-07 18:29 - 2018-07-08 18:29 - 000000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77ef706f-9560-40de-8c57-757c77f7d7cd.job
      2018-07-07 18:29 - 2018-07-07 19:38 - 000000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f0a9ca39-fa86-4c97-9b63-9defc4847883.job
      2018-07-07 18:29 - 2018-07-07 18:29 - 000003592 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f0a9ca39-fa86-4c97-9b63-9defc4847883
      2018-07-07 18:29 - 2018-07-07 18:29 - 000003518 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 77ef706f-9560-40de-8c57-757c77f7d7cd
      2018-07-07 18:29 - 2018-07-07 18:29 - 000001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
      2018-07-07 18:29 - 2018-07-07 18:29 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\SUPERAntiSpyware.com
      2018-07-07 18:29 - 2018-07-07 18:29 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
      2018-07-07 18:29 - 2018-07-07 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
      2018-07-07 18:29 - 2018-07-07 18:29 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
      2018-07-07 18:28 - 2018-07-07 18:28 - 034291560 _____ (SUPERAntiSpyware) C:\Users\Usuario\Downloads\SUPERAntiSpyware.exe
      2018-07-07 18:25 - 2018-07-07 18:25 - 000000000 ____D C:\Users\Usuario\Downloads\backups
      2018-07-07 18:21 - 2018-07-07 18:21 - 000388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
      2018-07-07 13:19 - 2018-07-07 13:24 - 000000000 ____D C:\AdwCleaner
      2018-07-07 13:19 - 2018-07-07 13:19 - 007402192 _____ (Malwarebytes) C:\Users\Usuario\Downloads\adwcleaner_7.2.1 (1).exe
      2018-07-07 13:18 - 2018-07-07 13:18 - 007402192 _____ (Malwarebytes) C:\Users\Usuario\Downloads\adwcleaner_7.2.1.exe
      2018-07-06 12:20 - 2018-07-06 12:20 - 000056412 _____ C:\Users\Usuario\Downloads\The China Hustle (2017) [WEBRip] [1080p] [YTS.AM].torrent
      2018-07-06 12:17 - 2018-07-06 12:17 - 000059926 _____ C:\Users\Usuario\Downloads\A Quiet Place (2018) [BluRay] [1080p] [YTS.AM].torrent
      2018-07-06 11:59 - 2018-07-06 11:59 - 000089904 _____ C:\Users\Usuario\Downloads\The 12th Man (2017) [BluRay] [1080p] [YTS.AM].torrent
      2018-07-03 13:54 - 2018-07-03 13:54 - 001811404 _____ C:\Users\Usuario\Downloads\Revista Sólo Acciones Julio.pdf
      2018-06-30 14:09 - 2018-06-30 14:09 - 000004500 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2018-06-30 13:55 - 2018-06-30 13:55 - 000002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-06-30 13:55 - 2018-06-30 13:55 - 000002268 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-06-30 13:54 - 2018-06-30 13:54 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-06-30 13:54 - 2018-06-30 13:54 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-06-30 13:53 - 2018-06-30 13:54 - 001130840 _____ (Google Inc.) C:\Users\Usuario\Downloads\ChromeSetup(1).exe
      2018-06-30 13:43 - 2018-06-30 13:43 - 000378072 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2018-06-30 13:24 - 2018-06-30 13:24 - 000000000 ____D C:\Users\Usuario\Andy
      2018-06-29 12:49 - 2018-06-29 12:49 - 000721749 _____ C:\Users\Usuario\Downloads\Don Quijote de la Mancha - Miguel de Cervantes.mobi
      2018-06-26 13:03 - 2018-06-26 13:03 - 000003338 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (16).txt
      2018-06-25 19:54 - 2018-06-25 19:54 - 000003344 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (15).txt
      2018-06-25 12:43 - 2018-06-25 12:43 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-06-25 12:43 - 2018-06-25 12:43 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-06-24 21:26 - 2018-06-24 21:26 - 000003314 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (14).txt
      2018-06-23 22:52 - 2018-06-23 22:52 - 000003352 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (13).txt
      2018-06-23 19:36 - 2018-06-24 11:41 - 000000000 ____D C:\Program Files (x86)\BlueStacks
      2018-06-23 19:34 - 2018-06-23 19:57 - 000000000 ____D C:\Users\Usuario\AppData\Local\Bluestacks
      2018-06-22 22:21 - 2018-06-22 22:21 - 000003300 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (12).txt
      2018-06-21 21:20 - 2018-06-21 21:20 - 000003228 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (11).txt
      2018-06-21 18:00 - 2018-06-21 18:00 - 000995508 _____ C:\Users\Usuario\Downloads\CODIGO IGS - ISM CODE - 2018.pdf
      2018-06-20 20:33 - 2018-06-20 20:33 - 000003318 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (10).txt
      2018-06-20 19:34 - 2018-06-20 19:34 - 000261950 _____ C:\Users\Usuario\Downloads\LEBACS V1.2.xlsm
      2018-06-20 16:28 - 2018-06-20 16:28 - 002169178 _____ C:\Users\Usuario\Downloads\pendulo argentino diamand.pdf
      2018-06-20 14:31 - 2018-06-20 14:31 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\.mono
      2018-06-19 21:40 - 2018-06-19 21:40 - 000003346 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (9).txt
      2018-06-18 21:29 - 2018-06-18 21:29 - 000003164 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (8).txt
      2018-06-18 18:47 - 2018-06-18 18:47 - 000092392 _____ C:\Users\Usuario\Downloads\Ready Player One (2018) [WEBRip] [1080p] [YTS.AM].torrent
      2018-06-17 21:39 - 2018-06-17 21:40 - 000003120 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (7).txt
      2018-06-15 21:52 - 2018-06-15 21:52 - 000003184 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (6).txt
      2018-06-15 17:22 - 2018-06-15 17:22 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Blue Wizard
      2018-06-14 21:28 - 2018-06-14 21:28 - 000002924 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (5).txt
      2018-06-12 21:04 - 2018-06-12 21:04 - 000003144 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (4).txt
      2018-06-12 19:48 - 2018-06-12 19:48 - 000005004 _____ C:\Users\Usuario\Downloads\mundialrusia.m3u
      2018-06-11 21:37 - 2018-06-11 21:37 - 000002948 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (3).txt
      2018-06-10 20:38 - 2018-06-10 20:38 - 000003198 _____ C:\Users\Usuario\Downloads\HungrySprocketBakery (2).txt
      2018-06-09 16:45 - 2018-06-09 16:45 - 000000000 ____D C:\@RestoreQuarantine
      2018-06-09 16:38 - 2018-06-30 13:19 - 000000000 ____D C:\Users\Usuario\Documents\RegRun2
      2018-06-09 16:38 - 2018-06-30 13:19 - 000000000 ____D C:\Program Files (x86)\UnHackMe
      2018-06-09 16:38 - 2018-06-09 17:00 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2018-07-09 17:10 - 2017-04-07 16:47 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-07-09 17:03 - 2018-03-21 20:42 - 000000000 ____D C:\Users\Usuario\AppData\Local\AVAST Software
      2018-07-09 17:02 - 2014-01-04 14:03 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Skype
      2018-07-09 17:01 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-07-09 16:59 - 2009-07-14 01:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-07-09 16:59 - 2009-07-14 01:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-07-09 16:04 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
      2018-07-09 16:01 - 2016-10-09 20:54 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
      2018-07-08 20:13 - 2014-01-04 13:50 - 000003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{956E2C42-E5DF-411F-811F-A94A75569D96}
      2018-07-08 12:10 - 2014-01-04 13:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-07-07 20:14 - 2018-02-23 14:47 - 000000000 ____D C:\Program Files (x86)\Western Digital
      2018-07-07 20:14 - 2014-01-04 13:35 - 000000000 ____D C:\Users\Usuario
      2018-07-07 18:36 - 2015-01-22 08:04 - 000000000 ____D C:\Users\Usuario\Desktop\Varios
      2018-07-06 12:45 - 2017-06-29 10:53 - 000000000 ____D C:\Users\Usuario\Desktop\AL PENDRIVE
      2018-07-05 13:31 - 2015-01-16 20:19 - 000001139 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      2018-07-05 13:31 - 2015-01-16 20:19 - 000001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2018-07-05 12:48 - 2014-10-20 15:48 - 000916383 _____ C:\Users\Usuario\Downloads\cad 2014.rar
      2018-06-30 18:54 - 2018-03-21 20:43 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2018-06-30 14:21 - 2018-03-13 19:21 - 000004492 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-06-30 14:21 - 2014-01-04 13:51 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-06-30 14:21 - 2014-01-04 13:51 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-06-30 14:21 - 2014-01-04 13:51 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-06-30 14:21 - 2014-01-04 13:51 - 000000000 ____D C:\Windows\system32\Macromed
      2018-06-30 14:10 - 2014-01-04 14:21 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe
      2018-06-30 13:57 - 2015-02-01 16:49 - 000000000 ____D C:\Users\Usuario\AppData\Local\Deployment
      2018-06-30 13:56 - 2016-08-19 18:32 - 000000000 _____ C:\Windows\SysWOW64\last.dump
      2018-06-30 13:55 - 2015-04-13 05:21 - 000000000 ____D C:\Program Files (x86)\Google
      2018-06-30 13:43 - 2017-11-19 21:20 - 000197160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000463080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000381584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000211160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000159640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000111872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-06-30 13:43 - 2014-08-02 04:03 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-06-30 13:42 - 2018-01-06 23:09 - 000239680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-06-30 13:42 - 2017-04-07 16:47 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-06-30 13:42 - 2017-04-07 16:47 - 000229392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-06-30 13:42 - 2017-04-07 16:47 - 000201328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-06-30 13:42 - 2017-04-07 16:47 - 000059592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-06-30 13:42 - 2014-08-02 04:03 - 001027728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-06-30 13:38 - 2009-07-13 23:34 - 000000761 _____ C:\Windows\win.ini
      2018-06-30 13:32 - 2014-11-22 18:17 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2018-06-30 13:29 - 2010-11-21 04:09 - 000750590 _____ C:\Windows\system32\perfh00A.dat
      2018-06-30 13:29 - 2010-11-21 04:09 - 000159626 _____ C:\Windows\system32\perfc00A.dat
      2018-06-30 13:29 - 2009-07-14 02:13 - 001684830 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-06-30 13:20 - 2018-05-03 09:36 - 000000000 ____D C:\Users\Usuario\Desktop\pennn
      2018-06-30 13:20 - 2018-02-26 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
      2018-06-30 13:20 - 2017-12-06 11:55 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2018-06-30 13:20 - 2017-05-10 17:57 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
      2018-06-30 13:20 - 2016-12-08 17:17 - 000000000 ____D C:\Users\Usuario\Documents\Assassin's Creed III
      2018-06-30 13:20 - 2016-09-23 17:13 - 000000000 ____D C:\Users\Usuario\AppData\Local\bf2battlelog
      2018-06-30 13:20 - 2015-12-03 18:47 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
      2018-06-30 13:20 - 2015-07-19 18:44 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper
      2018-06-30 13:20 - 2015-07-19 18:44 - 000000000 ____D C:\Program Files (x86)\Time Stopper
      2018-06-30 13:20 - 2014-12-26 17:59 - 000000000 ____D C:\Windows\PixArt
      2018-06-30 13:20 - 2014-12-21 12:53 - 000000000 ____D C:\ProgramData\Package Cache
      2018-06-30 13:20 - 2014-12-02 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
      2018-06-30 13:20 - 2014-11-21 18:12 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Andy
      2018-06-30 13:20 - 2014-11-21 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
      2018-06-30 13:20 - 2014-11-21 18:06 - 000000000 ____D C:\Program Files\Oracle
      2018-06-30 13:20 - 2014-11-21 17:42 - 000000000 ____D C:\Program Files\Andy
      2018-06-30 13:20 - 2014-10-02 17:10 - 000000000 ____D C:\ProgramData\FLEXnet
      2018-06-30 13:20 - 2014-08-23 11:21 - 000000000 ____D C:\Program Files (x86)\RaidCall
      2018-06-30 13:20 - 2014-08-11 16:17 - 000000000 ____D C:\ProgramData\BlueStacksSetup
      2018-06-30 13:20 - 2014-08-01 20:57 - 000000000 ____D C:\Program Files (x86)\Steam
      2018-06-30 13:20 - 2009-07-14 01:45 - 000000000 ____D C:\Windows\Setup
      2018-06-30 13:20 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\Help
      2018-06-30 13:20 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\AppCompat
      2018-06-30 13:19 - 2018-02-26 17:45 - 000000000 ____D C:\Program Files (x86)\Plex
      2018-06-30 13:19 - 2016-07-14 11:13 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
      2018-06-30 13:19 - 2014-12-02 20:26 - 000000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
      2018-06-30 13:19 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\Vss
      2018-06-30 13:19 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\registration
      2018-06-30 13:18 - 2009-07-14 01:45 - 000000000 ____D C:\Windows\ServiceProfiles
      2018-06-30 13:18 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\PLA
      2018-06-30 13:13 - 2015-11-17 11:59 - 000000000 ____D C:\Users\Usuario\AppData\Local\Popcorn-Time-Community
      2018-06-30 13:11 - 2015-02-01 16:49 - 000000000 ____D C:\Users\Usuario\AppData\Local\Apps\2.0
      2018-06-30 12:58 - 2015-10-30 16:56 - 000000000 ____D C:\Users\Usuario\Downloads\PopcornTime
      2018-06-26 12:59 - 2015-11-01 20:25 - 000007610 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
      2018-06-25 13:50 - 2015-01-31 11:12 - 000000000 ____D C:\ProgramData\TurzOtugu
      2018-06-21 14:17 - 2018-05-13 16:32 - 000014434 _____ C:\Users\Usuario\Documents\Tenencias.xlsx
      2018-06-20 14:00 - 2015-08-15 13:25 - 000957440 ___SH C:\Users\Usuario\Desktop\Thumbs.db
      2018-06-20 11:26 - 2016-07-14 11:25 - 000000270 _____ C:\Users\Usuario\Desktop\Fallout Shelter.url
      2018-06-20 10:00 - 2016-07-14 11:13 - 000000000 ____D C:\Users\Usuario\AppData\Local\Bethesda.net Launcher
      2018-06-12 12:03 - 2016-12-01 10:45 - 000000000 ____D C:\Users\Usuario\AppData\Local\Ubisoft Game Launcher

      ==================== Files in the root of some directories =======

      2015-07-17 18:49 - 2015-07-17 18:49 - 005009408 _____ () C:\Users\Usuario\AppData\Roaming\chromedriver.exe
      2015-07-17 18:49 - 2015-07-17 18:49 - 007488000 _____ () C:\Users\Usuario\AppData\Roaming\PhantomJS.exe
      2015-03-30 19:24 - 2015-03-30 19:43 - 000002160 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.Exception.log
      2015-03-30 19:23 - 2015-03-30 19:23 - 000001153 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
      2015-03-30 19:24 - 2015-03-30 19:42 - 000000077 _____ () C:\Users\Usuario\AppData\Roaming\Rim.DesktopHelper.Exception.log
      2015-07-17 18:49 - 2015-08-29 20:37 - 001176969 _____ () C:\Users\Usuario\AppData\Roaming\WebDriver.FirefoxExt.zip
      2012-05-03 08:12 - 2012-05-03 08:12 - 000000532 _____ () C:\Users\Usuario\AppData\Local\datos.txt
      2015-11-01 20:25 - 2018-06-26 12:59 - 000007610 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
      2014-08-30 12:55 - 2014-08-30 12:55 - 000000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
      2014-08-30 12:55 - 2017-05-06 20:58 - 000000425 _____ () C:\Users\Usuario\AppData\Local\UserProducts.xml
      2015-07-04 10:34 - 2015-07-04 10:34 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{305611DB-03F9-4677-B97A-6038EC419FD1}
      2015-07-09 09:05 - 2015-07-09 09:05 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{94172E94-489E-4254-8C61-112C4687B8C1}
      2015-07-06 05:11 - 2015-07-06 05:11 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{FE5B8907-79F8-4E9B-B926-4FE460908A09}

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll
      [2010-11-21 00:24] - [2010-11-21 00:24] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

      C:\Windows\SysWOW64\User32.dll
      [2014-01-04 13:41] - [2014-01-04 13:41] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2018-07-09 15:02

      ==================== End of FRST.txt ============================

    5. #5
      Usuario Avatar de fernann
      Registrado
      jul 2018
      Ubicación
      Argentina
      Mensajes
      10

      Re: Virus Adware de redireccionamiento

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
      Ran by Usuario (09-07-2018 17:13:10)
      Running from C:\Users\Usuario\Desktop
      Windows 7 Ultimate Service Pack 1 (X64) (2014-01-04 16:35:32)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3623185794-1860153916-2374100090-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-3623185794-1860153916-2374100090-1002 - Limited - Enabled)
      Invitado (S-1-5-21-3623185794-1860153916-2374100090-501 - Limited - Enabled)
      Usuario (S-1-5-21-3623185794-1860153916-2374100090-1000 - Administrator - Enabled) => C:\Users\Usuario

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
      7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
      Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.113 - Adobe Systems Incorporated)
      Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
      Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
      Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
      Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
      Apple Application Support (32 bits) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
      Apple Application Support (64 bits) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
      Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
      AutoCAD 2010 - Español (HKLM\...\{5783F2D7-8001-040A-0102-0060B0CE6BBA}) (Version: 18.0.55.0 - Autodesk) Hidden
      AutoCAD 2010 - Español (HKLM\...\AutoCAD 2010 - Español) (Version: 18.0.55.0 - Autodesk)
      Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
      Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
      Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
      Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
      bf2battlelog (HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\bf2battlelog) (Version: 0.8.6 - Spencer Sharkey)
      BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
      BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
      Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
      CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
      Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
      Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
      CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
      DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
      Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment)
      Don't Starve: Reign of Giants (HKLM-x32\...\DontStarve-RoG) (Version: - Klei Entertainment)
      e-Messenger 310 (HKLM-x32\...\{57FF0423-F095-4AA0-8462-79C321AE8E74}) (Version: 1.0.0.14 - KYE)
      Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version: - Bethesda Softworks)
      Galería fotográfica de Windows Live (HKLM-x32\...\{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
      Herramienta de carga de Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
      High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
      How to Survive - Storm Warning Edition (HKLM-x32\...\How to Survive - Storm Warning Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
      iFunbox (v2.9.2421.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.9.2421.748 - )
      iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
      Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
      Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
      K-Lite Codec Pack 3.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
      Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
      Malwarebytes versión 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
      Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
      Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
      Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
      Minecraft versión 1.7.4 (HKLM-x32\...\Minecraft_is1) (Version: 1.7.4 - Mojang)
      Mouse Recorder Pro 2.0.6.0 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version: - Nemex Studios)
      Mozilla Firefox 45.0.1 (x86 es-AR) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 es-AR)) (Version: 45.0.1 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
      MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
      MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
      Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
      Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
      Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
      Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
      Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
      Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
      Paquete de idioma de AutoCAD 2010 - Español (HKLM\...\{5783F2D7-8001-040A-1102-0060B0CE6BBA}) (Version: 18.0.55.0 - Autodesk) Hidden
      Plex Media Server (HKLM-x32\...\{1b8e71fc-44b8-4550-9376-72db5f2746ce}) (Version: 1.11.3.4803 - Plex, Inc.)
      Plex Media Server (HKLM-x32\...\{617D6B5B-FCAE-43F5-9B09-73798070833E}) (Version: 1.11.3803 - Plex, Inc.) Hidden
      Popcorn Time Community (HKLM-x32\...\{FDA3303C-0DBF-496F-856B-984D937A7E23}) (Version: 5.0.0 - Popcorn Time Community) <==== ATTENTION
      Popcorn-Time (HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
      PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
      RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
      Real Alternative 1.7.5 (HKLM-x32\...\RealAlt_is1) (Version: 1.7.5 - )
      Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
      Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.2.0.10 - GOG.com)
      RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version: - GOG.com)
      Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
      Sheltered (HKLM\...\c2hlbHRlcmVk_is1) (Version: 1 - )
      SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
      Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
      SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
      SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
      Solid Edge ST6 (HKLM-x32\...\{E7AA3093-4539-45AB-9BFC-7FD7D2D174FB}) (Version: 106.00.00100 - Siemens)
      Speakout Upper-intermediate ActiveBook (HKLM-x32\...\9781408216477-SPKOUTUIAB) (Version: - Pearson Education)
      State of Decay - Lifeline (HKLM-x32\...\State of Decay - Lifeline_is1) (Version: - )
      Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
      Stopping Plex (HKLM-x32\...\{E70B9551-B5D4-41BC-AB7C-EE44025F77DC}) (Version: 1.11.3803 - Plex, Inc.) Hidden
      SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
      System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
      Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
      Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
      Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
      Unity Web Player (HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
      Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
      Virtual Engine Room - Free Student Version (HKLM-x32\...\Virtual Engine Room - Free Student Version_is1) (Version: 2.5 - Dr. Stefan Kluj)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
      War Thunder Launcher 1.0.1.432 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
      WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
      Windows Live Asistente para el inicio de sesión (HKLM-x32\...\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}) (Version: 5.000.818.5 - Microsoft Corporation)
      Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
      Windows Live Sync (HKLM-x32\...\{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}) (Version: 14.0.8117.416 - Microsoft Corporation)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
      CustomCLSID: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
      CustomCLSID: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-30] (AVAST Software)
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-30] (AVAST Software)
      ShellIconOverlayIdentifiers: [Identificador de icono superpuesto para firmas digitales de AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
      ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2009-02-09] (Autodesk)
      ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-30] (AVAST Software)
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-04] ()
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-01-17] ()
      ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-30] (AVAST Software)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-04] ()
      ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-01-17] ()
      ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-30] (AVAST Software)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-04] ()
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-01-17] ()

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {03392AC5-D891-4A5A-B8C9-5CCD9D6255A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-30] (Adobe Systems Incorporated)
      Task: {0578270E-4C11-4439-9085-3BC1754DA9B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-30] (Google Inc.)
      Task: {1C63D090-FF72-4081-864F-489470D90679} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-21] (AVAST Software)
      Task: {1F38ABEA-5CD0-4A9E-B35C-C542B517FBA4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 77ef706f-9560-40de-8c57-757c77f7d7cd => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
      Task: {21DDEDAA-2BCC-4B25-A89D-65ED41E64CAB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-30] (AVAST Software)
      Task: {24B2765B-57A9-4517-8431-624249CFB700} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-30] (Google Inc.)
      Task: {4C9BF50A-A436-4E66-876C-19A3873F119E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
      Task: {5A85F9DC-2AE5-4C5C-816C-ECFC0F5190FB} - System32\Tasks\{8C50B1A7-609E-4631-AACF-F07CE055D88A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
      Task: {64DA5FC8-A58B-484F-8C41-9D1E839E97BD} - System32\Tasks\SUPERAntiSpyware Scheduled Task f0a9ca39-fa86-4c97-9b63-9defc4847883 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
      Task: {8BF89D25-2755-456E-8D3D-1DE7290F9274} - System32\Tasks\{9612E044-7A7A-4112-B7DA-1A11166E044D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Documents\Nautica 2015\Electro\Guia Neumatica 2014\fluidsim\unins000.exe" -d "C:\Users\Usuario\Documents\Nautica 2015\Electro\Guia Neumatica 2014\fluidsim"
      Task: {9791CA11-95D8-4BB0-B3D7-5586F4E99ADB} - System32\Tasks\{35ADF61C-CD62-4DB6-B197-E08923EA8F9D} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
      Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
      Task: {A394B599-D245-426D-9714-02C80FF632F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-30] (Adobe Systems Incorporated)
      Task: {A844430A-DD1E-47E5-8308-99D4AE6088E8} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-21] (AVAST Software)
      Task: {B938C888-BB56-4830-93B9-C9FD05582E6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
      Task: {BAC699C0-CDC8-4FB8-B513-E83672270914} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-30] (Adobe Systems Incorporated)
      Task: {C7E485B5-69D0-4825-BFCD-C171741F5466} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-30] (AVAST Software)
      Task: {CC4C7652-65AA-452E-BE87-9C41DD30B9D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
      Task: {DB1DAB7E-B1A2-492B-B6F3-841419C54405} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
      Task: {E1E1F02A-5327-4FA8-99C4-638C012191A2} - System32\Tasks\{99D35746-B9FB-471C-A3C7-50977DB5017E} => C:\Windows\system32\pcalua.exe -a "E:\Roller Coaster 2 Multi7 Repack.exe" -d E:\

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77ef706f-9560-40de-8c57-757c77f7d7cd.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f0a9ca39-fa86-4c97-9b63-9defc4847883.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Users\Usuario\Desktop\Juegos\Don't Starve.lnk -> C:\Program Files (x86)\DontStarve\runme.bat ()

      ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Usuario\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Usuario\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
      ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ec0f72738fb119e\iMacros for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --user-data-dir="C:\Users\Usuario\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --app-id=cplklnmnlbnpmjogncfgfijoopmnlemp

      ==================== Loaded Modules (Whitelisted) ==============

      2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
      2015-12-17 18:38 - 2015-12-17 18:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2015-12-17 18:38 - 2015-12-17 18:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2016-11-27 19:54 - 2016-12-08 17:17 - 000075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
      2018-07-09 16:03 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-07-09 16:03 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-06-30 13:42 - 2018-06-30 13:43 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
      2018-07-09 13:59 - 2018-07-09 13:59 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18070902\algo.dll
      2018-06-30 13:43 - 2018-06-30 13:43 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
      2018-06-30 13:42 - 2018-06-30 13:42 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
      2018-06-30 13:42 - 2018-06-30 13:42 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
      2018-06-30 13:42 - 2018-06-30 13:42 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
      2018-03-13 18:39 - 2018-03-13 18:40 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2018-06-30 13:42 - 2018-06-30 13:42 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
      2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
      2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
      2018-02-15 19:09 - 2018-02-15 19:09 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
      2018-02-15 19:09 - 2018-02-15 19:09 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Windows:nlsPreferences [386]
      AlternateDataStreams: C:\Users\Usuario:Heroes & Generals [38]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
      IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
      IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
      IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
      IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
      IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
      IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
      IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
      IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
      IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
      IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
      IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
      IE trusted site: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\clonewarsadventures.com -> clonewarsadventures.com
      IE trusted site: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\freerealms.com -> freerealms.com
      IE trusted site: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\soe.com -> soe.com
      IE trusted site: HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\sony.com -> sony.com

      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:34 - 2015-07-20 08:46 - 000000921 _____ C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 genuine.microsoft.com
      127.0.0.1 mpa.one.microsoft.com
      127.0.0.1 sls.microsoft.com

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: Media is not connected to internet.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{FE8F3E70-6793-487E-A242-B90281871928}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
      FirewallRules: [{37520203-82E2-4EB0-993A-929F7804C6ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
      FirewallRules: [{B6FBFE17-4073-4999-A20E-D1911B2EE37D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{4B496F83-B6EE-4B61-9BD5-FCC3FA50E5BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{F4346A1D-B3B0-44A7-82ED-CA41361B997E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
      FirewallRules: [{D0426496-8532-4B0C-BCC7-64DC18CE2F29}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
      FirewallRules: [{19C85410-31A7-4819-865A-C350D859C2E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
      FirewallRules: [{80E5133E-EE8D-4AAA-94A3-89FC7E6CC596}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
      FirewallRules: [{41AA5525-0B1D-4E40-9DB6-91204EE1DFD8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
      FirewallRules: [{CAFD3138-EDFB-44C0-A1CD-9DEDBFC00283}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
      FirewallRules: [{CC8ED8C5-26B7-4C01-881E-D0E6CBADB114}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
      FirewallRules: [{9DE8BDDB-0343-4ADC-AD88-6D8E8D6A01EC}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
      FirewallRules: [{1341597F-26FE-4725-96F8-2FF2DC283DBD}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
      FirewallRules: [{2CA5C1EF-D910-4CF6-899E-09AC21A2336B}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
      FirewallRules: [{56B96FBD-D41D-4315-BD22-B603C5225B6A}] => (Allow) LPort=80
      FirewallRules: [{8369088D-DE08-41BA-A337-3BF9E739F918}] => (Allow) LPort=443
      FirewallRules: [{9D102795-1ABC-485E-B505-53CBCAEA9051}] => (Allow) LPort=20010
      FirewallRules: [{D2B00010-25F1-4714-B3B6-BA9E4C9FA76E}] => (Allow) LPort=3478
      FirewallRules: [{F1D40FAB-FC90-49C5-B8FC-947FFCD238D5}] => (Allow) LPort=7850
      FirewallRules: [{183A794A-F187-41EB-BC0E-63C3EA412FCA}] => (Allow) LPort=7852
      FirewallRules: [{09C26A44-0EC5-47BF-88C3-8A1774C95534}] => (Allow) LPort=7853
      FirewallRules: [{08DF0FED-FE98-4818-A65C-52D79608F7B4}] => (Allow) LPort=27022
      FirewallRules: [{133A7F97-0428-48A8-B4CF-71640EA90589}] => (Allow) LPort=6881
      FirewallRules: [{6DD5EC5F-E20B-4C8B-8655-7B9355F52CB2}] => (Allow) LPort=33333
      FirewallRules: [{68EE0604-9AFF-482D-A305-46AB3D6BA288}] => (Allow) LPort=20443
      FirewallRules: [{7A2F8EE2-DA85-40DE-9787-E5B6AA07705C}] => (Allow) LPort=8090
      FirewallRules: [TCP Query User{C569E13D-C02E-445C-A784-5D167E3F9462}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
      FirewallRules: [UDP Query User{3A6FD103-BDE1-4696-8961-37FDE27E5FB5}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
      FirewallRules: [TCP Query User{1D8178E7-244F-4D3D-8E85-73F5EC3757B3}C:\program files (x86)\warthunder\launcher.exe] => (Allow) C:\program files (x86)\warthunder\launcher.exe
      FirewallRules: [UDP Query User{F9737695-3A1F-4099-B0C5-2C6DA3443D97}C:\program files (x86)\warthunder\launcher.exe] => (Allow) C:\program files (x86)\warthunder\launcher.exe
      FirewallRules: [TCP Query User{7B651F57-6A87-4246-91BE-646EB0352C04}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
      FirewallRules: [UDP Query User{9E170258-78A6-4315-B277-839AF767E056}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
      FirewallRules: [{36BFF7AE-BE44-4AE4-8516-110B0465E6F5}] => (Block) C:\program files\andy\andy.exe
      FirewallRules: [{19E5EF89-F8EC-4E5D-9263-38A0D9328ECD}] => (Block) C:\program files\andy\andy.exe
      FirewallRules: [{5ED67B0E-2D64-418A-8FDC-589B716A6948}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
      FirewallRules: [{B449DE45-767F-4C9C-9A71-1DFA895230F8}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
      FirewallRules: [{5D4C5686-D0AC-458A-9518-4370FFCD1B65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{66579A56-AE89-482C-929B-456ECAD79D8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{B516A39C-3C07-4BD9-AD3D-4A5B0386E81F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
      FirewallRules: [UDP Query User{FF113082-7AA6-4C03-A1E0-0EF2565E8DAE}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
      FirewallRules: [{C1FB75D3-CF2B-4939-B1A2-8477B95BD732}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
      FirewallRules: [{3281416A-5F73-40F0-8785-CD04ED292BBA}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
      FirewallRules: [TCP Query User{1F1D31F6-1915-469D-9453-92A455A87512}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [UDP Query User{3D484EEB-7C5C-441F-98EB-F835F5E19E17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [{1918273E-74A2-439D-AE46-F446DE21D778}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
      FirewallRules: [{392CF7AC-F9F7-4A17-BD65-9A63753E18D3}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
      FirewallRules: [{E80AA426-B985-4196-9D00-D46D037D8478}] => (Allow) LPort=4481
      FirewallRules: [{9E86AFF4-15EC-4269-AE3E-92427E3A671B}] => (Allow) LPort=4481
      FirewallRules: [{C132B6FC-042B-455C-9A6D-C64C48E7239A}] => (Allow) LPort=4482
      FirewallRules: [{EE79C475-7655-4A95-BD38-A4E09836D6ED}] => (Allow) LPort=4482
      FirewallRules: [{BFD503B7-D46A-40F7-A613-307DFE2F17F6}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
      FirewallRules: [{9E13848A-3E39-4350-AFB2-29617370E3C4}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
      FirewallRules: [{9A75DE60-8F0B-4306-BA12-C64A73516AA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{BA9E6BBA-2FE6-4371-B830-09D7C8C2B4B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{0C563BA4-3826-4D64-AA3D-BA11C35A82F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{F57E419C-CFA5-4215-A2AC-15AA7CA1B879}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{0390EB55-0E90-4126-9B58-85419DFBD9F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{574CD29E-A6F0-41A3-BF10-CEE0BC27383F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{8D70BB3D-A1FA-448E-9CC9-3BF047C5C522}] => (Allow) C:\Program Files\iTunes\iTunes.exe
      FirewallRules: [{9E8BBCDC-3579-4CD4-9FE1-37D74E5CE088}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
      FirewallRules: [{31657F7A-649D-452A-B856-902F36703C9E}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
      FirewallRules: [{C1156E98-3705-45BA-983E-A42401065528}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
      FirewallRules: [{791437DB-847C-457C-ADA9-E231D7423DAF}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
      FirewallRules: [{C5564128-A9BD-4334-A9FC-6433FF385FB5}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
      FirewallRules: [{CF2AA7CC-AC97-4A94-A68D-FEEEB9FE92EB}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
      FirewallRules: [TCP Query User{995AD39C-D65E-48B9-ADFC-EFD31C4DA109}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
      FirewallRules: [UDP Query User{8F0CFC21-4F61-42BF-B1E6-6F4F76723B50}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
      FirewallRules: [{24E9883E-5F24-41C1-ABCD-E671452081A5}] => (Block) C:\program files (x86)\ea games\battlefield 2\bf2.exe
      FirewallRules: [{C1C60186-D26F-43C8-BEB6-DDE3C6089D69}] => (Block) C:\program files (x86)\ea games\battlefield 2\bf2.exe
      FirewallRules: [{DD19F3B9-56BB-450B-B747-53AC7FDF88A6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [TCP Query User{1EB68A52-422E-4C08-A884-C61FA90506C2}C:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe] => (Allow) C:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe
      FirewallRules: [UDP Query User{7FB0E1CF-E68B-44D1-82CB-1AC7EC1E2801}C:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe] => (Allow) C:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe
      FirewallRules: [{CE67AB94-1D8E-4643-AC19-A05E7C614C39}] => (Block) C:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe
      FirewallRules: [{2FDBE46C-9E7C-4612-A339-37F46867A5BE}] => (Block) C:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe
      FirewallRules: [{C46CBE0B-C906-4D30-BE2D-088246BA1B6F}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{437A032D-3EBD-4B28-8B2E-25D10DC10E4F}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{042ED27B-0408-4629-AA64-E7BF7A4C39C3}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{C7CC1B0B-2D25-4DD1-9842-49CA52880865}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{B535C114-8D06-4B38-946B-F572A324160D}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{9CCC9498-E54B-4BC3-95B0-87D9DCDA257D}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [TCP Query User{87514E0D-D2CE-4BE7-97C9-08B4C852F13A}C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe
      FirewallRules: [UDP Query User{7C01BE02-FE4C-4776-A003-98F50EF53D50}C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe
      FirewallRules: [{F73E22E6-EC9D-43C7-B671-27293244A881}] => (Block) C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe
      FirewallRules: [{33D80C17-CE41-4AAB-9731-3A2429B56ED1}] => (Block) C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe
      FirewallRules: [{461CC3B0-F845-409B-8B45-4381CE4FF7E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
      FirewallRules: [{712B387C-A200-4D41-BBFC-6FE01C47F9A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
      FirewallRules: [{8A6C24D6-81B4-49A1-BF5D-A8BF78376D43}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{413D9F25-045A-45E1-907E-C9009BF0F666}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{E3898131-B1EC-4938-B3E1-B8FCBF12272F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{612FA891-9280-48AE-8D07-D203BEE620CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{B6697A38-1C43-43D0-A0A1-A576679C1476}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{2E0194E6-7644-4329-8FBB-228266AC5050}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{A873C181-054E-434F-B2C4-217C253717BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{48D303F7-A02A-44B5-B890-076EFD6B167C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{A27CD1C8-5431-4532-8984-07C60ECB44BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
      FirewallRules: [{CB997233-1B02-49CA-A782-EC71CB5F9670}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
      FirewallRules: [{C71E91AC-1B21-432E-899B-DA0D376F3F1B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
      FirewallRules: [{D27A3AD9-10D1-4AD0-A876-9B64C2E346DA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
      FirewallRules: [{A51F6EC0-FCA5-4D37-B6D9-7738581E4529}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
      FirewallRules: [{0BC0704D-E392-4AB9-B6B2-7752B26309DE}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
      FirewallRules: [{1BC767A5-12A3-4FB7-B70A-9E20ADF51925}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
      FirewallRules: [{CF4C7903-8EA6-4158-A733-E045F92CFF58}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
      FirewallRules: [{BC0CC2A2-314B-40E6-8F4F-5F4F081D5133}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{BA385CA9-630F-4B0F-87F6-4823C9777050}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
      FirewallRules: [{86F247D5-D710-4BED-B9DE-DA71E37F65EA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
      FirewallRules: [{24DABF5F-BA6B-43F3-9FE3-73C1A11B5BA7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

      ==================== Restore Points =========================

      22-11-2017 20:59:28 Punto de control programado
      06-12-2017 13:43:42 Punto de control programado
      13-12-2017 22:06:29 Punto de control programado
      31-12-2017 16:45:29 Punto de control programado
      11-01-2018 16:26:52 Punto de control programado
      04-02-2018 17:17:49 Punto de control programado
      23-02-2018 18:01:55 Punto de control programado
      26-02-2018 17:43:18 Plex Media Server
      26-02-2018 17:44:27 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
      07-03-2018 17:33:53 Punto de control programado
      15-03-2018 15:02:56 Punto de control programado
      27-03-2018 14:08:56 Punto de control programado
      15-04-2018 16:31:42 Punto de control programado
      03-05-2018 10:21:27 Punto de control programado
      11-05-2018 17:39:43 Punto de control programado
      15-05-2018 19:33:55 Plex Media Server
      24-05-2018 12:47:09 Punto de control programado
      01-06-2018 10:14:20 Punto de control programado
      08-06-2018 20:49:29 Punto de control programado
      09-06-2018 15:17:29 Chrome Cleanup Tool
      09-06-2018 16:45:22 UnHackMe Malware Removal
      22-06-2018 18:17:17 Punto de control programado
      25-06-2018 12:30:38 Plex Media Server
      25-06-2018 12:33:59 Removed Oracle VM VirtualBox 4.3.18
      30-06-2018 13:02:47 Operación de restauración
      07-07-2018 20:41:49 Punto de comprobación por HitmanPro
      07-07-2018 20:46:31 Punto de comprobación por HitmanPro
      07-07-2018 20:47:11 Punto de comprobación por HitmanPro
      09-07-2018 17:05:21 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============

      Name: avast! SecureLine TAP Adapter v3
      Description: avast! SecureLine TAP Adapter v3
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: TAP-Windows Provider V9
      Service: aswTap
      Problem: : This device is disabled. (Code 22)
      Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (07/09/2018 05:02:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (07/09/2018 05:00:59 PM) (Source: Winlogon) (EventID: 4103) (User: )
      Description: Error de activación de la licencia de Windows. Error 0x00000000.

      Error: (07/09/2018 05:00:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      0x800401F9

      Error: (07/09/2018 04:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (07/09/2018 04:55:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
      Description: Error de activación de la licencia de Windows. Error 0x00000000.

      Error: (07/09/2018 04:55:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      0x800401F9

      Error: (07/09/2018 02:33:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
      Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
      .

      Error: (07/09/2018 02:33:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


      System errors:
      =============
      Error: (07/09/2018 05:01:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio VBoxAsw Support Driver no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar la ruta especificada.

      Error: (07/09/2018 04:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

      Error: (07/09/2018 04:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

      Error: (07/09/2018 04:59:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Blackberry Device Manager se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (07/09/2018 04:59:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Servicio del iPod se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (07/09/2018 04:59:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio PnkBstrA se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (07/09/2018 04:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Plex Update Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

      Error: (07/09/2018 04:59:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.


      CodeIntegrity:
      ===================================

      Date: 2018-07-09 17:00:55.917
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 16:55:43.193
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 16:54:14.457
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 16:31:04.686
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 16:07:25.366
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 15:57:22.913
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 15:21:19.499
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      Date: 2018-07-09 14:31:56.919
      Description:
      Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

      ==================== Memory info ===========================

      Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics
      Percentage of memory in use: 54%
      Total physical RAM: 3508.83 MB
      Available physical RAM: 1608.41 MB
      Total Virtual: 7015.86 MB
      Available Virtual: 5246.18 MB

      ==================== Drives ================================

      Drive c: (Disco local) (Fixed) (Total:465.66 GB) (Free:84.23 GB) NTFS

      \\?\Volume{1d569359-755d-11e3-a98f-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 01510485)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    6. #6
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.640

      Re: Virus Adware de redireccionamiento

      Bien...... y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :


      • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

      Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

      Y ahora inicia tu equipo desde el >> Modo Seguro – con funciones de Red, de Windows.

      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad: (Se excluye la palabra código)

      Código:
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      Task: {5A85F9DC-2AE5-4C5C-816C-ECFC0F5190FB} - System32\Tasks\{8C50B1A7-609E-4631-AACF-F07CE055D88A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
      Task: {9791CA11-95D8-4BB0-B3D7-5586F4E99ADB} - System32\Tasks\{35ADF61C-CD62-4DB6-B197-E08923EA8F9D} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
      Task: {E1E1F02A-5327-4FA8-99C4-638C012191A2} - System32\Tasks\{99D35746-B9FB-471C-A3C7-50977DB5017E} => C:\Windows\system32\pcalua.exe -a "E:\Roller Coaster 2 Multi7 Repack.exe" -d E:\
      ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Usuario\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Usuario\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
      ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ec0f72738fb119e\iMacros for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --user-data-dir="C:\Users\Usuario\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --app-id=cplklnmnlbnpmjogncfgfijoopmnlemp
      AlternateDataStreams: C:\Windows:nlsPreferences [386]
      AlternateDataStreams: C:\Users\Usuario:Heroes & Generals [38]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\MountPoints2: E - E:\Setup.exe
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\MountPoints2: {dab0b5bd-2ef0-11e4-b8c2-d050991edbad} - E:\PmsDView.exe
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      Tcpip\..\Interfaces\{39803F6D-D9BB-4FA5-9E31-1143469A76B2}: [NameServer] 77.234.40.79
      BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
      Handler: WSKVAllmytubechrome - No CLSID Value
      FF Homepage: Mozilla\Firefox\Profiles\c440qpqs.default -> hxxps://www.google.com/?bcutc=sp-006
      FF Extension: (eBesucher Surfbar) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] [2015-01-18] [Legacy] [not signed]
      FF Extension: (ATM2YOU) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\{8DBC5A4E-A987-11E4-AF59-ABB91D5D46B0}.xpi [2015-07-24] [Legacy] [not signed]
      FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\searchplugins\google-avast.xml [2018-07-05]
      FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
      FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
      FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-07-07] ()
      S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      2015-07-17 18:49 - 2015-07-17 18:49 - 005009408 _____ () C:\Users\Usuario\AppData\Roaming\chromedriver.exe
      2015-07-17 18:49 - 2015-07-17 18:49 - 007488000 _____ () C:\Users\Usuario\AppData\Roaming\PhantomJS.exe
      2015-03-30 19:24 - 2015-03-30 19:43 - 000002160 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.Exception.log
      2015-03-30 19:23 - 2015-03-30 19:23 - 000001153 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
      2015-03-30 19:24 - 2015-03-30 19:42 - 000000077 _____ () C:\Users\Usuario\AppData\Roaming\Rim.DesktopHelper.Exception.log
      2015-07-17 18:49 - 2015-08-29 20:37 - 001176969 _____ () C:\Users\Usuario\AppData\Roaming\WebDriver.FirefoxExt.zip
      2012-05-03 08:12 - 2012-05-03 08:12 - 000000532 _____ () C:\Users\Usuario\AppData\Local\datos.txt
      2015-11-01 20:25 - 2018-06-26 12:59 - 000007610 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
      2014-08-30 12:55 - 2014-08-30 12:55 - 000000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
      2014-08-30 12:55 - 2017-05-06 20:58 - 000000425 _____ () C:\Users\Usuario\AppData\Local\UserProducts.xml
      2015-07-04 10:34 - 2015-07-04 10:34 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{305611DB-03F9-4677-B97A-6038EC419FD1}
      2015-07-09 09:05 - 2015-07-09 09:05 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{94172E94-489E-4254-8C61-112C4687B8C1}
      2015-07-06 05:11 - 2015-07-06 05:11 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{FE5B8907-79F8-4E9B-B926-4FE460908A09}
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END
      Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio <<< Esto es muy importante.

      Nota: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo



      • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador")
      • Presionar el botón FIX y aguardar a que termine.
      • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).


      Pegar el contenido de este fichero en tu próxima respuesta.

      Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de fernann
      Registrado
      jul 2018
      Ubicación
      Argentina
      Mensajes
      10

      Re: Adware que me redirecciona.

      Realice todo el procedimiento, adjunto a continuación el FIXLOG

      Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
      Ran by Usuario (10-07-2018 13:16:15) Run:1
      Running from C:\Users\Usuario\Desktop
      Loaded Profiles: Usuario (Available Profiles: Usuario)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      Task: {5A85F9DC-2AE5-4C5C-816C-ECFC0F5190FB} - System32\Tasks\{8C50B1A7-609E-4631-AACF-F07CE055D88A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
      Task: {9791CA11-95D8-4BB0-B3D7-5586F4E99ADB} - System32\Tasks\{35ADF61C-CD62-4DB6-B197-E08923EA8F9D} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
      Task: {E1E1F02A-5327-4FA8-99C4-638C012191A2} - System32\Tasks\{99D35746-B9FB-471C-A3C7-50977DB5017E} => C:\Windows\system32\pcalua.exe -a "E:\Roller Coaster 2 Multi7 Repack.exe" -d E:\
      ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Usuario\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Usuario\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
      ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ec0f72738fb119e\iMacros for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --user-data-dir="C:\Users\Usuario\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --app-id=cplklnmnlbnpmjogncfgfijoopmnlemp
      AlternateDataStreams: C:\Windows:nlsPreferences [386]
      AlternateDataStreams: C:\Users\Usuario:Heroes & Generals [38]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\MountPoints2: E - E:\Setup.exe
      HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\...\MountPoints2: {dab0b5bd-2ef0-11e4-b8c2-d050991edbad} - E:\PmsDView.exe
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      Tcpip\..\Interfaces\{39803F6D-D9BB-4FA5-9E31-1143469A76B2}: [NameServer] 77.234.40.79
      BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
      Handler: WSKVAllmytubechrome - No CLSID Value
      FF Homepage: Mozilla\Firefox\Profiles\c440qpqs.default -> hxxps://www.google.com/?bcutc=sp-006
      FF Extension: (eBesucher Surfbar) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] [2015-01-18] [Legacy] [not signed]
      FF Extension: (ATM2YOU) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\{8DBC5A4E-A987-11E4-AF59-ABB91D5D46B0}.xpi [2015-07-24] [Legacy] [not signed]
      FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\searchplugins\google-avast.xml [2018-07-05]
      FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
      FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
      FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-07-07] ()
      S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      2015-07-17 18:49 - 2015-07-17 18:49 - 005009408 _____ () C:\Users\Usuario\AppData\Roaming\chromedriver.exe
      2015-07-17 18:49 - 2015-07-17 18:49 - 007488000 _____ () C:\Users\Usuario\AppData\Roaming\PhantomJS.exe
      2015-03-30 19:24 - 2015-03-30 19:43 - 000002160 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.Exception.log
      2015-03-30 19:23 - 2015-03-30 19:23 - 000001153 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
      2015-03-30 19:24 - 2015-03-30 19:42 - 000000077 _____ () C:\Users\Usuario\AppData\Roaming\Rim.DesktopHelper.Exception.log
      2015-07-17 18:49 - 2015-08-29 20:37 - 001176969 _____ () C:\Users\Usuario\AppData\Roaming\WebDriver.FirefoxExt.zip
      2012-05-03 08:12 - 2012-05-03 08:12 - 000000532 _____ () C:\Users\Usuario\AppData\Local\datos.txt
      2015-11-01 20:25 - 2018-06-26 12:59 - 000007610 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
      2014-08-30 12:55 - 2014-08-30 12:55 - 000000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
      2014-08-30 12:55 - 2017-05-06 20:58 - 000000425 _____ () C:\Users\Usuario\AppData\Local\UserProducts.xml
      2015-07-04 10:34 - 2015-07-04 10:34 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{305611DB-03F9-4677-B97A-6038EC419FD1}
      2015-07-09 09:05 - 2015-07-09 09:05 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{94172E94-489E-4254-8C61-112C4687B8C1}
      2015-07-06 05:11 - 2015-07-06 05:11 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{FE5B8907-79F8-4E9B-B926-4FE460908A09}
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      END
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => removed successfully
      HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
      "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => removed successfully
      HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
      "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => removed successfully
      HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
      "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
      "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
      "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
      "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
      "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
      HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A85F9DC-2AE5-4C5C-816C-ECFC0F5190FB}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A85F9DC-2AE5-4C5C-816C-ECFC0F5190FB}" => removed successfully
      C:\Windows\System32\Tasks\{8C50B1A7-609E-4631-AACF-F07CE055D88A} => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C50B1A7-609E-4631-AACF-F07CE055D88A}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9791CA11-95D8-4BB0-B3D7-5586F4E99ADB}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9791CA11-95D8-4BB0-B3D7-5586F4E99ADB}" => removed successfully
      C:\Windows\System32\Tasks\{35ADF61C-CD62-4DB6-B197-E08923EA8F9D} => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{35ADF61C-CD62-4DB6-B197-E08923EA8F9D}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1E1F02A-5327-4FA8-99C4-638C012191A2}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1E1F02A-5327-4FA8-99C4-638C012191A2}" => removed successfully
      C:\Windows\System32\Tasks\{99D35746-B9FB-471C-A3C7-50977DB5017E} => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{99D35746-B9FB-471C-A3C7-50977DB5017E}" => removed successfully
      C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk => Shortcut argument removed successfully
      C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ec0f72738fb119e\iMacros for Chrome.lnk => Shortcut argument removed successfully
      C:\Windows => ":nlsPreferences" ADS removed successfully
      C:\Users\Usuario => ":Heroes & Generals" ADS removed successfully
      "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
      "HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => removed successfully
      "HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => removed successfully
      "HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab0b5bd-2ef0-11e4-b8c2-d050991edbad}" => removed successfully
      HKLM\Software\Classes\CLSID\{dab0b5bd-2ef0-11e4-b8c2-d050991edbad} => not found
      "HKLM\SOFTWARE\Policies\Google" => removed successfully
      "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39803F6D-D9BB-4FA5-9E31-1143469A76B2}\\NameServer" => removed successfully
      "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => not found
      "HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome" => removed successfully
      "Firefox homepage" => removed successfully
      C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\[email protected] => moved successfully
      C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\Extensions\{8DBC5A4E-A987-11E4-AF59-ABB91D5D46B0}.xpi => moved successfully
      C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\c440qpqs.default\searchplugins\google-avast.xml => moved successfully
      "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2" => removed successfully
      C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => moved successfully
      "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2" => removed successfully
      C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => moved successfully
      "HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => removed successfully
      "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => removed successfully
      "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
      "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
      "HKLM\System\CurrentControlSet\Services\AvastVBoxSvc" => removed successfully
      AvastVBoxSvc => service removed successfully
      "HKLM\System\CurrentControlSet\Services\hitmanpro37" => removed successfully
      hitmanpro37 => service removed successfully
      "HKLM\System\CurrentControlSet\Services\EagleX64" => removed successfully
      EagleX64 => service removed successfully
      "HKLM\System\CurrentControlSet\Services\gdrv" => removed successfully
      gdrv => service removed successfully
      "HKLM\System\CurrentControlSet\Services\VBoxAswDrv" => removed successfully
      VBoxAswDrv => service removed successfully
      "HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
      VGPU => service removed successfully
      C:\Users\Usuario\AppData\Roaming\chromedriver.exe => moved successfully
      C:\Users\Usuario\AppData\Roaming\PhantomJS.exe => moved successfully
      C:\Users\Usuario\AppData\Roaming\Rim.Desktop.Exception.log => moved successfully
      C:\Users\Usuario\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => moved successfully
      C:\Users\Usuario\AppData\Roaming\Rim.DesktopHelper.Exception.log => moved successfully
      C:\Users\Usuario\AppData\Roaming\WebDriver.FirefoxExt.zip => moved successfully
      C:\Users\Usuario\AppData\Local\datos.txt => moved successfully
      C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg => moved successfully
      C:\Users\Usuario\AppData\Local\updater.log => moved successfully
      C:\Users\Usuario\AppData\Local\UserProducts.xml => moved successfully
      C:\Users\Usuario\AppData\Local\{305611DB-03F9-4677-B97A-6038EC419FD1} => moved successfully
      C:\Users\Usuario\AppData\Local\{94172E94-489E-4254-8C61-112C4687B8C1} => moved successfully
      C:\Users\Usuario\AppData\Local\{FE5B8907-79F8-4E9B-B926-4FE460908A09} => moved successfully
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
      "HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\S-1-5-21-3623185794-1860153916-2374100090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows


      Adaptador de Ethernet Conexi¢n de *rea local 2:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::51db:7a1a:8c44:42d5%13
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.15
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.0.1

      Adaptador de Ethernet VirtualBox Host-Only Network:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::39c5:8e89:497a:3a5e%14
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.56.1
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . :

      Adaptador de t£nel isatap.{1E6F4307-F5CE-45C0-BC8C-A6F2A9DB761D}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.{92F068A2-CD6D-4B58-8DF2-2E19759ED62C}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007042c

      ========= End of CMD: =========


      ========= netsh advfirewall reset =========

      Aceptar


      ========= End of CMD: =========


      ========= netsh advfirewall set allprofiles state ON =========

      Aceptar


      ========= End of CMD: =========


      ========= netsh int ipv4 reset =========

      Global se restableci¢ correctamente.
      Interfaz se restableci¢ correctamente.
      Direcci¢n de unidifusi¢n se restableci¢ correctamente.
      Reinicie el equipo para completar esta acci¢n.


      ========= End of CMD: =========


      ========= netsh int ipv6 reset =========

      Interfaz se restableci¢ correctamente.
      Reinicie el equipo para completar esta acci¢n.


      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15795448 B
      Java, Flash, Steam htmlcache => 280456503 B
      Windows/system/drivers => 3 B
      Edge => 0 B
      Chrome => 179057327 B
      Firefox => 10119625 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 66228 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 101371 B
      systemprofile32 => 248721 B
      LocalService => 132244 B
      NetworkService => 66228 B
      Usuario => 9456301 B

      RecycleBin => 0 B
      EmptyTemp: => 472.5 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 13:18:40 ====

    8. #8
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.640

      Re: Adware que me redirecciona.

      Hola.

      Perfecto..... y ahora faltaría que comentes como sigue el problema inicialmente planteado.??
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de fernann
      Registrado
      jul 2018
      Ubicación
      Argentina
      Mensajes
      10

      Re: Adware que me redirecciona.

      Hola, hoy ni bien entrar a chrome, cargue una pagina y se me redirecciono nuevamente (ads.1seven9.com) y luego a http://motor-de-busqueda.premiado.party

    10. #10
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.640

      Re: Adware que me redirecciona.

      Hola.

      El problema te ocurre SOLO en Chrome o te pasa igualmente con otros navegadores.??

      Ademas de que confirmes eso, una pregunta, tienes creado un usuario en Chrome y ademas dicho usuario lo tienes sincronizado para que guarde sus preferencias. o las coordine con otros equipos.??
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo