AutoIt Error Line 0 Error opening file

ogarciax · 22 Noviembre, 2019 20:12

Hola,

Estoy intentando eliminar este error/virus que tiene mi PC. Tengo el antivirus Bitdefender Total Security pero no parece que este pueda con él, y aunque he aplicado algunos pasos que he visto en otros hilos no he conseguido eliminarlo.

La ubicación del archivo aparece en c:\Users\Olga\AppData\Local\Temp\0688e83\test.au3

Esta ventana cuando me acerco a ella desaparece. ¿Me podríais echar una mano por favor?

Muchas gracias,

Olga

Daniela · 22 Noviembre, 2019 20:24

Hola @ogarciax bienvenido al ForoSpyware

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, instala y ejecuta Malwarebytes’ Anti-Malware.

Presiona clic en “Use Malewarebytes Free” (Usar Malewarebyte gratis).
Pulsa en el botón “Open Malewarebytes Free”.

imagen

Presiona el botón “Scan” (Escaneo).

imagen

Una vez finalizado el escaneo aparecerá la siguiente pantalla:

imagen

Pulsa en “View report” (Ver informe).
Luego presionar el botón “Export” (Exportar). Elijes “Text file” (fichero de texto). Elijes un nombre y guardas ese archivo en el escritorio…

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
Cierra también todos los programas que tengas abiertos.
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

Instala Ccleaner
Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

ogarciax · 22 Noviembre, 2019 22:07

Muchas gracias Daniela, ¡Qué crack!

Parece que está solucionado. Te pego aquí los ficheros solicitados.

malware.txt (1,5 KB) AdwCleaner[S05].txt (1,9 KB)

Muchas gracias y un saludo,

Olga

Daniela · 26 Noviembre, 2019 13:19

Hola

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Confirmanos si sigue todo bien.

Un saludo

ogarciax · 28 Noviembre, 2019 16:17

Hola Daniela, acaba de volver a aparecerme el mensaje (parece que estaban esperando a que aplicara el DelFix para volver a aparecer. Mi antivirus Bitdefender lo identifica como AIT: TRojan.Nymeria.640 pero creo que no es capaz de cargarselo. Voy a volver a empezar con los mismos pasos de nuevo a ver.

Gracias,

Olga

Daniela · 28 Noviembre, 2019 16:31

Hola

No vuelvas a realizar los pasos anteriores.

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

ogarciax · 30 Noviembre, 2019 10:50

Hola,

Aquí van los dos reportes:

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
Ran by OLGA (administrator) on OLGA-PC (Gigabyte Technology Co., Ltd. B85M-HD3) (30-11-2019 11:43:13)
Running from C:\Users\OLGA\Desktop
Loaded Profiles: OLGA (Available Profiles: OLGA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify AB -> Spotify Ltd) C:\Users\OLGA\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18A80AC3-AB15-467C-B784-9E98B4224350} - System32\Tasks\{112FA1B3-8279-40D2-8CA9-BE344AC08F6D} => C:\Windows\system32\pcalua.exe -a "F:\e\PROGRAMAS\INSTALABLES\Grabacion\Nero\Nero 8.3.2.1\Nero-8.3.2.1b_all_trial.exe" -d "F:\e\PROGRAMAS\INSTALABLES\Grabacion\Nero\Nero 8.3.2.1"
Task: {1C67DEA3-6828-4800-A5EB-62FCDD9F75C7} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c8a6d7a9398e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2DD8810F-CE63-4895-8F22-85199E47A01F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {45631B2C-2853-4634-8184-1F6D3F9E5BBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-30] (Adobe Inc. -> Adobe)
Task: {5668329F-4349-4314-937F-F272181A7B97} - System32\Tasks\GoogleUpdateTaskMachineUA1d04111f0532fcc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {69BE017A-663D-4F39-B84D-A50F80884EA9} - System32\Tasks\GoogleUpdateTaskMachineCore1d0910fc304b7c7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {73C5772E-005E-4A51-B8B7-3D29E0DD3219} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {882E578D-F932-4943-8543-3D088F104BBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8D284A9F-3C7B-456D-812C-601D4879AED7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {9F674BD4-5C0C-48F0-9E49-C46EA59B490C} - System32\Tasks\GoogleUpdateTaskMachineCore1d04111efbd391b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {BA753E8B-6DAB-4558-B547-33A57602584B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-30] (Adobe Inc. -> Adobe)
Task: {BAE329E4-A00A-4BBD-9D5E-613DCF384A0D} - System32\Tasks\GoogleUpdateTaskMachineUA1d0910fc39fc18c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {BDF7227A-410C-4E2B-AE22-BF18C1F91FD2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {C9F6DF2D-BA19-46A8-842B-63AF82E183E5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DAE8C64A-04A0-402C-93AB-C1228C339C53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04111efbd391b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04111f0532fcc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0910fc39fc18c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.166.210.80 212.166.132.104
Tcpip\..\Interfaces\{683E6394-9955-4513-A47A-1593B8FDD9A8}: [DhcpNameServer] 212.166.210.80 212.166.132.104

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2019-11-22] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-11-22] (Bitdefender SRL -> Bitdefender)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2019-11-22] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-11-22] (Bitdefender SRL -> Bitdefender)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-11-22] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-11-22] (Bitdefender SRL -> Bitdefender)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

FireFox:
========
FF DefaultProfile: agdqhysi.default
FF ProfilePath: C:\Users\OLGA\AppData\Roaming\Mozilla\Firefox\Profiles\agdqhysi.default [2019-11-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2019-09-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2019-11-22]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-12-11] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-30] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-30] (Adobe Inc. -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-18] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-23] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1295527249-1867317712-3775616854-1000: SkypeForBusinessPlugin-15.8 -> C:\Users\OLGA\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1295527249-1867317712-3775616854-1000: SkypeForBusinessPlugin64-15.8 -> C:\Users\OLGA\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-02] <==== ATTENTION

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> java
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default [2019-11-30]
CHR Extension: (Presentaciones) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Búsqueda de Google) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Java API Search) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphfngjamcomlehblpblaacingmaojnm [2016-06-06]
CHR Extension: (Hojas de cálculo) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (EditThisCookie) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-12-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Player para ver Movistar+) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2019-03-08]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2019-11-20]
CHR Extension: (Plugins) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-02-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-29]
CHR Extension: (Gmail) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-16] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-09-21] (Bitdefender SRL -> Bitdefender)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [125120 2019-09-17] (Bitdefender SRL -> Bitdefender)
S4 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-10-18] (EnigmaSoft Limited -> EnigmaSoft Limited)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [389696 2017-07-10] (Canon Inc. -> )
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-01-26] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-22] (Malwarebytes Inc -> Malwarebytes)
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG -> Nero AG)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG -> Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
S4 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-10-18] (EnigmaSoft Limited -> EnigmaSoft Limited)
S4 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Sony Mobile Communications -> Avanquest Software) [File not signed]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [151656 2019-11-22] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-11-22] (Bitdefender SRL -> Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [30208 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1693368 2019-11-22] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [739264 2019-11-22] (Bitdefender SRL -> Bitdefender)
R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [46056 2019-09-15] (Bitdefender SRL -> © Bitdefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [96448 2018-05-27] (Bitdefender SRL -> BitDefender)
S3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [61624 2019-09-06] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [564112 2019-11-22] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [188384 2019-06-06] (Bitdefender SRL -> BitDefender LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [196392 2019-09-15] (Bitdefender SRL -> Bitdefender)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2015-01-26] () [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [610640 2019-03-01] (Bitdefender SRL -> Bitdefender)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
U3 ab0yyrk2; C:\Windows\System32\Drivers\ab0yyrk2.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-30 11:43 - 2019-11-30 11:43 - 000029310 _____ C:\Users\OLGA\Desktop\FRST.txt
2019-11-30 11:42 - 2019-11-30 11:43 - 000000000 ____D C:\FRST
2019-11-30 11:41 - 2019-11-30 11:41 - 002262016 _____ (Farbar) C:\Users\OLGA\Desktop\FRST64.exe
2019-11-30 11:09 - 2019-11-30 11:09 - 000251894 _____ C:\Users\OLGA\Downloads\IBERIA_WAB2NF.pdf
2019-11-22 21:49 - 2019-11-28 17:15 - 000000000 ____D C:\Users\OLGA\AppData\LocalLow\IGDump
2019-11-22 21:07 - 2019-11-22 21:07 - 000000000 ____D C:\Users\OLGA\AppData\Local\cache
2019-11-22 21:05 - 2019-11-22 21:05 - 001883976 _____ (Malwarebytes) C:\Users\OLGA\Downloads\MBSetup.exe
2019-11-22 12:38 - 2019-11-22 12:38 - 000000000 ____D C:\testintel
2019-11-21 09:20 - 2019-11-21 09:20 - 000072571 _____ C:\ProgramData\dm.update.1574324409.bdinstall.bin
2019-11-21 09:20 - 2019-11-21 09:20 - 000034295 _____ C:\ProgramData\dm.uninstall.1574324418.bdinstall.bin
2019-11-20 18:44 - 2019-11-20 18:44 - 000021623 _____ C:\Users\OLGA\Downloads\Men_in_Black_International.torrent
2019-11-19 21:26 - 2019-11-19 21:26 - 000164338 _____ C:\Users\OLGA\Downloads\robin_hood_4kuhdremux.torrent
2019-11-19 21:25 - 2019-11-19 21:25 - 000142892 _____ C:\Users\OLGA\Downloads\el-regreso-de-mary-poppins-4kuhdremux.torrent
2019-11-19 21:25 - 2019-11-19 21:25 - 000060265 _____ C:\Users\OLGA\Downloads\millennium-bdremux.torrent
2019-11-19 21:24 - 2019-11-19 21:24 - 000018006 _____ C:\Users\OLGA\Downloads\animales-fantasticos-2-microhd.torrent
2019-11-19 21:23 - 2019-11-19 21:23 - 000108522 _____ C:\Users\OLGA\Downloads\Asterix_El_secreto_de_la_pocion_magica_4K_UHDremux.torrent
2019-11-19 21:22 - 2019-11-19 21:22 - 000130054 _____ C:\Users\OLGA\Downloads\Mula_4K_UHDremux.torrent
2019-11-19 21:21 - 2019-11-19 21:21 - 000019226 _____ C:\Users\OLGA\Downloads\Capitana-Marvel-MicroHD.torrent
2019-11-19 21:18 - 2019-11-19 21:18 - 000014457 _____ C:\Users\OLGA\Downloads\Hermanos_Sisters_1080p.torrent
2019-11-19 21:17 - 2019-11-19 21:17 - 000104764 _____ C:\Users\OLGA\Downloads\Bienvenidos_a_Zombieland_4kUHDremux.torrent
2019-11-19 21:15 - 2019-11-19 21:15 - 000019255 _____ C:\Users\OLGA\Downloads\El-Rey-Leon-BluRay-MicroHD.torrent
2019-11-19 21:15 - 2019-11-19 21:15 - 000017358 _____ C:\Users\OLGA\Downloads\Aladdin_1080p_Castellano (1).torrent
2019-11-19 20:53 - 2019-11-19 20:53 - 000072586 _____ C:\Users\OLGA\Downloads\Timadoras_Compulsivas.torrent
2019-11-19 20:52 - 2019-11-19 20:52 - 000085315 _____ C:\Users\OLGA\Downloads\Spider_Man_Lejos_De_Casa_2019.torrent
2019-11-18 10:54 - 2019-11-18 10:54 - 000122957 _____ C:\Users\OLGA\Desktop\Informe de Vida Laboral.pdf
2019-11-03 16:07 - 2019-11-03 16:07 - 000014215 _____ C:\Users\OLGA\Downloads\Xmen_Fenix_Oscura_1080p_Castellano.torrent
2019-11-03 16:06 - 2019-11-03 16:06 - 000017358 _____ C:\Users\OLGA\Downloads\Aladdin_1080p_Castellano.torrent
2019-11-03 10:56 - 2019-11-03 10:56 - 001207336 _____ (Adobe Inc) C:\Users\OLGA\Downloads\flashplayer32au_ha_install.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-30 11:40 - 2018-04-09 09:13 - 000000664 _____ C:\DelFix.txt
2019-11-30 11:25 - 2015-01-26 21:28 - 000000000 ____D C:\Users\OLGA\AppData\Local\Adobe
2019-11-30 11:24 - 2018-03-13 22:13 - 000004488 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-30 11:24 - 2018-01-21 14:50 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-30 11:24 - 2018-01-21 14:50 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-30 11:24 - 2018-01-21 14:50 - 000004332 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-11-30 11:24 - 2018-01-20 11:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-30 11:24 - 2018-01-20 11:40 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-30 11:15 - 2015-02-05 08:04 - 000001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04111f0532fcc.job
2019-11-30 11:10 - 2017-08-26 07:56 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-11-30 11:09 - 2014-12-10 22:12 - 000001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2019-11-30 11:09 - 2009-07-14 10:31 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-11-30 11:09 - 2009-07-14 10:31 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-11-30 11:09 - 2009-07-14 06:13 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-30 11:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-30 11:07 - 2009-07-14 05:45 - 000014512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-30 11:07 - 2009-07-14 05:45 - 000014512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-30 11:05 - 2015-05-18 03:10 - 000001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0910fc39fc18c.job
2019-11-30 11:02 - 2018-01-21 13:49 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-11-30 11:00 - 2015-02-05 08:04 - 000001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04111efbd391b.job
2019-11-30 11:00 - 2014-12-10 22:12 - 000001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2019-11-30 10:59 - 2014-12-10 23:40 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-11-30 10:59 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-28 17:24 - 2017-12-06 12:05 - 000000000 ____D C:\Users\OLGA\AppData\Roaming\Spotify
2019-11-28 17:24 - 2017-12-06 12:05 - 000000000 ____D C:\Users\OLGA\AppData\Local\Spotify
2019-11-28 17:23 - 2015-01-31 17:54 - 000000000 ____D C:\Users\OLGA\Desktop\ccleaner
2019-11-28 17:22 - 2018-04-14 20:59 - 000000000 ____D C:\Users\OLGA\AppData\Local\CrashDumps
2019-11-28 17:18 - 2018-04-07 14:01 - 000001535 _____ C:\Users\OLGA\Desktop\malware.txt
2019-11-22 22:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-11-22 22:08 - 2017-11-07 23:03 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-11-22 21:07 - 2019-03-18 20:11 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-22 21:07 - 2019-03-18 20:11 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-22 21:06 - 2019-03-18 20:11 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-22 20:42 - 2018-05-04 19:22 - 000000000 ____D C:\Users\OLGA\AppData\Roaming\vlc
2019-11-22 16:00 - 2019-03-19 08:22 - 000000000 ____D C:\ProgramData\FVpVNhwe
2019-11-22 15:30 - 2019-03-18 20:00 - 000000000 ____D C:\ProgramData\JuQbbYqa
2019-11-22 15:15 - 2015-01-28 19:20 - 000000000 ____D C:\Users\OLGA\AppData\Roaming\Azureus
2019-11-22 14:06 - 2018-12-14 17:53 - 000564112 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys
2019-11-22 14:06 - 2018-09-21 17:04 - 000739264 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2019-11-22 14:06 - 2018-01-21 13:54 - 001693368 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2019-11-21 09:20 - 2018-01-21 13:50 - 000000000 ____D C:\Program Files\Bitdefender
2019-11-21 08:58 - 2014-12-10 22:12 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-18 10:54 - 2016-02-26 13:17 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-11-18 10:54 - 2015-01-31 09:01 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-18 10:53 - 2015-07-27 21:00 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d0c8a6d7a9398e
2019-11-18 10:53 - 2015-05-18 03:10 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d0910fc304b7c7
2019-11-18 10:52 - 2019-05-17 21:16 - 000535552 _____ (Dirección General de la Policía) C:\Users\OLGA\AppData\Local\DNIeService.exe
2019-11-18 10:52 - 2014-12-10 22:12 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-02 13:18 - 2014-12-11 00:11 - 000000000 ____D C:\Windows\system32\MRT
2019-11-02 13:14 - 2014-12-11 00:11 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-11-02 13:13 - 2018-01-21 14:47 - 000000000 ____D C:\Users\OLGA\AppData\LocalLow\Mozilla
2019-11-02 13:01 - 2018-01-21 14:47 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories ========

2015-02-04 19:35 - 2016-12-14 19:31 - 000029184 _____ () C:\Users\OLGA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-05-17 21:16 - 2019-11-18 10:52 - 000535552 _____ (Dirección General de la Policía) C:\Users\OLGA\AppData\Local\DNIeService.exe
2015-02-06 16:07 - 2015-02-06 16:07 - 000000017 _____ () C:\Users\OLGA\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-19 20:10
==================== End of FRST.txt ========================

ogarciax · 30 Noviembre, 2019 10:50

y el Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by OLGA (30-11-2019 11:43:58)
Running from C:\Users\OLGA\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-10 19:01:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1295527249-1867317712-3775616854-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1295527249-1867317712-3775616854-1002 - Limited - Enabled)
Invitado (S-1-5-21-1295527249-1867317712-3775616854-501 - Limited - Disabled)
OLGA (S-1-5-21-1295527249-1867317712-3775616854-1000 - Administrator - Enabled) => C:\Users\OLGA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Out of date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Disabled - Out of date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Cortafuego (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Pro 2.5 (HKLM-x32\...\{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}) (Version: 2.5.335 - ACD Systems International)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Advanced PDF Password Recovery (HKLM-x32\...\{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.67 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 24.0.9.47 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.17.205 - Bitdefender)
calibre (HKLM-x32\...\{983F4095-C958-4CD5-8F58-0B40F6961146}) (Version: 3.34.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.4.0 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\...\Juniper_Setup_Client) (Version: 7.3.7.38707 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\...\Juniper_Term_Services) (Version: 7.3.0.26561 - Juniper Networks)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.5 (x64 es-ES)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{22101996-62AE-4369-8CEF-581A12221034}) (Version: 8.3.164 - Nero AG)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
RecoveRx versión 3.8.0 (HKLM-x32\...\{3DE055DA-690F-43B8-9B7B-54E7D70806F9}_is1) (Version: 3.8.0 - Transcend Information, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registro de usuario de Canon MG3600 series (HKLM-x32\...\Registro de usuario de Canon MG3600 series) (Version:  - ‭Canon Inc.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Sidify Music Converter 1.3.4 (HKLM-x32\...\Sidify Music Converter) (Version: 1.3.4 - Sidify)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Skype versión 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.5.201503311503 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spotify (HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1295527249-1867317712-3775616854-1000_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\OLGA\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1295527249-1867317712-3775616854-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-02-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-02-05] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-02-05] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32-x32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-02-04 21:08 - 2009-12-12 15:12 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2017-11-06 19:58 - 2015-01-09 08:45 - 000008704 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ESP.DLL
2017-08-26 08:16 - 2016-06-09 11:57 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2017-11-06 19:58 - 2015-01-09 08:44 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2017-08-26 08:16 - 2016-06-09 13:35 - 000588800 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2016-08-11 12:07 - 2015-03-17 07:51 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2014-12-10 22:21 - 2014-02-21 06:56 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-11-30 11:00 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Calibre2;C:\Program Files (x86)\Skype\Phone;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 212.166.210.80 - 212.166.132.104
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DevMgmtService => 2
MSCONFIG\Services: EsgShKernel => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: ShMonitor => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: d3b793d2 => C:\ProgramData\Intel\Wireless\4046700\fgdfbfc.exe C:\ProgramData\Intel\Wireless\4046700\78745e7.au3
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2867F414-0919-4AB9-850F-ECC1FFE7F87D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{77BBAB6A-669D-4DA7-AE48-F7485AF84E78}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{4E64AF37-802D-4A09-BFA3-2107A78CC446}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{AA1D9E08-DD61-4136-9B8C-AE5A310D3D5D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe (Sony Mobile Communications -> ) [File not signed]
FirewallRules: [{4CD0D620-23E7-4F65-A98D-5091117E2BA8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe (Sony Mobile Communications -> ) [File not signed]
FirewallRules: [{0B71E3D8-F817-414F-A000-75C098DB1195}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{9B364C5F-E009-421B-885E-87EE66D882D7}C:\users\olga\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\olga\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{059025DD-7D32-4D7F-92B3-22D70A518305}C:\users\olga\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\olga\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65338A9B-DEC1-4B67-B859-F37540C0A1CA}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{03E6E981-64A3-47F1-A13C-BF50C0FF4309}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{BD6CE319-708E-4378-A50E-37580A5E0A55}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E626819B-64EC-40EB-924F-887F4D2E0308}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FA3FED5F-9029-400A-AF7D-6744F7905707}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{87C2A18A-DFCB-4F99-90FC-140647696385}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F4AED389-FD59-4640-9E63-8BCEE19EC07B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2A8A7B97-3FF1-4F70-877D-17662083A7A2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E5C5AF25-78D9-4676-8C38-87FFC274E0EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

30-11-2019 11:40:27 End of disinfection

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/28/2019 05:23:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1464) WebCacheLocal: Error inesperado al recuperar o restaurar la base de datos -501.

Error: (11/28/2019 05:23:01 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1464) WebCacheLocal: Se detectaron daños durante la recuperación parcial en el archivo de registro C:\Users\OLGA\AppData\Local\Microsoft\Windows\WebCache\V01.log. El registro de suma de comprobación no válido se encuentra en la posición END. Los datos que no coinciden con el modelo de relleno del archivo de registro aparecen por primera vez en el sector 95 (0x0000005F). El archivo de registro está dañado y no se puede utilizar.

Error: (11/28/2019 05:23:01 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1464) WebCacheLocal: Se detectaron daños durante la recuperación parcial en el archivo de registro C:\Users\OLGA\AppData\Local\Microsoft\Windows\WebCache\V01.log. El registro de suma de comprobación no válido se encuentra en la posición END. Los datos que no coinciden con el modelo de relleno del archivo de registro aparecen por primera vez en el sector 95 (0x0000005F). El archivo de registro está dañado y no se puede utilizar.

Error: (11/28/2019 05:23:01 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1464) WebCacheLocal: Se detectaron daños durante la recuperación parcial en el archivo de registro C:\Users\OLGA\AppData\Local\Microsoft\Windows\WebCache\V01.log. El registro de suma de comprobación no válido se encuentra en la posición END. Los datos que no coinciden con el modelo de relleno del archivo de registro aparecen por primera vez en el sector 95 (0x0000005F). El archivo de registro está dañado y no se puede utilizar.

Error: (11/28/2019 05:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 4.0.0.443, marca de tiempo: 0x5dcd9cdc
Nombre del módulo con errores: Qt5Core.dll, versión: 5.13.2.0, marca de tiempo: 0x5dcc36aa
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00198d49
Id. del proceso con errores: 0x1964
Hora de inicio de la aplicación con errores: 0x01d5a606947fb3f9
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 2d9db237-11fa-11ea-946e-e8de27a7464d

Error: (11/22/2019 09:37:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (11/22/2019 09:37:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (11/22/2019 09:37:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (11/30/2019 11:09:13 AM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/30/2019 11:09:13 AM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/30/2019 11:09:13 AM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/30/2019 11:09:13 AM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/28/2019 05:05:31 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/28/2019 05:05:31 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/28/2019 05:05:31 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (11/28/2019 05:05:31 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .


CodeIntegrity:
===================================

Date: 2018-04-06 18:20:51.699
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:20:51.621
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:20:51.543
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:20:51.465
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:01:32.625
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:01:32.537
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:01:32.445
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-06 18:01:32.351
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. FE 04/18/2014
Motherboard: Gigabyte Technology Co., Ltd. B85M-HD3
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 61%
Total physical RAM: 8085.48 MB
Available physical RAM: 3082.91 MB
Total Virtual: 16169.12 MB
Available Virtual: 10601.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:102.44 GB) NTFS
Drive d: (DATOS) (Fixed) (Total:390.62 GB) (Free:18.43 GB) NTFS
Drive g: (INTER) (Fixed) (Total:296.74 GB) (Free:24.38 GB) NTFS
Drive h: (VUZE) (Fixed) (Total:111.79 GB) (Free:33.5 GB) NTFS

\\?\Volume{1a27e344-809d-11e4-86eb-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AB4C2C4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=296.7 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 39DB6B62)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Daniela · 1 Diciembre, 2019 16:51

Hola

MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe( en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Task: {BDF7227A-410C-4E2B-AE22-BF18C1F91FD2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-02] <==== ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
U3 ab0yyrk2; C:\Windows\System32\Drivers\ab0yyrk2.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-11-22 15:30 - 2019-03-18 20:00 - 000000000 ____D C:\ProgramData\JuQbbYqa
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
C:\Users\Olga\AppData\Local\Temp\0688e83\test.au3

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

ogarciax · 2 Diciembre, 2019 11:30

hola Daniela,

Una duda cuando indicas iniciar windows a prueba de fallos me remites a un método para windows 8. En mi caso tengo windows 7 ¿aplica también ese mismo procedimiento?

Gracias,

Olga

Daniela · 2 Diciembre, 2019 11:50

Hola Olga

No me di cuenta, entra en modo seguro apretando F8 en cuanto enciendas el PC.

Un saludo

ogarciax · 2 Diciembre, 2019 12:50

Hola Daniela,

Ok no problem Ya he hecho todos los pasos y parece que todo está ok o al menos no me ha salido la ventanita.

Te pego aquí el resultado del fixlog.txt


Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by OLGA (02-12-2019 13:08:43) Run:1
Running from C:\Users\OLGA\Desktop
Loaded Profiles: OLGA (Available Profiles: OLGA)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Task: {BDF7227A-410C-4E2B-AE22-BF18C1F91FD2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-02] <==== ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
U3 ab0yyrk2; C:\Windows\System32\Drivers\ab0yyrk2.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-11-22 15:30 - 2019-03-18 20:00 - 000000000 ____D C:\ProgramData\JuQbbYqa
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
C:\Users\Olga\AppData\Local\Temp\0688e83\test.au3

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BDF7227A-410C-4E2B-AE22-BF18C1F91FD2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF7227A-410C-4E2B-AE22-BF18C1F91FD2}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js => moved successfully
C:\Program Files\mozilla firefox\bd_config.cfg => moved successfully
CHR Extension: (Chrome Media Router) - C:\Users\OLGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-19] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl => removed successfully
ab0yyrk2 => service not found.
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\ProgramData\JuQbbYqa => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\Olga\AppData\Local\Temp\0688e83\test.au3" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1295527249-1867317712-3775616854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11585188 B
Java, Flash, Steam htmlcache => 1141 B
Windows/system/drivers => 140 B
Edge => 0 B
Chrome => 163725530 B
Firefox => 20286567 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 33058 B
ProgramData => 33058 B
systemprofile => 66244 B
systemprofile32 => 132332 B
LocalService => 165390 B
NetworkService => 165390 B
OLGA => 3203509 B

RecycleBin => 0 B
EmptyTemp: => 198.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:08:56 ====

Muchas gracias,

Olga

Daniela · 2 Diciembre, 2019 16:31

Hola Olga

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte

Nos alegramos que se te haya resuelto Damos el tema por solucionado.

Solucionado

Un saludo