Ayuda para eliminar "Autolt v3 Script (Beta)"

Saludos, esta es mi primera publicación en este foro. Desde hace unos días, noté como mi pc iba un poco lenta a como funcionaba habitualmente, así que hoy decidí hacer un análisis con mi antivirus y me tope con el malware llamado “Autolt v3 Script Beta” (Así es como sale en mi antivirus) que se iniciaba al prender el pc. Suspendí el malware gracias a mi antivirus, pero no estoy seguro de que tan eficiente sea y quisiera eliminarlo totalmente de mi pc. Según mi antivirus el malware se encuentra ubicado en ProgramData>>Intel>>Wireless>>65033f6 (leí que es normal que se generen esa clase de nombres con este virus). Dentro de esa carpeta se encuentra una carpeta bastante similar al nombre de la carpeta anterior, un archivo AU3, el .exe y un archivo BIN. He intentado, desde que descubrí este malware, sacarlo como sea, Malware Bytes, CCleaner, nada me resultó para eliminarlo. Mi sistema operativo es Windows 7

Me vendría bien cualquier tipo de ayuda que me pudieran dar, y estoy agradecido de antemano.

Hola @MoldMight bienvenido al Forospyware

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura (32 o 64bits) de tu equipo. :arrow_right: Como saber si Mi Windows es de 32 o 64 Bits ?.

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 12-01-2020
Ejecutado por Usuario (administrador) sobre USUARIO-PC (Gigabyte Technology Co., Ltd. AM1M-S2H) (13-01-2020 11:16:08)
Ejecutado desde C:\Users\Usuario\Desktop
Perfiles cargados: Usuario (Perfiles disponibles: Usuario)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Español (España, internacional)
Internet Explorer Versión 9 (Navegador predeterminado: Opera)
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) [Archivo no firmado] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AppEx Networks Corporation -> AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Discord Inc. -> Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.305\Discord.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Guangzhou Ugee Computer Technology Co.,Ltd -> Guangzhou Ugee Computer Technology Co.,Ltd.) C:\Windows\System32\drivers\WTSrv.exe
(Guangzhou Ugee Computer Technology Co.,Ltd -> Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
(Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJB.EXE

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-08-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [Archivo no firmado]
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316336 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [94344 2016-09-06] (Guangzhou Ugee Computer Technology Co.,Ltd -> Tablet Driver)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation -> AppEx Networks Corporation)
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD) [Archivo no firmado]
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Run: [Discord] => C:\Users\Usuario\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJB.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG TuneUp.lnk [2019-09-16]
ShortcutTarget: AVG TuneUp.lnk -> C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {22670D58-C468-48BF-8CA6-5051FC9C8E79} - System32\Tasks\{B2F4272D-7474-43FD-8D9E-53266CA77087} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Half life 2 ep1\H.a.l.f.L.i.f.e.2.E.p.1.CPTutorialesHD\Episode One.exe" -d "C:\Users\Usuario\Desktop\Half life 2 ep1\H.a.l.f.L.i.f.e.2.E.p.1.CPTutorialesHD"
Task: {2818CD32-B2CB-4160-BF57-2DA3835072EB} - System32\Tasks\Opera GX scheduled Autoupdate 1560464102 => C:\Users\Usuario\AppData\Local\Programs\Opera GX\launcher.exe [1474584 2019-12-11] (Opera Software AS -> Opera Software)
Task: {3684EE6A-44A3-48B8-84E1-42A84D2290AD} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {45243CDD-8B7E-4A52-924B-29AFC680D18B} - System32\Tasks\update-S-1-5-21-2464668294-1126862735-1976984134-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {523943DE-DDC5-410D-B7AE-E8F54D511129} - System32\Tasks\AVG TuneUp Update => C:\Program Files (x86)\AVG\AVG TuneUp\TUNEUpdate.exe [1706528 2019-09-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {60671BFD-EC63-4D68-A874-B4725CE2FD93} - System32\Tasks\{B7F56EF1-1053-45EB-9ED4-68CBC8536DC1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RocketDock\unins000.exe"
Task: {609D23C3-C75D-4260-8D59-7134E37A10A7} - System32\Tasks\{AB1839DF-CB37-44B7-AEAE-EACD61E2FCF2} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\chromeinstall-8u191.exe -d C:\Users\Usuario\Desktop
Task: {68A6D421-B4C7-49F6-A89E-02F1041B6A70} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {76B90CC4-B0CB-4E20-A0E8-7374A834D582} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe
Task: {8A419A14-8EB0-4929-B4E4-93973D30FBD6} - System32\Tasks\Driver Booster SkipUAC (Usuario) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {94CAC4C0-367E-43F8-A6FE-AE97C3E0D38B} - System32\Tasks\{9BC6FA39-7598-4B52-B367-73B663246E1C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Half-Life 2 Episode One\Episode One.exe" -d "C:\Program Files (x86)\Half-Life 2 Episode One"
Task: {ACE74F85-F9E5-447C-AFE5-21BC249B0F70} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {DB0F2806-7911-4CEC-8F2E-08882CAB06A1} - System32\Tasks\{22997FAA-2C70-4AFF-AE80-349DD7BF0104} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\TX133_135_x86_6.80APS_C1_GM.exe -d C:\Users\Usuario\Desktop
Task: {E60D9953-5E28-46D7-B2B2-9A797935440C} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [34284216 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EF8B30AC-1313-4DC1-A5F1-E93392FB4C88} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3981232 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\Windows\Tasks\update-S-1-5-21-2464668294-1126862735-1976984134-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 200.42.4.198 200.49.130.40
Tcpip\..\Interfaces\{6D72E26D-EBD4-4EBF-9014-747470ABC5A6}: [DhcpNameServer] 200.42.4.198 200.49.130.40
Tcpip\..\Interfaces\{CEA32CCE-A02B-43A8-B4DE-4DA3CA69B2FF}: [DhcpNameServer] 200.42.4.199 200.49.130.40

Internet Explorer:
==================
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10454__190211
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2464668294-1126862735-1976984134-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2464668294-1126862735-1976984134-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10454__190211&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-12-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-12-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Sin Nombre -> {53707962-6F74-2D53-2644-206D7942484F} -> Ningún archivo
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation -> Microsoft Corporation.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com.ar/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/?gws_rd=ssl"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2019-11-17]
CHR DownloadDir: C:\Users\Usuario\Desktop
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-07]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-07]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-07]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-07]
CHR Extension: (Chromoji - Emojis for Google Chrome) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\negakbijaemdgbhklopmghphgaeadmpo [2019-02-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-07]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2019-08-11]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [498056 2019-08-24] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [Archivo no firmado]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [996928 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [417592 2019-10-07] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6307248 2019-12-19] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 CleanupPSvc; C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe [10301176 2019-07-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8064104 2018-08-12] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2019-07-11] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2019-07-11] (Even Balance, Inc. -> )
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [138888 2016-09-06] (Guangzhou Ugee Computer Technology Co.,Ltd -> Guangzhou Ugee Computer Technology Co.,Ltd.)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [117744 2019-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [55242120 2019-08-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [584584 2019-08-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [237552 2019-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [85704 2019-08-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [43720 2019-08-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation -> AppEx Networks Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [105376 2019-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205600 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [275232 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [210328 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [65376 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [43512 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [171784 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2019-10-07] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\System32\drivers\avgNetSec.sys [553104 2019-10-07] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111096 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84560 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [848688 2019-09-30] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [461216 2019-09-30] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [236288 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [317304 2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2019-08-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2019-01-27] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-08-24] (Martin Malik - REALiX -> REALiX(tm))
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [32128 2012-12-22] (UC-Logic Technology Corporation -> PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corporation -> UC-Logic Technology Corp.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947096 2019-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [35536 2013-11-11] (UC-Logic Technology Corporation -> Tablet Driver)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [29392 2013-11-11] (UC-Logic Technology Corporation -> Tablet Driver)
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-01-13 11:14 - 2020-01-13 11:18 - 000024424 _____ C:\Users\Usuario\Desktop\FRST.txt
2020-01-13 11:12 - 2020-01-13 11:12 - 002573312 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2020-01-13 11:09 - 2020-01-13 11:09 - 000000000 _____ C:\Windows\system32\last.dump
2020-01-13 02:32 - 2020-01-13 10:59 - 000136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2020-01-13 02:32 - 2020-01-13 02:32 - 000001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2020-01-13 02:32 - 2020-01-13 02:32 - 000001106 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2020-01-13 02:32 - 2020-01-13 02:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2020-01-13 02:32 - 2020-01-13 02:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2020-01-13 02:32 - 2015-04-14 09:37 - 000107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2020-01-13 02:32 - 2015-04-14 09:37 - 000063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2020-01-13 02:32 - 2015-04-14 09:37 - 000025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2020-01-13 02:06 - 2020-01-13 02:06 - 000000000 ____D C:\AdwCleaner
2020-01-13 01:39 - 2020-01-13 11:17 - 000000000 ____D C:\FRST
2020-01-13 01:09 - 2020-01-13 01:09 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2020-01-13 01:08 - 2020-01-13 01:08 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-01-13 01:06 - 2020-01-13 01:06 - 000000000 ____D C:\ProgramData\MB2Migration
2020-01-13 00:41 - 2020-01-13 01:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-12 22:10 - 2020-01-12 22:10 - 000000000 ____D C:\Users\Usuario\Desktop\Skyrim
2020-01-11 11:58 - 2020-01-11 11:59 - 199439564 _____ C:\Users\Usuario\Desktop\3220_13_d3Du.mp4
2020-01-11 10:43 - 2020-01-11 10:43 - 000466184 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-08 18:00 - 2020-01-08 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2020-01-04 19:16 - 2020-01-04 19:16 - 000000000 ____D C:\ProgramData\Intel
2019-12-27 16:23 - 2019-12-27 16:23 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Sun
2019-12-27 16:22 - 2019-12-27 16:21 - 000129080 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-12-27 16:20 - 2019-12-27 16:20 - 000000000 ____D C:\Program Files\Java
2019-12-25 21:49 - 2019-12-25 21:49 - 000001193 _____ C:\Users\Usuario\Desktop\Terraria.lnk
2019-12-25 21:44 - 2019-12-25 21:51 - 000000000 ____D C:\Terraria v1.3.5.3-PiviGames.blog
2019-12-20 19:14 - 2019-12-20 19:14 - 000001189 _____ C:\Users\Public\Desktop\Outlast.lnk
2019-12-20 19:14 - 2019-12-20 19:14 - 000001189 _____ C:\ProgramData\Desktop\Outlast.lnk
2019-12-20 19:14 - 2019-12-20 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Barrels
2019-12-20 18:42 - 2019-12-20 18:42 - 000000000 ____D C:\Program Files (x86)\Red Barrels
2019-12-15 22:23 - 2019-12-15 22:23 - 000002462 _____ C:\Users\Usuario\Desktop\Photoshop.lnk

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-01-13 11:10 - 2009-07-14 01:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-13 11:10 - 2009-07-14 01:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-13 11:04 - 2011-04-12 06:10 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2020-01-13 11:04 - 2011-04-12 06:10 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2020-01-13 11:04 - 2009-07-14 02:13 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-13 11:04 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2020-01-13 10:58 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-13 02:58 - 2019-01-08 12:54 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-01-13 02:58 - 2019-01-07 18:19 - 000000000 ____D C:\ProgramData\AVG
2020-01-13 02:57 - 2019-01-08 19:52 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\discord
2020-01-13 02:24 - 2019-01-08 20:13 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-2464668294-1126862735-1976984134-1000.job
2020-01-13 00:14 - 2019-09-16 22:31 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-01-13 00:14 - 2019-09-16 20:06 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2020-01-13 00:14 - 2019-08-25 11:03 - 000003550 _____ C:\Windows\system32\Tasks\AMDInstallUEP
2020-01-13 00:14 - 2019-08-24 14:04 - 000004226 _____ C:\Windows\system32\Tasks\AMD Updater
2020-01-13 00:14 - 2019-08-24 13:22 - 000002838 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (Usuario)
2020-01-13 00:14 - 2019-08-11 19:15 - 000002930 _____ C:\Windows\system32\Tasks\CMPCUAC
2020-01-13 00:14 - 2019-06-13 19:15 - 000004100 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1560464102
2020-01-13 00:14 - 2019-04-01 19:17 - 000003098 _____ C:\Windows\system32\Tasks\{B7F56EF1-1053-45EB-9ED4-68CBC8536DC1}
2020-01-13 00:14 - 2019-03-07 20:06 - 000003366 _____ C:\Windows\system32\Tasks\{B2F4272D-7474-43FD-8D9E-53266CA77087}
2020-01-13 00:14 - 2019-03-07 19:47 - 000003234 _____ C:\Windows\system32\Tasks\{9BC6FA39-7598-4B52-B367-73B663246E1C}
2020-01-13 00:14 - 2019-02-15 00:58 - 000003170 _____ C:\Windows\system32\Tasks\{22997FAA-2C70-4AFF-AE80-349DD7BF0104}
2020-01-13 00:14 - 2019-01-08 20:38 - 000003154 _____ C:\Windows\system32\Tasks\{AB1839DF-CB37-44B7-AEAE-EACD61E2FCF2}
2020-01-13 00:14 - 2019-01-08 20:13 - 000003382 _____ C:\Windows\system32\Tasks\update-S-1-5-21-2464668294-1126862735-1976984134-1000
2020-01-13 00:07 - 2019-12-01 00:08 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\.minecraft
2020-01-12 23:25 - 2019-12-01 00:09 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\.tlauncher
2020-01-12 22:11 - 2019-07-15 17:52 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Psiphon3
2020-01-12 21:48 - 2019-01-09 00:22 - 000000000 ____D C:\Users\Usuario\Desktop\Varios
2020-01-12 16:33 - 2019-01-08 21:26 - 000000000 ____D C:\Users\Usuario\BrawlhallaReplays
2020-01-12 16:33 - 2019-01-08 20:45 - 000000000 ____D C:\Program Files (x86)\Steam
2020-01-10 22:40 - 2019-10-13 13:12 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2020-01-08 18:00 - 2019-01-08 20:13 - 000000424 _____ C:\Users\Usuario\AppData\Local\UserProducts.xml
2020-01-08 18:00 - 2019-01-08 20:13 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2020-01-06 20:51 - 2019-10-27 12:58 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2020-01-06 11:56 - 2019-07-13 22:17 - 000000000 ____D C:\Users\Usuario\AppData\Local\BitTorrentHelper
2019-12-31 17:03 - 2019-06-09 10:20 - 000000132 _____ C:\Users\Usuario\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2019-12-27 20:20 - 2019-01-07 19:01 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2019-12-27 16:22 - 2019-01-09 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-12-25 21:51 - 2019-03-10 22:39 - 000000000 ____D C:\Users\Usuario\Documents\My Games
2019-12-25 19:38 - 2019-01-08 20:04 - 000000000 ___RD C:\Users\Usuario\Desktop\WallPapers
2019-12-24 22:43 - 2019-01-27 11:39 - 000003328 _____ C:\Windows\system32\Tasks\SidebarExecute
2019-12-20 22:36 - 2019-01-08 21:02 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-12-19 13:40 - 2009-07-14 02:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-12-17 19:06 - 2019-07-30 13:34 - 000000000 ____D C:\Users\Usuario\AppData\Local\GameAnalytics
2019-12-15 18:56 - 2019-01-07 18:19 - 000125544 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Archivos en la raíz de algunos directorios ========

2019-06-09 10:20 - 2019-12-31 17:03 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2019-08-03 18:43 - 2019-08-03 18:43 - 000000000 ___SH () C:\Users\Usuario\AppData\Local\LumaEmu
2019-01-08 20:13 - 2019-01-08 20:13 - 000000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
2019-01-08 20:13 - 2020-01-08 18:00 - 000000424 _____ () C:\Users\Usuario\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2019-01-28 16:34
==================== Final de FRST.txt ========================
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 12-01-2020
Ejecutado por Usuario (13-01-2020 11:19:31)
Ejecutado desde C:\Users\Usuario\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-01-07 21:04:53)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-2464668294-1126862735-1976984134-500 - Administrator - Disabled)
Invitado (S-1-5-21-2464668294-1126862735-1976984134-501 - Limited - Disabled)
Usuario (S-1-5-21-2464668294-1126862735-1976984134-1000 - Administrator - Enabled) => C:\Users\Usuario

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\uTorrent) (Version: 3.5.5.45505 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{A5B6B786-2D6F-4B75-940F-42B32D01D146}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{042190ED-F17C-4A8D-95D8-87A37B4095BD}) (Version:  - ) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}) (Version:  - ) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version:  - Microsoft) Hidden
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.8.1 - Advanced Micro Devices, Inc.)
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 19.8.3108 - AVG Technologies)
AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1209 - AVG Technologies)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Discord (HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
EPSON TX133 TX135 Series Printer Uninstall (HKLM\...\EPSON TX133 TX135 Series) (Version:  - SEIKO EPSON Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
HydraVision (HKLM-x32\...\{6A888ADA-BD9F-9B95-B692-21B2E53A0F29}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.1.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.5 - KLCP)
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Malwarebytes Anti-Malware versión 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{BE282C23-5484-47FF-B2C1-EBEA5C813322}) (Version: 8.3.33 - Nero AG)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera GX Stable 64.0.3417.150 (HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\Opera GX 64.0.3417.150) (Version: 64.0.3417.150 - Opera Software)
Outlast (HKLM-x32\...\Outlast_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype™ 7.32 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tablet Driver V8.0 (HKLM-x32\...\TabletDriver) (Version:  - )
TP-Link TL-WN725N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 2.1.0 - TP-Link)
Update for Outlook 2007 Junk Email Filter (kb947945) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E397056B-7AE5-4FF1-8B13-276BF8201847}) (Version:  - Microsoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2212224 2007-08-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ningún archivo
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> Ningún archivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ningún archivo
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-09-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [Archivo no firmado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2018-09-25] (Beepa P/L) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [Archivo no firmado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-25] (Beepa P/L) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Módulos cargados (Lista blanca) =============

2019-09-16 20:19 - 2016-09-12 15:53 - 048936448 _____ () [Archivo no firmado] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 000127488 _____ () [Archivo no firmado] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2019-06-08 16:36 - 2018-04-16 11:00 - 000293888 _____ (Guangzhou Ugee Computer Technology Co.,Ltd.) [Archivo no firmado] C:\Windows\system32\WinTab32.DLL
2019-06-08 16:36 - 2018-04-16 10:59 - 000246272 _____ (Guangzhou Ugee Computer Technology Co.,Ltd.) [Archivo no firmado] C:\Windows\SysWOW64\WinTab32.DLL
2019-01-07 18:32 - 2019-01-07 18:32 - 000096256 _____ (Microsoft Corporation) [Archivo no firmado] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.42.4.198 - 200.49.130.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe Ningún archivo
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe Ningún archivo
FirewallRules: [{52B0DE01-B7CE-4273-AC6E-CADB9381197F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2DDA12B-3CB8-4762-80BB-989A2E3A8165}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{979A947E-5B28-42CA-9D21-F9DF00196242}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{957244FF-D9B7-49B0-9D5D-C6624AB30DAC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{24465459-C41B-4E0D-A315-A3ECFB2EA605}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{14E32EA1-550D-4E4C-9D83-25352A5F8C59}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{26CB4C00-DDB0-4BD8-99B9-D17BDD1F0DDA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{ADD70080-8EB7-41BF-A0E8-77FF25EAC453}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{18750823-F6F4-47CE-A08B-7CD2B3235787}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{48402501-0D85-459C-BA75-81BCBB749BAA}] => (Allow) C:\ProgramData\VALOFEEU\NGM\NGM.exe Ningún archivo
FirewallRules: [{EA39B637-C926-47EA-9238-6F601F68356C}] => (Allow) C:\ProgramData\VALOFEEU\NGM\NGM.exe Ningún archivo
FirewallRules: [{A3DE5D87-BAF1-4FC8-9351-09F2F1554229}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CBA09C4F-E35F-44C2-B082-9909ABCDAE4D}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5EE0EB45-EBF0-4AA5-9BA9-1B42DAB88202}] => (Allow) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.146\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CE450BB5-852D-4E41-9F33-34572DF98928}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [Archivo no firmado]
FirewallRules: [{7A527ECB-1AA4-41F8-AF9D-0A97E1B7544B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [Archivo no firmado]
FirewallRules: [{2A673384-B65D-4E6C-B8C7-D030DBDC8A35}] => (Allow) C:\Users\Usuario\AppData\Local\Programs\Opera GX\64.0.3417.150\opera.exe (Opera Software AS -> Opera Software)

==================== Puntos de Restauración =========================


==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

No se pudo iniciar el servicio de registro de eventos, no se pudieron leer los eventos.

El servicio de Registro de eventos de Windows est� inici�ndose.
El servicio de Registro de eventos de Windows no ha podido iniciarse.

Error de sistema.

El sistema no puede encontrar el texto del mensaje para el mensaje n�mero 0x1069 en el archivo de mensajes para (null).

Puede obtener m�s ayuda con el comando NET HELPMSG 4201.


==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. F2 06/20/2014
Placa base: Gigabyte Technology Co., Ltd. AM1M-S2H
Procesador: AMD Sempron(tm) 2650 APU with Radeon(tm) R3 
Porcentaje de memoria en uso: 93%
RAM física total: 1476.6 MB
RAM física disponible: 97.57 MB
Virtual total: 5085.07 MB
Virtual disponible: 489.01 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:68.41 GB) NTFS

\\?\Volume{617ac4c3-12bf-11e9-88bd-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 461DE23E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación :warning: con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {8A419A14-8EB0-4929-B4E4-93973D30FBD6} - System32\Tasks\Driver Booster SkipUAC (Usuario) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
BHO-x32: Sin Nombre -> {53707962-6F74-2D53-2644-206D7942484F} -> Ningún archivo
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
2020-01-13 00:14 - 2019-04-01 19:17 - 000003098 _____ C:\Windows\system32\Tasks\{B7F56EF1-1053-45EB-9ED4-68CBC8536DC1}
2020-01-13 00:14 - 2019-03-07 20:06 - 000003366 _____ C:\Windows\system32\Tasks\{B2F4272D-7474-43FD-8D9E-53266CA77087}
2020-01-13 00:14 - 2019-03-07 19:47 - 000003234 _____ C:\Windows\system32\Tasks\{9BC6FA39-7598-4B52-B367-73B663246E1C}
2020-01-13 00:14 - 2019-02-15 00:58 - 000003170 _____ C:\Windows\system32\Tasks\{22997FAA-2C70-4AFF-AE80-349DD7BF0104}
2020-01-13 00:14 - 2019-01-08 20:38 - 000003154 _____ C:\Windows\system32\Tasks\{AB1839DF-CB37-44B7-AEAE-EACD61E2FCF2}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ningún archivo
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> Ningún archivo
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe Ningún archivo
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe Ningún archivo
C:\ProgramData\Intel\Wireless\65033f6
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


Y ahora inicia en Modo Seguro para realizar el siguiente paso

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Saludos, He hecho lo que me pediste, y he notado varios cambios. La carpeta en donde estaba alojado el virus anteriormente ya no está. Con respecto al rendimiento, han habido varias mejoras comparándolo a como funcionaba antes del reinicio. ¡Muchas gracias por la ayuda! A continuación dejo el log:

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 12-01-2020
Ejecutado por Usuario (13-01-2020 20:35:16) Run:1
Ejecutado desde C:\Users\Usuario\Desktop
Perfiles cargados: Usuario (Perfiles disponibles: Usuario)
Modo de Inicio: Safe Mode (minimal)
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricci�n <==== ATENCI�N
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricci�n <==== ATENCI�N
Task: {8A419A14-8EB0-4929-B4E4-93973D30FBD6} - System32\Tasks\Driver Booster SkipUAC (Usuario) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
BHO-x32: Sin Nombre -> {53707962-6F74-2D53-2644-206D7942484F} -> Ning�n archivo
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
2020-01-13 00:14 - 2019-04-01 19:17 - 000003098 _____ C:\Windows\system32\Tasks\{B7F56EF1-1053-45EB-9ED4-68CBC8536DC1}
2020-01-13 00:14 - 2019-03-07 20:06 - 000003366 _____ C:\Windows\system32\Tasks\{B2F4272D-7474-43FD-8D9E-53266CA77087}
2020-01-13 00:14 - 2019-03-07 19:47 - 000003234 _____ C:\Windows\system32\Tasks\{9BC6FA39-7598-4B52-B367-73B663246E1C}
2020-01-13 00:14 - 2019-02-15 00:58 - 000003170 _____ C:\Windows\system32\Tasks\{22997FAA-2C70-4AFF-AE80-349DD7BF0104}
2020-01-13 00:14 - 2019-01-08 20:38 - 000003154 _____ C:\Windows\system32\Tasks\{AB1839DF-CB37-44B7-AEAE-EACD61E2FCF2}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ning�n archivo
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> Ning�n archivo
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe Ning�n archivo
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe Ning�n archivo
C:\ProgramData\Intel\Wireless\65033f6
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => no encontrado
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A419A14-8EB0-4929-B4E4-93973D30FBD6}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A419A14-8EB0-4929-B4E4-93973D30FBD6}" => eliminado correctamente
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Usuario) => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Usuario)" => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} => eliminado correctamente
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11] => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => eliminado correctamente
HKLM\System\CurrentControlSet\Services\Tablet2k => eliminado correctamente
Tablet2k => servicio eliminado correctamente
C:\Windows\system32\Tasks\{B7F56EF1-1053-45EB-9ED4-68CBC8536DC1} => movido correctamente
C:\Windows\system32\Tasks\{B2F4272D-7474-43FD-8D9E-53266CA77087} => movido correctamente
C:\Windows\system32\Tasks\{9BC6FA39-7598-4B52-B367-73B663246E1C} => movido correctamente
C:\Windows\system32\Tasks\{22997FAA-2C70-4AFF-AE80-349DD7BF0104} => movido correctamente
C:\Windows\system32\Tasks\{AB1839DF-CB37-44B7-AEAE-EACD61E2FCF2} => movido correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => eliminado correctamente
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Cover Designer => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP-NoScope" => eliminado correctamente
C:\ProgramData\Intel\Wireless\65033f6 => movido correctamente
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-2464668294-1126862735-1976984134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= Final de CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= Final de CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final de CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11736951 B
Java, Flash, Steam htmlcache => 86515042 B
Windows/system/drivers => 49826 B
Edge => 0 B
Chrome => 151796 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558278 B
systemprofile32 => 58850561 B
LocalService => 58850561 B
NetworkService => 58850561 B
Usuario => 95050652 B

RecycleBin => 0 B
EmptyTemp: => 416.8 MB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 20:35:29 ====
1 me gusta

Hola @MoldMight

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :handshake:

Nos alegramos que se te haya resuelto :+1: Damos el tema por solucionado.

Solucionado

Un saludo