Correo no deseado

Hola, quería saber que es lo que puedo hacer para dejar de recibir spam en mi correo electrónico. Estos son algunos de los remitentes: [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Podría ser que tenga algún virus o malware en mi PC ?

Hola @AKATSUKI

Para asegurarnos el estado de tu equipo realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

• Malwarebytes Anti-Malware
• AdwCleaner
• ZHPCleaner
• CCleaner

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

• Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

• NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

• Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
• Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
• Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
• El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

• Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

• No olvides actualizarlo.
• Lee detenidamente su Manual
• Realiza un Análisis Personalizado marcando todas las unidades
• Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
• Reinicias el Sistema.
• En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

Hola SanMar

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-27.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-31-2019
# Duration: 00:00:01
# OS:       Windows 7 Ultimate
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\mipony
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted       C:\Users\Nieto Esteban\AppData\Local\slimware utilities inc
Deleted       C:\Users\Nieto Esteban\AppData\Roaming\mipony
Deleted       C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

Deleted       Avira SafeSearch Plus

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1804 octets] - [31/08/2019 19:57:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

~ ZHPCleaner v2019.8.31.129 by Nicolas Coolman (2019/08/31)
~ Run by Nieto Esteban (Administrator)  (31/08/2019 20:05:47)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Nieto Esteban\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Nieto Esteban\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (6)
MOVIDO carpeta: C:\Users\Nieto Esteban\Desktop\µTorrent.lnk  [Bad : C:\Users\Nieto Esteban\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Nieto Esteban\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Nieto Esteban\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
MOVIDO carpeta: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVIDO archivo: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVIDO archivo: C:\Windows\AutoKMS  =>HackTool.AutoKMS


---\\  Registro ( Claves, Valores, Datos) (4)
BORRADOS dados: [X64] HKLM\SOFTWARE\Classes\CCleanerHTML\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" -- "%1"]  =>Broken.OpenCommand
BORRADOS clave*: HKCU\Software\undefined [AdditionalScan 143]  =>.SUP.Downloader
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Piriform Software]  =>Heuristic.Suspect


---\\  Resumen de elementos en su estación de trabajo (5)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Broken.OpenCommand
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader
https://nicolascoolman.eu/wp-content/uploads/2019/01/Informations-Sécurité-Zone-antimalware.jpg  =>Heuristic.Suspect


---\\ Limpieza adicional. (4)
~ Clave de registro Tracing borrados (4)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 1021
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of clean in 00h00mn08s

---\\  Reporte (2)
ZHPCleaner-[S]-31082019-20_05_20.txt
ZHPCleaner-[R]-31082019-20_05_55.txt

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 31/8/19
Hora del análisis: 20:10
Archivo de registro: 96b2ea98-cc44-11e9-8c82-408d5c227793.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12271
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: NietoEsteban-PC\Nieto Esteban

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 476704
Amenazas detectadas: 5
Amenazas en cuarentena: 5
Tiempo transcurrido: 2 hr, 26 min, 57 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 5
Generic.Malware/Suspicious, C:\USERS\NIETO ESTEBAN\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\AUTOKMS.EXE, En cuarentena, [0], [392686],1.0.12271
CrackTool.Agent.Steam, F:\GAMES\PES 2016\GAME\ZLAUNCHER\OFFLINE\STEAM_API.DLL, En cuarentena, [8184], [82286],1.0.12271
Generic.Malware/Suspicious, F:\GAMES\WARCFRACT III\WARCRAFT III\KEYGEN.EXE, En cuarentena, [0], [392686],1.0.12271
Generic.Malware/Suspicious, F:\GAMES\WARCFRACT III\KEYGEN.EXE, En cuarentena, [0], [392686],1.0.12271
PUP.Optional.SlimCleanerPlus, E:\USERS\PUBLIC\DOCUMENTS\DOWNLOADED INSTALLERS\{746AB259-6474-4111-8966-1C62F9A6E063}\SETUP.MSI, En cuarentena, [1537], [472306],1.0.12271

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @AKATSUKI

Se han eliminado algunas infecciones.

Para asegurarnos realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

• Ejecuta FRST.exe.
• En el mensaje de la ventana del Disclaimer, pulsamos Yes
• En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
• Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by Nieto Esteban (01-09-2019 14:02:28)
Running from C:\Users\Nieto Esteban\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2019-04-18 15:54:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4188308635-3697283264-2873950374-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-4188308635-3697283264-2873950374-1002 - Limited - Enabled)
Invitado (S-1-5-21-4188308635-3697283264-2873950374-501 - Limited - Disabled)
Nieto Esteban (S-1-5-21-4188308635-3697283264-2873950374-1001 - Administrator - Enabled) => C:\Users\Nieto Esteban

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Actualización de NVIDIA 38.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
ARGENMU Online versión 2.0 (HKLM-x32\...\{C443C813-4E2D-4A10-A09D-B0337F9567B7}_is1) (Version: 2.0 - ArgenGamers)
Avira (HKLM-x32\...\{21a0516b-5dd7-4dee-9d36-85ebdc37aa45}) (Version: 1.2.135.51949 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{42F08141-3F60-46FF-A5B4-08C4783DACFE}) (Version: 1.2.135.51949 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.1908.1548 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 76.0.130.103 - Piriform Software)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
Discord (HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Injected Anti-cheat (HKLM-x32\...\Injected Anti-cheat) (Version: 17.2.0.0 - Alejandro Cortés)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4889 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.8.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.8.8 - KLCP)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA Controlador de audio HD 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 436.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.15 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.0.105 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.105 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Panel de control de NVIDIA 436.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 436.15 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.99.311.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8040 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{5f313643-63c9-4660-8dae-eb4a80196cb4}) (Version: 10.1.2.19 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2008-06-20] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2008-09-16] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2008-06-20] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2008-09-16] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-08-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2008-06-20] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2008-09-16] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2019-04-18 13:09 - 2008-06-20 00:41 - 000062464 _____ () [File not signed] C:\Program Files (x86)\WinRar\rarext64.dll
2019-04-18 16:05 - 2014-02-21 02:56 - 000074240 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2019-04-18 16:14 - 2019-04-18 16:14 - 000880128 _____ (ServiceStack) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\e02eed4daa6b842044cf3b73960d365c\ServiceStack.Text.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nieto Esteban\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.42.4.204 - 200.49.130.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\Winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D5629B09-FF43-4920-8FA7-FF7DC157A51A}] => (Allow) C:\Users\Nieto Esteban\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3F816075-610B-4D9A-A056-A9EF876473ED}] => (Allow) C:\Users\Nieto Esteban\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{35DB53A6-D6DC-4240-8218-5CE4E83C5AC5}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [UDP Query User{E5187ADA-EBB8-49B1-AA5D-07947FED2C76}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [{F11F31E9-73F0-4372-8651-5798EA01A60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{38F8CD39-D281-46D0-B6AF-7300AFDB67AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E4A72586-E0E2-4384-A575-0916BC4D56D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3FD95CDF-79D2-4DB4-BD3A-0BE726FB2D5C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{361EE0CF-2699-406C-AD4A-8A4C18ECB267}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{83D5BE46-423C-47E7-ADB6-1A8199A3A44D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{BC2EDDF3-920B-428C-B3BB-109B518B8E23}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [UDP Query User{66206A96-867D-42FF-978A-68BB4470FCBB}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [TCP Query User{D605FC0D-2172-4FEF-A9D0-C046CE2A041D}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{8BAC72D6-2B36-4AFA-9150-8FA7113CD39B}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [{80D6F45D-FF05-4FF1-BCB3-83ADAF765787}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{429970B1-757E-42AC-89D5-A38B5D183F15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{A36A796C-4AF6-4A0C-A49F-E75CCB9A9BA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{934C3D26-9E9F-4201-91CF-B0A38FB60D68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6CBB6FFA-73E9-45B1-AD1F-5772D38F3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe (WARNER BROS. ENTERTAINMENT INC. -> )
FirewallRules: [{06D37E48-F4F2-460E-8F90-857FA73EB969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe (WARNER BROS. ENTERTAINMENT INC. -> )
FirewallRules: [{14C1A67F-637B-43C4-B687-664D36002C9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe (WARNER BROS. ENTERTAINMENT INC. -> )
FirewallRules: [{CD21C4D9-F7C9-4699-BD94-0EE5A29E0501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe (WARNER BROS. ENTERTAINMENT INC. -> )
FirewallRules: [{0F3E52C4-CAC4-44C5-A9BF-8110E788EA01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PRO EVOLUTION SOCCER 2019\PES2019.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [{43DCF238-55D8-49AE-8E69-2F1670085108}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PRO EVOLUTION SOCCER 2019\PES2019.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{4BCA1DCD-2FC1-4A61-BA4A-022E22978AF7}F:\games\java\bin\javaw.exe] => (Allow) F:\games\java\bin\javaw.exe
FirewallRules: [UDP Query User{1F009E44-A94D-4BD5-A229-108A53F14075}F:\games\java\bin\javaw.exe] => (Allow) F:\games\java\bin\javaw.exe
FirewallRules: [{1C140509-49D8-46FE-B012-2BB82071DAA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E1C5F12-33BD-4541-8D79-D3C1E3822DD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BA965676-AC81-4EDC-98B6-548EA63FBA21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BB2E6908-CE02-4A43-8675-DA41906E87E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9AB2EC99-DE2A-41D3-AE2D-ADB80652FA13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{46492957-A866-45DD-9614-A3663ADE7795}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

==================== Restore Points =========================

10-08-2019 19:38:43 Punto de control programado
19-08-2019 14:18:09 Punto de control programado
26-08-2019 21:52:18 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2019 01:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (08/31/2019 10:42:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (08/31/2019 08:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1838, marca de tiempo: 0x5d13b12f
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Id. del proceso con errores: 0xc28
Hora de inicio de la aplicación con errores: 0x01d560514faf4900
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 96274ca0-cc44-11e9-bb5a-408d5c227793

Error: (08/31/2019 07:58:38 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2019 07:58:38 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2019 07:58:38 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2019 07:58:38 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/31/2019 07:58:38 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/01/2019 01:54:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (08/31/2019 10:43:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (08/31/2019 07:58:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (08/31/2019 07:58:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (08/31/2019 07:58:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (08/31/2019 07:57:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (08/31/2019 07:57:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (08/31/2019 07:57:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.


Windows Defender:
===================================
Date: 2019-04-18 15:13:50.492
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15800.1
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NietoEsteban-PC\Nieto Esteban
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F1 01/19/2015
Motherboard: Gigabyte Technology Co., Ltd. B85M-DS3H-A
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 15525.31 MB
Available physical RAM: 11237.86 MB
Total Virtual: 31048.77 MB
Available Virtual: 26006.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:763.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:97.31 GB) (Free:38.12 GB) NTFS
Drive f: (AKATSUKI) (Fixed) (Total:833.85 GB) (Free:457.44 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 98E9B259)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C40A1815)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by Nieto Esteban (administrator) on NIETOESTEBAN-PC (Gigabyte Technology Co., Ltd. B85M-DS3H-A) (01-09-2019 14:01:50)
Running from C:\Users\Nieto Esteban\Desktop
Loaded Profiles: Nieto Esteban (Available Profiles: Nieto Esteban)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [99048 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Run: [] => [X]
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-29] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\76.0.130.103\Installer\chrmstp.exe [2019-08-31] (Piriform Software Ltd -> Piriform Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BEDB4D2-A486-44E7-AEA2-494B348D3938} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [1869720 2019-08-20] (Piriform Software Ltd -> Piriform Software)
Task: {15DCC164-AF96-4907-A595-8CCC3EDEBA42} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
Task: {1B9DA490-007A-4573-AA74-3C5918B4D772} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {27DDDD04-1B7C-4323-BD96-4FEA84F5A5C1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913904 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2AD9548A-3C08-48B0-837D-FE3371830058} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2B918A13-A60F-4943-AF4D-3532941150F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-18] (Google Inc -> Google LLC)
Task: {2EB8AB0D-9A23-45BF-956F-1A68C86A2C18} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302384 2019-08-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3206962C-DE61-49C3-A28F-F8B22C0740C3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913904 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3A12E863-D2F0-4D12-9417-9BBE3E4C5DD8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {631FF6DC-7E64-4150-A8E6-D8728F7E6FCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {681A4074-591C-44BF-BE0E-496FF1994ACE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {6E6C6688-3210-438E-841C-720E145C0216} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
Task: {72585E61-08A8-4D21-90EC-B9664E1E4952} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7673A19F-E720-4153-8139-AC12D3B40F3F} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [1869720 2019-08-20] (Piriform Software Ltd -> Piriform Software)
Task: {78CA07E9-6F74-46E9-8DAB-39225DAA075F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98EADE8A-DF48-44BC-8450-2FC6F78DF35E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {98FEB9EC-789F-42DE-9518-4EC68C554883} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-18] (Google Inc -> Google LLC)
Task: {9C4F433D-9231-422F-95B5-E593EA87FC02} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2019-03-22] () [File not signed]
Task: {C832E7A5-ACBB-435A-83F1-96461E6C3239} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654136 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D7C3948D-D7E0-422C-80A1-C9BDEF5FDAC2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DB143090-6788-4FB6-8F5C-0CD9BCED0067} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E825EA8A-75B6-4E90-97C9-5CF0C2B56B84} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2756136 2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.42.4.204 200.49.130.51
Tcpip\..\Interfaces\{00D0292A-FE54-452E-860E-2540A4D187C0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2304152F-300A-498B-BE64-9BE5E6E6E092}: [DhcpNameServer] 200.42.4.204 200.49.130.51

Internet Explorer:
==================
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Games\java\bin\ssv.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Games\java\bin\jp2ssv.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Nieto Esteban\AppData\Roaming\Mozilla\Firefox\Profiles\zE29o6Wx.default [2019-04-18]
FF Extension: (Avira Browser Safety) - C:\Users\Nieto Esteban\AppData\Roaming\Mozilla\Firefox\Profiles\zE29o6Wx.default\Extensions\[email protected] [2019-04-18] [hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Avira Password Manager) - C:\Users\Nieto Esteban\AppData\Roaming\Mozilla\Firefox\Profiles\zE29o6Wx.default\Extensions\[email protected] [2019-04-18]
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> F:\Games\java\bin\dtplugin\npDeployJava1.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> F:\Games\java\bin\plugin2\npjp2.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN -> VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR Profile: C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default [2019-09-01]
CHR Extension: (Presentaciones) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-18]
CHR Extension: (Documentos) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-18]
CHR Extension: (Google Drive) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-18]
CHR Extension: (YouTube) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-18]
CHR Extension: (Hojas de cálculo) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-18]
CHR Extension: (Avira Navegación segura) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-08-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-18]
CHR Extension: (AdBlock) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-29]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-18]
CHR Extension: (Gmail) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Nieto Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206520 2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [482288 2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [482288 2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [422056 2019-08-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [453408 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\76.0.130.103\elevation_service.exe [976568 2019-08-20] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [346152 2018-01-12] (Intel(R) pGFX -> Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [213912 2019-07-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [176808 2019-07-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [867328 2009-06-10] (Microsoft Windows -> Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NTLiveGuardN64; \??\C:\MuPlata\LiveGuard\NTLiveGuardN64.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-01 14:01 - 2019-09-01 14:02 - 000020609 _____ C:\Users\Nieto Esteban\Desktop\FRST.txt
2019-09-01 14:00 - 2019-09-01 14:01 - 000000000 ____D C:\FRST
2019-09-01 13:57 - 2019-09-01 13:57 - 001615360 _____ (Farbar) C:\Users\Nieto Esteban\Desktop\FRST64.exe
2019-08-31 19:49 - 2019-08-31 19:49 - 000003726 _____ C:\Windows\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2019-08-31 19:49 - 2019-08-31 19:49 - 000003582 _____ C:\Windows\System32\Tasks\CCleanerUpdateTaskMachineUA
2019-08-31 19:49 - 2019-08-31 19:49 - 000003454 _____ C:\Windows\System32\Tasks\CCleanerUpdateTaskMachineCore
2019-08-31 19:49 - 2019-08-31 19:49 - 000003144 _____ C:\Windows\System32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2019-08-31 19:49 - 2019-08-31 19:49 - 000002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2019-08-31 19:49 - 2019-08-31 19:49 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Local\CCleaner Browser
2019-08-31 19:49 - 2019-08-31 19:49 - 000000000 ____D C:\ProgramData\CCleaner Browser
2019-08-31 19:49 - 2019-08-31 19:49 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2019-08-29 19:21 - 2019-08-26 07:12 - 001012432 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-08-29 19:21 - 2019-08-26 07:12 - 001012432 _____ C:\Windows\system32\vulkan-1.dll
2019-08-29 19:21 - 2019-08-26 07:12 - 000876240 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-08-29 19:21 - 2019-08-26 07:12 - 000876240 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-08-29 19:21 - 2019-08-26 07:12 - 000447368 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-08-29 19:21 - 2019-08-26 07:12 - 000351168 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-08-29 19:21 - 2019-08-26 07:12 - 000301264 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-08-29 19:21 - 2019-08-26 07:12 - 000301264 _____ C:\Windows\system32\vulkaninfo.exe
2019-08-29 19:21 - 2019-08-26 07:12 - 000273104 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-08-29 19:21 - 2019-08-26 07:12 - 000273104 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-08-29 19:21 - 2019-08-26 07:11 - 135215496 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
2019-08-29 19:21 - 2019-08-26 07:11 - 026854272 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2019-08-29 19:21 - 2019-08-26 07:11 - 011562192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-08-29 19:21 - 2019-08-26 07:11 - 009936640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-08-29 19:21 - 2019-08-26 07:11 - 000424328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 039782792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 029712832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 029171920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 025076424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 021984512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2019-08-29 19:21 - 2019-08-26 07:10 - 002050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 001549760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 001491336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443615.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 001477000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 001247168 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 001140616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000959880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000633224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000545480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000523976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000473856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000428288 _____ C:\Windows\system32\nvofapi64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000379328 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000190160 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000171912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000167816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2019-08-29 19:21 - 2019-08-26 07:10 - 000149896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 040441728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 035331008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 017294080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 014917000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 004968840 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 004430032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 001726856 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443615.dll
2019-08-29 19:21 - 2019-08-26 07:09 - 000526272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2019-08-29 19:21 - 2019-08-26 04:08 - 034107056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2019-08-29 19:21 - 2019-08-26 04:08 - 021840256 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2019-08-29 19:21 - 2019-08-26 04:08 - 018192008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2019-08-29 19:21 - 2019-08-26 04:08 - 004295728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-08-29 19:21 - 2019-08-25 02:37 - 000228792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-08-29 19:21 - 2019-08-25 02:37 - 000047272 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-08-29 19:21 - 2019-08-25 02:37 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2019-08-29 19:21 - 2019-08-25 02:37 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2019-08-29 19:15 - 2019-08-29 19:18 - 552281040 _____ (NVIDIA Corporation) C:\Users\Nieto Esteban\Downloads\436.15-desktop-win8-win7-64bit-international-whql.exe
2019-08-24 15:36 - 2019-08-24 15:36 - 000000000 ____D C:\Users\Nieto Esteban\datamc
2019-08-24 15:36 - 2019-08-24 15:36 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Roaming\java
2019-08-24 15:35 - 2019-08-28 11:43 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Roaming\.minecraft
2019-08-24 15:35 - 2019-08-24 15:35 - 000110064 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-08-24 15:35 - 2019-08-24 15:35 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Roaming\Sun
2019-08-24 15:35 - 2019-08-24 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-24 15:34 - 2019-08-24 15:34 - 000000000 ____D C:\ProgramData\Oracle
2019-08-24 15:33 - 2019-08-24 15:33 - 079607256 _____ (Oracle Corporation) C:\Users\Nieto Esteban\Downloads\jre-8u221-windows-x64.exe
2019-08-24 15:33 - 2019-08-24 15:33 - 000000000 ____D C:\Users\Nieto Esteban\AppData\LocalLow\Sun
2019-08-17 13:20 - 2019-08-26 04:08 - 039531984 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2019-08-17 13:20 - 2019-07-18 16:16 - 001721600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443160.dll
2019-08-17 13:20 - 2019-07-18 16:16 - 001468112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443160.dll
2019-08-17 13:09 - 2019-08-29 19:30 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-17 13:09 - 2019-08-29 19:30 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-17 13:09 - 2019-08-29 19:30 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-17 13:09 - 2019-08-29 19:30 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-17 13:09 - 2019-04-17 04:42 - 000069840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2019-08-17 13:09 - 2019-04-17 01:44 - 000075600 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-08-02 14:11 - 2019-08-02 14:11 - 000001120 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-01 14:02 - 2011-04-12 06:10 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2019-09-01 14:02 - 2011-04-12 06:10 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2019-09-01 14:02 - 2009-07-14 02:13 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-01 14:02 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-09-01 14:01 - 2009-07-14 01:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-01 14:01 - 2009-07-14 01:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-01 13:55 - 2019-04-18 13:35 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-01 13:54 - 2019-04-18 13:37 - 000000000 __SHD C:\Users\Nieto Esteban\IntelGraphicsProfiles
2019-09-01 13:53 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-31 22:55 - 2019-03-17 15:21 - 000000000 ____D C:\Users\Nieto Esteban\Downloads\New folder (8)
2019-08-31 20:10 - 2019-04-25 19:29 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Local\CrashDumps
2019-08-31 19:58 - 2019-04-18 14:24 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2019-08-31 19:51 - 2019-04-19 19:48 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-31 19:51 - 2019-04-18 17:07 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Roaming\uTorrent
2019-08-31 19:49 - 2019-04-18 13:11 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-08-30 16:58 - 2019-04-18 16:15 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2019-08-29 21:31 - 2019-04-18 13:21 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-29 19:50 - 2019-04-25 19:27 - 000000000 ____D C:\Program Files (x86)\sXe Injected
2019-08-29 19:49 - 2019-04-25 19:25 - 000000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2019-08-29 19:41 - 2019-04-21 21:15 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Local\NVIDIA
2019-08-29 19:30 - 2019-05-01 20:11 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-29 19:30 - 2019-05-01 20:11 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-29 19:30 - 2019-05-01 20:11 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-29 19:30 - 2019-05-01 20:11 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-29 19:30 - 2019-05-01 20:11 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-29 19:30 - 2019-05-01 20:11 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-29 19:30 - 2019-05-01 20:11 - 000001374 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-08-29 19:30 - 2019-05-01 20:11 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Local\NVIDIA Corporation
2019-08-29 19:30 - 2019-04-18 13:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-08-29 19:30 - 2019-04-18 13:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-29 19:30 - 2019-04-18 13:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-08-26 07:11 - 2019-04-18 13:34 - 000507592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2019-08-26 04:08 - 2019-04-18 13:34 - 004848536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-08-26 00:23 - 2019-04-18 13:10 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Roaming\vlc
2019-08-25 02:37 - 2019-04-18 13:35 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-08-25 02:37 - 2019-04-18 13:34 - 001683032 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-08-25 02:37 - 2019-04-18 13:34 - 000051568 _____ C:\Windows\system32\nvinfo.pb
2019-08-25 00:58 - 2019-04-18 13:35 - 005469552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-08-25 00:58 - 2019-04-18 13:35 - 002635248 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-08-25 00:58 - 2019-04-18 13:35 - 001767736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-08-25 00:58 - 2019-04-18 13:35 - 000654136 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-08-25 00:58 - 2019-04-18 13:35 - 000451056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-08-25 00:58 - 2019-04-18 13:35 - 000125240 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-08-25 00:58 - 2019-04-18 13:35 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-08-24 15:36 - 2019-04-18 12:54 - 000000000 ____D C:\Users\Nieto Esteban
2019-08-23 23:36 - 2019-04-18 13:35 - 008691082 _____ C:\Windows\system32\nvcoproc.bin
2019-08-22 21:23 - 2019-04-18 13:46 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-14 16:57 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2019-08-13 17:11 - 2019-04-18 13:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 10:58 - 2019-05-01 20:11 - 002842480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-08-13 10:58 - 2019-05-01 20:11 - 002206248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-08-13 10:58 - 2019-05-01 20:11 - 001321968 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-08-08 19:26 - 2019-04-18 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-08-05 05:59 - 2019-04-18 13:35 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-08-02 21:49 - 2019-04-19 22:10 - 000000000 ____D C:\Users\Nieto Esteban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-08-02 14:11 - 2019-04-18 13:25 - 000000000 ____D C:\ProgramData\Package Cache

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-31 19:14
==================== End of FRST.txt ============================

Hola @AKATSUKI

Desinstala con Revo Uninstaller en su Modo Avanzado:

• CCleanerBrowser

Manual de Revo Uninstaller.

Luego de reiniciar sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

• Descarga DelFix en el escritorio de Windows.
• Clic Derecho, “Ejecutar como Administrador”.
• En la ventana principal, marca solamente la casilla “Create Registry Backup”.
• Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Run: [] => [X]
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
S3 NTLiveGuardN64; \??\C:\MuPlata\LiveGuard\NTLiveGuardN64.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ontextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
FirewallRules: [TCP Query User{35DB53A6-D6DC-4240-8218-5CE4E83C5AC5}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [UDP Query User{E5187ADA-EBB8-49B1-AA5D-07947FED2C76}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [TCP Query User{BC2EDDF3-920B-428C-B3BB-109B518B8E23}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [UDP Query User{66206A96-867D-42FF-978A-68BB4470FCBB}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

• Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

• Ejecutas Frst.exe.
• Presionas el botón Fix y aguardas a que termine.
• La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
• Lo pegas en tu próxima respuesta.

Nos comentas como sigue el equipo.

Salu2.

Hola, tengo un problema no puedo descargar el Revo Uninstaller, que cuando le doy a descargar sale esto

Sin título.png1920×1080 122 KB

Hola @AKATSUKI

Disculpa la demora, te dejo un enlace directo mientras reporto la falla que comentas.

https://www.revouninstaller.com/revo-uninstaller-free-download/

Presiona en Free Download.

Salu2

Hola, no pasa nada jajaja yo tarde mas en responder que fallaba la descarga

Hola :), aca dejo el reporte:

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Nieto Esteban (05-09-2019 20:39:03) Run:1
Running from C:\Users\Nieto Esteban\Desktop
Loaded Profiles: Nieto Esteban (Available Profiles: Nieto Esteban)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Run: [] => [X]
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
S3 NTLiveGuardN64; \??\C:\MuPlata\LiveGuard\NTLiveGuardN64.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ontextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
FirewallRules: [TCP Query User{35DB53A6-D6DC-4240-8218-5CE4E83C5AC5}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [UDP Query User{E5187ADA-EBB8-49B1-AA5D-07947FED2C76}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [TCP Query User{BC2EDDF3-920B-428C-B3BB-109B518B8E23}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
FirewallRules: [UDP Query User{66206A96-867D-42FF-978A-68BB4470FCBB}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe No File
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => removed successfully
HKLM\System\CurrentControlSet\Services\NTLiveGuardN64 => removed successfully
NTLiveGuardN64 => service removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
ontextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File => Error: No automatic fix found for this entry.
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35DB53A6-D6DC-4240-8218-5CE4E83C5AC5}C:\program files (x86)\mipony\mipony.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E5187ADA-EBB8-49B1-AA5D-07947FED2C76}C:\program files (x86)\mipony\mipony.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BC2EDDF3-920B-428C-B3BB-109B518B8E23}C:\program files (x86)\mipony\mipony.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{66206A96-867D-42FF-978A-68BB4470FCBB}C:\program files (x86)\mipony\mipony.exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : fibertel.com.ar
   V¡nculo: direcci¢n IPv6 local. . . : fe80::f5ab:1e39:cb86:9014%12
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.6
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.fibertel.com.ar:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : fibertel.com.ar

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4188308635-3697283264-2873950374-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34781483 B
Java, Flash, Steam htmlcache => 486112191 B
Windows/system/drivers => 1948877 B
Edge => 0 B
Chrome => 366803222 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
Nieto Esteban => 22479101 B

RecycleBin => 4590 B
EmptyTemp: => 878.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:39:17 ====

Hola @AKATSUKI

Perfecto…

El equipo ya esta limpio, faltaría que comentes como va el problema por el cual abriste el tema.

Salu2

ok, voy a ver en estos días si me siguen llegando mensajes al correo

Hola @AKATSUKI

Aunque recuerda, podemos no estar infectados y aun recibir correo no deseado.

Te dejo un articulo de interés:

Cómo bloquear los correos no deseados de una cuenta determinada en Gmail y Outlook

Salu2

Hola Sam Ahora lo miro, se agradece mucho la ayuda y voluntad.

Hola @AKATSUKI

Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

• Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
• Marca las casilla Remove disinfection tools y Purgue Sistem Restore
• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Nos comentas cuando todo este en orden para dar por Solucionado el tema.

Salu2.

Hola @SanMar

Hoy me llego este mensaje nuevo.

8919 correro.png1920×1080 192 KB

Hola @AKATSUKI

Es un correo spam normal, solo tienes que bloquearlos tal como el enlace y eliminarlos, mejor ni abrirlos.

Salu2

Hola @SanMar

Listo ahí lo bloqueé.

Hola:

Perfecto…nos avisas si no te quedan mas dudas para dar por resuelto el tema.

Salu2

Hola @SanMar

Hoy me llego otro correo:

13919 correo.png1920×1080 229 KB