Hola buenas, aquí te dejo el informe que dejó el Malwarebytes sobre el troyano:
Malwarebytes
-Detalles del registro-
Fecha del evento de protección: 23/5/19
Hora del evento de protección: 4:37
Archivo de registro: 08d2dfb2-7d0c-11e9-a2c4-1c1b0d6092bd.json
-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.10724
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 17134.765)
CPU: x64
> Sistema de archivos: NTFS
> Usuario: System
>
> -Detalles del sitio web bloqueado-
> Sitio web malicioso: 1
> , , Bloqueado, [-1], [-1],0.0.0
>
> -Datos de sitio web-
> Categoría: Troyano
> Dominio:
> Dirección IP: 51.15.72.81
> Puerto: [61818]
> Tipo: Saliente
> Archivo: C:\Users\sofia\AppData\Roaming\uTorrent\uTorrent.exe
>
>
>
> (end)
Esto es lo que encontró el primer día que lo usé:
Malwarebytes
> -Detalles del registro-
> Fecha del análisis: 21/5/19
> Hora del análisis: 22:41
> Archivo de registro: 2ac377a4-7c11-11e9-8695-1c1b0d6092bd.json
>
> -Información del software-
> Versión: 3.7.1.2839
> Versión de los componentes: 1.0.538
> Versión del paquete de actualización: 1.0.10700
> Licencia: Prueba
>
> -Información del sistema-
> SO: Windows 10 (Build 17134.765)
> CPU: x64
> Sistema de archivos: NTFS
> Usuario: DESKTOP-RI5GRJ0\sofia
>
> -Resumen del análisis-
> Tipo de análisis: Análisis de amenazas
> Análisis iniciado por:: Manual
> Resultado: Completado
> Objetos analizados: 333917
> Amenazas detectadas: 128
> Amenazas en cuarentena: 128
> Tiempo transcurrido: 6 min, 36 seg
>
> -Opciones de análisis-
> Memoria: Activado
> Inicio: Activado
> Sistema de archivos: Activado
> Archivo: Activado
> Rootkits: Desactivado
> Heurística: Activado
> PUP: Detectar
> PUM: Detectar
>
> -Detalles del análisis-
> Proceso: 0
> (No hay elementos maliciosos detectados)
>
> Módulo: 0
> (No hay elementos maliciosos detectados)
>
> Clave del registro: 32
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered ticem, En cuarentena, [234], [308969],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3A1D2C3E-EE45-4396-9DE5-DD21967C489F}, En cuarentena, [234], [308969],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3A1D2C3E-EE45-4396-9DE5-DD21967C489F}, En cuarentena, [234], [308969],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered ticem, En cuarentena, [793], [-1],0.0.0
> PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A1D2C3E-EE45-4396-9DE5-DD21967C489F}, En cuarentena, [793], [-1],0.0.0
> PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A1D2C3E-EE45-4396-9DE5-DD21967C489F}, En cuarentena, [793], [-1],0.0.0
> PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EF0A07CA-BF8A-D64A-0E0A-A6CADE8A754A}, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080CAD-4ADC-49AC-8C63-EDA16E595CBD}, En cuarentena, [234], [254683],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080CAD-4ADC-49AC-8C63-EDA16E595CBD}, En cuarentena, [234], [254683],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080cad-4adc-49ac-8c63-eda16e595cbd}, En cuarentena, [234], [254683],1.0.10700
> PUP.Optional.hTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ELMKJJFKKCHOHAAOLJOBAFFJEEDCOOCJ, En cuarentena, [2192], [460277],1.0.10700
> PUP.Optional.hTab, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ELMKJJFKKCHOHAAOLJOBAFFJEEDCOOCJ, En cuarentena, [2192], [460277],1.0.10700
> PUP.Optional.hTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, En cuarentena, [2192], [460277],1.0.10700
> PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, En cuarentena, [2078], [476595],1.0.10700
> PUP.Optional.SearchManager, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, En cuarentena, [2078], [476595],1.0.10700
> PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, En cuarentena, [2078], [476595],1.0.10700
> PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, En cuarentena, [2078], [260991],1.0.10700
> PUP.Optional.SearchManager, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, En cuarentena, [2078], [260991],1.0.10700
> PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En cuarentena, [2078], [260991],1.0.10700
> PUP.Optional.WinYahoo, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, [234], [182758],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, [234], [182758],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En cuarentena, [234], [182758],1.0.10700
> PUP.Optional.InstallCore, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\CSASTATS\ic, En cuarentena, [438], [586068],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FC0B14CB-AC8B-C54B-1D0B-B5CBCD8B664B}, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.InstallCore, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\PRODUCTSETUP, En cuarentena, [438], [481004],1.0.10700
> PUP.Optional.NeroTuneItUp, HKLM\SOFTWARE\WOW6432NODE\NERO\nero_tuneitup, En cuarentena, [1295], [354277],1.0.10700
> PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{16941605-58DE-0892-E7CA-0D62D0F3BC97}, En cuarentena, [220], [521470],1.0.10700
> PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F43BF6C2-013B-4B7D-BDB8-0385142F8DAF}, En cuarentena, [220], [521470],1.0.10700
> PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F43BF6C2-013B-4B7D-BDB8-0385142F8DAF}, En cuarentena, [220], [521470],1.0.10700
> PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{4167F926-D177-515E-69B5-035D0DBDCBA5}, En cuarentena, [220], [518233],1.0.10700
> PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96888C30-4915-413C-BB24-3648B556B158}, En cuarentena, [220], [518233],1.0.10700
> PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{96888C30-4915-413C-BB24-3648B556B158}, En cuarentena, [220], [518233],1.0.10700
>
> Valor del registro: 7
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080cad-4adc-49ac-8c63-eda16e595cbd}|URL, En cuarentena, [234], [254683],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080cad-4adc-49ac-8c63-eda16e595cbd}|URL, En cuarentena, [234], [254683],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, [234], [182758],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, [234], [182758],1.0.10700
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3A1D2C3E-EE45-4396-9DE5-DD21967C489F}|PATH, En cuarentena, [234], [308967],1.0.10700
> PUP.Optional.WinYahoo, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, [234], [182757],1.0.10700
> PUP.Optional.InstallCore, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\PRODUCTSETUP|TB, En cuarentena, [438], [481004],1.0.10700
>
> Datos del registro: 2
> PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [234], [293461],1.0.10700
> PUP.Optional.WinYahoo, HKU\S-1-5-21-3895778464-1852489402-3281919599-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [234], [293459],1.0.10700
>
> Secuencia de datos: 0
> (No hay elementos maliciosos detectados)
>
> Carpeta: 6
> PUP.Optional.NeroTuneItUp, C:\PROGRAMDATA\NERO\NERO TUNEITUP, En cuarentena, [1295], [354279],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOFIA\APPDATA\LOCAL\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOFIA\APPDATA\LOCAL\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}, En cuarentena, [793], [542290],1.0.10700
>
> Archivo: 81
> PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, En cuarentena, [234], [254335],1.0.10700
> PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered ticem.job, En cuarentena, [234], [308969],1.0.10700
> PUP.Optional.WinYahoo, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered ticem, En cuarentena, [234], [308969],1.0.10700
> PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\remote_devices.db, En cuarentena, [1295], [354279],1.0.10700
> PUP.Optional.SearchManager, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, En cuarentena, [2078], [453138],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\fita, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\aowLC, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\fiso.txt, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\hBPdx, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\hdat1, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\hdat2, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{32DDF7BE-B89F-7D78-3E59-E33AA41B68F4}\sodeno, En cuarentena, [793], [484243],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered ticem, En cuarentena, [793], [-1],0.0.0
> PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOFIA\APPDATA\LOCAL\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\cafo, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\chromium-min.jpg, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\control panel-min-min.JPG, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\down.png, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\ff menu.JPG, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\ff search engine-min.png, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\HowToRemove.html, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\hp-min ff.png, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\hp-min ie.png, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\search engine.gif, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\setup pages.gif, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\sp-min.png, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\start-min.jpg, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\HowToRemove\up.png, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\bapi_chmm.dat, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\bapi_ff.dat, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\bapi_ie.dat, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\camolilet, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\install.log, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\moti, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\nici, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\nicicoro, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\salo, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\Sqlite3.dll, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\uninst.dat, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\uninst.exe, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{5B9F6DC3-7F37-017B-12AF-249336C7D80B}\uninstp.dat, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOFIA\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, En cuarentena, [793], [484244],1.0.10700
> PUP.Optional.hTab, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [2192], [460277],1.0.10700
> PUP.Optional.SearchManager, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [2078], [476595],1.0.10700
> PUP.Optional.SearchManager, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [2078], [260991],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOFIA\APPDATA\LOCAL\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HOWTOREMOVE\HOWTOREMOVE.HTML, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\chromium-min.jpg, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\control panel-min-min.JPG, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\down.png, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\ff menu.JPG, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\ff search engine-min.png, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\hp-min ff.png, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\hp-min ie.png, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\search engine.gif, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\setup pages.gif, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\sp-min.png, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\start-min.jpg, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\HowToRemove\up.png, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\cafocatot, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\focola, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\install.log, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\motineset, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\riloto.dat, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\salotano, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\sicedade.dat, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\Sqlite3.dll, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\titolen.dat, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\uninst.dat, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\uninst.exe, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.TskLnk, C:\Users\sofia\AppData\Local\{255C1300-01F4-7FB8-6C6C-5A504804A6C8}\uninstp.dat, En cuarentena, [793], [542290],1.0.10700
> PUP.Optional.WinYahoo.Generic, C:\WINDOWS\TASKS\{16941605-58DE-0892-E7CA-0D62D0F3BC97}.job, En cuarentena, [220], [521470],1.0.10700
> PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\{16941605-58DE-0892-E7CA-0D62D0F3BC97}, En cuarentena, [220], [521470],1.0.10700
> PUP.Optional.WinYahoo.Generic, C:\WINDOWS\TASKS\{4167F926-D177-515E-69B5-035D0DBDCBA5}.job, En cuarentena, [220], [518233],1.0.10700
> PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\{4167F926-D177-515E-69B5-035D0DBDCBA5}, En cuarentena, [220], [518233],1.0.10700
> PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, En cuarentena, [8015], [393793],1.0.10700
> PUP.Optional.InstallCore, C:\USERS\SOFIA\DOWNLOADS\CHEATENGINE66.EXE, En cuarentena, [438], [500846],1.0.10700
> Generic.Malware/Suspicious, C:\USERS\SOFIA\DOWNLOADS\FIFA 17 99 OVR BY FRENDZ.RAR, En cuarentena, [0], [392686],1.0.10700
> Generic.Malware/Suspicious, C:\USERS\SOFIA\DOWNLOADS\[RAPIDFILES]_75108.ZIP, En cuarentena, [0], [392686],1.0.10700
> RiskWare.CheatEngine, C:\USERS\SOFIA\DOWNLOADS\XAHAFIF99OVR.RAR, En cuarentena, [9002], [497728],1.0.10700
> PUP.Optional.SearchManager.BITSRST, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [264], [626729],1.0.10700
> PUP.Optional.SearchManager.BITSRST, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [264], [628563],1.0.10700
> PUP.Optional.SearchManager.BITSRST, C:\USERS\SOFIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [264], [628563],1.0.10700
>
> Sector físico: 0
> (No hay elementos maliciosos detectados)
>
> WMI: 0
> (No hay elementos maliciosos detectados)
>
>
> (end)
Ahora lo he usado con el iExplore y no ha encontrado ninguna amenaza. Por cierto, ¿CCleaner o el iExplorer instala Avast antivirus? Ya que me acaba de aparecer y no sé si tendrá que ver con alguna de las dos instalaciones.
Aquí el de ADWCleaner
> # -------------------------------
> # Malwarebytes AdwCleaner 7.3.0.0
> # -------------------------------
> # Build: 04-04-2019
> # Database: 2019-04-29.1 (Cloud)
> # Support: https://www.malwarebytes.com/support
> #
> # -------------------------------
> # Mode: Scan
> # -------------------------------
> # Start: 05-25-2019
> # Duration: 00:01:12
> # OS: Windows 10 Home
> # Scanned: 27335
> # Detected: 50
>
>
> ***** [ Services ] *****
>
> PUP.Optional.ByteFence ByteFenceService
> PUP.Optional.ByteFence rtop
>
> ***** [ Folders ] *****
>
> PUP.Optional.ByteFence C:\Program Files\ByteFence
> PUP.Optional.ByteFence C:\ProgramData\ByteFence
> PUP.Optional.Legacy C:\Users\sofia\AppData\LocalLow\.acestream
> PUP.Optional.Legacy C:\Users\sofia\AppData\Roaming\.acestream
> PUP.Optional.Legacy C:\Users\sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
> PUP.Optional.Legacy C:\Users\sofia\AppData\Roaming\acestream
> PUP.Optional.Legacy C:\_acestream_cache_
>
> ***** [ Files ] *****
>
> PUP.Optional.WinYahoo C:\Users\sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk
>
> ***** [ DLL ] *****
>
> No malicious DLLs found.
>
> ***** [ WMI ] *****
>
> No malicious WMI found.
>
> ***** [ Shortcuts ] *****
>
> No malicious shortcuts found.
>
> ***** [ Tasks ] *****
>
> PUP.Optional.ByteFence C:\Windows\System32\Tasks\BYTEFENCE
>
> ***** [ Registry ] *****
>
> PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream
> PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream
> PUP.Optional.ByteFence HKCU\Software\ByteFence
> PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
> PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62032084-5967-49B0-8DC1-C22A3E5FA08A}
> PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence
> PUP.Optional.ByteFence HKLM\Software\ByteFence
> PUP.Optional.ByteFence HKLM\Software\Wow6432Node\ByteFence
> PUP.Optional.ByteFence HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
> PUP.Optional.ByteFence HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
> PUP.Optional.InstallCore HKCU\Software\csastats
> PUP.Optional.Legacy HKCU\SOFTWARE\Classes\Applications\ace_player.exe
> PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
> PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
> PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
> PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
> PUP.Optional.Legacy HKCU\Software\AceStream
> PUP.Optional.Legacy HKCU\Software\Classes\.acelive
> PUP.Optional.Legacy HKCU\Software\Classes\.acemedia
> PUP.Optional.Legacy HKCU\Software\Classes\.acestream
> PUP.Optional.Legacy HKCU\Software\Classes\.tslive
> PUP.Optional.Legacy HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
> PUP.Optional.Legacy HKCU\Software\Classes\DVD\shell\PlayWithACEStream
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
> PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
> PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{391CD6CE-7544-40FE-8C6A-F1BF15F867E7}C:\users\sofia\appdata\roaming\acestream\engine\ace_engine.exe
> PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{DF5A310A-69C2-483D-8483-B78802887D98}C:\users\sofia\appdata\roaming\acestream\engine\ace_engine.exe
> PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{201BFA41-151B-482F-8E76-66AFB06262DC}
> PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DC2A35A8-A291-4B80-95EF-A1B7A1FC30A2}
> PUP.Optional.Legacy HKLM\Software\Classes\.acestream
> PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
> PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
> PUP.Optional.TheBrightTag HKCU\Software\Microsoft\Internet Explorer\DOMStorage\thebrighttag.com
>
> ***** [ Chromium (and derivatives) ] *****
>
> No malicious Chromium entries found.
>
> ***** [ Chromium URLs ] *****
>
> No malicious Chromium URLs found.
>
> ***** [ Firefox (and derivatives) ] *****
>
> No malicious Firefox entries found.
>
> ***** [ Firefox URLs ] *****
>
> No malicious Firefox URLs found.
>
>
>
> ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Es el de analísis, ¿necesitas también el de limpieza?