Equipo lento y limpieza de virus

Hola @SanMar yo también quiero limpiar unas computadoras, relacionado con el mismo tema, abro un nuevo post o puedo seguir acá?

Hola @Rodvi_Julio

Moví tu post a un nuevo tema, así hacemos la limpieza en orden. Describe primero el problema que tienes, en que equipo y cual es tu SO.

Nos comentas.

Salu2

Muchas Gracias @SanMar es un computadora de escritorio, pero esta lenta, no saltan mensajes extraños ni nada, pero quizá tenga algún virus. Quiero hacer una limpieza porque necesito copiar unos archivos. el SO es W7

Hola @Rodvi_Julio

Perfecto empecemos por una limpieza!!

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de Ccleaner Browser/Avast Browser o similar…
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes Versión 4

  • Lo ejecutas siguiendo los pasos de su Manual.
  • Realizas un Análisis de Amenazas
  • Revisa especialmente como salvar el reporte.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

1 me gusta
# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2020-01-06.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-10-2020
# Duration: 00:00:19
# OS:       Windows 7 Ultimate
# Cleaned:  29
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\NERO\NERO TUNEITUP
Deleted       C:\ProgramData\NERO\NERO TUNEITUP

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\NERO TUNEITUP PRO
Deleted       C:\Windows\System32\Tasks\NERO TUNEITUP PRO (TRAY)
Deleted       C:\Windows\Tasks\NERO TUNEITUP PRO (TRAY).JOB
Deleted       C:\Windows\Tasks\NERO TUNEITUP PRO.JOB

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{552C2912-0834-43BD-967F-CF176CACE467}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACD3439-1861-4241-8F3B-DB0651E2AC76}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{552C2912-0834-43BD-967F-CF176CACE467}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero TuneItUp PRO
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero TuneItUp PRO (Tray)
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{602E2582-2513-4650-876B-2EB3332311A1}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BDC99930-3035-4FD0-9D03-D666A151AF78}
Deleted       HKLM\Software\Wow6432Node\NERO\nero_tuneitup
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}

***** [ Chromium (and derivatives) ] *****

Deleted       Ask App for iLivid
Deleted       iLivid

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Deleted       http://hp.myway.com/fromdoctopdf/LMES/index.html?coId=c75fd036115146abacd4d388a6daec4e&subId=EAIaIQobChMI7NGh9p6A4wIVTz0MCh0R9A9TEAAYASAAEgKf9PD_BwE&ln=es&n=78587228&ptb=64E6ADF6-B1EB-412F-B675-6F87EAC1C8E3&st&p2=%5EY6%5Expt804%5ELMES%5Egt&si=EAIaIQobChMI7NGh9p6A4wIVTz0MCh0R9A9TEAAYASAAEgKf9PD_BwE

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkService   Folder   C:\Program Files (x86)\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Deleted       Preinstalled.CyberLinkService   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\NewBlue Art Effects for PDR10
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.LenovoYouCam   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Mirage
Deleted       Preinstalled.LenovoYouCam   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Tray


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4747 octets] - [10/01/2020 13:02:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

~ ZHPCleaner v2020.1.8.167 by Nicolas Coolman (2020/01/08)
~ Run by VASQUEZ (Administrator)  (10/01/2020 13:24:10)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : D:\Users\VASQUEZ\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\VASQUEZ\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (149)
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.bootstrappedAddons", "{\"[email protected]\":{\"version\":\"1.0\",\"type[...]  =>SUP.Optional.MindSpark
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.mywebsearch.prevKwdEnabled", true);  =>Adware.MyWebSearch
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":232606923,\"c\":\"mi[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.prev", "www.google.com.[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.savedPrev", "true");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.tb", "http://hp.myway.c[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.savedPrev", 1);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.tb", 1);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.browser.version.last", "47.0");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.coId", "c75fd036115146abacd4d388a6daec4e");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.competitorDNS", "{\"comment\":\"refresh every 1 [...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.firefoxSearchExtensionEnabled", "true");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.firstKnownVersion", "7.800.11.26966");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.homepage", "http://hp.myway.com/fromdoctopdf/LME[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.hp.guardType", "HPR");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installType", "XPI");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.dlpCountryCode", "GT");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2019062312");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xpt804^LMES^gt");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "EAIaIQobChMI7NGh9p6[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.pixelUrl", "https://free.fromdoctop[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarDataSource", "[\"COOKIE\",\"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "64E6ADF6-B1EB-412F-B67[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1561314833594");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.lastKnownVersion", "7.800.11.26966");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.lssState", "{\"previousLocales\":[\"es-ES\",\"es[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.partnerPixelFired", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.productDeliveryOption.language", "es");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.productDeliveryOption.newTabURL", "http://hp.myw[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.productDeliveryOption.type", "ToolTab");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.successUrl", "http://fromdoctopdf.dl.tb.ask.com/[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.toolbarCollapsed", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.uninstallSurveyUrl", "http://www.research.net/r/[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._65Members_.uninstallTasks", "{\"prefBranchesToDelete\":[\"e[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.BUTTON_STRUCTURE", "[{\"b\":235492090,\"c\":\"mi[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.browser.version.last", "47.0");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.coId", "172951f5a1cb47c885d5b0c9dfb02379");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.competitorDNS", "{\"comment\":\"refresh every 1 [...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.firefoxSearchExtensionEnabled", "true");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.firstKnownVersion", "7.800.11.40872");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.homepage", "http://hp.myway.com/easypdfcombine/l[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.hp.guardType", "HPR");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.initialized", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installType", "XPI");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.dlpCountryCode", "GT");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.installDate", "2019062301");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.partnerId", "^BSB^xdm013^LMESLA^gt"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.partnerSubId", "EAIaIQobChMI99GXr6W[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.pixelUrl", "https://free.easypdfcom[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.success", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.toolbarDataSource", "[\"COOKIE\",\"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.installation.toolbarId", "31DAE420-C19D-469F-917[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.lastActivePing", "1561316565015");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.lastKnownVersion", "7.800.11.40872");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.lssState", "{\"previousLocales\":[\"es-ES\",\"es[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.options.defaultSearch", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.options.homePageEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.options.keywordEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.options.tabEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.partnerPixelFired", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.language", "es");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.newTabURL", "http://hp.myw[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.type", "ToolTab");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.successUrl", "http://easypdfcombine.dl.tb.ask.co[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.toolbarCollapsed", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.uninstallSurveyUrl", "http://easypdfcombine.dl.m[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._ceMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"e[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":229253751,\"c\":\"mi[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.browser.version.last", "47.0");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.coId", "6c10d5ba5dad43aea909f79bd523ac0c");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.competitorDNS", "{\"comment\":\"refresh every 1 [...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.firefoxSearchExtensionEnabled", "true");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "7.800.11.18041");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "http://hp.myway.com/gamingwonderland[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.hp.guardType", "HPR");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installType", "XPI");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.dlpCountryCode", "GT");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2019062301");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm031^TTAB02^gt")[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "EAIaIQobChMIiNznl6W[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.pixelUrl", "https://free.gamingwond[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarDataSource", "[\"COOKIE\",\"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "127B9BAF-51B7-4BC6-BBD[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.lastActivePing", "1561316509806");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "7.800.11.18041");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.lssState", "{\"previousLocales\":[\"es-ES\",\"es[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.partnerPixelFired", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.productDeliveryOption.language", "es");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.productDeliveryOption.newTabURL", "http://hp.myw[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.productDeliveryOption.type", "ToolTab");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "http://www.gamingwonderland.com/")[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.uninstallSurveyUrl", "http://gamingwonderland.dl[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._gtMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"e[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.BUTTON_STRUCTURE", "[{\"b\":232532496,\"c\":\"mi[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.search.defaultenginename.prev", "Google"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.search.defaultenginename.savedPrev", "tr[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.search.defaultenginename.tb", "Ask Web S[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.search.selectedEngine.prev", "Google");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.search.selectedEngine.savedPrev", "true"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.search.selectedEngine.tb", "Ask Web Sear[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.browser.version.last", "47.0");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.coId", "172951f5a1cb47c885d5b0c9dfb02379");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.competitorDNS", "{\"comment\":\"refresh every 1 [...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.firefoxSearchExtensionEnabled", "false");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.firstKnownVersion", "7.800.11.11538");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.homepage", "http://home.tb.ask.com/index.jhtml?n[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.hp.enabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.initialized", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installType", "XPI");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.dlpCountryCode", "GT");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.installDate", "2019062301");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.partnerId", "^BSB^xdm013^LMESLA^gt"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.partnerSubId", "EAIaIQobChMI99GXr6W[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.success", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.toolbarDataSource", "[\"COOKIE\",\"[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.installation.toolbarId", "31DAE420-C19D-469F-917[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.lastActivePing", "1561316581140");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.lastKnownVersion", "7.800.11.11538");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.lssState", "{\"previousLocales\":[\"es-ES\",\"es[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.options.defaultSearch", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.options.homePageEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.options.keywordEnabled", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.options.tabEnabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.productDeliveryOption.language", "es");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.productDeliveryOption.type", "DefaultSearch");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.successUrl", "#installed=CPC");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.toolbar.ownSearch", true);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.toolbarCollapsed", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.uninstallSurveyUrl", "https://www.research.net/r[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark._j5Members_.uninstallTasks", "{\"prefBranchesToDelete\":[\"e[...]  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark.hp.enabled", false);  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");  =>Adware.Bandoo
BORRADOS: [7r4c4wz6.default] - user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":{\"d\"[...]  =>SUP.Optional.MindSpark
BORRADOS: [7r4c4wz6.default] - user_pref("keyword.URL", "http://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=31DAE420-C19D-[...]  =>Toolbar.Ask


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (30)
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\bootstrap.js    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest.restartless    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\install.rdf    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\META-INF    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\bootstrap.js    =>Adware.EasyPDFCombine
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome    =>Adware.EasyPDFCombine
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest    =>Adware.EasyPDFCombine
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest.restartless    =>Adware.EasyPDFCombine
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\install.rdf    =>Adware.EasyPDFCombine
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\META-INF    =>Adware.EasyPDFCombine
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\bootstrap.js    =>SUP.Optional.MindSpark
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\_gtMembers_[email protected]\chrome.manifest    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest.restartless    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\install.rdf    =>SUP.Optional.MindSpark
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\META-INF    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\bootstrap.js    =>SUP.Optional.MindSpark
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\chrome.manifest.restartless    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\install.rdf    =>SUP.Optional.MindSpark
MOVIDO carpeta^: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]\META-INF    =>SUP.Optional.MindSpark
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\FromDocToPDF_65\64E6ADF6-B1EB-412F-B675-6F87EAC1C8E3.sqlite    =>SUP.Optional.FromDocToPDF
MOVIDO carpeta: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\EasyPDFCombine_ce\31DAE420-C19D-469F-917F-035E34DAECBD.sqlite    =>Adware.EasyPDFCombine
MOVIDO archivo: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]  =>SUP.Optional.FromDocToPDF
MOVIDO archivo: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]  =>Adware.EasyPDFCombine
MOVIDO archivo: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]  =>SUP.Optional.MindSpark
MOVIDO archivo: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default\Extensions\[email protected]  =>SUP.Optional.MindSpark


---\\  Registro ( Claves, Valores, Datos) (5)
BORRADOS clave*: HKEY_USERS\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Magicbit []  =>.SUP.Magicbit
BORRADOS clave**: HKCU\Software\Magicbit []  =>.SUP.Magicbit
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO]  =>Adware.BProtector
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO]  =>Adware.BProtector
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask


---\\  Resumen de elementos en su estación de trabajo (8)
https://nicolascoolman.eu/2017/01/15/superfluous-mindspark/  =>SUP.Optional.MindSpark
https://nicolascoolman.eu/2017/12/17/adware-mywebsearch/  =>Adware.MyWebSearch
https://nicolascoolman.eu/2017/02/23/adware-bandoo/  =>Adware.Bandoo
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://nicolascoolman.eu/2017/12/02/sup-fromdoctopdf/  =>SUP.Optional.FromDocToPDF
https://nicolascoolman.eu/2017/11/21/adware-easypdfcombine/  =>Adware.EasyPDFCombine
https://nicolascoolman.eu/2017/12/23/sup-magicbit/  =>.SUP.Magicbit
https://nicolascoolman.eu/2017/04/12/adware-bprotector/  =>Adware.BProtector


---\\ Limpieza adicional. (2)
~ Clave de registro Tracing borrados (2)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Mozilla Firefox OK
~ Internet Explorer OK
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 5325
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 7/14
~ Ahorro de espacio (bytes) : 0


~ End of clean in 00h00mn27s

---\\  Reporte (2)
ZHPCleaner-[S]-10012020-13_21_19.txt
ZHPCleaner-[R]-10012020-13_24_37.txt

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 10/1/20
Hora del análisis: 13:36
Archivo de registro: 82ec624c-33e0-11ea-be1d-d43d7e6b5ad3.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.793
Versión del paquete de actualización: 1.0.17539
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: VASQUEZ-PC\VASQUEZ

-Resumen del análisis-
Tipo de análisis: Análisis rápido
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 2144
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 0 min, 53 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Desactivado
Sistema de archivos: Desactivado
Archivo: Activado
Rootkits: Desactivado
Heurística: Desactivado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @Rodvi_Julio

Si que tenias porquerías… :upside_down_face:

Continua con lo siguiente:

1.- Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

2.- Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

  • Este no da reporte cuando te encuentres, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Salu2

1 me gusta

menos mal tengo tu ayuda :sweat_smile: en Kaspersky no encontro nada

13/01/2020 15:05:52 p.m.
Archivos explorados: 210794
Archivos infectados: 12
Amenazas eliminadas: 9
Tiempo total de exploración 01:13:29
Estado de la exploración: Finalizado
C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	error al eliminando (Acceso denegado)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-946.vpx	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	error al eliminando (Acceso denegado)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	error al eliminando (Acceso denegado)

C:\Program Files (x86)\Adobe\Photoshop CS4\disable_internet_actions.cmd	BAT/HackHosts.B aplicación potencialmente no segura	desinfectado por eliminación

C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mghcamdjeipmgpgodmahidjmaibecaeh\12.702.11.34341_0\common\js\PartnerId.js	JS/Mindspark.G aplicación potencialmente no deseada	desinfectado por eliminación

C:\Users\VASQUEZ\AppData\Local\Mozilla\Firefox\Profiles\7r4c4wz6.default\startupCache\startupCache.4.little	JS/Mindspark.D aplicación potencialmente no deseada,JS/Mindspark.B aplicación potencialmente no deseada	eliminado

C:\Users\VASQUEZ\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\bootstrap.js	JS/Mindspark.D aplicación potencialmente no deseada	desinfectado por eliminación

C:\Users\VASQUEZ\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\ffxtbr.jar	JS/Mindspark.B aplicación potencialmente no deseada,JS/Mindspark.D aplicación potencialmente no deseada	eliminado

C:\Windows\System32\SppExtComObjHook.dll	una variante de Win64/HackKMS.I aplicación potencialmente no segura	desinfectado por eliminación

C:\Windows\System32\SppExtComObjPatcher.exe	una variante de Win64/HackKMS.C aplicación potencialmente no segura	desinfectado por eliminación

D:\Games\AB\Angry.Birds.Rio.v1.4.2.cracked.READ.NFO-THETA\Patch\Patch.exe	una variante de Win32/HackTool.Patcher.D aplicación potencialmente no segura	desinfectado por eliminación

D:\Users\VASQUEZ\Downloads\p a t c h by RaZzielDoOlby\Patch.exe	una variante de Win32/HackTool.Patcher.D aplicación potencialmente no segura	desinfectado por eliminación

Kaspersky

Hola @Rodvi_Julio

Perfecto, ahora toca lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 15-01-2020
Ejecutado por VASQUEZ (administrador) sobre VASQUEZ-PC (MSI MS-7788) (16-01-2020 12:52:56)
Ejecutado desde D:\Users\VASQUEZ\Desktop
Perfiles cargados: VASQUEZ (Perfiles disponibles: VASQUEZ)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Español (España, internacional)
Internet Explorer Versión 10 (Navegador predeterminado: Chrome)
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

() [Archivo no firmado] C:\Program Files (x86)\RocketDock\RocketDock.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Solid Documents, LLC) [Archivo no firmado] C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\Run: [E09EXLRD_564146] => C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE [351000 2008-06-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () [Archivo no firmado]
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\MountPoints2: {b1210781-c970-11e2-b26d-00235a33605b} - H:\autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2020-01-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {00F5DD69-1339-4504-8EC3-8F2ADE1B93C1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3673424 2014-07-21] (Nero AG -> Nero AG)
Task: {05C5768B-7DB7-40E4-B0BC-E68A09E34450} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {290DEAF5-38E7-491A-9FF4-0F12F4F94AED} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {2BEF61D3-20D4-4EC9-B31B-DB2DE3836E13} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {3301D840-8A7B-457C-AFE5-6A8FDC0E2428} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {4FAFA35E-A8F2-4E37-8DBB-E260101E7060} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {594097F1-8DEA-4108-A61D-E4771E06FC56} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {7D2764D1-9292-4989-88A8-25B79C757F53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-22] (Adobe Inc. -> Adobe)
Task: {85FC1A10-B90B-4C44-B878-70DA10979F6D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {89FA2C5E-8653-4188-A3EF-47735CE3440D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1873288 2019-09-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {A8CE7CD2-146E-4C11-A725-42E433854716} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AFA994CE-0631-4959-AB5D-B5BD31ABA4D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1165920 2017-07-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C1A487EC-619A-457D-9B8D-E3A85517B4D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {F5486E63-B62D-40FE-8A68-9C4B594DE180} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {F6A3E909-6771-40C2-8E55-4AB941785426} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {F778854E-E78D-4504-906A-BCAD85DCC2C2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-22] (Adobe Inc. -> Adobe)
Task: {FF83F14D-C7D1-4AE6-B0E9-6F694CC99FC4} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA1146E0-28A1-4F55-A9C2-25E9E8113E99}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.gt
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://latam.msn.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-3635118186-2907849737-3350028575-1001 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Ningún archivo
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [Archivo no firmado]

FireFox:
========
FF DefaultProfile: 7r4c4wz6.default
FF ProfilePath: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\06ae56x5.default-release [2020-01-16]
FF ProfilePath: C:\Users\VASQUEZ\AppData\Roaming\Mozilla\Firefox\Profiles\7r4c4wz6.default [2020-01-16]
FF Homepage: Mozilla\Firefox\Profiles\7r4c4wz6.default -> hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-22] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Ningún archivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-22] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [Archivo no firmado]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Ningún archivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG -> Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3635118186-2907849737-3350028575-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\VASQUEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR StartupUrls: Profile 3 -> "chrome://newtab/"
CHR NewTab: Profile 3 ->  Not-active:"chrome-extension://mghcamdjeipmgpgodmahidjmaibecaeh/stubby.html"
CHR Profile: C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default [2020-01-10]
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Ask App for iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-06-10]
CHR Extension: (iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17]
CHR Profile: C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-10]
CHR Profile: C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3 [2020-01-16]
CHR Extension: (Documentos) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Búsqueda de Google) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-30]
CHR Extension: (Hojas de cálculo) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-16]
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-30]
CHR Profile: C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-10]
CHR Extension: (Presentaciones de Google) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-24]
CHR Extension: (Google Docs) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01]
CHR Extension: (Google Drive) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-01]
CHR Extension: (YouTube) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-01]
CHR Extension: (Búsqueda de Google) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-01]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-24]
CHR Extension: (Gmail) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <no encontrado>

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87928 2012-03-21] (CyberLink -> CyberLink Corp.)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75640 2012-03-21] (CyberLink -> CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296824 2012-03-21] (CyberLink -> CyberLink)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-10] (Malwarebytes Inc -> Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2012-05-10] (CyberLink -> )
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe [320512 2009-09-10] (Solid Documents, LLC) [Archivo no firmado]
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 Accelerometer; C:\Windows\system32\drivers\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-09-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476776 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [385848 2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394176 2009-10-09] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-08-20] (CyberLink -> CyberLink Corporation)
R0 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] (Intel CASE -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [218288 2020-01-13] (Malwarebytes Inc -> Malwarebytes)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (CyberLink -> Cyberlink Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Archivo no firmado]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-02-16] (CyberLink -> CyberLink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-01-16 12:52 - 2020-01-16 12:53 - 000000000 ____D C:\FRST
2020-01-13 15:13 - 2020-01-13 15:14 - 000000000 ____D C:\KVRT_Data
2020-01-13 12:49 - 2020-01-13 12:49 - 000218288 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-01-10 13:13 - 2020-01-10 13:24 - 000000000 ____D C:\Users\VASQUEZ\AppData\Roaming\ZHP
2020-01-10 13:13 - 2020-01-10 13:13 - 000000000 ____D C:\Users\VASQUEZ\AppData\Local\ZHP
2020-01-10 13:00 - 2020-01-10 13:06 - 000000000 ____D C:\AdwCleaner
2020-01-10 12:42 - 2020-01-10 12:42 - 000000000 ____D C:\Users\VASQUEZ\AppData\Local\mbam
2020-01-10 12:42 - 2020-01-10 12:42 - 000000000 ____D C:\Users\VASQUEZ\AppData\Local\cache
2020-01-10 12:41 - 2020-01-10 12:41 - 000000000 ____D C:\Users\VASQUEZ\AppData\Local\mbamtray
2020-01-10 12:40 - 2020-01-10 12:40 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-10 12:40 - 2020-01-10 12:40 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-10 12:40 - 2020-01-10 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-10 12:40 - 2020-01-10 12:39 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-01-10 12:39 - 2020-01-10 12:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-10 12:37 - 2020-01-10 12:37 - 000000000 ____D C:\Program Files\Malwarebytes

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-01-16 12:29 - 2009-07-13 22:45 - 000029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-16 12:29 - 2009-07-13 22:45 - 000029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-16 12:22 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-12 10:56 - 2011-04-12 03:10 - 000703602 _____ C:\Windows\system32\perfh00A.dat
2020-01-12 10:56 - 2011-04-12 03:10 - 000137600 _____ C:\Windows\system32\perfc00A.dat
2020-01-12 10:56 - 2009-07-13 23:13 - 001555646 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-12 10:56 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2020-01-10 15:35 - 2017-05-31 16:02 - 000000000 ____D C:\Windows\pss
2020-01-10 13:06 - 2013-05-30 17:59 - 000000000 ____D C:\Program Files (x86)\Nero
2020-01-10 13:06 - 2013-05-30 16:45 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-01-10 12:56 - 2014-11-20 17:38 - 000000000 ____D C:\Users\VASQUEZ\AppData\Roaming\Media Player Classic
2020-01-10 12:55 - 2013-05-30 07:28 - 000000000 ____D C:\Windows\Panther
2020-01-10 12:49 - 2019-04-22 15:42 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-01-10 12:49 - 2019-04-22 15:42 - 000000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-01-10 12:49 - 2018-03-31 19:18 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-09 12:37 - 2016-06-02 21:28 - 000000000 ____D C:\Users\VASQUEZ\AppData\Local\ElevatedDiagnostics
2020-01-09 12:09 - 2014-11-20 20:48 - 000000000 ____D C:\Users\VASQUEZ\AppData\Roaming\SolidDocuments
2020-01-07 22:04 - 2015-05-24 20:30 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-07 22:04 - 2015-05-24 20:30 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-07 22:04 - 2013-05-30 15:14 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-30 18:47 - 2014-11-20 18:05 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-24 22:37 - 2019-04-22 15:44 - 000004458 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-24 22:37 - 2015-07-10 13:52 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-24 22:37 - 2015-05-11 18:19 - 000004320 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-12-24 22:37 - 2013-05-30 23:24 - 000002798 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2019-12-24 22:37 - 2013-05-30 15:14 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-24 22:37 - 2013-05-30 15:14 - 000003344 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-24 22:30 - 2015-12-06 21:24 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-12-24 19:35 - 2019-06-23 12:43 - 000000000 ____D C:\Users\VASQUEZ\AppData\Roaming\.minecraft
2019-12-24 18:10 - 2019-06-23 12:40 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher

==================== Archivos en la raíz de algunos directorios ========

2015-05-20 09:24 - 2015-05-20 09:28 - 000003584 _____ () C:\Users\VASQUEZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2020-01-09 12:30
==================== Final de FRST.txt ========================
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 15-01-2020
Ejecutado por VASQUEZ (16-01-2020 12:54:33)
Ejecutado desde D:\Users\VASQUEZ\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-11-20 23:38:20)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-3635118186-2907849737-3350028575-500 - Administrator - Disabled)
Invitado (S-1-5-21-3635118186-2907849737-3350028575-501 - Limited - Disabled)
VASQUEZ (S-1-5-21-3635118186-2907849737-3350028575-1001 - Administrator - Enabled) => C:\Users\VASQUEZ

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

1Click DVD Copy Pro 4.3.1.1 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version:  - LG Software Innovations)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Reader XI (11.0.22) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Aplicación para detectar Winamp (HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Apple Application Support (32 bits) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2153.120 - Los creadores de Avast Secure Browser)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.438 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Dream Aquarium 1.234 (HKLM-x32\...\Dream Aquarium) (Version: 1.234 - Dream Aquarium Screensaver)
Epic Games Launcher (HKLM-x32\...\{688B6799-8427-42C9-8C6A-ABFADCE86EBC}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\{6B82E0C6-A4AE-33D0-AE21-E2FE19E7CB32}) (Version: 79.0.3945.117 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)
iTunes (HKLM\...\{9C4D8598-C1F2-468E-B587-F85558AA5EEE}) (Version: 12.9.4.102 - Apple Inc.)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
K-Lite Codec Pack 9.9.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.0 - )
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Encarta 2009 Biblioteca Premium (HKLM-x32\...\{09140081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 47.0.2 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 es-ES)) (Version: 47.0.2 - Mozilla)
Mozilla Firefox 67.0 (x86 es-ES) (HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\Mozilla Firefox 67.0 (x86 es-ES)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{B0AE1850-DA08-4E88-BC39-3D3BCCCEFF37}) (Version: 16.0.01500 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero TuneItUp Free (HKLM-x32\...\Nero_tuneitup_is1) (Version: 2.3.2.743 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
NoteWorthy Composer 2 Viewer (HKLM-x32\...\NoteWorthy Composer 2 Viewer) (Version: Version 2.75a.2 - NoteWorthy Software, Inc.)
OEM Share Pack (HKLM-x32\...\{0c8ebb00-4909-459c-8347-b2068b7f0319}) (Version: 2.0 - CyberLink Corp.) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Photoshop CS4 (HKLM-x32\...\{2716C870-B0F4-4DA7-8775-CE68336C0665}) (Version: 1.0.0 - Wender Hack)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PlantasVsZombis-GOTY versión Maleck Edition (HKLM-x32\...\{4156CEC7-5DAC-4950-86CB-1107565A172B}_is1) (Version: Maleck Edition - Maleck Corp)
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0003 - Nero AG) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.2 r1116 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SierraHome Print Artist 8 (HKLM-x32\...\Print Artist 8) (Version:  - )
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Solid Converter PDF (HKLM-x32\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 6.0.664.0 - SolidDocuments)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.10.2.1 - ) <==== ATENCIÓN
Unity Web Player (HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 10.0.0.3 - SOSVirus (SOSVirus.Net))
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Xilisoft Convertidor de Vídeo HD 6 (HKLM-x32\...\Xilisoft HD Video Converter 6) (Version: 6.0.12.0914 - Xilisoft)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2013-04-29] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\VASQUEZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Módulos cargados (Lista blanca) =============

2013-05-30 15:26 - 2007-09-02 13:57 - 000069632 _____ () [Archivo no firmado] C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-05-30 22:10 - 2009-09-10 06:05 - 000024576 _____ () [Archivo no firmado] C:\Windows\System32\solidlocalmon.dll
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [Archivo no firmado] C:\Program Files\7-Zip\7-zip.dll
2019-04-04 20:41 - 2018-09-05 21:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Archivo no firmado] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2009-07-13 20:34 - 2019-01-04 07:29 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VASQUEZ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\Windows\pss\Avast Cleanup Premium.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast SecureLine VPN.lnk => C:\Windows\pss\Avast SecureLine VPN.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{27F3E203-3005-40A9-899F-3AD48BCF0BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EEC4B821-F523-457B-A394-03AE1D205AE5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D3462AC6-ED35-47D9-A9D4-2BE8F1054ECA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B49901F-20F5-41B6-8407-0ABC9F6F8D17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A9F4073-B558-4053-BA78-8A85BA735F14}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{401E81B2-1715-44D9-B1BF-878A086C14B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe Ningún archivo
FirewallRules: [{1B44DDBF-85B8-4524-960E-3BDF664271CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink -> CyberLink)
FirewallRules: [{5B8795CE-1EE7-4419-8147-600203131623}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{2ED47CD1-8E6C-48A7-8D1A-013E49062D63}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{179F7FC0-FB16-4E87-B475-D3C5EF915EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{74C419B3-A06E-4820-8A36-2A7ED35A817E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [TCP Query User{903303F8-551C-4091-B372-F0FE94F87A00}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{2C4A084E-A382-4A99-9D4F-730E0A0EE67D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{5804C567-D795-455F-A3CB-766531A0796B}C:\users\vasquez\appdata\local\temp\rarsfx0\kmservice.exe] => (Allow) C:\users\vasquez\appdata\local\temp\rarsfx0\kmservice.exe Ningún archivo
FirewallRules: [UDP Query User{E885411B-BE99-4B0F-841F-105DBD81D340}C:\users\vasquez\appdata\local\temp\rarsfx0\kmservice.exe] => (Allow) C:\users\vasquez\appdata\local\temp\rarsfx0\kmservice.exe Ningún archivo
FirewallRules: [{A3732F0B-CCB0-495E-A242-D2B1160A7B79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C25BCFA1-BEA0-4226-B15A-48D828DCEAFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07B69FDC-DD32-495B-B170-4E430312CB33}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{5823D579-D847-4FE2-80E3-A353ED92650C}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{BD03AF26-4149-45E6-AC79-C5E6BCD06260}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{5A78FFF6-B947-48FD-8475-0192407E60F8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B95E139-07FB-4BD3-BB67-5258A186DBDB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B4A8953A-1E33-4E81-A563-586508847590}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{800E463B-12E0-4BC7-B459-A767D583C566}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9967DC6-72F3-4FDF-92FF-5FC90B316F2A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{56CED62F-770B-4D72-B44D-D564187F1531}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C8CC4B4D-9E85-42CB-8A29-FF9FE40B5F81}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{9A794330-8506-4784-B6A3-2D738BA0AFAF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{27A70EA9-700B-4434-AF9D-71EE33BAA8AD}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{95625E35-1C7D-426E-B227-DCE3F09EDFE8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1C3B71A9-6BEB-4756-A2F6-1A4A180FE56D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{20F9E95A-8093-4B17-93AD-D17836733650}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8A94A07B-F7AF-4C9C-861F-7C2753A71D5C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{871CEFBB-0A07-4E9D-8B1B-B3487CC7F911}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{D08B0F7B-A5A1-4191-B3AD-91D247D9B3D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Puntos de Restauración =========================

06-10-2019 18:28:51 Punto de control programado
19-11-2019 07:10:48 Punto de control programado
28-11-2019 10:45:48 Punto de control programado
11-12-2019 14:14:11 Punto de control programado
09-01-2020 12:37:04 Punto de control programado
10-01-2020 13:06:30 AdwCleaner_BeforeCleaning_10/01/2020_13:06:28

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: Adaptador de tunelización Teredo de Microsoft
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (01/16/2020 12:33:28 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (01/16/2020 12:22:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (01/13/2020 04:20:22 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (01/13/2020 03:20:19 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (01/13/2020 02:20:27 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (01/13/2020 01:22:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (01/13/2020 01:00:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (01/13/2020 12:56:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MBAMService.exe, versión: 3.2.0.874, marca de tiempo: 0x5da8d87c
Nombre del módulo con errores: ScanControllerImpl.dll, versión: 3.2.0.1087, marca de tiempo: 0x5df3bcee
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000006bc6e
Id. del proceso con errores: 0xd7c
Hora de inicio de la aplicación con errores: 0x01d5ca420f056180
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Ruta de acceso del módulo con errores: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Id. del informe: 57b5eb23-3636-11ea-b5f3-d43d7e6b5ad3


Errores del sistema:
=============
Error: (01/16/2020 12:22:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 04:42:51 p.m. del ‎13/‎01/‎2020 resultó inesperado.

Error: (01/13/2020 04:41:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtection no pudo iniciarse debido al siguiente error: 
Recursos insuficientes en el sistema para completar el servicio solicitado.

Error: (01/13/2020 01:07:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/13/2020 01:07:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\VASQUEZ\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (01/13/2020 01:07:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/13/2020 01:07:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\VASQUEZ\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (01/13/2020 01:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/13/2020 01:07:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\VASQUEZ\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.


==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. V1.8 11/07/2012
Placa base: MSI H61M-P20 (G3) (MS-7788)
Procesador: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz
Porcentaje de memoria en uso: 88%
RAM física total: 1935.46 MB
RAM física disponible: 213.34 MB
Virtual total: 4846.46 MB
Virtual disponible: 2472.46 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:172.45 GB) (Free:116.11 GB) NTFS
Drive d: (Documentos) (Fixed) (Total:292.97 GB) (Free:245.83 GB) NTFS

\\?\Volume{7f6057b1-710c-11e4-9f06-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B24827E7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=172.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================
```

Hola @Rodvi_Julio

Paso 1: Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Avast Secure Browser

Manual de Revo Uninstaller.

Paso 2: Realiza lo siguiente:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\MountPoints2: {b1210781-c970-11e2-b26d-00235a33605b} - H:\autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-28] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {00F5DD69-1339-4504-8EC3-8F2ADE1B93C1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3673424 2014-07-21] (Nero AG -> Nero AG)
Task: {2BEF61D3-20D4-4EC9-B31B-DB2DE3836E13} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {594097F1-8DEA-4108-A61D-E4771E06FC56} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {85FC1A10-B90B-4C44-B878-70DA10979F6D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {F5486E63-B62D-40FE-8A68-9C4B594DE180} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {FF83F14D-C7D1-4AE6-B0E9-6F694CC99FC4} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.gt
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://latam.msn.com/
Toolbar: HKU\S-1-5-21-3635118186-2907849737-3350028575-1001 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Ningún archivo
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [Archivo no firmado]
FF Plugin: @microsoft.com/GENUINE -> disabled [Ningún archivo]
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
CHR NewTab: Profile 3 ->  Not-active:"chrome-extension://mghcamdjeipmgpgodmahidjmaibecaeh/stubby.html"
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13]
CHR Extension: (Ask App for iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-06-10]
CHR Extension: (iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-10]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-30]
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <no encontrado>
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2020-01-13 15:13 - 2020-01-13 15:14 - 000000000 ____D C:\KVRT_Data
2020-01-10 13:06 - 2013-05-30 17:59 - 000000000 ____D C:\Program Files (x86)\Nero
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas como sientes el equipo.

Salu2.

1 me gusta

perdón por la demora

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 22-01-2020 01
Ejecutado por VASQUEZ (22-01-2020 21:29:02) Run:1
Ejecutado desde D:\Users\VASQUEZ\Desktop
Perfiles cargados: VASQUEZ (Perfiles disponibles: VASQUEZ)
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\MountPoints2: {b1210781-c970-11e2-b26d-00235a33605b} - H:\autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-28] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricci�n <==== ATENCI�N
Task: {00F5DD69-1339-4504-8EC3-8F2ADE1B93C1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3673424 2014-07-21] (Nero AG -> Nero AG)
Task: {2BEF61D3-20D4-4EC9-B31B-DB2DE3836E13} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {594097F1-8DEA-4108-A61D-E4771E06FC56} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {85FC1A10-B90B-4C44-B878-70DA10979F6D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {F5486E63-B62D-40FE-8A68-9C4B594DE180} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {FF83F14D-C7D1-4AE6-B0E9-6F694CC99FC4} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.gt
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://latam.msn.com/
Toolbar: HKU\S-1-5-21-3635118186-2907849737-3350028575-1001 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Ning�n archivo
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [Archivo no firmado]
FF Plugin: @microsoft.com/GENUINE -> disabled [Ning�n archivo]
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
CHR NewTab: Profile 3 ->  Not-active:"chrome-extension://mghcamdjeipmgpgodmahidjmaibecaeh/stubby.html"
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13]
CHR Extension: (Ask App for iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-06-10]
CHR Extension: (iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-10]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-30]
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <no encontrado>
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2020-01-13 15:13 - 2020-01-13 15:14 - 000000000 ____D C:\KVRT_Data
2020-01-10 13:06 - 2013-05-30 17:59 - 000000000 ____D C:\Program Files (x86)\Nero
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Procesos cerrados correctamente.
El punto de restauración fue creado correctamente.
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1210781-c970-11e2-b26d-00235a33605b} => eliminado correctamente
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} => no encontrado
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00F5DD69-1339-4504-8EC3-8F2ADE1B93C1}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F5DD69-1339-4504-8EC3-8F2ADE1B93C1}" => eliminado correctamente
C:\Windows\System32\Tasks\Nero\Nero Info => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BEF61D3-20D4-4EC9-B31B-DB2DE3836E13}" => no encontrado
"C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Logon)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{594097F1-8DEA-4108-A61D-E4771E06FC56}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{594097F1-8DEA-4108-A61D-E4771E06FC56}" => eliminado correctamente
C:\Windows\System32\Tasks\Avast TUNEUP Update => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast TUNEUP Update" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FC1A10-B90B-4C44-B878-70DA10979F6D}" => no encontrado
"C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5486E63-B62D-40FE-8A68-9C4B594DE180}" => no encontrado
"C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF83F14D-C7D1-4AE6-B0E9-6F694CC99FC4}" => no encontrado
"C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => no encontrado
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => valor restaurado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => eliminado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => eliminado correctamente
HKLM\Software\Classes\PROTOCOLS\Handler\ms-help => eliminado correctamente
HKLM\Software\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294} => eliminado correctamente
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => eliminado correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => movido correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
"C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll" => no encontrado
"Chrome NewTab" => eliminado correctamente
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Ask App for iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-06-10] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-10] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-30] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16] => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => eliminado correctamente
HKLM\System\CurrentControlSet\Services\VGPU => eliminado correctamente
VGPU => servicio eliminado correctamente
C:\KVRT_Data => movido correctamente
C:\Program Files (x86)\Nero => movido correctamente
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => eliminado correctamente
"BVTFilter" => eliminado correctamente
"BVTConsumer" => eliminado correctamente

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

Error al renovar la interfaz Conexi¢n de  rea local : El nombre especificado en el bloque de control de red (NCB) est  en uso en un adaptador remoto.
El NCB son los datos.
 

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17099513 B
Java, Flash, Steam htmlcache => 541 B
Windows/system/drivers => 8687796 B
Edge => 0 B
Chrome => 299346205 B
Firefox => 31093210 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 153217 B
Public => 153217 B
ProgramData => 153217 B
systemprofile => 170019 B
systemprofile32 => 236375 B
LocalService => 236375 B
NetworkService => 236375 B
PC64 => 392055 B
VASQUEZ => 30534482 B

RecycleBin => 2492 B
EmptyTemp: => 378.5 MB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 21:30:20 ====

Hola @Rodvi_Julio

Perfecto…:+1:

Olvidaste comentar como sientes el equipo.

Salu2

1 me gusta

Hola @SanMar es verdad, esta mejor ya se siente diferente,muchas gracias por la ayuda . solo el Programa “Nero” salta la instalación pero lo he cancelado.

Hola @Rodvi_Julio

Tu nero era muy pirata :grin:

Vuelve a ejecutar FRST como ya lo has hecho y nos pegas sus reportes.

Salu2

me seguía saliendo algo de nero , mejor desinstale el Nero

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 27-01-2020
Ejecutado por VASQUEZ (27-01-2020 21:41:24) Run:2
Ejecutado desde D:\Users\VASQUEZ\Desktop
Perfiles cargados: VASQUEZ (Perfiles disponibles: VASQUEZ)
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\...\MountPoints2: {b1210781-c970-11e2-b26d-00235a33605b} - H:\autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-28] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricci�n <==== ATENCI�N
Task: {00F5DD69-1339-4504-8EC3-8F2ADE1B93C1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3673424 2014-07-21] (Nero AG -> Nero AG)
Task: {2BEF61D3-20D4-4EC9-B31B-DB2DE3836E13} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {594097F1-8DEA-4108-A61D-E4771E06FC56} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {85FC1A10-B90B-4C44-B878-70DA10979F6D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {F5486E63-B62D-40FE-8A68-9C4B594DE180} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {FF83F14D-C7D1-4AE6-B0E9-6F694CC99FC4} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.gt
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://latam.msn.com/
Toolbar: HKU\S-1-5-21-3635118186-2907849737-3350028575-1001 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Ning�n archivo
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [Archivo no firmado]
FF Plugin: @microsoft.com/GENUINE -> disabled [Ning�n archivo]
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
CHR NewTab: Profile 3 ->  Not-active:"chrome-extension://mghcamdjeipmgpgodmahidjmaibecaeh/stubby.html"
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13]
CHR Extension: (Ask App for iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-06-10]
CHR Extension: (iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-10]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-30]
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <no encontrado>
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2020-01-13 15:13 - 2020-01-13 15:14 - 000000000 ____D C:\KVRT_Data
2020-01-10 13:06 - 2013-05-30 17:59 - 000000000 ____D C:\Program Files (x86)\Nero
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Procesos cerrados correctamente.
El punto de restauración fue creado correctamente.
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1210781-c970-11e2-b26d-00235a33605b} => no encontrado
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} => no encontrado
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F5DD69-1339-4504-8EC3-8F2ADE1B93C1}" => no encontrado
"C:\Windows\System32\Tasks\Nero\Nero Info" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BEF61D3-20D4-4EC9-B31B-DB2DE3836E13}" => no encontrado
"C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Logon)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{594097F1-8DEA-4108-A61D-E4771E06FC56}" => no encontrado
"C:\Windows\System32\Tasks\Avast TUNEUP Update" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast TUNEUP Update" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FC1A10-B90B-4C44-B878-70DA10979F6D}" => no encontrado
"C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5486E63-B62D-40FE-8A68-9C4B594DE180}" => no encontrado
"C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly)" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF83F14D-C7D1-4AE6-B0E9-6F694CC99FC4}" => no encontrado
"C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => no encontrado
HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => valor restaurado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => no encontrado
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => no encontrado
HKLM\Software\Classes\PROTOCOLS\Handler\ms-help => no encontrado
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => no encontrado
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
"C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll" => no encontrado
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
"C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll" => no encontrado
"Chrome NewTab" => eliminado correctamente
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Ask App for iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-06-10] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (iLivid) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-06-10] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-30] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Avast Online Security) - C:\Users\VASQUEZ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16] => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => no encontrado
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => no encontrado
VGPU => servicio no encontrado.
"C:\KVRT_Data" => no encontrado
"C:\Program Files (x86)\Nero" => no encontrado
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => no encontrado
"BVTFilter" => no encontrado
"BVTConsumer" => no encontrado

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

Error al renovar la interfaz Conexi¢n de  rea local : El nombre especificado en el bloque de control de red (NCB) est  en uso en un adaptador remoto.
El NCB son los datos.
 

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3635118186-2907849737-3350028575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5140073 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 77082854 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
PC64 => 0 B
VASQUEZ => 3145066 B

RecycleBin => 0 B
EmptyTemp: => 89.4 MB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 21:41:59 ====

Hola @Rodvi_Julio

Tal vez no fui clara, me refería a que ejecutaras FRST como la primera vez que te lo indique en el Post 8.

Salu2