Malware deshabilita mis programas de protección

Hola @Jaime64

No respondiste a mi pregunta.

Tienes los reportes de esos programas? Si los tienes los pegas por favor.

Salu2

Intenté ingresar en modo segura pero la PC se apagaba.

Voy a buscar los reportes.

No encuentro el informe de Avast. Donde lo busco?

Hola @Jaime64

No te pedí el reporte de Avast.

Te dejo los Manuales para que sepas ubicar los reportes:

Nos comentas.

Salu2

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 5/12/19
Hora del análisis: 16:43
Archivo de registro: dae01348-179f-11ea-9021-00ffdc353fda.json
Administrador: Sí

-Información del software-
Versión: 3.2.2.2029
Versión de los componentes: 1.0.212
Versión del paquete de actualización: 1.0.13687
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: ADM-ll-PC\ADM-ll

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Resultado: Completado
Objetos analizados: 147693
Amenazas detectadas: 0
(No hay elementos maliciosos detectados)
Amenazas en cuarentena: 0
(No hay elementos maliciosos detectados)
Tiempo transcurrido: 2 hr, 39 min, 3 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)


(end)´´´

Este es el informe de Malwarebites el de Eset Online Scanner, no lo encuentro.

13:28:15 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_ESL.exe=2.0.17.0
# EOSSerial=49980744a24e904082759a1f386ead5c
# end=init
# utc_time=2019-12-05 17:28:05
# local_time=2019-12-05 13:28:05 (-0400, Hora estándar de Venezuela)
# country="Bolivarian Republic of Venezuela"
# osver=6.1.7601 NT Service Pack 1
13:30:51 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_ESL.exe=2.0.22.0
# EOSSerial=49980744a24e904082759a1f386ead5c
# end=init
# utc_time=2019-12-05 17:30:47
# local_time=2019-12-05 13:30:47 (-0400, Hora estándar de Venezuela)
# country="Bolivarian Republic of Venezuela"
# osver=6.1.7601 NT Service Pack 1
13:31:30 Call m_esets_charon_setup_create
13:31:30 Call m_esets_charon_create
13:31:30 m_esets_charon_create OK
13:31:30 Call m_esets_charon_start_send_thread
13:31:30 Call m_esets_charon_setup_set
13:31:30 m_esets_charon_setup_set OK
13:31:40 Updating
13:31:40 Update Init
13:31:59 Call m_esets_charon_setup_create
13:31:59 Call m_esets_charon_create
13:31:59 m_esets_charon_setup_set ERROR
13:31:59 Update Download
14:00:16 esets_scanner_update returned -1 esets_gle=12
14:00:16 g_uiModuleBuild: 42145
14:00:16 Update Finalize
14:00:16 Call m_esets_charon_send
14:00:16 Call m_esets_charon_destroy
14:00:17 Retrying Update
14:00:17 Updating
14:00:17 Update Init
14:00:33 Call m_esets_charon_setup_create
14:00:33 Call m_esets_charon_create
14:00:33 m_esets_charon_setup_set ERROR
14:00:33 Update Download
14:22:29 esets_scanner_update returned -1 esets_gle=12
14:22:29 g_uiModuleBuild: 42145
14:22:29 Update Finalize
14:22:29 Call m_esets_charon_send
14:22:29 Call m_esets_charon_destroy
14:22:30 Retrying Update
14:22:30 Updating
14:22:30 Update Init
14:22:43 Call m_esets_charon_setup_create
14:22:43 Call m_esets_charon_create
14:22:43 m_esets_charon_setup_set ERROR
14:22:43 Update Download
14:52:50 esets_scanner_reload returned 0
14:52:50 g_uiModuleBuild: 43678
14:52:50 Update Finalize
14:52:50 Call m_esets_charon_send
14:52:50 Call m_esets_charon_destroy
14:52:50 Updated modules version: 43678
14:53:09 Call m_esets_charon_setup_create
14:53:09 Call m_esets_charon_create
14:53:09 m_esets_charon_setup_set ERROR
14:53:09 Scanner engine: 43678
16:23:34 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_ESL.exe=2.0.22.0
# EOSSerial=49980744a24e904082759a1f386ead5c
# engine=43678
# end=finished
# bannerClicked=0
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2019-12-05 20:23:32
# local_time=2019-12-05 16:23:32 (-0400, Hora estándar de Venezuela)
# country="Bolivarian Republic of Venezuela"
# lang=13322
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avast Antivirus'
# compatibility_mode=818 16777213 83 98 0 5771039 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3768342 327122203 0 0
# scanned=121755
# found=4
# cleaned=2
# scan_time=4686
sh=CCEE4E865C59426F5486E515E3AA5D7D53821A14 ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (error al eliminando (Acceso denegado))" ac=I fn="C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe"
sh=CCEE4E865C59426F5486E515E3AA5D7D53821A14 ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (error al eliminando (Acceso denegado))" ac=I fn="C:\Program Files\AVAST Software\Avast\setup\offertool_ais-959.vpx"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Chromex.Agent.AP troyano (desinfectado por eliminación)" ac=C fn="C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.10_0\js\background.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Chromex.Agent.AP troyano (desinfectado por eliminación)" ac=C fn="C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple\1.5.3_0\js\contentScripts\contentScript.js"
16:23:36 RecursiveRemoveDirectoryAndAllFiles: C:\Users\ADM-ll\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
16:23:37 Call m_esets_charon_send
16:23:37 Call m_esets_charon_destroy
19:41:11 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_ESL.exe=2.0.22.0
# EOSSerial=49980744a24e904082759a1f386ead5c
# end=init
# utc_time=2019-12-06 23:41:10
# local_time=2019-12-06 19:41:10 (-0400, Hora estándar de Venezuela)
# country="Bolivarian Republic of Venezuela"
# osver=6.1.7601 NT Service Pack 1
19:41:21 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_ESL.exe=2.0.22.0
# EOSSerial=49980744a24e904082759a1f386ead5c
# end=init
# utc_time=2019-12-06 23:41:19
# local_time=2019-12-06 19:41:19 (-0400, Hora estándar de Venezuela)
# country="Bolivarian Republic of Venezuela"
# osver=6.1.7601 NT Service Pack 1
19:42:04 RecursiveRemoveDirectoryAndAllFiles: C:\Users\ADM-ll\AppData\Local\ESET\ESETOnlineScanner\Quarantine\

Este es el informe de ESET.

Hola @Jaime64

Tienes una versión antigua de Malwarebytes

La desinstalas con su >>> Herramienta especifica.

No la reinstales aun.

Luego de reiniciar realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

1 me gusta
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2019
Ran by ADM-ll (administrator) on ADM-LL-PC (BIOSTAR Group P4M89-M7B) (07-12-2019 17:54:55)
Running from C:\Users\ADM-ll\Desktop
Loaded Profiles: ADM-ll (Available Profiles: ADM-ll & Invitado)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Mega Limited -> Mega Limited) C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\PAStiSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.) C:\Windows\System32\VTTrayp.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.) C:\Windows\System32\VTTimer.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\Notifier.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomClient.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(TEFINCOM S.A. -> ) C:\Program Files\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files\NordVPN\NordVPN.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VTTimer] => C:\Windows\system32\VTTimer.exe [53248 2006-09-21] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\Windows\system32\VTtrayp.exe [176128 2007-02-06] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.)
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [339968 2005-10-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files\OkayFreedom\Notifier.exe [4528120 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [7516152 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\77.2.2152.121\Installer\chrmstp.exe [2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-06-04]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08263D59-90EF-4BA3-A1A4-FD28A40E350E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {156669DC-4EFF-4D12-8B97-34EB261338FE} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {223CDF49-F75B-4D20-A61C-DFBE958CF008} - System32\Tasks\{C019E3AC-4A62-442F-A8F9-A809428A0BCB} => C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny\Yugi_Pc.exe
Task: {2C28409A-DE27-4724-86D0-6D764FF77EE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154920 2019-08-12] (Google Inc -> Google LLC)
Task: {305E713F-C588-47FC-8FD6-6A24F40EA8EF} - System32\Tasks\{930691F8-3F6D-4037-ABA4-C70E99C382F4} => C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny\Yugi_Pc.exe
Task: {31B9C9AE-50CE-4698-904C-E2E905079724} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {3322BD21-D023-44EC-92B6-C5DDD1684D3F} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17345144 2019-11-02] (Goversoft LLC -> Goversoft LLC)
Task: {346F6EC4-05B0-448B-A8B8-C514489E63D4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {36357D70-339B-45DA-B838-8188B1CDBC3C} - System32\Tasks\{E239BC8F-9439-4779-B8AB-D19DC9E7F85B} => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [7516152 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
Task: {3B3FB056-AC60-476C-9FAA-2A173F6CE92E} - System32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny\unins000.exe" -d "C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny"
Task: {5508A693-0760-4C04-A0C2-6A430397F8D7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2707563477-1181458908-4289881501-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2576384 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {5817FC76-4527-4B96-9B91-0AE638B72689} - System32\Tasks\Opera scheduled Autoupdate 1543873804 => C:\Program Files\Opera\launcher.exe [1346584 2019-12-04] (Opera Software AS -> Opera Software)
Task: {629D5DF9-2B0B-4667-8F78-78397F81AD50} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {6FBC92E4-931E-4DE3-8599-271592277118} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-27] (Adobe Inc. -> Adobe)
Task: {81E895A7-18FF-4A8D-AB8C-9811FE10131A} - System32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270} => C:\Windows\system32\pcalua.exe -a "C:\Users\ADM-ll\Downloads\Nueva carpeta (2)\UNINSTL.EXE" -d "C:\Users\ADM-ll\Downloads\Nueva carpeta (2)"
Task: {993B15C2-E666-4DFC-B441-077B0AA9D20D} - System32\Tasks\{11118543-EB2F-4408-95F5-678A1332DF7D} => C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny\Yugi_Pc.exe
Task: {A71007E4-7FE3-4D06-A976-72A4189E09FB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {ABAD3AE3-BA09-4B24-B3FC-E4851BA8A5C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-27] (Adobe Inc. -> Adobe)
Task: {ACF5552D-3B73-4E67-A7B6-C42115436C5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154920 2019-08-12] (Google Inc -> Google LLC)
Task: {B577233D-F322-4B75-A545-37E5A7B33B16} - System32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6} => C:\Windows\system32\pcalua.exe -a "C:\Users\ADM-ll\Downloads\All Cards by BlizzBoyGames.exe" -d C:\Users\ADM-ll\Downloads
Task: {D03A3E5E-1090-497B-9F9B-337E23FAD5BE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {F159A567-2F65-44DD-808D-9AFD66D52BAA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2707563477-1181458908-4289881501-1000 => C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-09-27] (Mega Limited -> Mega Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7CF52F30-F611-40F7-A761-0454563ED30E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A6AB16E2-95EC-4122-8C42-858AB1EBA06D}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{DC353FDA-719D-4262-8E14-F5FB49B22199}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-11-14] (McAfee, LLC -> McAfee, Inc.)

FireFox:
========
FF DefaultProfile: w5oi6h56.default-1551223974728
FF ProfilePath: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 [2019-12-06]
FF Homepage: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF NewTab: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> hxxps://maranhesduve.club; hxxps://subtitlesplus.com; hxxps://www.abc.es; hxxps://www.youtube.com; hxxps://forospyware.com
FF Extension: (Avira Navegación segura) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (media-capture) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (HTTPS Everywhere) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-11-18]
FF Extension: (Español (México) Language Pack) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-07-17]
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-10-12]
FF Extension: (square red) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{8de1c33e-d562-43ef-9122-6cfb439df06c}.xpi [2019-05-13]
FF Extension: (Video DownloadHelper) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF SearchPlugin: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\searchplugins\yahoo-avast.xml [2019-07-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-11-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Profile: C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default [2019-12-07]
CHR Extension: (Presentaciones) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-11]
CHR Extension: (Flash Video Downloader) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-07-29]
CHR Extension: (Documentos) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-11]
CHR Extension: (Google Drive) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-03]
CHR Extension: (Video Downloader professional) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacakpdjpomjaelpkpkabmedhkoongbi [2019-11-03]
CHR Extension: (YouTube) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-03]
CHR Extension: (Hojas de cálculo) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-11]
CHR Extension: (KProxy Extension) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2019-09-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-11]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-11-24]
CHR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Mp3 Songs Download) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifeaicfhbgimajeibbceipjefbldmlod [2018-12-11]
CHR Extension: (PP VPN gratuito Desbloqueo de seguridad VPN / Proxy) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljopmgdobloagejpohpldgkiellmfnc [2019-10-30]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Gmail) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-01]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera: 
=======
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-11-23]
OPR Extension: (Dailymotion Video Downloader) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\kagkcnmcjinolcgoanmodncaddocbahi [2019-10-08]
OPR Extension: (No Name) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2019-12-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5035312 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373928 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\77.2.2152.121\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S4 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [689872 2019-11-14] (McAfee, LLC -> McAfee, Inc.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [222240 2019-12-03] (TEFINCOM S.A. -> )
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [295944 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 UDisk Monitor Driver; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [577536 2012-09-29] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-06-15] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [411088 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691528 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394856 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (Microsoft Windows -> VIA Technologies, Inc. )
S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Incorporated)
S3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-04-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23552 2019-04-23] (OpenVPN Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [31496 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [281856 2007-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-07 17:54 - 2019-12-07 17:56 - 000025050 _____ C:\Users\ADM-ll\Desktop\FRST.txt
2019-12-07 17:53 - 2019-12-07 17:55 - 000000000 ____D C:\FRST
2019-12-07 17:50 - 2019-12-07 17:51 - 001991680 _____ (Farbar) C:\Users\ADM-ll\Desktop\FRST.exe
2019-12-07 01:41 - 2019-12-07 01:45 - 000029246 _____ C:\Users\ADM-ll\Desktop\mb-clean-results.txt
2019-12-06 23:04 - 2019-12-06 23:05 - 000138760 _____ C:\Windows\Minidump\120619-35365-01.dmp
2019-12-06 21:06 - 2019-12-06 21:06 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-12-06 21:06 - 2019-12-06 21:06 - 000003138 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-12-06 21:06 - 2019-12-06 21:06 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-12-06 21:06 - 2019-12-06 21:06 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-12-06 21:06 - 2019-12-06 21:06 - 000002406 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2019-12-06 20:57 - 2019-12-06 20:57 - 000003496 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2019-12-06 20:57 - 2019-12-06 20:57 - 000003368 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2019-12-06 20:55 - 2019-12-06 20:56 - 002793832 _____ C:\Users\ADM-ll\Downloads\avast_secure_browser_setup.exe
2019-12-06 19:35 - 2019-12-06 19:35 - 000002095 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2019-12-06 19:35 - 2019-12-06 19:35 - 000002095 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2019-12-06 19:35 - 2019-12-06 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2019-12-06 19:35 - 2019-12-06 19:35 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2019-12-06 18:01 - 2019-12-06 18:01 - 000000000 __SHD C:\found.001
2019-12-05 20:17 - 2019-10-12 11:18 - 000305032 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-12-05 19:31 - 2019-12-05 19:38 - 000000000 ____D C:\AdwCleaner
2019-12-04 17:36 - 2019-12-04 17:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-04 17:25 - 2019-12-04 17:25 - 000138760 _____ C:\Windows\Minidump\120419-44382-01.dmp
2019-12-04 10:44 - 2019-12-04 10:44 - 000000000 __SHD C:\found.000
2019-12-03 16:20 - 2019-12-03 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-12-02 13:34 - 2019-12-02 13:35 - 000067122 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Rambo.Last.Blood..2019..[BluRay]..1080p..[YTS.LT].torrent
2019-12-01 18:03 - 2019-12-01 18:04 - 000038179 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Rambo.Last.Blood..2019..[BluRay].[720p].[YTS.LT].torrent
2019-11-27 18:31 - 2019-11-27 18:31 - 000017862 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Greta.2018.1080p.Dual.Lat.Cinecalidad.torrent
2019-11-18 14:44 - 2019-11-18 14:44 - 000138760 _____ C:\Windows\Minidump\111819-40326-01.dmp
2019-11-18 11:34 - 2019-12-06 21:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-15 15:28 - 2019-12-07 17:06 - 000002970 _____ C:\Windows\system32\Tasks\{E239BC8F-9439-4779-B8AB-D19DC9E7F85B}
2019-11-13 10:12 - 2019-11-13 10:12 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom.lnk
2019-11-13 10:12 - 2019-11-13 10:12 - 000001035 _____ C:\Users\Public\Desktop\OkayFreedom.lnk
2019-11-13 10:12 - 2019-11-13 10:12 - 000001035 _____ C:\ProgramData\Desktop\OkayFreedom.lnk
2019-11-13 09:04 - 2019-11-05 17:29 - 004061624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-11-13 09:04 - 2019-11-05 17:29 - 003967416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-11-13 09:04 - 2019-11-05 17:29 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-11-13 09:04 - 2019-11-05 17:29 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-11-13 09:04 - 2019-11-05 17:29 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-11-13 09:04 - 2019-11-05 17:29 - 000164064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-11-13 09:04 - 2019-11-05 17:29 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-11-13 09:04 - 2019-11-05 17:29 - 000106936 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-11-13 09:04 - 2019-11-05 17:29 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-11-13 09:04 - 2019-11-05 17:28 - 000138168 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-11-13 09:04 - 2019-11-05 17:27 - 001316632 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 002368000 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000628224 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000502784 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-11-13 09:04 - 2019-11-05 17:25 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 17:12 - 001312256 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2019-11-13 09:04 - 2019-11-05 17:03 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2019-11-13 09:04 - 2019-11-05 17:03 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2019-11-13 09:04 - 2019-11-05 16:58 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-11-13 09:04 - 2019-11-05 16:58 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-11-13 09:04 - 2019-11-05 16:58 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-11-13 09:04 - 2019-11-05 16:58 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-11-13 09:04 - 2019-11-05 16:58 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-11-13 09:04 - 2019-11-05 16:57 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-11-13 09:04 - 2019-11-05 16:57 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
2019-11-13 09:04 - 2019-11-05 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-11-13 09:04 - 2019-11-05 16:56 - 002407424 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-11-13 09:04 - 2019-11-05 16:55 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-11-13 09:04 - 2019-11-05 16:55 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-11-13 09:04 - 2019-11-05 16:55 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-11-13 09:04 - 2019-11-05 16:55 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-11-13 09:04 - 2019-11-05 16:52 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-11-13 09:04 - 2019-11-05 16:52 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-11-13 09:04 - 2019-11-05 16:52 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-11-13 09:04 - 2019-11-05 16:52 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-11-13 09:04 - 2019-11-05 16:52 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-11-13 09:04 - 2019-11-05 16:52 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-11-13 09:04 - 2019-11-05 16:51 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-11-13 09:04 - 2019-11-05 16:51 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-11-13 09:04 - 2019-11-05 16:51 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-11-13 09:04 - 2019-11-05 16:51 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-11-13 09:04 - 2019-11-05 16:51 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 16:51 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 16:51 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 16:51 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-11-13 09:04 - 2019-11-05 15:43 - 001251840 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-11-13 09:04 - 2019-11-05 15:43 - 000910336 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-11-13 09:04 - 2019-10-26 02:40 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-11-13 09:04 - 2019-10-23 23:23 - 020290048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-11-13 09:04 - 2019-10-23 23:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-11-13 09:04 - 2019-10-23 23:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-11-13 09:04 - 2019-10-23 23:08 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-11-13 09:04 - 2019-10-23 23:08 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-11-13 09:04 - 2019-10-23 23:07 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-11-13 09:04 - 2019-10-23 23:07 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-11-13 09:04 - 2019-10-23 23:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-11-13 09:04 - 2019-10-23 23:04 - 002304000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-11-13 09:04 - 2019-10-23 23:01 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-11-13 09:04 - 2019-10-23 23:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-11-13 09:04 - 2019-10-23 22:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-11-13 09:04 - 2019-10-23 22:58 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-11-13 09:04 - 2019-10-23 22:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-11-13 09:04 - 2019-10-23 22:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-11-13 09:04 - 2019-10-23 22:57 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-11-13 09:04 - 2019-10-23 22:52 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-11-13 09:04 - 2019-10-23 22:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-11-13 09:04 - 2019-10-23 22:45 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-11-13 09:04 - 2019-10-23 22:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-11-13 09:04 - 2019-10-23 22:44 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-11-13 09:04 - 2019-10-23 22:42 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-11-13 09:04 - 2019-10-23 22:41 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-11-13 09:04 - 2019-10-23 22:40 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-11-13 09:04 - 2019-10-23 22:39 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-11-13 09:04 - 2019-10-23 22:35 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-11-13 09:04 - 2019-10-23 22:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-11-13 09:04 - 2019-10-23 22:32 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-11-13 09:04 - 2019-10-23 22:32 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-11-13 09:04 - 2019-10-23 22:32 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-11-13 09:04 - 2019-10-23 22:31 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-11-13 09:04 - 2019-10-23 22:27 - 013838336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-11-13 09:04 - 2019-10-23 22:13 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-11-13 09:04 - 2019-10-23 22:10 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-11-13 09:04 - 2019-10-23 22:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-11-13 09:04 - 2019-09-16 22:31 - 000136928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-11-13 09:04 - 2019-09-16 22:29 - 000599040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-11-13 09:04 - 2019-09-09 22:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 002703360 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-11-13 09:04 - 2019-09-09 20:10 - 001465344 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 000618496 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 000379904 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-11-13 09:04 - 2019-09-09 20:10 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-11-13 09:02 - 2019-11-05 16:54 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-11-12 19:26 - 2019-11-12 19:26 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Steganos Updates
2019-11-07 13:48 - 2019-12-03 16:20 - 000001944 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-11-07 13:48 - 2019-12-03 16:20 - 000001944 _____ C:\ProgramData\Desktop\NordVPN.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-07 17:31 - 2011-04-11 21:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-12-07 17:31 - 2011-04-11 21:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-12-07 17:31 - 2010-11-20 17:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-12-07 17:31 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2019-12-07 17:28 - 2019-10-28 10:43 - 000000048 _____ C:\Users\ADM-ll\Documents\spm.txt
2019-12-07 17:12 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-07 17:12 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-12-07 17:06 - 2019-10-27 13:44 - 000003210 _____ C:\Windows\system32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270}
2019-12-07 17:06 - 2019-10-16 14:03 - 000003024 _____ C:\Windows\system32\Tasks\{930691F8-3F6D-4037-ABA4-C70E99C382F4}
2019-12-07 17:06 - 2019-10-16 14:01 - 000003024 _____ C:\Windows\system32\Tasks\{C019E3AC-4A62-442F-A8F9-A809428A0BCB}
2019-12-07 17:06 - 2019-10-16 14:01 - 000003024 _____ C:\Windows\system32\Tasks\{11118543-EB2F-4408-95F5-678A1332DF7D}
2019-12-07 17:06 - 2019-10-16 14:00 - 000003300 _____ C:\Windows\system32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D}
2019-12-07 17:06 - 2019-10-14 18:49 - 000003172 _____ C:\Windows\system32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6}
2019-12-07 17:06 - 2019-10-12 11:20 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-12-07 17:06 - 2019-10-07 14:15 - 000004454 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-07 17:06 - 2019-08-12 22:34 - 000003460 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-07 17:06 - 2019-08-12 22:33 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-07 17:06 - 2019-07-10 23:01 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-07 17:06 - 2019-07-10 23:01 - 000004290 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-12-07 17:06 - 2019-05-20 07:32 - 000003086 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC
2019-12-07 17:06 - 2018-12-03 17:50 - 000003844 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1543873804
2019-12-07 10:30 - 2019-06-24 11:49 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\AVAST Software
2019-12-07 09:37 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-12-07 01:41 - 2019-03-27 03:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-07 01:41 - 2018-12-02 22:16 - 000000000 ____D C:\Users\ADM-ll\Documents\Programas
2019-12-06 23:04 - 2018-12-02 20:58 - 000000000 ____D C:\Windows\Minidump
2019-12-06 22:57 - 2018-12-04 16:12 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\PrivaZer
2019-12-06 21:23 - 2019-01-03 12:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-12-06 20:59 - 2019-01-02 14:25 - 000000000 ____D C:\Users\ADM-ll\AppData\LocalLow\Mozilla
2019-12-06 20:57 - 2019-10-12 11:14 - 000000000 ____D C:\Program Files\AVAST Software
2019-12-06 19:35 - 2018-12-03 18:03 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Foxit Software
2019-12-06 19:34 - 2019-10-21 14:25 - 000000000 ____D C:\ProgramData\Foxit Software
2019-12-06 16:18 - 2019-10-12 11:19 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-12-06 13:23 - 2018-12-11 10:55 - 000000079 _____ C:\Windows\wininit.ini
2019-12-06 11:39 - 2018-12-03 17:49 - 000000000 ____D C:\Program Files\Opera
2019-12-05 20:18 - 2019-10-12 11:25 - 000002079 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2019-12-05 20:18 - 2019-10-12 11:25 - 000002079 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2019-12-05 19:32 - 2019-05-28 11:30 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\CrashDumps
2019-12-05 15:24 - 2019-08-01 11:09 - 000000000 _____ C:\Windows\system32\last.dump
2019-12-04 17:56 - 2019-06-24 11:38 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-04 13:24 - 2019-11-04 11:28 - 000000000 ____D C:\Users\ADM-ll\Downloads\Doom
2019-12-03 16:20 - 2019-09-30 16:44 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\NordVPN
2019-12-03 16:20 - 2019-09-30 15:12 - 000000000 ____D C:\Program Files\NordVPN
2019-11-30 13:43 - 2019-03-02 15:52 - 000000189 _____ C:\Users\ADM-ll\Documents\cl.txt
2019-11-27 23:23 - 2019-07-10 23:01 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-11-27 23:23 - 2019-07-10 23:01 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-11-27 23:23 - 2019-07-10 23:01 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-27 23:23 - 2019-07-10 22:59 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\Adobe
2019-11-19 12:43 - 2009-07-13 22:04 - 000454085 ____R C:\Windows\system32\Drivers\etc\hosts.20191202-161054.backup
2019-11-18 19:55 - 2019-08-12 22:34 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-18 19:55 - 2019-08-12 22:34 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-18 19:55 - 2019-08-12 22:34 - 000002127 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-13 10:36 - 2019-03-19 04:42 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Steganos
2019-11-13 10:33 - 2019-11-02 22:10 - 000267528 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-13 10:28 - 2018-12-02 21:26 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-11-13 10:28 - 2018-12-02 21:26 - 000000000 ____D C:\Windows\system32\appraiser
2019-11-13 10:28 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-11-13 10:12 - 2019-03-21 16:58 - 000000000 ____D C:\Program Files\OkayFreedom
2019-11-13 10:11 - 2019-03-21 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2019-11-10 11:41 - 2019-10-12 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

==================== Files in the root of some directories ========

2018-12-03 18:53 - 2018-12-03 18:53 - 000001111 _____ () C:\Users\ADM-ll\AppData\Local\gamma_ramp.reg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-20 17:44
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2019
Ran by ADM-ll (07-12-2019 17:57:43)
Running from C:\Users\ADM-ll\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2018-12-03 00:31:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADM-ll (S-1-5-21-2707563477-1181458908-4289881501-1000 - Administrator - Enabled) => C:\Users\ADM-ll
Administrador (S-1-5-21-2707563477-1181458908-4289881501-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2707563477-1181458908-4289881501-1002 - Limited - Enabled)
Invitado (S-1-5-21-2707563477-1181458908-4289881501-501 - Limited - Disabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Street-Boy) All Cards Unlocker (HKLM\...\(Street-Boy) All Cards Unlocker) (Version: 2.0 - )
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version:  - )
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 77.2.2152.121 - Los creadores de Avast Secure Browser)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
Bandicam (HKLM\...\Bandicam) (Version: 4.4.2.1550 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandicam.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.7.0.29455 - Foxit Software Inc.)
Google Chrome (HKLM\...\{F0CA664D-0B4E-39BB-8CF9-CED7DC87AE65}) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.48 - McAfee, LLC.)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 71.0 (x86 en-US) (HKLM\...\Mozilla Firefox 71.0 (x86 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NordVPN (HKLM\...\{72E4C7C0-1D39-40A3-9804-3D56078F25E2}) (Version: 6.26.4 - NordVPN) Hidden
NordVPN (HKLM\...\NordVPN 6.26.4) (Version: 6.26.4 - NordVPN)
NordVPN network TAP (HKLM\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.8.7 - Steganos Software GmbH)
Opera Stable 65.0.3467.62 (HKLM\...\Opera 65.0.3467.62) (Version: 65.0.3467.62 - Opera Software)
PeaZip 6.9.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.9.1 - Giorgio Tani)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.) Hidden
PotPlayer (HKLM\...\PotPlayer) (Version: 1.7.20977 - Kakao Corp.)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.81.0 - Goversoft LLC)
qBittorrent 3.0.5 (HKLM\...\qbittorrent) (Version:  - )
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VIA/S3G Display Driver 6.14.10.0359 (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version:  - )
Yu-Gi-Oh! MythOfAtem v 3.0 (HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Yu-Gi-Oh! MythOfAtem v 3.0) (Version:  - )
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION (HKLM\...\{336DD6B4-B100-4048-B2B7-FBA7059FD959}) (Version: 1.00.0000 - KONAMI)
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (HKLM\...\{485C9280-B899-4D46-86F3-B3E459636EE5}) (Version: 1.00.0000 - KONAMI)
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY 2.0 (HKLM\...\{7F23ED88-D755-4A3A-AB04-E909C7C0330A}) (Version: 2.00.0000 - KONAMI)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-16 00:32 - 2019-10-16 00:32 - 000262656 _____ () [File not signed] C:\Program Files\NordVPN\x86\Liberation.Native.Firewall.dll
2019-03-21 05:00 - 2019-03-21 05:00 - 001172992 _____ () [File not signed] C:\Program Files\OkayFreedom\vpn.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qgif.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qicns.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qico.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qjpeg.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qsvg.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qtga.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qtiff.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qwbmp.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qwebp.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\platforms\qwindows.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2019-12-02 16:10 - 000454085 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15614 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E732550F-E7B1-48EF-AD8B-E765C5C3D5CD}] => (Block) LPort=445
FirewallRules: [{AA1D651E-6191-4184-A1E8-CB0D27C7496D}] => (Block) LPort=139
FirewallRules: [{E934BF20-3388-4756-9538-3292C4D86DC5}] => (Block) LPort=137
FirewallRules: [{C8A4A045-B50D-4F94-8DE1-B1E910FF7DD7}] => (Block) LPort=138
FirewallRules: [{D94D0077-09D8-4F01-83E6-433EF46A97E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9F7655E4-7FCC-47C1-8468-56AA26AAF80A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{77881161-E129-4103-A4A3-86906E476DA5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2A173EAF-E280-4083-927A-D10D06B44FFA}] => (Allow) C:\Program Files\Opera\65.0.3467.48\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{068F0EC6-6A4D-4118-BB84-D61737CADF04}] => (Allow) C:\Program Files\Opera\65.0.3467.62\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{BD16914B-F965-48EE-B93A-DD322F9FD32C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

15-11-2019 15:31:41 Instalación del paquete de controladores de dispositivo: TAP-Windows Provider V9 Adaptadores de red
04-12-2019 13:37:09 Revo Uninstaller's restore point - Avast Secure Browser
05-12-2019 21:42:56 Operación de restauración
06-12-2019 13:22:41 Revo Uninstaller's restore point - Spybot - Search & Destroy

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/07/2019 05:52:39 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:44:39 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:36:39 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:28:39 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:20:40 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:14:43 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: No se pueden leer los datos de rendimiento para el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:14:39 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/07/2019 05:12:19 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: No se pueden leer los datos de rendimiento para el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.


System errors:
=============
Error: (12/07/2019 05:49:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Escucha de Grupo Hogar depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:49:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:49:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:49:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:49:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:49:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:49:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/07/2019 05:48:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Escucha de Grupo Hogar depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.


Windows Defender:
===================================
Date: 2019-03-16 21:37:27.074
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{374B5416-D844-4399-94CB-322BA1FE902A}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:ADM-ll-PC\ADM-ll

Date: 2019-03-04 05:43:31.745
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{62CCDAC8-1779-4BF6-B58B-81DABFDC7351}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2019-07-13 11:03:38.989
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2019-05-28 13:57:15.412
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

CodeIntegrity:
===================================

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.155
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.155
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.140
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-17 05:29:35.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-17 05:29:35.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: Phoenix Technologies, LTD 6.00 PG 08/02/2007
Motherboard: BIOSTAR Group P4M89-M7B
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 82%
Total physical RAM: 1982.49 MB
Available physical RAM: 346.8 MB
Total Virtual: 3964.98 MB
Available Virtual: 2010.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:82.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:7.2 GB) (Free:2.84 GB) FAT32


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: CFBBCFBB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 6E7C6FE0)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)

==================== End of Addition.txt =======================

Aqui están los reportes de Farbar.

Hola @Jaime64

Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Avast Secure Browser

Manual de Revo Uninstaller.


Luego de reiniciar sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\77.2.2152.121\Installer\chrmstp.exe [2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3B3FB056-AC60-476C-9FAA-2A173F6CE92E} - System32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny\unins000.exe" -d "C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny"
Task: {81E895A7-18FF-4A8D-AB8C-9811FE10131A} - System32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270} => C:\Windows\system32\pcalua.exe -a "C:\Users\ADM-ll\Downloads\Nueva carpeta (2)\UNINSTL.EXE" -d "C:\Users\ADM-ll\Downloads\Nueva carpeta (2)"
Task: {A71007E4-7FE3-4D06-A976-72A4189E09FB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {B577233D-F322-4B75-A545-37E5A7B33B16} - System32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6} => C:\Windows\system32\pcalua.exe -a "C:\Users\ADM-ll\Downloads\All Cards by BlizzBoyGames.exe" -d C:\Users\ADM-ll\Downloads
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-07-17]
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-10-12]
FF SearchPlugin: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\searchplugins\yahoo-avast.xml [2019-07-29]
CHR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-01]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-11-23]
S4 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
C:\Program Files\Panda Security URL Filtering
U3 iswSvc; no ImagePath
2019-12-06 21:06 - 2019-12-06 21:06 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-12-06 21:06 - 2019-12-06 21:06 - 000003138 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-12-06 21:06 - 2019-12-06 21:06 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-12-06 21:06 - 2019-12-06 21:06 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-12-06 21:06 - 2019-12-06 21:06 - 000002406 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2019-12-06 20:55 - 2019-12-06 20:56 - 002793832 _____ C:\Users\ADM-ll\Downloads\avast_secure_browser_setup.exe
2019-12-04 17:36 - 2019-12-04 17:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-15 15:28 - 2019-12-07 17:06 - 000002970 _____ C:\Windows\system32\Tasks\{E239BC8F-9439-4779-B8AB-D19DC9E7F85B}
2019-12-07 17:06 - 2019-10-27 13:44 - 000003210 _____ C:\Windows\system32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270}
2019-12-07 17:06 - 2019-10-16 14:03 - 000003024 _____ C:\Windows\system32\Tasks\{930691F8-3F6D-4037-ABA4-C70E99C382F4}
2019-12-07 17:06 - 2019-10-16 14:01 - 000003024 _____ C:\Windows\system32\Tasks\{C019E3AC-4A62-442F-A8F9-A809428A0BCB}
2019-12-07 17:06 - 2019-10-16 14:01 - 000003024 _____ C:\Windows\system32\Tasks\{11118543-EB2F-4408-95F5-678A1332DF7D}
2019-12-07 17:06 - 2019-10-16 14:00 - 000003300 _____ C:\Windows\system32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D}
2019-12-07 17:06 - 2019-10-14 18:49 - 000003172 _____ C:\Windows\system32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6}
2019-12-07 01:41 - 2019-03-27 03:22 - 000000000 ____D C:\ProgramData\Malwarebytes
CustomCLSID: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> no filepath
FirewallRules: [{BD16914B-F965-48EE-B93A-DD322F9FD32C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Fix result of Farbar Recovery Scan Tool (x86) Version: 07-12-2019
Ran by ADM-ll (08-12-2019 10:48:56) Run:1
Running from C:\Users\ADM-ll\Desktop
Loaded Profiles: ADM-ll (Available Profiles: ADM-ll & Invitado)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\77.2.2152.121\Installer\chrmstp.exe [2019-12-06] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3B3FB056-AC60-476C-9FAA-2A173F6CE92E} - System32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny\unins000.exe" -d "C:\Program Files\Konami\Yu-Gi-Oh! Power of Chaos\Yugi The Destiny"
Task: {81E895A7-18FF-4A8D-AB8C-9811FE10131A} - System32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270} => C:\Windows\system32\pcalua.exe -a "C:\Users\ADM-ll\Downloads\Nueva carpeta (2)\UNINSTL.EXE" -d "C:\Users\ADM-ll\Downloads\Nueva carpeta (2)"
Task: {A71007E4-7FE3-4D06-A976-72A4189E09FB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {B577233D-F322-4B75-A545-37E5A7B33B16} - System32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6} => C:\Windows\system32\pcalua.exe -a "C:\Users\ADM-ll\Downloads\All Cards by BlizzBoyGames.exe" -d C:\Users\ADM-ll\Downloads
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-07-17]
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-10-12]
FF SearchPlugin: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\searchplugins\yahoo-avast.xml [2019-07-29]
CHR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-01]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-11-23]
S4 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
C:\Program Files\Panda Security URL Filtering
U3 iswSvc; no ImagePath
2019-12-06 21:06 - 2019-12-06 21:06 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-12-06 21:06 - 2019-12-06 21:06 - 000003138 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-12-06 21:06 - 2019-12-06 21:06 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-12-06 21:06 - 2019-12-06 21:06 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-12-06 21:06 - 2019-12-06 21:06 - 000002406 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2019-12-06 20:55 - 2019-12-06 20:56 - 002793832 _____ C:\Users\ADM-ll\Downloads\avast_secure_browser_setup.exe
2019-12-04 17:36 - 2019-12-04 17:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-15 15:28 - 2019-12-07 17:06 - 000002970 _____ C:\Windows\system32\Tasks\{E239BC8F-9439-4779-B8AB-D19DC9E7F85B}
2019-12-07 17:06 - 2019-10-27 13:44 - 000003210 _____ C:\Windows\system32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270}
2019-12-07 17:06 - 2019-10-16 14:03 - 000003024 _____ C:\Windows\system32\Tasks\{930691F8-3F6D-4037-ABA4-C70E99C382F4}
2019-12-07 17:06 - 2019-10-16 14:01 - 000003024 _____ C:\Windows\system32\Tasks\{C019E3AC-4A62-442F-A8F9-A809428A0BCB}
2019-12-07 17:06 - 2019-10-16 14:01 - 000003024 _____ C:\Windows\system32\Tasks\{11118543-EB2F-4408-95F5-678A1332DF7D}
2019-12-07 17:06 - 2019-10-16 14:00 - 000003300 _____ C:\Windows\system32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D}
2019-12-07 17:06 - 2019-10-14 18:49 - 000003172 _____ C:\Windows\system32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6}
2019-12-07 01:41 - 2019-03-27 03:22 - 000000000 ____D C:\ProgramData\Malwarebytes
CustomCLSID: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> no filepath
FirewallRules: [{BD16914B-F965-48EE-B93A-DD322F9FD32C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B3FB056-AC60-476C-9FAA-2A173F6CE92E}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B3FB056-AC60-476C-9FAA-2A173F6CE92E}" => removed successfully.
C:\Windows\System32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{71412253-490C-4437-8768-E7BE74A9C98D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81E895A7-18FF-4A8D-AB8C-9811FE10131A}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81E895A7-18FF-4A8D-AB8C-9811FE10131A}" => removed successfully.
C:\Windows\System32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8CC29FAE-4215-4B0B-8A16-BBED68D50270}" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71007E4-7FE3-4D06-A976-72A4189E09FB} => not found
"C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly) => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B577233D-F322-4B75-A545-37E5A7B33B16}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B577233D-F322-4B75-A545-37E5A7B33B16}" => removed successfully.
C:\Windows\System32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6}" => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => removed successfully.
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => removed successfully.
C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] => moved successfully
C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] => moved successfully
C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\searchplugins\yahoo-avast.xml => moved successfully
CHR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-01] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully.
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-11-23] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\panda_url_filtering => removed successfully.
panda_url_filtering => service removed successfully.
"C:\Program Files\Panda Security URL Filtering" => not found
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully.
iswSvc => service removed successfully.
"C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)" => not found
"C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk" => not found
"C:\Users\Public\Desktop\Avast Secure Browser.lnk" => not found
"C:\ProgramData\Desktop\Avast Secure Browser.lnk" => not found
C:\Users\ADM-ll\Downloads\avast_secure_browser_setup.exe => moved successfully
C:\Program Files\Malwarebytes => moved successfully
C:\Windows\system32\Tasks\{E239BC8F-9439-4779-B8AB-D19DC9E7F85B} => moved successfully
"C:\Windows\system32\Tasks\{8CC29FAE-4215-4B0B-8A16-BBED68D50270}" => not found
C:\Windows\system32\Tasks\{930691F8-3F6D-4037-ABA4-C70E99C382F4} => moved successfully
C:\Windows\system32\Tasks\{C019E3AC-4A62-442F-A8F9-A809428A0BCB} => moved successfully
C:\Windows\system32\Tasks\{11118543-EB2F-4408-95F5-678A1332DF7D} => moved successfully
"C:\Windows\system32\Tasks\{71412253-490C-4437-8768-E7BE74A9C98D}" => not found
"C:\Windows\system32\Tasks\{45B4ABC5-E5FC-47C6-A1DE-C899171972A6}" => not found
C:\ProgramData\Malwarebytes => moved successfully
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18} => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD16914B-F965-48EE-B93A-DD322F9FD32C}" => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 6 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 5 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 4 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 6:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 5:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : Belkin
   V¡nculo: direcci¢n IPv6 local. . . : fe80::1d63:321f:b6fa:8414%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.2.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.2.1

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{DC353FDA-719D-4262-8E14-F5FB49B22199}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{754F3A39-E5E6-4840-8AAC-E897184866C5}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{BEAD42EB-BD2B-407E-8EA7-1FC3E9C00B7C}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Conexi¢n de  rea local* 23:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.Belkin:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : Belkin

Adaptador de t£nel Conexi¢n de  rea local* 24:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{F5384D8A-9F86-4911-951A-34D7FCDE0BCE} canceled.
{5EAE366C-31D7-414A-88E4-27A1635FCCB5} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7117356 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 206432053 B
Edge => 0 B
Chrome => 403429359 B
Firefox => 86029364 B
Opera => 9539908 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
ADM-ll => 28019515 B
Invitado => 28019515 B

RecycleBin => 99300561 B
EmptyTemp: => 835.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-12-2019 10:57:13)

C:\Windows\System32\Drivers\etc\hosts => is moved successfully
Hosts restored successfully.

==== End of Fixlog 10:57:14 ====

Este es el reporte de FRST.exe.

Hola @Jaime64

Perfecto, actualiza tu Avast antivirus y trata de ejecutarlo a ver si te deja.

Nos comentas.

Salu2

1 me gusta

El Avast funciona, pero me manda este mensaje:

Hola @Jaime64

Restaura la configuración de de Google Chrome.

Recuerda primero exportar tus marcadores si los utilizas.


Luego Instala Malwarebytes 4, pero elige la versión Free durante su instalación.

Nos comentas.

Salu2

Restauré la configuración de Google Chrome, me fui a propiedades de Google Chrome, y en la pestaña acceso directo en el campo destino no vi ninguna palabra después de chrome.exe, por lo cual no borre nada, me imagino que el resto del texto no debo borrarlo. Después instalé y ejecute el nuevo Malwarebytes, pero el mensaje ha vuelto a salir y no veo ningún cambio en Google Chrome. Que estoy haciendo mal?

Retiré todas las extensiones de Google Chrome, no he vuelto a ver el mensaje.

Hola @Jaime64

Bien, tienes ese reporte?

Tienes Google Chrome sincronizado con otros dispositivos?

Pues esto quiere decir que es una de las extensiones el problema.

Primero respondeme si lo tienes sincronizado, pues si es así hay que hacer otros pasos.

Luego vuelve a instalar una a una tus extensiones preferidas verificando cual es la que detecta el Av después de la instalación de cada una.

Nos comentas.

Salu2

 Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/12/19
Hora del análisis: 20:16
Archivo de registro: 355abfbe-1a19-11ea-8662-00ffdc353fda.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.770
Versión del paquete de actualización: 1.0.15880
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: ADM-ll-PC\ADM-ll

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 172186
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 17 min, 21 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)´

Este es el informe de Malwarebites. No tengo Google Chrome sincronizado con otros dispositivos.

No puedo volver a instalar ninguna de las extensiones que tenía, sale un mensaje que dice “…Error de red…”.

Por lo visto, el mensaje aparece solo cuando abro Google Chrome, me ha salido de nuevo.

Hola @Jaime64

1.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Google Chrome

Manual de Revo Uninstaller.

Nota:

  • Recuerda exportar tus marcadores si los utilizas.
  • No guardes nada de su configuración.

2.- Luego de Reiniciar descarga e instala nuevamente la ultima versión de Google Chrome.

Instalas tus extensiones una a una, y vas verificando si se da la detección de tu Av para intentar identificar cual es la problemática.

Nos comentas.

Salu2

Desinstalé Google Chrome con Revo Uninsraller en modo avanzado, volví a instalarlo y regresó con todos los marcadores y todas las contraseñas. Eso es normal? Instalé algunas extensiones y volvió a salir el mensaje de Avast.