Malware MINDSPARK en Chrome imposible de eliminar

Arq_Mariano_Cristian · 13 Agosto, 2019 11:06

Buenos días amigos del foro, seguí todos los pasos de sus recomendaciones en: Ayuda con PUP.Optional.MindSpark.Generic,

Llegué al último proceso de desinstalar Chrome con Revo, fue ayer, pasé el MalwareBytes y ya no figuraba…pero hoy volvió a detectarlo. Este es el informe de hoy:


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/8/19
Hora del análisis: 7:26
Archivo de registro: cdae396a-bdb4-11e9-be92-e0d55ebe5162.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11983
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 15063.540)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 289069
Amenazas detectadas: 61
Amenazas en cuarentena: 61
Tiempo transcurrido: 5 min, 47 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-96600016-459038440-1310982557-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|eocnnoackodjagdbaoddhjbkpjabimed, En cuarentena, [1767], [443122],1.0.11983

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 20
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\es_419, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\pt_br, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\pt_pt, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\ar, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\de, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\en, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\es, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\fr, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\it, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\ja, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\ko, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\nl, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_metadata, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\config, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\icons, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\libs, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\EOCNNOACKODJAGDBAODDHJBKPJABIMED, En cuarentena, [1767], [443122],1.0.11983

Archivo: 40
PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Sustituido, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Sustituido, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\EOCNNOACKODJAGDBAODDHJBKPJABIMED\50.158.15.10274_0\MANIFEST.JSON, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\config\config.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\icons\icon128.png, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\icons\icon16.png, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\icons\icon19disabled.png, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\icons\icon19on.png, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\icons\icon48.png, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\ajax.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\background.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\chrome.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\content_script.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\dlp.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\dlpHelper.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\extension_detect.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\index.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\internationalSearchUtils.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\logger.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\settingsOverridesUtils.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\splashPageLocalStorageSetter.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\storageUtils.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\templateParser.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\ul.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\urlUtils.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\js\util.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\libs\PartnerId.js, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\ar\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\de\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\en\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\es\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\es_419\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\fr\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\it\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\ja\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\ko\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\nl\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\pt_br\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_locales\pt_pt\messages.json, En cuarentena, [1767], [443122],1.0.11983
PUP.Optional.MindSpark.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed\50.158.15.10274_0\_metadata\verified_contents.json, En cuarentena, [1767], [443122],1.0.11983

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Daniela · 13 Agosto, 2019 11:19

Hola @Arq_Mariano_Cristian bienvenido al Forospyware

Que pasos realizaste de ese tema? Utilizaste también Frst?

Si tienes el reporte de AdwCleaner nos lo pones para revisarlo.

Un saludo

Arq_Mariano_Cristian · 13 Agosto, 2019 11:54

Gracias Daniela. Sí, pero igual voy a hacer todo de nuevo por si acaso

Daniela · 13 Agosto, 2019 12:33

Hola

De acuerdo, vas a realizar de nuevo los pasos que solo te indico a continuación, vamos a ir paso a paso.

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

Realiza un Análisis personalizado, actualizando si te lo pide.
Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Informes Informe de análisis encontrarás el reporte de MBAM, clic en Exportar Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus.
Cierra también todos los programas que tengas abiertos.
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

Instala Ccleaner
Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine clic en ejecutar limpiador
Clic en la pestaña Registro clic en buscar problemas esperas que termine clic en Reparar Seleccionadas y haces una copia de seguridad
Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

Arq_Mariano_Cristian · 13 Agosto, 2019 17:26

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/8/19
Hora del análisis: 13:06
Archivo de registro: 4102e472-bde4-11e9-bbbf-e0d55ebe5162.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11987
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 15063.540)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-QLU90F6\User

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 434429
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 hr, 15 min, 41 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Arq_Mariano_Cristian · 13 Agosto, 2019 17:28

@Daniela ahí pegué el informe. No detectó al Mindspark. Ayer ocurrió así y hoy volvió a aparecer.

Daniela · 13 Agosto, 2019 19:38

Hola

El reporte de AdwCleaner?

Un saludo

Arq_Mariano_Cristian · 13 Agosto, 2019 22:09

Acá abajo lo adjunto

Arq_Mariano_Cristian · 13 Agosto, 2019 22:10

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-13-2019
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1325 octets] - [13/08/2019 19:01:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Daniela · 13 Agosto, 2019 22:12

Hola

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Arq_Mariano_Cristian · 14 Agosto, 2019 00:20

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by User (administrator) on DESKTOP-QLU90F6 (Gigabyte Technology Co., Ltd. H310M H) (13-08-2019 21:13:55)
Running from C:\Users\User\Desktop
Loaded Profiles: User &  (Available Profiles: User)
Platform: Windows 10 Pro Version 1703 15063.540 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Certisur S.A. -> Oracle Corporation) E:\ArchivosDeProgramasMMC\Alison Desktop\jre\bin\javaw.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP DesignJet Utility\DesignJet Utility\HPDesignJetUtility.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [850512 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1893312 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk, Inc -> Autodesk Inc.)
HKLM-x32\...\Run: [RunPUMonitor] => C:\Program Files (x86)\HP\HP DesignJet Utility\DesignJet Utility\HPDesignJetUtility.exe [514568 2019-07-02] (HP Inc. -> HP Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35826064 2019-08-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\Run: [AlisonDesktop] => E:\ArchivosDeProgramasMMC\Alison Desktop\Alison-Desktop.exe [410168 2018-06-07] (Certisur S.A. -> )
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1678832 2019-08-05] (Google LLC -> Google LLC)
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35826064 2019-08-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\Run: [AlisonDesktop] => E:\ArchivosDeProgramasMMC\Alison Desktop\Alison-Desktop.exe [410168 2018-06-07] (Certisur S.A. -> )
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1678832 2019-08-05] (Google LLC -> Google LLC)
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\Policies\Explorer: [] 
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35826064 2019-08-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\Run: [AlisonDesktop] => E:\ArchivosDeProgramasMMC\Alison Desktop\Alison-Desktop.exe [410168 2018-06-07] (Certisur S.A. -> )
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1678832 2019-08-05] (Google LLC -> Google LLC)
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\Policies\Explorer: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-12] (Google LLC -> Google LLC)
HKLM\Software\...\Winlogon\GPExtensions: [{9650FDBC-053A-4715-AD14-FC2DC65E8330}] -> C:\Windows\system32\hvsigpext.dll [2017-03-18] (Microsoft Windows -> )
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C4CA78-D1CD-4F29-8A69-B02F7E13B32C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DB19633-14EA-49BF-9B6C-B56329BF8F8A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B4B7F36-215D-45A2-9166-A93CFBDE3FCF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {403ADFEB-7935-4DDA-A572-7A4EABE7E7F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-02] (Google Inc -> Google Inc.)
Task: {40E873FC-5E65-42F6-B2A9-ADA5AB2A93A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {47ADDD02-119D-40F0-A1DC-617C74F38CBE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4B01471B-096D-4AA3-9078-2B4F89293866} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E9AA5D8-58AB-4CE0-AB11-00F6BE4AE63F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {8234999D-9A5F-42A4-A6BB-9E914EA388B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F26FA36-C232-4697-9BBD-F0A3BC0DDC4F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0FDE69D-458F-48BF-AFE4-801AB68005AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649152 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A90FC1E6-7721-4336-AA61-111488DE9415} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1693632 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B18B1D33-E543-435A-8C2F-C0DE584A681A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649152 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B6142067-D528-4B9F-A5C6-7CE5349A3285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-02] (Google Inc -> Google Inc.)
Task: {B6EF170F-0367-49F9-897F-AAB9FBF67450} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC856B7A-9079-4E03-813B-529CD32AD093} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CAE8B581-3726-44DD-BCFA-69E0AF931776} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D9661498-1F70-41FE-A83B-01C69CAE0853} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D98D071B-1958-42C6-8C96-209BC5594600} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E136AA60-0424-463A-A97E-40D2C8A4E400} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [837344 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {E71A9DC5-BC4C-424D-9A1A-07CDA9C0A178} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.130.41 200.42.4.207
Tcpip\..\Interfaces\{1eb84013-64f2-4f15-9b37-9785253db7ce}: [DhcpNameServer] 200.49.130.41 200.42.4.207

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-12] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.6 -> E:\ArchivosDeProgramasMMC\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.ar/"
CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/ui/v1/icons/mail/images/2/unreadcountfavicon/40+_2x.png
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-08-13]
CHR Extension: (Traductor de Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-08-12]
CHR Extension: (Presentaciones) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-12]
CHR Extension: (GardenPuzzle - Garden Planner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbbmmnbhhejifmacegolomcmdggnfc [2019-08-12]
CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-12]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-12]
CHR Extension: (Hojas de cálculo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-12]
CHR Extension: (Edición de Office) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2019-08-12]
CHR Extension: (Cablevisión Flow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2019-08-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-12]
CHR Extension: (FlyOrDie Backgammon) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjajfipfoldnngmddjicblncidmijama [2019-08-12]
CHR Extension: (Movi Kanti Revo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2019-08-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2019-08-12]
CHR Extension: (HOJAS DE CALCULO Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcahnhkcfaikkapifpaenbabamhfnecc [2019-08-12]
CHR Extension: (Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-08-12]
CHR Extension: (Extensión de Google Keep para Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-08-12]
CHR Extension: (Sumon) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf [2019-08-12]
CHR Extension: (Curling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhalnajmigjnpjpdbpkpgfhekbjmolhp [2019-08-12]
CHR Extension: (Save to Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-08-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-12]
CHR Extension: (Psykopaint) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2019-08-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
CHR Extension: (FlyOrDie Memorama) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poeoachlgfgpmpamkekfpkieajikddln [2019-08-12]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-08-13]
CHR Extension: (Presentaciones) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-12]
CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-12]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-12]
CHR Extension: (Ask Web Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-13]
CHR Extension: (Hojas de cálculo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk, Inc -> Autodesk Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-03-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-02] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [850512 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-08-16] (Microsoft Corporation -> Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-08-06] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-08-13] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-08-13] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-13] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-08-13] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Microsoft Windows -> Realtek )
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-13 21:13 - 2019-08-13 21:14 - 000029645 _____ C:\Users\User\Desktop\FRST.txt
2019-08-13 21:13 - 2019-08-13 21:13 - 000000000 ____D C:\FRST
2019-08-13 21:12 - 2019-08-13 21:12 - 002097664 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-08-13 21:11 - 2019-08-13 21:11 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-08-13 21:11 - 2019-08-13 21:11 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-08-13 21:10 - 2019-08-13 21:10 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-08-13 21:10 - 2019-08-13 21:10 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-08-13 17:13 - 2019-08-13 17:13 - 001470930 _____ C:\Users\User\Desktop\fa_445457545188_20190813201542.pdf
2019-08-13 13:21 - 2019-08-13 19:01 - 000000000 ____D C:\AdwCleaner
2019-08-13 08:13 - 2019-08-13 08:13 - 000000080 _____ C:\Users\User\Desktop\webInfospyware.txt
2019-08-13 07:33 - 2019-08-13 07:33 - 000014536 _____ C:\Users\User\Desktop\AntiMalware-Resultado-Analisis-20190813.txt
2019-08-12 17:34 - 2019-08-12 17:34 - 000002511 _____ C:\Users\User\Desktop\Luckyman - Chrome.lnk
2019-08-12 17:33 - 2019-08-12 17:33 - 000002467 _____ C:\Users\User\Desktop\Mariano - Chrome.lnk
2019-08-12 17:32 - 2019-08-12 17:32 - 000000000 ____D C:\Users\User\AppData\Roaming\Google
2019-08-12 17:31 - 2019-08-12 17:31 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-12 17:31 - 2019-08-12 17:31 - 000002369 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-12 17:30 - 2019-08-12 17:30 - 000098288 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-08-12 17:30 - 2019-08-12 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-12 17:30 - 2019-08-12 17:30 - 000000000 ____D C:\Program Files (x86)\Java
2019-08-12 17:28 - 2019-08-12 17:30 - 000000000 ____D C:\ProgramData\Oracle
2019-08-12 16:53 - 2019-08-12 16:53 - 000000865 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-08-12 16:53 - 2019-08-12 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-08-12 16:46 - 2019-08-12 16:46 - 000000316 _____ C:\DelFix.txt
2019-08-12 16:22 - 2019-08-12 16:22 - 000002697 _____ C:\Users\Public\Desktop\HP DesignJet Utility.lnk
2019-08-12 16:22 - 2019-08-12 16:22 - 000000000 ____D C:\Users\User\AppData\Roaming\HP
2019-08-12 16:22 - 2019-08-12 16:22 - 000000000 ____D C:\ProgramData\Downloaded Installations
2019-08-12 16:12 - 2019-08-12 16:27 - 000000436 _____ C:\Users\User\Desktop\Este equipo - Acceso directo.lnk
2019-08-12 16:12 - 2019-08-12 16:12 - 000000383 _____ C:\Users\User\Desktop\Panel de control - Acceso directo.lnk
2019-08-12 16:12 - 2019-08-12 16:12 - 000000355 _____ C:\Users\User\Desktop\Red - Acceso directo.lnk
2019-08-12 10:49 - 2019-08-12 10:49 - 022140243 _____ C:\Users\User\Desktop\DOCUMENTOS VALIDOS PARA VOTAR.psd
2019-08-12 07:57 - 2019-08-12 07:57 - 000014536 _____ C:\Users\User\Desktop\AntiMalware-Resultado-Analisis-20190812.txt
2019-08-09 22:12 - 2019-08-09 22:12 - 000470948 _____ C:\Users\User\Desktop\Certificado_Autoridad_de_Mesa.pdf
2019-08-09 21:40 - 2019-08-09 21:40 - 000543284 _____ C:\Users\User\Desktop\Evaluación Final.pdf
2019-08-08 07:55 - 2019-08-08 07:55 - 000015821 _____ C:\Users\User\Desktop\AntiMalware-Resultado-Analisis.txt
2019-08-07 15:26 - 2019-08-07 16:32 - 000264521 ____H C:\Users\User\Desktop\~WRL0003.tmp
2019-08-07 10:05 - 2019-08-07 10:05 - 000002574 _____ C:\Users\User\Desktop\Word.lnk
2019-08-07 09:41 - 2019-08-08 07:40 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-08-07 09:41 - 2019-08-07 09:48 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2019-08-07 09:41 - 2019-08-07 09:42 - 000000000 ____D C:\Users\User\AppData\Local\CCleaner Browser
2019-08-07 09:41 - 2019-08-07 09:41 - 000002886 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-08-07 09:41 - 2019-08-07 09:41 - 000000000 ____D C:\ProgramData\CCleaner Browser
2019-08-07 09:40 - 2019-08-07 15:30 - 000000906 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-07 09:40 - 2019-08-07 09:41 - 000000000 ____D C:\Program Files\CCleaner
2019-08-07 09:40 - 2019-08-07 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-06 15:21 - 2019-08-06 15:21 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-06 15:18 - 2019-08-06 15:30 - 000039936 _____ C:\Windows\system32\UserMgrLog.etl
2019-08-06 15:18 - 2019-08-06 15:30 - 000021504 _____ C:\Windows\system32\umstartup.etl
2019-08-06 09:31 - 2019-08-06 15:25 - 000000000 ____D C:\Windows\pss
2019-08-06 09:28 - 2019-08-06 09:28 - 000000216 _____ C:\Users\User\Desktop\CABLEVISION DEBITO REALIZADO CON ANTERIORIDAD A FECHA DE VENC.txt
2019-08-06 09:21 - 2019-08-06 09:21 - 018774859 _____ C:\Users\User\Desktop\AUTORIDADES DE MESA.pdf
2019-08-03 14:37 - 2019-08-03 14:37 - 000000000 ____D C:\Users\User\Documents\Plantillas personalizadas de Office
2019-08-03 14:24 - 2019-08-03 14:24 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2019-08-03 14:23 - 2019-08-06 15:19 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-08-03 14:23 - 2019-08-03 14:23 - 000001955 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-03 14:23 - 2019-08-03 14:23 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
2019-08-03 14:23 - 2019-08-03 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-03 14:23 - 2019-08-03 14:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-03 14:23 - 2019-08-03 14:23 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-03 14:23 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-08-03 14:23 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-08-03 12:16 - 2019-08-03 12:16 - 000002574 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-03 12:16 - 2019-08-03 12:16 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-03 12:16 - 2019-08-03 12:16 - 000002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-03 12:16 - 2019-08-03 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-08-03 12:12 - 2019-08-13 21:10 - 000212992 _____ C:\Windows\system32\ClickToRun_Pipeline16
2019-08-03 12:12 - 2019-08-03 12:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-03 12:12 - 2019-08-03 12:12 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-08-03 01:09 - 2019-08-03 01:09 - 000000281 _____ C:\Users\User\Desktop\Dauntless.url
2019-08-03 00:50 - 2019-08-03 00:50 - 000000000 ____D C:\Users\User\Desktop\Luckyman
2019-07-31 09:38 - 2019-07-31 09:39 - 000000000 ____D C:\Users\User\Documents\AGROALIMENTOS
2019-07-22 08:37 - 2019-07-22 08:37 - 001520053 _____ C:\Users\User\Desktop\fa_629656092960_20190722113942.pdf
2019-07-21 21:54 - 2019-07-21 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2019-07-21 21:53 - 2019-07-21 21:53 - 000030888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2019-07-21 21:53 - 2019-07-21 21:53 - 000029352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2019-07-21 21:53 - 2019-07-21 21:53 - 000019088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2019-07-21 21:53 - 2019-07-21 21:53 - 000019088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2019-07-20 18:25 - 2019-07-20 18:25 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2019-07-20 17:50 - 2019-07-20 17:51 - 079607256 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-8u221-windows-x64.exe
2019-07-20 17:38 - 2019-07-20 17:38 - 000000283 _____ C:\Users\User\Desktop\Limbo.url
2019-07-16 21:35 - 2019-07-16 21:35 - 000010351 _____ C:\Users\User\Documents\Libro1.xlsx
2019-07-16 17:02 - 2019-07-16 17:02 - 000001807 _____ C:\Users\Public\Desktop\Nitro Pro 10.lnk
2019-07-16 17:02 - 2019-07-16 17:02 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 10.lnk
2019-07-16 17:02 - 2019-07-16 17:02 - 000000000 ____D C:\Program Files\Common Files\Nitro
2019-07-16 17:02 - 2019-07-16 17:02 - 000000000 ____D C:\Program Files (x86)\Nitro
2019-07-16 17:02 - 2015-12-05 20:38 - 000031896 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon10.dll
2019-07-16 17:02 - 2015-12-05 20:38 - 000020120 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui10.dll
2019-07-16 16:59 - 2019-07-16 16:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Downloaded Installations
2019-07-16 16:40 - 2019-07-16 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2019-07-16 16:40 - 2017-05-26 06:47 - 000090096 _____ C:\Windows\system32\cpwmon64_v32.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-13 21:13 - 2019-06-12 09:42 - 000004212 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0988B22E-D51E-48A0-8124-F0015AB351AE}
2019-08-13 21:12 - 2019-02-02 01:29 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-13 21:10 - 2019-06-05 15:23 - 000055808 ___SH C:\Users\User\Desktop\Thumbs.db
2019-08-13 21:10 - 2019-02-02 00:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-13 20:04 - 2017-03-18 08:40 - 000262144 _____ C:\Windows\system32\config\BBI
2019-08-13 19:15 - 2019-04-10 20:23 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2019-08-13 19:13 - 2019-04-03 13:07 - 000000000 ____D C:\Users\User\Documents\Copia de registros
2019-08-13 18:47 - 2019-05-23 17:45 - 000000000 ____D C:\Users\User\AppData\Roaming\WhatsApp
2019-08-13 18:42 - 2019-02-02 00:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-08-13 18:30 - 2017-03-18 18:03 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-08-13 14:16 - 2019-02-02 00:35 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2019-08-13 12:45 - 2019-02-12 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 - Español (Spanish)
2019-08-13 12:45 - 2019-02-12 12:38 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2019-08-13 12:40 - 2019-02-02 02:44 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2019-08-13 11:51 - 2019-02-02 02:43 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2019-08-12 17:31 - 2019-02-02 01:00 - 000000000 ____D C:\Users\User\AppData\Local\Google
2019-08-12 17:31 - 2019-02-02 01:00 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-12 17:30 - 2019-05-18 18:57 - 000000000 ____D C:\Users\User\AppData\Roaming\Sun
2019-08-12 17:30 - 2019-04-24 18:04 - 000000000 ____D C:\Users\User\AppData\LocalLow\Sun
2019-08-12 17:27 - 2017-03-18 18:01 - 000000000 ____D C:\Windows\INF
2019-08-12 16:25 - 2019-02-02 00:16 - 001745256 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-12 16:23 - 2019-07-01 08:27 - 000000000 ____D C:\Program Files\HP
2019-08-12 16:23 - 2019-02-02 01:11 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-12 16:22 - 2019-07-01 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-08-12 16:22 - 2019-07-01 08:27 - 000000000 ____D C:\ProgramData\HP
2019-08-12 16:22 - 2019-07-01 08:27 - 000000000 ____D C:\Program Files (x86)\HP
2019-08-12 16:21 - 2017-03-18 18:03 - 000000000 ____D C:\Windows\AppReadiness
2019-08-12 16:16 - 2017-03-18 18:03 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-12 15:33 - 2019-02-08 16:18 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-08-12 15:31 - 2017-03-18 18:03 - 000000000 ____D C:\Windows\system32\NDF
2019-08-09 21:53 - 2019-02-02 02:03 - 000003372 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-96600016-459038440-1310982557-1001
2019-08-09 21:53 - 2019-02-02 00:38 - 000002435 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 21:53 - 2019-02-02 00:38 - 000000000 ___RD C:\Users\User\OneDrive
2019-08-08 07:38 - 2017-03-18 08:40 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-08-07 17:12 - 2019-05-23 18:02 - 000000000 ____D C:\Users\User\AppData\Local\WhatsApp
2019-08-07 16:10 - 2017-03-18 17:51 - 000000000 ____D C:\Windows\CbsTemp
2019-08-07 15:31 - 2019-02-11 08:41 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2019-08-07 15:31 - 2019-02-03 01:03 - 000000000 ____D C:\Windows\Minidump
2019-08-06 19:04 - 2017-03-18 18:03 - 000000000 ____D C:\Windows\LiveKernelReports
2019-08-03 14:23 - 2017-03-18 18:03 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-08-03 12:40 - 2019-04-03 13:05 - 000000000 ____D C:\ProgramData\AVAST Software
2019-08-03 12:16 - 2017-03-18 18:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-03 12:12 - 2017-03-18 18:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-03 11:50 - 2017-08-16 23:11 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-03 11:49 - 2019-02-02 00:39 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-03 11:49 - 2017-03-18 18:03 - 000000076 _____ C:\Windows\win.ini
2019-08-03 01:16 - 2019-02-02 01:29 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000003176 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000002968 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000002786 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:29 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-03 01:16 - 2019-02-02 01:26 - 000003174 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2019-08-03 01:16 - 2019-02-02 01:00 - 000003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-03 01:16 - 2019-02-02 01:00 - 000003260 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-22 08:48 - 2017-03-18 18:03 - 000000000 ____D C:\Windows\rescache
2019-07-22 08:23 - 2017-08-16 23:18 - 001323670 _____ C:\Windows\system32\perfh00A.dat
2019-07-22 08:23 - 2017-08-16 23:18 - 000311926 _____ C:\Windows\system32\perfc00A.dat
2019-07-20 18:25 - 2019-04-03 09:11 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2019-07-16 16:40 - 2019-07-07 17:09 - 000000000 ____D C:\Program Files (x86)\Acro Software

==================== Files in the root of some directories ================

2019-06-13 20:04 - 2019-06-13 20:30 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== FLock ================

2019-02-02 00:23 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-05 08:54
==================== End of FRST.txt ============================

Arq_Mariano_Cristian · 14 Agosto, 2019 00:21

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by User (13-08-2019 21:15:23)
Running from C:\Users\User\Desktop
Windows 10 Pro Version 1703 15063.540 (X64) (2019-02-02 03:22:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-96600016-459038440-1310982557-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-96600016-459038440-1310982557-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-96600016-459038440-1310982557-1005 - Limited - Enabled)
Invitado (S-1-5-21-96600016-459038440-1310982557-501 - Limited - Enabled)
User (S-1-5-21-96600016-459038440-1310982557-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\uTorrent) (Version: 3.5.5.45291 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\uTorrent) (Version: 3.5.5.45291 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\uTorrent) (Version: 3.5.5.45291 - BitTorrent Inc.)
Actualización de NVIDIA 25.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.0.0.0 - NVIDIA Corporation) Hidden
Alison-Desktop (HKLM-x32\...\{953D8225-3101-4007-B970-9AC9340C4EFA}) (Version: 1.1.7 - CertiSur)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Aplicaciones destacadas de Autodesk (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
App Manager de Autodesk (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
AutoCAD 2015 - Español (Spanish) (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 - Español (Spanish) (HKLM\...\{5783F2D7-E001-040A-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015  Language Pack - Español (Spanish) (HKLM\...\{5783F2D7-E001-040A-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk AutoCAD 2015 - Español (Spanish) (HKLM\...\AutoCAD 2015 - Español (Spanish)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
Epic Games Launcher (HKLM-x32\...\{688B6799-8427-42C9-8C6A-ABFADCE86EBC}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP DesignJet Utility (HKLM-x32\...\{B9C11314-0046-4D9E-BBB3-62545A0C85A3}) (Version: 6.0.6.4630 - HP Inc.)
HP DeskJet 2130 series Ayuda (HKLM-x32\...\{0ABC47CC-14F8-4D01-B877-4203635C0B06}) (Version: 35.0.0 - Hewlett Packard)
HP DeskJet 2130 series Software básico del dispositivo (HKLM\...\{985B2E7E-994C-4D0C-A881-72317A4C8E56}) (Version: 40.11.1124.17107 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{7BEBB31E-58C4-4FA5-9AD1-ACBE32BF0D12}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{63BD9C12-5CE9-4294-B1C3-A09F971FAFB5}) (Version: 36.0.41.58587 - HP)
HP Print Preview (HKLM\...\{48BE9A29-B2E1-4784-9BFB-97609049563C}) (Version: 2.0.0.37 - HP Inc.)
Importación de SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lumion 9.0.2 (HKLM\...\Lumion 9.0.2_is1) (Version: 9.0.2 - Act-3D B.V.)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Nitro Pro 10 (HKLM\...\{44C2D60C-0E8D-4E24-8664-161D290E4D52}) (Version: 10.5.7.32 - Nitro)
NVIDIA Controlador de 3D Vision 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)
Panel de control de NVIDIA 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.33 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8586 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SketchUp 2018 (HKLM\...\{5EAA3D58-258D-4D24-BA22-C8D8D704F515}) (Version: 18.0.16975 - Trimble Navigation Limited)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{fcfc894b-0d54-4d39-826f-dcb39ce5dde7}) (Version: 10.1.17861.8101 - Intel(R) Corporation)
Spotify (HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
Spotify (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
Spotify (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
TunnelBear (HKLM-x32\...\{A7784574-2299-423F-9DF8-385D5FC2A10E}) (Version: 3.7.12.0 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{dc847d12-97d0-44e5-a95f-f0ef81c071a7}) (Version: 3.7.12.0 - TunnelBear)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\WhatsApp) (Version: 0.3.4157 - WhatsApp)
WhatsApp (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\WhatsApp) (Version: 0.3.4157 - WhatsApp)
WhatsApp (HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\WhatsApp) (Version: 0.3.4157 - WhatsApp)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
HP DesignJet Print Experience -> C:\Program Files\WindowsApps\AD2F1837.HPDesignjetExperience_1.0.0.12_neutral__v10z8vjag6ke6 [2019-08-12] (HP Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-96600016-459038440-1310982557-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-96600016-459038440-1310982557-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-96600016-459038440-1310982557-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\User\Desktop\Luckyman - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\User\Desktop\Mariano - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Luckyman - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mariano - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Lackfax - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-06-07 16:59 - 2018-06-07 16:59 - 000501760 _____ () [File not signed] E:\ArchivosDeProgramasMMC\Alison Desktop\native\mtoken\win-x32\cryptoide_pkcs11.dll
2019-06-04 09:23 - 2019-06-04 09:23 - 005569536 _____ (HP Inc) [File not signed] C:\Program Files (x86)\HP\HP DesignJet Utility\DesignJet Utility\hppihost.dll
2019-06-04 09:23 - 2019-06-04 09:23 - 005225984 _____ (HP Inc.) [File not signed] C:\Program Files (x86)\HP\HP DesignJet Utility\DesignJet Utility\hplfpsdk.dll
2019-08-13 21:11 - 2019-08-13 21:11 - 000207360 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\User\AppData\Local\Temp\jna-2645995\jna1379619883085196022.dll
2017-08-16 23:50 - 2019-04-19 07:53 - 001164288 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\UniDrvUI.dll
2019-02-02 01:29 - 2017-05-18 02:21 - 000754864 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-02-02 01:29 - 2017-05-18 02:21 - 000869200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-02-02 01:29 - 2017-05-18 02:21 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-96600016-459038440-1310982557-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 18:03 - 2019-07-22 08:23 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030253\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030784\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030378\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030940\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-96600016-459038440-1310982557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\Luckyman\Tareas Lucky\torre eiffel gbtthntyhyutnhyhuhyetfu6ru6u64u4u.jpg
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\Luckyman\Tareas Lucky\torre eiffel gbtthntyhyutnhyhuhyetfu6ru6u64u4u.jpg
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\Luckyman\Tareas Lucky\torre eiffel gbtthntyhyutnhyhuhyetfu6ru6u64u4u.jpg
DNS Servers: 200.49.130.41 - 200.42.4.207
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-96600016-459038440-1310982557-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211030503\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-96600016-459038440-1310982557-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132019211031065\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{5D9428BC-1F1E-4687-803E-F0D060BB956C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{BB39135C-55A0-413B-8D8A-0799B8582D25}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0C3E2BD8-5907-42DE-865B-9437EC3E1F15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{40BDB60F-5D44-4BCE-AAFB-DCF58B34816E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

02-08-2019 11:41:19 Punto de control programado
03-08-2019 11:49:09 Removed Microsoft Office Professional Plus 2010
12-08-2019 12:20:42 Punto de control programado
12-08-2019 16:55:54 Revo Uninstaller's restore point - Google Chrome
12-08-2019 17:21:00 Revo Uninstaller's restore point - Java 8 Update 211
12-08-2019 17:21:16 Removed Java 8 Update 211
12-08-2019 17:22:55 Revo Uninstaller's restore point - Java 8 Update 211 (64-bit)
12-08-2019 17:23:10 Removed Java 8 Update 211 (64-bit)
12-08-2019 17:23:56 Revo Uninstaller's restore point - Java 8 Update 221 (64-bit)
12-08-2019 17:24:11 Removed Java 8 Update 221 (64-bit)

==================== Faulty Device Manager Devices =============

Name: HP Designjet T120
Description: HP Designjet T120
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2019 09:10:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/13/2019 09:10:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007139F
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/13/2019 07:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: FortniteClient-Win64-Shipping.exe, versión: 4.23.0.0, marca de tiempo: 0x5d43a5f2
Nombre del módulo con errores: ntdll.dll, versión: 10.0.15063.447, marca de tiempo: 0xa329d3a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000003bbdf
Identificador del proceso con errores: 0x1748
Hora de inicio de la aplicación con errores: 0x01d552246eb062f7
Ruta de acceso de la aplicación con errores: C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Identificador del informe: 72a3b49f-ef4b-4296-84d5-8a8a30fe3103
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (08/13/2019 07:09:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (08/13/2019 07:07:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (08/13/2019 07:07:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/13/2019 07:05:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007139F
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/13/2019 05:36:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: EpicGamesLauncher.exe, versión: 10.3.4.0, marca de tiempo: 0x5d49ec2e
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000000000
Identificador del proceso con errores: 0x27b4
Hora de inicio de la aplicación con errores: 0x01d55151c5fd4a99
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: ecd8d8c9-ed4b-4b50-a2be-78f87671684c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (08/13/2019 09:10:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error: 
Solicitud no compatible.

Error: (08/13/2019 08:04:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QLU90F6)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (08/13/2019 08:04:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QLU90F6)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (08/13/2019 08:04:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QLU90F6)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (08/13/2019 07:21:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (08/13/2019 07:13:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (08/13/2019 07:11:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (08/13/2019 07:05:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error: 
Solicitud no compatible.


Windows Defender:
===================================
Date: 2019-08-13 12:22:40.930
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {60EC5113-0FE7-4498-8509-0CD3FBD67605}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-13 12:02:09.968
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {A28F0B71-0694-4525-9D76-B239BBB4C339}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-13 11:30:50.986
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {96A091EA-BE68-4006-B9A2-4A4578997275}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-12 11:43:34.233
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E3FA2588-833C-4848-8472-17A1676A46F0}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-12 10:35:56.139
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {EA20F38B-C912-4D42-80AC-FF64ECFE62AC}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-13 19:15:27.985
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1840.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2019-08-12 16:34:56.454
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1798.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2019-08-12 08:01:24.738
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1776.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2019-08-11 21:26:00.246
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1774.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2019-08-11 16:35:51.995
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1720.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

CodeIntegrity:
===================================

Date: 2019-08-13 11:28:15.627
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-13 07:27:11.156
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-13 07:27:11.034
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-12 09:36:51.301
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-10 13:31:30.246
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-08 12:49:12.025
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-07 17:18:56.307
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 17:20:58.368
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F3 06/14/2018
Motherboard: Gigabyte Technology Co., Ltd. H310M H
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 12221.21 MB
Available physical RAM: 8844.16 MB
Total Virtual: 14077.21 MB
Available Virtual: 10506.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.48 GB) (Free:143.51 GB) NTFS
Drive e: () (Fixed) (Total:638.54 GB) (Free:472.49 GB) NTFS

\\?\Volume{f073cdb7-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F073CDB7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Arq_Mariano_Cristian · 14 Agosto, 2019 00:22

Hola @Daniela ahí pegué los dos informes

Arq_Mariano_Cristian · 14 Agosto, 2019 14:20

Buen día @Daniela, @frica, hoy en el análisis de MalwareBytes volvió a aparecer Mindspark

Arq_Mariano_Cristian · 14 Agosto, 2019 14:22

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/8/19
Hora del análisis: 7:19
Archivo de registro: 094f58ab-be7d-11e9-8280-e0d55ebe5162.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12001
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 15063.540)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 287572
Amenazas detectadas: 61
Amenazas en cuarentena: 0
Tiempo transcurrido: 5 min, 24 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-96600016-459038440-1310982557-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|eocnnoackodjagdbaoddhjbkpjabimed, Sin acciones por parte del usuario, [1767], [443122],1.0.12001

Datos del registro: 0
(No hay elementos maliciosos detectados)

Daniela · 15 Agosto, 2019 21:54

Hola

En el reporte de Malwarebytes dice que no se tomaron medidas por parte del usuario, quiere decir que no lo mandaste a cuarentena.

De momento no vuelvas a ejecutar Malwarebytes, realiza primero los pasos que te indico, cuando termines reinicias y vuelve a analizar con Malwarebytes, vamos a ver si se elimina con el Fix, está localizado.

MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe( en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
CHR Extension: (Ask Web Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Arq_Mariano_Cristian · 17 Agosto, 2019 11:03

Buen día @Daniela, sí, te mandé el informe antes de ponerlo en cuarentena, pero siempre los pongo en cuarentena. Ahora voy a hacer este procedimiento que me pasaste, y te re agradezco porque me estoy volviendo loco con esto.

Arq_Mariano_Cristian · 17 Agosto, 2019 12:10

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by User (17-08-2019 08:52:13) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
CHR Extension: (Ask Web Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation PE Sign v2016" => not found
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12] => Error: No automatic fix found for this entry.
CHR Extension: (Ask Web Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-13] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12] => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\NP8ShellExtension => removed successfully
HKLM\Software\Classes\CLSID\{9C4B85B8-956C-49BF-9BA5-101384E562B2} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`29hfm" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-96600016-459038440-1310982557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-96600016-459038440-1310982557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 281723139 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 595767 B
Edge => 11366 B
Chrome => 716436679 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 20480 B
NetworkService => 1062600 B
User => 61018820 B

RecycleBin => 0 B
EmptyTemp: => 1021.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:52:50 ====

Daniela · 17 Agosto, 2019 19:05

Hola

Como sigue el problema después de realizar el Fix de FRST?

Un saludo

Arq_Mariano_Cristian · 17 Agosto, 2019 22:58

hola @Daniela, el problema sigue. Veo que el informe Fixlog.txt tiene varias leyendas que el fix automático no fue encontrado, tipo esta:

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-13] => Error: No automatic fix found for this entry.