Me Aparecen Popups Con Publicidad

Me Lleva Pasando hace unos meses la primera semana pensaba que seria facil de eliminar y ya llevo algunos meses con el mismo problema yo por ejemplo estoy jugando algun juego y se me habre solo el opera y me dirige hacia una pagina llamada super-gamezer .com luego pone redirect y me lleva a alguna pagina de spam tipica y es super molesto alguien me podria ayudar?

Hola @Edgardo1

Bienvenido a InfoSpyware!!!

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

1 me gusta

GRACIAS POR CONTESTAR Tarde un poco ya que mi internet no es muy eficiente y el análisis de malwarebytes duro 8 h aun así muchísimas gracias aquí el informe AdwCleaner Scan

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-17-2019
# Duration: 00:01:29
# OS:       Windows 10 Home
# Scanned:  27198
# Detected: 44


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Normal\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.ByteFence          C:\ProgramData\ByteFence
PUP.Optional.DriverBooster      C:\Program Files (x86)\IOBIT\Driver Booster
PUP.Optional.DriverBooster      C:\ProgramData\IOBIT\Driver Booster
PUP.Optional.DriverBooster      C:\Users\Normal\AppData\Roaming\IOBIT\Driver Booster
PUP.Optional.Legacy             C:\Users\Normal\AppData\Roaming\0V1L2Z2Z1T1I1L1T

***** [ Files ] *****

PUP.Optional.Reimage            C:\Windows\Reimage.ini
PUP.Optional.WinYahoo           C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy             C:\Users\Normal\Desktop\Nueva carpeta (2)\网址?航.lnk

***** [ Tasks ] *****

PUP.Optional.Legacy             C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

PUP.Optional.ByteFence          HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.DriverBooster      HKLM\Software\Wow6432Node\IObit\Driver Booster
PUP.Optional.DriverBooster      HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\ICSW1.23
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C85A4C-22F1-485F-BD45-D8AD5FBF83CC} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.Reimage            HKCU\Software\Reimage
PUP.Optional.Reimage            HKLM\Software\Classes\REI_AxControl.ReiEngine
PUP.Optional.Reimage            HKLM\Software\Classes\REI_AxControl.ReiEngine.1
PUP.Optional.Reimage            HKLM\Software\Reimage

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

AdwCleaner Clean

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-17-2019
# Duration: 00:00:23
# OS:       Windows 10 Home
# Cleaned:  44
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\IOBIT\Driver Booster
Deleted       C:\ProgramData\ByteFence
Deleted       C:\ProgramData\IOBIT\Driver Booster
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\Normal\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Deleted       C:\Users\Normal\AppData\Roaming\IOBIT\Driver Booster
Deleted       C:\Users\Normal\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
Deleted       C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted       C:\Users\Normal\Desktop\Nueva carpeta (2)\网址?航.lnk

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Deleted       HKCU\Software\ICSW1.23
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\Reimage
Deleted       HKCU\Software\csastats
Deleted       HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C85A4C-22F1-485F-BD45-D8AD5FBF83CC} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5362 octets] - [17/07/2019 13:26:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

ZHPCleaner Scan

~ ZHPCleaner v2019.7.15.100 by Nicolas Coolman (2019/07/15)
~ Run by Normal (Administrator)  (17/07/2019 13:44:50)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Normal\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Normal\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 14393)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Archivo hosts (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (66)
ENCONTRADOS carpeta: C:\Users\Normal\Desktop\µTorrent.lnk  [Bad : C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk  [Bad : C:\Users\Normal\AppData\Local\{B18A87D6-9522-EB6E-F8BA-CE86DCD2321E}\HowToRemove\HowToRemove.html](..)  =>PUP.Optional.WinYahoo
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Normal\Desktop\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Windows\Prefetch\BYTEFENCE.EXE-FAC31F78.pf    =>.SUP.ByteFence
ENCONTRADOS carpeta: C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-4186E33D.pf    =>.SUP.ByteFence
ENCONTRADOS carpeta: C:\Windows\Installer\MSI26B8.tmp    =>.SUP.MSIInstaller
ENCONTRADOS carpeta: C:\Windows\Installer\MSI510.tmp    =>.SUP.MSIInstaller
ENCONTRADOS carpeta: C:\ProgramData\KMSAuto\bin\KMSSS.exe [MSFree Inc. - KMS emulator by Ratiborus, thanks to Hotbir]  =>HackTool.WinActivator
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\aria-debug-6024.log    =>.SUP.Temporary.OneDrive
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\BIT7268.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\BIT8755.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\BITDD2F.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\C847.tmp    =>.SUP.Temporary.Empty
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_0opera_autoupdate.download.lock    =>.SUP.Temporary.Opera
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_0opera_autoupdate.metrics.lock    =>.SUP.Temporary.Opera
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_1opera_autoupdate.download.lock    =>.SUP.Temporary.Opera
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_1opera_autoupdate.metrics.lock    =>.SUP.Temporary.Opera
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\wct7256.tmp    =>.SUP.Temporary.Office
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\wct8742.tmp    =>.SUP.Temporary.Office
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\wctC862.tmp    =>.SUP.Temporary.Office
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\wctDD1D.tmp    =>.SUP.Temporary.Office
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\~DF95150127AB74531C.TMP    =>.SUP.Temporary.Other
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\Temp\~DFF70DD9615ADB16D6.TMP    =>.SUP.Temporary.Other
ENCONTRADOS carpeta: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\DM.bin    =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\unins000.dat    =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\Vestris.ResourceLib.dll [Vestris Inc. - ResourceLib]  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\cert  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\driver  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\icons  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\logs  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\scripts  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\sounds  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\TokensBackup  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\ProgramData\KMSAuto\KMSAuto Net.exe    =>HackTool.WinActivator
ENCONTRADOS carpeta: C:\ProgramData\ReimageRepair\active_protection.txt    =>.SUP.ReimageRepair
ENCONTRADOS carpeta: C:\ProgramData\ReimageRepair\cfl.rei    =>.SUP.ReimageRepair
ENCONTRADOS carpeta: C:\ProgramData\ReimageRepair\url_setting_definitions.txt    =>.SUP.ReimageRepair
ENCONTRADOS archivo: C:\ProgramData\KMSAuto\bin  =>HackTool.WinActivator
ENCONTRADOS archivo: C:\ProgramData\ReimageRepair\Results  =>.SUP.ReimageRepair
ENCONTRADOS archivo: C:\ProgramData\KMSAuto  =>HackTool.WinActivator
ENCONTRADOS archivo: C:\ProgramData\ReimageRepair  =>.SUP.ReimageRepair
ENCONTRADOS archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Users\Normal\AppData\Local\MSfree Inc\kmsauto.ini    =>HackTool.WinActivator
ENCONTRADOS archivo: C:\Users\Normal\AppData\Local\MSfree Inc  =>HackTool.WinActivator
ENCONTRADOS archivo: C:\Users\Normal\AppData\Local\Google\Update  =>Heuristic.Suspect
ENCONTRADOS archivo: C:\Windows\Installer\MSI599E.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSI89F6.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSI8B8D.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSI8E6D.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIB7F8.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSICFC4.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIE88D.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIEC09.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIEE5B.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIF050.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIF19A.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIFA82.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Windows\Installer\MSIFCE5.tmp-  =>.SUP.Empty
ENCONTRADOS archivo: C:\Users\Normal\AppData\Local\Temp\chrome_BITS_4068_28951  =>.SUP.Empty
ENCONTRADOS archivo: C:\Users\Normal\AppData\LocalLow\Oracle  =>.SUP.Empty


---\\  Registro ( Claves, Valores, Datos) (21)
ENCONTRADOS clave: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Word 2010 Packages [Microsoft Word 2010 Packages]  =>Adware.InstallCore
ENCONTRADOS clave: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
ENCONTRADOS valor: HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe [Binary Data]  =>.SUP.Orphan.Compatibility
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4c57f94b-94e8-45c3-aab4-26c468c27cf8}\\DhcpNameServer [Bad : 200.44.32.12 200.109.78.12]  =>Hijacker.Browser
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dff89964-34b9-4bd6-98fb-3013ce3afd2b}\\DhcpNameServer [Bad : 200.109.78.12 200.44.32.12]  =>Hijacker.Browser
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 200.44.32.12 200.109.78.12]  =>Hijacker.Browser
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent []  =>.SUP.Tencent
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A5A54D65-F525-9CE5-44A5-EC6594253FE5} [Search the Web (Yahoo)]  =>Adware.YahooPowered
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\G:\setup.exe.FriendlyAppName [Sonic Mania Setup]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\G:\setup.exe.ApplicationCompany [SEGA]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Setup.exe.FriendlyAppName [Microsoft (R) Visual Studio Windows Installer Boot]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Setup.exe.ApplicationCompany [Microsoft Corporation]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Startup.exe.FriendlyAppName [Startup_v1.02]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\setup\rsrc\Autorun.exe.FriendlyAppName [Autorun]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\I:\setup\rsrc\Autorun.exe.FriendlyAppName [Autorun]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe.FriendlyAppName [Driver Booster]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe.ApplicationCompany [IObit]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Crack,serial,actualizacion\Actualizacion 1.2\NFSUG2V1-2SP.EXE.FriendlyAppName [NFSUG2V1-2SP]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Crack,serial,actualizacion\Crack y Serial(keyGen)\speed2.exe.FriendlyAppName [speed2]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\H:\TLauncher-MCL.exe.FriendlyAppName [Free Minecraft launcher]  =>.SUP.Orphan.MUICache
ENCONTRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\SKIDROW\Launcher.exe.FriendlyAppName [Launcher]  =>.SUP.Orphan.MUICache


---\\  Resumen de elementos en su estación de trabajo (20)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.WinYahoo
https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/  =>.SUP.ByteFence
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Opera
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/  =>.SUP.ReimageRepair
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.Compatibility
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/02/23/tencentadressbar/  =>.SUP.Tencent
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Adware.YahooPowered
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Google Chrome)
~ falta este navegador! (Mozilla Firefox)


---\\ STATISTIQUES
~ Items escaneado : 92146
~ Items encontrado : 111
~ artículos cancelados : 0
~ Items opciones : 13/13
~ Ahorro de espacio (bytes) : 72653


~ End of search in 00h10mn41s

---\\  Reporte (0)
ZHPCleaner-[S]-17072019-13_55_31.txt

ZHPCleaner Repair

~ ZHPCleaner v2019.7.15.100 by Nicolas Coolman (2019/07/15)
~ Run by Normal (Administrator)  (17/07/2019 13:59:37)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Normal\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Normal\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 14393)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Archivo hosts (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (44)
MOVIDO carpeta: C:\Users\Normal\Desktop\µTorrent.lnk  [Bad : C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Normal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk  [Bad : C:\Users\Normal\AppData\Local\{B18A87D6-9522-EB6E-F8BA-CE86DCD2321E}\HowToRemove\HowToRemove.html](..)  =>PUP.Optional.WinYahoo
MOVIDO carpeta: C:\Windows\Prefetch\BYTEFENCE.EXE-FAC31F78.pf    =>.SUP.ByteFence
MOVIDO carpeta: C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-4186E33D.pf    =>.SUP.ByteFence
MOVIDO carpeta: C:\Windows\Installer\MSI26B8.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI510.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\ProgramData\KMSAuto\bin\KMSSS.exe [MSFree Inc. - KMS emulator by Ratiborus, thanks to Hotbir]  =>HackTool.WinActivator
MOVIDO carpeta^: C:\Users\Normal\AppData\Local\Temp\aria-debug-6024.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\BIT7268.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\BIT8755.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\BITDD2F.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\C847.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_0opera_autoupdate.download.lock    =>.SUP.Temporary.Opera
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_0opera_autoupdate.metrics.lock    =>.SUP.Temporary.Opera
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_1opera_autoupdate.download.lock    =>.SUP.Temporary.Opera
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\CUsersNormalAppDataLocalProgramsOpera62.0.3331.72_1opera_autoupdate.metrics.lock    =>.SUP.Temporary.Opera
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\wct7256.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\wct8742.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\wctC862.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\wctDD1D.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta^: C:\Users\Normal\AppData\Local\Temp\~DF95150127AB74531C.TMP    =>.SUP.Temporary.Other
MOVIDO carpeta: C:\Users\Normal\AppData\Local\Temp\~DFF70DD9615ADB16D6.TMP    =>.SUP.Temporary.Other
MOVIDO archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\ProgramData\KMSAuto  =>HackTool.WinActivator
MOVIDO archivo: C:\ProgramData\ReimageRepair  =>.SUP.ReimageRepair
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\Users\Normal\AppData\Local\MSfree Inc  =>HackTool.WinActivator
MOVIDO archivo: C:\Users\Normal\AppData\Local\Google\Update  =>Heuristic.Suspect
MOVIDO archivo: C:\Windows\Installer\MSI599E.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSI89F6.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSI8B8D.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSI8E6D.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIB7F8.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSICFC4.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIE88D.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIEC09.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIEE5B.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIF050.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIF19A.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIFA82.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Windows\Installer\MSIFCE5.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\Users\Normal\AppData\Local\Temp\chrome_BITS_4068_28951  =>.SUP.Empty
MOVIDO archivo: C:\Users\Normal\AppData\LocalLow\Oracle  =>.SUP.Empty


---\\  Registro ( Claves, Valores, Datos) (21)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4c57f94b-94e8-45c3-aab4-26c468c27cf8}\\DhcpNameServer [Bad : 200.44.32.12 200.109.78.12]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dff89964-34b9-4bd6-98fb-3013ce3afd2b}\\DhcpNameServer [Bad : 200.109.78.12 200.44.32.12]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 200.44.32.12 200.109.78.12]  =>Hijacker.Browser
BORRADOS clave*: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Word 2010 Packages [Microsoft Word 2010 Packages]  =>Adware.InstallCore
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent []  =>.SUP.Tencent
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A5A54D65-F525-9CE5-44A5-EC6594253FE5} [Search the Web (Yahoo)]  =>Adware.YahooPowered
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe [Binary Data]  =>.SUP.Orphan.Compatibility
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\G:\setup.exe.FriendlyAppName [Sonic Mania Setup]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\G:\setup.exe.ApplicationCompany [SEGA]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Setup.exe.FriendlyAppName [Microsoft (R) Visual Studio Windows Installer Boot]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Setup.exe.ApplicationCompany [Microsoft Corporation]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Startup.exe.FriendlyAppName [Startup_v1.02]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\setup\rsrc\Autorun.exe.FriendlyAppName [Autorun]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\I:\setup\rsrc\Autorun.exe.FriendlyAppName [Autorun]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe.FriendlyAppName [Driver Booster]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe.ApplicationCompany [IObit]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Crack,serial,actualizacion\Actualizacion 1.2\NFSUG2V1-2SP.EXE.FriendlyAppName [NFSUG2V1-2SP]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\Crack,serial,actualizacion\Crack y Serial(keyGen)\speed2.exe.FriendlyAppName [speed2]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\H:\TLauncher-MCL.exe.FriendlyAppName [Free Minecraft launcher]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\F:\SKIDROW\Launcher.exe.FriendlyAppName [Launcher]  =>.SUP.Orphan.MUICache


---\\  Resumen de elementos en su estación de trabajo (20)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.WinYahoo
https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/  =>.SUP.ByteFence
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Opera
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/  =>.SUP.ReimageRepair
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/02/23/tencentadressbar/  =>.SUP.Tencent
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Adware.YahooPowered
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.Compatibility
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache


---\\ Limpieza adicional. (1)
~ Clave de registro Tracing borrados (1)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Google Chrome)
~ falta este navegador! (Mozilla Firefox)
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 403
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 13/13
~ Ahorro de espacio (bytes) : 72653


~ End of clean in 00h02mn13s

---\\  Reporte (2)
ZHPCleaner-[S]-17072019-13_55_31.txt
ZHPCleaner-[R]-17072019-14_01_50.txt

Malwarebytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 17/7/19
Hora del análisis: 15:13
Archivo de registro: f4c747a6-a8c6-11e9-be50-60eb69289322.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11600
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 14393.1715)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-117G5HU\Normal

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 422572
Amenazas detectadas: 6
Amenazas en cuarentena: 6
Tiempo transcurrido: 8 hr, 6 min, 39 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 6
Generic.Malware/Suspicious, C:\USERS\NORMAL\DOCUMENTS\MEGASYNC DOWNLOADS\NARUTO\ACTIVADORES\KMSAUTO LITE PORTABLE V1.2.1\KMSAUTO.EXE, En cuarentena, [0], [392686],1.0.11600
Generic.Malware/Suspicious, C:\USERS\NORMAL\DOCUMENTS\MEGASYNC DOWNLOADS\NARUTO\ACTIVADORES\KMSAUTO NET 2015 V1.3.8 PORTABLE\KMSAUTO NET.EXE, En cuarentena, [0], [392686],1.0.11600
Generic.Malware/Suspicious, C:\USERS\NORMAL\DOCUMENTS\MEGASYNC DOWNLOADS\NARUTO\ACTIVADORES\KMSPICO.V10.1.6.FINAL-HELDIGARD\KMSPICO INSTALL\KMSPICO_SETUP.EXE, En cuarentena, [0], [392686],1.0.11600
Generic.Malware/Suspicious, C:\USERS\NORMAL\DOCUMENTS\MEGASYNC DOWNLOADS\NARUTO\ACT. WIN 10 MARLON TUTOS\KMSAUTO NET.EXE, En cuarentena, [0], [392686],1.0.11600
Adware.InstallCore, C:\USERS\NORMAL\DOCUMENTS\MEGASYNC DOWNLOADS\NARUTO\MUSICA\RECURSOS\VLC-3.0.6-WIN64_0766835642.EXE, En cuarentena, [448], [697359],1.0.11600
PUP.Optional.InstallCore, C:\USERS\NORMAL\PICTURES\SAVED PICTURES\INSTALLER_MICROSOFT_WORD_2010.EXE, En cuarentena, [446], [301065],1.0.11600

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @Edgardo1

Tenias bastantes porquerías!!! :upside_down_face:

Punto 1.-:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga UsbFix a tu escritorio :

  • Conecte todos sus dispositivos extraibles, USB/Pendrive\Micro SD, etc.
  • Ejecute USBFix.exe

  • Una vez conectados todos sus dispositivos presione en “Ejecutar análisis.”
  • Posteriormente seleccione “Full Análisis” y espere a que termine.
  • En caso de detectar amenazas, seleccione todo los elementos detectados y presione “Limpiar todo”
  • Si le pidiera reiniciar el sistema, Acepte .
  • Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado.
  • Copie y pegue entero dicho reporte en su próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio)

Una vez terminado el análisis, con todas las unidades conectadas, vuelva a ejecutar USBFix como Administrador, y vacune los mismos, siguiendo los pasos del Manual.

Punto 2.-:

Luego de reiniciar realiza lo siguiente:

1.- Desactiva nuevamente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. [size=1] >> Como saber si mi Windows es de 32 o 64 bits.?[/size]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

1 me gusta

Ok Gracias Por Ayudarme Tanto con este problema según me parece el virus fue originado Desde Un Pendrive de un amigo y no lo tengo aun así que aquí están los resultados:

# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.016
# Base de datos : 2019.05.21 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Normal (Administrador)
# Dispositivo : DESKTOP-117G5HU
# Comenzó : 18/07/2019 00:52:01
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(81GB/297GB)	[Fixed] 

------------ | Elemento(s) infectado(s) |

Borrado! C:\streamer

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] C:\Windows\explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Normal\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKCU\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
04 - [x64] HKLM\..\Run : [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [OneDrive] "C:\Users\Normal\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

------------ | Tasks |

Task - Adobe Flash Player PPAPI Notifier --> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe -check pepperplugin
Task - Adobe Flash Player Updater --> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task - CCleaner Update --> C:\Program Files\CCleaner\CCUpdate.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - Driver Booster SkipUAC (Normal) --> C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe /skipuac
Task - IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 --> "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" --automatic
Task - IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon --> "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" --automatic
Task - IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 --> C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic
Task - OneDrive Standalone Update Task-S-1-5-21-2393600599-662570708-1542540813-1001 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - Opera scheduled Autoupdate 1563229315 --> C:\Users\Normal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Task - USER_ESRV_SVC_QUEENCREEK --> "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task - User_Feed_Synchronization-{A2E1DCFD-D0B0-4CA3-9CBE-8B955F66EC37} --> C:\Windows\system32\msfeedssync.exe sync
Task - {3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0} --> C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe /Lubufa
Task - {D9E7C655-6C3E-4848-936D-33A40A8BAC87} --> C:\Windows\system32\pcalua.exe -a C:\Users\Normal\Downloads\Programs\chromium-4.0.205.0-(25021)_2.exe -d C:\Users\Normal\Downloads\Programs

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[18/07/2019 - 00:48:26 | ASH | 1227920 Ko] - hiberfil.sys
[18/07/2019 - 00:48:28 | ASH | 2752512 Ko] - pagefile.sys
[18/07/2019 - 00:48:28 | ASH | 262144 Ko] - swapfile.sys
[16/07/2019 - 22:28:38 | SHD] - Config.Msi
[18/07/2019 - 00:30:23 | D] - autorun.inf
[17/05/2017 - 18:29:45 | A | 9 Ko] - Sistema Preapertura de Cuentas - Comprobante Preapertura.html
[07/01/2017 - 09:01:35 | SHD] - $Recycle.Bin
[29/09/2017 - 11:58:06 | HD] - $WINDOWS.~BT
[16/07/2016 - 07:43:00 | ASH | 0 Ko] - BOOTNXT
[16/07/2016 - 07:43:00 | RASH | 375 Ko] - bootmgr
[16/07/2016 - 07:47:47 | D] - PerfLogs
[06/01/2017 - 23:08:37 | SHD] - Documents and Settings
[06/01/2017 - 23:08:38 | SHD] - Archivos de programa
[07/01/2017 - 00:44:37 | RD] - Users
[15/01/2017 - 03:52:37 | D] - Axeso5
[17/05/2017 - 19:05:41 | D] - Sistema Preapertura de Cuentas - Comprobante Preapertura_files
[12/08/2018 - 22:46:30 | D] - Recovery
[27/09/2018 - 01:14:49 | D] - MyDrivers
[15/11/2018 - 13:44:41 | D] - Intel
[01/03/2019 - 12:55:20 | D] - 08c223a6922914e07a
[23/04/2019 - 21:26:49 | A | 0 Ko] - History
[25/04/2019 - 19:05:13 | D] - Games
[12/07/2019 - 12:47:00 | HD] - OneDriveTemp
[17/07/2019 - 13:26:43 | D] - AdwCleaner
[17/07/2019 - 14:01:34 | RD] - Program Files
[17/07/2019 - 14:05:00 | RSHD] - streamer
[17/07/2019 - 14:56:26 | HD] - ProgramData
[18/07/2019 - 00:21:02 | RD] - Program Files (x86)
[18/07/2019 - 00:37:25 | D] - Windows
[18/07/2019 - 00:40:06 | D] - FRST

Elemento(s) infectado(s) : 1
Elementos analizados : 63118 en 00h 00m 15s

# UsbFix-Report-03.txt [6105B]

------------ | E.O.F  |

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Normal (administrator) on DESKTOP-117G5HU (TOSHIBA Satellite L655) (18-07-2019 00:33:42)
Running from C:\Users\Normal\Desktop
Loaded Profiles: Normal (Available Profiles: defaultuser0 & Normal)
Platform: Windows 10 Home Version 1607 14393.1715 (X64) Language: Español (España, internacional)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Normal\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_181\bin\jp2launcher.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer Inc. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\RunOnce: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4034616 2019-02-11] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1504EFCF-6F84-4E13-9376-E2491A19D810} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {3C9C6041-DACF-439E-85C2-ED53EA3603F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-11] (Adobe Inc. -> Adobe)
Task: {3ECC4699-AA25-4A7B-B228-A6DA198A8C28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {449564CB-A0CE-4657-8328-5B2FBDFDF63E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {51B02C18-1DE2-471C-84CF-E6656417FFF2} - System32\Tasks\{3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0} => C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe
Task: {52E8B64D-8DE4-490B-A310-CF6FF3774FCD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-11] (Adobe Inc. -> Adobe)
Task: {59CD221F-9919-486F-95E6-C0C066F78C01} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [33280 2017-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {75C497B0-35D6-4C36-B079-F664044FDF69} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8572C331-9600-4060-AF7C-0F17ABE703D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9610545B-339E-4AB1-A590-741DA8F6F83E} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2393600599-662570708-1542540813-1001 => C:\Users\Normal\AppData\Local\MEGAsync\MEGAupdater.exe
Task: {96757DB7-9B8D-452A-A34F-6377A9CA4BC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A05E721E-98E1-4048-983E-94741C6D9B4C} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AC2899A5-3C0E-46C7-84A4-8574DC192086} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {ADCC00A7-C46C-4939-8E91-7318739E1E39} - System32\Tasks\{D9E7C655-6C3E-4848-936D-33A40A8BAC87} => C:\Windows\system32\pcalua.exe -a C:\Users\Normal\Downloads\Programs\chromium-4.0.205.0-(25021)_2.exe -d C:\Users\Normal\Downloads\Programs
Task: {BE3A9015-0B41-4061-9275-F75F530E6D52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D394F517-A837-4D8E-BA89-E0E5C6C87751} - System32\Tasks\Driver Booster SkipUAC (Normal) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
Task: {DDC8D049-45FB-4607-A700-AE1F1D58A7FA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E050E9C1-7927-4BAF-B71C-E6487043B3C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE5A939F-9164-41C6-846D-CD581DDC8D81} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {FC6A82B1-8F80-4C93-B564-7CAED9814230} - System32\Tasks\Opera scheduled Autoupdate 1563229315 => C:\Users\Normal\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-11] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0}.job => C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{4c57f94b-94e8-45c3-aab4-26c468c27cf8}: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{d9b7a184-4d35-4f75-b6a0-b4ae58dac461}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DB1E6086-EF74-4B62-8D23-BFC915F7C19F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_2_dg&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

Edge: 
======
Edge Extension: (IDM Integration Module) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-02-27]

FireFox:
========
FF HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Normal\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Normal\AppData\Roaming\IDM\idmmzcc5 [2019-02-27] [Legacy] [not signed]
FF HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> C:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2393600599-662570708-1542540813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Normal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-02-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26984 2019-06-27] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-06-27] (IDSA Production signing key -> Intel)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2018-09-25] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2018-09-25] (Even Balance, Inc. -> )
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc. -> Razer Inc.)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-10-07] (Microsoft Corporation -> Microsoft Corporation)
S2 KMSEmulator; temp.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2017-09-16] (DT Soft Ltd -> DT Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31816 2018-09-29] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-09-29] (Martin Malik - REALiX -> REALiX(tm))
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [162024 2018-09-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [22736 2015-05-28] (WDKTestCert 1,130752733198717037 -> TOSHIBA)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-12-19] (Intel Corporation -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45944 2018-09-29] (TOSHIBA CLIENT SOLUTIONS CO., LTD. -> Toshiba Client Solutions Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46184 2018-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [352424 2018-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60584 2018-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [73672 2019-01-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S1 bafkwdyy; \??\C:\Windows\system32\drivers\bafkwdyy.sys [X]
S0 bootsafe; system32\drivers\bootsafe64_ev.sys [X]
S1 ckmyfrde; \??\C:\Windows\system32\drivers\ckmyfrde.sys [X]
S1 cwwrngng; \??\C:\Windows\system32\drivers\cwwrngng.sys [X]
S1 djsktwhu; \??\C:\Windows\system32\drivers\djsktwhu.sys [X]
S1 fergugjp; \??\C:\Windows\system32\drivers\fergugjp.sys [X]
S1 fsjdmqwg; \??\C:\Windows\system32\drivers\fsjdmqwg.sys [X]
S1 fvxicksk; \??\C:\Windows\system32\drivers\fvxicksk.sys [X]
S1 heyhyfoz; \??\C:\Windows\system32\drivers\heyhyfoz.sys [X]
S1 ihkebpsg; \??\C:\Windows\system32\drivers\ihkebpsg.sys [X]
S2 ksapi64; system32\drivers\ksapi64.sys [X]
S1 lxpsrkaf; \??\C:\Windows\system32\drivers\lxpsrkaf.sys [X]
S1 mubblxro; \??\C:\Windows\system32\drivers\mubblxro.sys [X]
S1 nggolwdv; \??\C:\Windows\system32\drivers\nggolwdv.sys [X]
S1 nmyrotat; \??\C:\Windows\system32\drivers\nmyrotat.sys [X]
S1 rjwfcbio; \??\C:\Windows\system32\drivers\rjwfcbio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: dg597 -> no filepath.

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-18 00:33 - 2019-07-18 00:35 - 000022126 _____ C:\Users\Normal\Desktop\FRST.txt
2019-07-18 00:32 - 2019-07-18 00:33 - 000000000 ____D C:\FRST
2019-07-18 00:23 - 2019-07-18 00:23 - 000012681 _____ C:\Users\Normal\Desktop\UsbFix_Report.txt
2019-07-18 00:21 - 2019-07-18 00:21 - 000001956 _____ C:\Users\Normal\Desktop\UsbFix Anti-Malware.lnk
2019-07-18 00:21 - 2019-07-18 00:21 - 000000000 ____D C:\Program Files (x86)\UsbFix
2019-07-18 00:19 - 2019-07-18 00:19 - 002095104 _____ (Farbar) C:\Users\Normal\Desktop\FRST64.exe
2019-07-17 23:38 - 2019-07-17 23:38 - 000002536 _____ C:\Users\Normal\Desktop\Informe.txt
2019-07-17 14:01 - 2019-07-17 14:01 - 000011436 _____ C:\Users\Normal\Desktop\ZHPCleaner (R).txt
2019-07-17 13:55 - 2019-07-17 13:55 - 000013500 _____ C:\Users\Normal\Desktop\ZHPCleaner (S).txt
2019-07-17 13:20 - 2019-07-17 13:20 - 000843444 _____ C:\Users\Normal\Desktop\cc_20190717_132000.reg
2019-07-17 13:11 - 2019-07-17 13:11 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-17 13:11 - 2019-07-17 13:11 - 000002890 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-07-17 13:11 - 2019-07-17 13:11 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-17 13:11 - 2019-07-17 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-17 13:11 - 2019-07-17 13:11 - 000000000 ____D C:\Program Files\CCleaner
2019-07-17 13:06 - 2019-07-17 13:06 - 000000000 ____D C:\Users\Normal\AppData\Local\mbam
2019-07-17 13:04 - 2019-07-17 13:04 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-17 13:04 - 2019-07-17 13:04 - 000000000 ____D C:\Users\Normal\AppData\Local\mbamtray
2019-07-17 13:04 - 2019-07-17 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-17 13:04 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-07-17 13:04 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-17 13:03 - 2019-07-17 13:26 - 000000000 ____D C:\AdwCleaner
2019-07-17 13:03 - 2019-07-17 13:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-17 13:03 - 2019-07-17 13:03 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-17 13:02 - 2019-07-17 14:14 - 000000921 _____ C:\Users\Normal\Desktop\ZHPCleaner.lnk
2019-07-17 13:02 - 2019-07-17 14:14 - 000000000 ____D C:\Users\Normal\AppData\Roaming\ZHP
2019-07-17 13:02 - 2019-07-17 13:02 - 000000000 ____D C:\Users\Normal\AppData\Local\ZHP
2019-07-17 13:01 - 2019-07-17 13:10 - 020891464 _____ (Piriform Software Ltd) C:\Users\Normal\Desktop\ccsetup560.exe
2019-07-17 02:12 - 2019-07-17 02:16 - 003069312 _____ (Nicolas Coolman) C:\Users\Normal\Desktop\ZHPCleaner.exe
2019-07-17 02:05 - 2019-07-17 02:07 - 007025360 _____ (Malwarebytes) C:\Users\Normal\Desktop\adwcleaner_7.3.exe
2019-07-17 01:31 - 2019-07-17 01:58 - 064580080 _____ (Malwarebytes ) C:\Users\Normal\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11577.exe
2019-07-16 23:59 - 2019-07-17 00:19 - 000000128 _____ C:\Users\Normal\Desktop\Save me.txt
2019-07-16 22:40 - 2019-07-16 22:40 - 000000085 _____ C:\Windows\wininit.ini
2019-07-15 18:42 - 2019-07-15 18:42 - 000003372 _____ C:\Windows\System32\Tasks\{D9E7C655-6C3E-4848-936D-33A40A8BAC87}
2019-07-15 18:21 - 2019-07-17 11:59 - 000004226 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1563229315
2019-07-15 18:21 - 2019-07-17 11:59 - 000001441 _____ C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-07-15 18:21 - 2019-07-15 18:21 - 000001441 _____ C:\Users\Normal\Desktop\Navegador Opera.lnk
2019-07-12 13:27 - 2019-07-12 13:27 - 000244616 _____ C:\Users\Normal\AppData\Roaming\Melem
2019-07-12 12:47 - 2019-07-12 12:47 - 000000000 ___HD C:\OneDriveTemp
2019-07-11 01:03 - 2019-07-11 01:03 - 004863032 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2019-07-10 18:55 - 2019-07-10 18:55 - 000000157 _____ C:\Users\Normal\Downloads\Cuenta (1).txt
2019-07-10 15:33 - 2019-07-10 15:33 - 000000000 ____D C:\Users\Normal\AppData\Local\Razer
2019-07-10 15:32 - 2019-07-10 15:32 - 000000000 ____D C:\ProgramData\Razer
2019-07-10 15:32 - 2019-07-10 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-07-10 15:32 - 2019-07-10 15:32 - 000000000 ____D C:\Program Files (x86)\Razer
2019-07-09 22:31 - 2019-07-09 22:31 - 000000000 ____D C:\Users\Normal\AppData\Roaming\java
2019-07-07 16:04 - 2019-07-07 16:04 - 000000033 _____ C:\Users\Normal\ggpo-ng.ini
2019-07-04 01:26 - 2019-07-04 01:26 - 000362246 _____ C:\Users\Normal\AppData\Roaming\Pahenolefas
2019-06-28 14:53 - 2019-06-28 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-06-25 12:26 - 2019-06-25 12:26 - 000116667 _____ C:\Users\Normal\AppData\Roaming\Dokaraficu

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-18 00:34 - 2017-01-23 22:30 - 000004220 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A2E1DCFD-D0B0-4CA3-9CBE-8B955F66EC37}
2019-07-18 00:33 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\AppData\Roaming\DMCache
2019-07-18 00:19 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\AppData\Roaming\IDM
2019-07-17 23:44 - 2018-11-15 17:47 - 000000000 ____D C:\Windows\CbsTemp
2019-07-17 23:39 - 2019-01-22 18:15 - 000000000 ____D C:\Users\Normal\Desktop\llanero
2019-07-17 23:32 - 2017-01-07 00:47 - 000000000 ___RD C:\Users\Normal\OneDrive
2019-07-17 23:31 - 2017-01-07 01:58 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-17 23:28 - 2017-01-06 23:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-17 23:28 - 2017-01-06 23:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-17 23:26 - 2017-01-07 00:44 - 000000000 ____D C:\Users\Normal
2019-07-17 21:27 - 2017-06-11 21:14 - 000000000 ____D C:\Users\Normal\AppData\Local\Pokemon Showdown
2019-07-17 14:56 - 2019-05-12 00:25 - 000000000 ____D C:\ProgramData\{B7AA8B96-9F82-F3EE-C7DA-DBC62F32031E}
2019-07-17 14:56 - 2018-07-18 12:48 - 000000000 ____D C:\Users\Normal\AppData\Local\Baheb
2019-07-17 14:56 - 2018-06-26 13:17 - 000000000 ____D C:\Users\Normal\AppData\Local\Fobumud
2019-07-17 14:56 - 2017-03-12 15:12 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Kubapiboka
2019-07-17 14:23 - 2017-08-08 11:54 - 000000000 ____D C:\Users\Normal\AppData\Local\CrashDumps
2019-07-17 14:12 - 2019-05-26 09:00 - 000000000 ____D C:\Users\Normal\Desktop\VISA CHILENA
2019-07-17 14:05 - 2019-02-24 13:25 - 000000000 _RSHD C:\streamer
2019-07-17 14:04 - 2016-07-16 02:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-07-17 14:01 - 2017-03-25 09:42 - 000000000 ____D C:\Users\Normal\AppData\Local\Google
2019-07-17 13:26 - 2019-05-12 00:26 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Recodul
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\Users\Normal\AppData\Roaming\IObit
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\ProgramData\IObit
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\Program Files (x86)\IObit
2019-07-17 13:17 - 2017-09-16 23:11 - 000000000 ____D C:\Users\Normal\AppData\Roaming\DAEMON Tools Lite
2019-07-17 13:17 - 2017-01-07 08:00 - 000000000 ____D C:\Users\Normal\AppData\Roaming\uTorrent
2019-07-17 13:16 - 2016-07-16 07:45 - 000000000 ____D C:\Windows\INF
2019-07-17 13:04 - 2016-07-16 07:47 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-07-17 12:42 - 2017-01-07 01:48 - 000000000 ____D C:\Users\Normal\AppData\Roaming\vlc
2019-07-17 11:10 - 2018-09-29 12:09 - 000003042 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Normal)
2019-07-17 11:08 - 2016-07-16 02:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-07-17 11:04 - 2019-04-23 22:20 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-17 11:04 - 2019-02-26 14:14 - 000000000 ____D C:\Program Files\Recuva
2019-07-16 23:19 - 2017-01-07 04:06 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-16 22:40 - 2019-04-23 22:20 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-16 22:28 - 2017-01-07 01:38 - 000000000 ____D C:\ProgramData\Package Cache
2019-07-16 20:36 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\AppReadiness
2019-07-16 00:58 - 2017-02-21 17:38 - 000000564 _____ C:\Users\Normal\AppData\Roaming\WB.CFG
2019-07-15 21:55 - 2017-08-06 03:16 - 000000000 ____D C:\ProgramData\Norton
2019-07-15 21:41 - 2017-08-06 03:16 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-07-15 18:22 - 2017-01-07 00:58 - 000000000 ____D C:\Users\Normal\AppData\Local\Opera Software
2019-07-15 17:30 - 2017-01-07 00:50 - 000000000 ____D C:\Program Files (x86)\Opera
2019-07-15 00:47 - 2018-02-15 14:11 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Psiphon3
2019-07-13 22:03 - 2018-04-17 14:08 - 000000000 ____D C:\Users\Normal\AppData\Local\tyranoscript
2019-07-13 18:46 - 2018-02-13 16:09 - 000000000 ____D C:\Users\Normal\Documents\MEGAsync Downloads
2019-07-12 15:55 - 2017-07-20 17:36 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2393600599-662570708-1542540813-1001
2019-07-12 15:55 - 2017-01-07 00:47 - 000002445 _____ C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 01:04 - 2017-03-25 09:01 - 000004628 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-11 01:03 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-11 01:03 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-10 20:39 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\Downloads\Compressed
2019-07-10 17:28 - 2019-02-25 18:36 - 000000000 ____D C:\Users\Normal\Downloads\3.0.6-PVP
2019-07-10 16:47 - 2017-09-22 11:25 - 000000000 ____D C:\Users\Normal\Documents\FeedbackHub
2019-07-10 16:42 - 2017-01-13 22:02 - 000000000 ____D C:\Users\Normal\Desktop\ZulaSetup
2019-07-10 15:57 - 2017-01-07 01:46 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-07-10 15:55 - 2017-01-07 01:46 - 000000000 ___HD C:\Windows\msdownld.tmp
2019-07-10 15:31 - 2018-09-29 12:08 - 000002383 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2019-07-06 23:41 - 2019-02-27 17:40 - 000000000 ____D C:\Users\Normal\Downloads\Video
2019-07-05 14:17 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\system32\NDF
2019-06-28 14:54 - 2019-05-26 16:17 - 000002738 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-06-28 14:53 - 2017-01-06 23:54 - 000000000 ____D C:\Program Files (x86)\Intel

==================== Files in the root of some directories ================

2018-10-19 17:40 - 2018-10-16 19:38 - 000054572 _____ () C:\Users\Normal\AppData\Roaming\4_1_18.ico
2019-05-22 16:26 - 2019-05-22 16:26 - 000127497 _____ () C:\Users\Normal\AppData\Roaming\Bagokaticet
2019-06-25 12:26 - 2019-06-25 12:26 - 000116667 _____ () C:\Users\Normal\AppData\Roaming\Dokaraficu
2018-11-11 20:44 - 2018-11-15 14:00 - 000000021 _____ () C:\Users\Normal\AppData\Roaming\fixcfg.ini
2019-05-30 18:27 - 2019-05-30 18:27 - 000226987 _____ () C:\Users\Normal\AppData\Roaming\Gafel
2019-06-17 14:26 - 2019-06-17 14:26 - 000245517 _____ () C:\Users\Normal\AppData\Roaming\Harobis
2019-06-08 00:28 - 2019-06-08 00:28 - 000213226 _____ () C:\Users\Normal\AppData\Roaming\Hiroparako
2018-09-27 01:19 - 2018-09-29 12:52 - 000000025 _____ () C:\Users\Normal\AppData\Roaming\localcache.dat
2019-07-12 13:27 - 2019-07-12 13:27 - 000244616 _____ () C:\Users\Normal\AppData\Roaming\Melem
2019-07-04 01:26 - 2019-07-04 01:26 - 000362246 _____ () C:\Users\Normal\AppData\Roaming\Pahenolefas
2019-05-12 00:15 - 2019-05-12 00:15 - 000315508 _____ () C:\Users\Normal\AppData\Roaming\Puturosodab
2017-02-21 17:38 - 2019-07-16 00:58 - 000000564 _____ () C:\Users\Normal\AppData\Roaming\WB.CFG
2018-02-01 13:41 - 2018-02-01 13:41 - 000000052 _____ () C:\Users\Normal\AppData\Local\b5wqke8ztn
2017-09-24 04:04 - 2017-09-24 04:06 - 000003390 _____ () C:\Users\Normal\AppData\Local\icsys.icn
2018-09-27 01:18 - 2018-09-29 12:58 - 000000180 _____ () C:\Users\Normal\AppData\Local\masm71.dat
2018-07-24 23:21 - 2018-07-24 23:21 - 000007654 _____ () C:\Users\Normal\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-16 01:16
==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Normal (18-07-2019 00:36:07)
Running from C:\Users\Normal\Desktop
Windows 10 Home Version 1607 14393.1715 (X64) (2017-01-07 03:41:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2393600599-662570708-1542540813-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2393600599-662570708-1542540813-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2393600599-662570708-1542540813-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-2393600599-662570708-1542540813-501 - Limited - Enabled)
Normal (S-1-5-21-2393600599-662570708-1542540813-1001 - Administrator - Enabled) => C:\Users\Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Spore" (HKLM-x32\...\{6D35DF2D-7523-4CB6-9E8F-A1660D9F8637}_is1) (Version: 3.0.0.2818 - )
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Chromium (HKLM-x32\...\{23CFCB0F-734F-1A8F-C2CF-6A0F124FB98F}) (Version:  - )
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
HiAlgo BOOST 5.0 (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\HiAlgoBOOST) (Version: 5.0 - HiAlgo Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{0C478EAE-B49D-46A9-8B7F-9634A74602ED}) (Version: 19.6.26.3 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{dbe96554-7594-4bba-b7c5-fc6c72dbaa39}) (Version: 19.6.26.3 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft OneDrive (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617 (HKLM\...\{34FE5428-54F4-3883-9372-AD81FFD14F69}) (Version: 12.0.20617 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617 (HKLM\...\{8DCF8C8F-4ADA-3395-BF10-A3437F9929D4}) (Version: 12.0.20617 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (HKLM-x32\...\{74D52476-2E1E-3F1B-8460-E4ECF2FB6491}) (Version: 12.0.20617 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (HKLM-x32\...\{1F2DC3EA-9682-3AAA-BB63-D9BC1AC17960}) (Version: 12.0.20617 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{449EFED6-5F86-4428-8EB2-3DA1F6E67CE4}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mu Online LA - Season 6 EP3 (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Mu Online LA - Season 6 EP3) (Version:  - )
Opera Stable 62.0.3331.72 (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
Opera Stable 62.0.3331.72 (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Opera 62.0.3331.721) (Version: 62.0.3331.72 - Opera Software)
Opera Stable 62.0.3331.72 (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\Opera 62.0.3331.722) (Version: 62.0.3331.72 - Opera Software)
osu! (HKLM-x32\...\{9b1ccda1-df04-4410-bce4-5e0b7ab4231f}) (Version: latest - ppy Pty Ltd)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Sonic Mania (HKLM-x32\...\{B01CBC6F-72DE-4658-95AD-2135F00A8695}_is1) (Version:  - SEGA)
Stardew Valley - ElAmigos versión 1.3.12 beta (HKLM-x32\...\{B798256B-8466-4DB5-A6A9-6A2C80B40D25}_is1) (Version: 1.3.12 beta - Chucklefish)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Smash Flash 2 Beta (HKLM-x32\...\{7603695C-A9FF-48D5-BE83-CD07DB80E957}_is1) (Version: 1.0.2.0 - McLeodGaming, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 11.0.1.6 - SOSVirus (SOSVirus.Net))
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinDS PRO 2017 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2017 - WinDS PRO Central)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zula (HKLM-x32\...\22DF2438-3A2E-4E99-BA0E-3272968F0290_is1) (Version: 1.08-161115.13404 - Axeso5)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.96.700.0_x86__kgqvnymyfvs32 [2017-09-01] (king.com)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_93.955.37739.0_x86__8xx8rvfyw5nnt [2017-06-22] (Facebook Inc)
IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-02-27] (Tonec Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt [2017-09-19] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1707.2.0_x64__8wekyb3d8bbwe [2017-08-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1707.2.0_x86__8wekyb3d8bbwe [2017-08-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.17.8161.0_x64__8wekyb3d8bbwe [2017-08-30] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.2.101.0_x64__8wekyb3d8bbwe [2017-09-29] (Microsoft Studios)
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.21.2212.0_x64__8wekyb3d8bbwe [2017-08-31] (Microsoft Corporation) [MS Ad]
MSN Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.21.2212.0_x64__8wekyb3d8bbwe [2017-08-30] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.35.181.0_x64__mcm4njqhnhss8 [2017-09-20] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_3.6.0.0_x86__g0q0z3kw54rap [2017-09-06] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm [2017-07-06] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2393600599-662570708-1542540813-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers1: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers2: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers4: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-27 16:28 - 2018-01-28 11:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-02-27 17:51 - 2019-02-11 18:47 - 004034616 _____ (Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.

IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2393600599-662570708-1542540813-1001\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2393600599-662570708-1542540813-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Normal\Documents\MEGAsync Downloads\Fondos\L.jpg
DNS Servers: 200.44.32.12 - 200.109.78.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2E22D433-EC5E-4DF3-84D4-83E82C4827E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A3B9FFC6-DCC0-4506-BC76-D8BC18328C55}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{1DF7543E-BB13-44DD-B269-866903181E33}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{A828FD90-2446-491F-8BFE-66C06575FDAF}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [TCP Query User{A821EAE0-C700-41DA-AE70-A76333AA0DA5}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{F4F6B143-5A0D-47F1-98C9-A4500D94ECC2}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [{F4DF9BA7-71EC-4482-AB94-9DE3A84D92E7}] => (Allow) C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{51D84EB4-40AA-4D1D-A065-38FA1F2BCF01}] => (Allow) C:\Users\Normal\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B3BE1DAA-5470-4471-B3CD-EC5BE62983C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{06491A07-D499-4C0D-BE25-D1464679FA69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{85C86A16-ABE9-4114-8D7D-ECCFC2B285B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{3323D7DD-4876-4976-99ED-5D7D011DE9FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{1E510BDD-6645-4FD6-B6D5-009AFF165406}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe (Valve -> )
FirewallRules: [{9745B748-B07A-497A-8294-37932516481F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe (Valve -> )
FirewallRules: [{45A4D76A-ACD8-475B-8E60-C0C9400BFD22}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\voidels.exe () [File not signed]
FirewallRules: [{458DF07E-126C-4B13-8C56-7BD034A0698B}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\data\x2.exe () [File not signed]
FirewallRules: [{3674E6AF-A734-4FE4-A04D-289D2490B39F}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\data\x2.exe () [File not signed]
FirewallRules: [{5DD8FF39-C0CD-4E12-8C64-C9CB11C3B762}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\data\x2.exe () [File not signed]
FirewallRules: [{B2419574-8D72-4A93-A061-3B715037E3B3}] => (Allow) C:\Program Files (x86)\VoidElsword\VoidElsword\data\x2.exe () [File not signed]
FirewallRules: [TCP Query User{D2697E6A-8325-4EA6-B4D1-45075DACCE7E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B56E1DFF-7FCD-40F1-9B56-EF36DBFFB32F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{BFC3749D-9BB7-40BB-871E-975ED00E0318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{F7052C1A-2680-42B5-941B-83EB0860C22C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{C07392A0-7CC5-4C68-A3E3-AE3043D41DAD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{05BA067C-A2FC-4D45-B541-C7217D6E4417}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4B2FE9C4-92F7-4C94-A740-B1286EE00B8B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{0137CACA-32C2-45DF-839C-53420E449959}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{1B51AB21-FACF-46F4-AB50-C492F47AF81F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{39DC7A16-4C3B-406F-893F-F607C2E4E4A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{32600735-91B1-4133-86D1-FFF4128E58B9}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe () [File not signed]
FirewallRules: [{EFF4415C-7634-44C8-A9D2-5CA65781E39F}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe () [File not signed]
FirewallRules: [TCP Query User{F93B560E-AF4C-4AB9-8CF5-150D552623AF}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe () [File not signed]
FirewallRules: [UDP Query User{3FAC3974-39B2-4B32-904C-DB2B557341EB}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe () [File not signed]
FirewallRules: [TCP Query User{4BCE3222-E48B-4136-B78E-F8922DE8728E}C:\users\normal\desktop\cod4\iw3mp.exe] => (Allow) C:\users\normal\desktop\cod4\iw3mp.exe () [File not signed]
FirewallRules: [UDP Query User{2E6E2B6B-6CCD-484B-B651-0743BC7D15FF}C:\users\normal\desktop\cod4\iw3mp.exe] => (Allow) C:\users\normal\desktop\cod4\iw3mp.exe () [File not signed]
FirewallRules: [{E84C47D9-AB77-4213-ACC5-B189324B42F9}] => (Block) C:\users\normal\desktop\cod4\iw3mp.exe () [File not signed]
FirewallRules: [{8001F987-97A1-418C-84C9-CDFE26E6BAD4}] => (Block) C:\users\normal\desktop\cod4\iw3mp.exe () [File not signed]
FirewallRules: [{802F434E-D60A-42BF-803E-F3EC495259B7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe No File
FirewallRules: [{1449D679-FA6E-433A-90C3-9CFC30891389}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe No File
FirewallRules: [{A665AB85-E6BF-499D-9D20-2EDDCD49D668}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe No File
FirewallRules: [{96F9D511-06C5-4019-A9F4-FD2259EBC9A8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe No File
FirewallRules: [{E8364BA5-7E1F-4CB9-9F30-4693EB00B756}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe No File
FirewallRules: [{02EAB122-F8A2-4D58-941C-43780D31DDDE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe No File
FirewallRules: [TCP Query User{272F8F04-D015-4DC7-9449-C7AF92AB407D}C:\program files\dolphin\dolphin.exe] => (Allow) C:\program files\dolphin\dolphin.exe (Open Source Developer, Pierre Bourdon -> ) [File not signed]
FirewallRules: [UDP Query User{E97EB93E-0B6B-4235-90A4-EAEECBD488C6}C:\program files\dolphin\dolphin.exe] => (Allow) C:\program files\dolphin\dolphin.exe (Open Source Developer, Pierre Bourdon -> ) [File not signed]
FirewallRules: [{5FC02916-7174-4FEB-B4BB-FCEFBF87C148}] => (Allow) LPort=1688
FirewallRules: [{A5A6A5F8-C7DE-461D-8393-32A16BD53782}] => (Allow) C:\Games\Spore\SporeBin\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed]
FirewallRules: [{5D772B0C-E83B-442E-82CB-5E604D117510}] => (Allow) C:\Games\Spore\SporeBin\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed]
FirewallRules: [{EB2C858B-5C38-4115-A357-E7C69D99D25C}] => (Allow) C:\Games\Spore\SporebinEP1\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed]
FirewallRules: [{605F8E85-2A0A-4435-85F4-E3A38529D0F6}] => (Allow) C:\Games\Spore\SporebinEP1\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed]
FirewallRules: [{F44CB89A-3E14-43F6-8F75-FB0977595300}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{E6B28318-3E4D-4070-9D85-5F8B91916A6D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{B263E80C-8F5B-4A3C-BB04-0B6D0169FB91}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{3776828E-579F-4B84-BEB1-F2A47B2A448F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [TCP Query User{151BB74F-F12F-497C-A4C7-DEF6FE9E3765}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe
FirewallRules: [UDP Query User{E2D36865-81C4-4EA8-A57E-BA48FCFB2E38}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe
FirewallRules: [{9BAA6EC4-9B6F-4095-82EA-FA3FDE60AED3}] => (Allow) LPort=1688
FirewallRules: [{1A33A438-6CE2-44C7-A50C-57C47A8D371C}] => (Allow) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{3EAE966C-D2C8-4AD6-98B4-FA9E20B585E6}] => (Allow) C:\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

02-07-2019 01:13:06 Punto de control programado
09-07-2019 19:39:46 Punto de control programado
15-07-2019 18:02:48 Instalador de Módulos de Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2019 06:55:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {2CD39202-3A2F-4935-9A86-65B919919A7F}

Error: (07/17/2019 06:55:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {2CD39202-3A2F-4935-9A86-65B919919A7F}

Error: (07/17/2019 05:43:15 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: No se pudo enumerar las sesiones de usuario para generar los conjuntos de filtros.

Detalles:
	(HRESULT : 0x80040210) (0x80040210)

Error: (07/17/2019 02:23:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1838, marca de tiempo: 0x5d13b12f
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Identificador del proceso con errores: 0x958
Hora de inicio de la aplicación con errores: 0x01d53cca9f7778b3
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Identificador del informe: 4078cf6a-4761-4138-b85c-75bad8efadbf
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (07/17/2019 02:07:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 10.0.14393.1532, marca de tiempo: 0x5965adb0
Nombre del módulo con errores: windows.immersiveshell.serviceprovider.dll, versión: 10.0.14393.1593, marca de tiempo: 0x5980caee
Código de excepción: 0x80270233
Desplazamiento de errores: 0x0000000000033c25
Identificador del proceso con errores: 0xf0c
Hora de inicio de la aplicación con errores: 0x01d53cca4b89db2d
Ruta de acceso de la aplicación con errores: C:\Windows\Explorer.EXE
Ruta de acceso del módulo con errores: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Identificador del informe: 8f03beb4-6092-4cd0-ad7b-51158539151e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (07/17/2019 02:03:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-117G5HU)
Description: No se pudo activar la aplicación Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (07/17/2019 01:30:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 10.0.14393.1532, marca de tiempo: 0x5965adb0
Nombre del módulo con errores: windows.immersiveshell.serviceprovider.dll, versión: 10.0.14393.1593, marca de tiempo: 0x5980caee
Código de excepción: 0x80270233
Desplazamiento de errores: 0x0000000000033c25
Identificador del proceso con errores: 0x718
Hora de inicio de la aplicación con errores: 0x01d53cc53be0a5ae
Ruta de acceso de la aplicación con errores: C:\Windows\Explorer.EXE
Ruta de acceso del módulo con errores: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Identificador del informe: 9270135f-cac2-44d6-93d5-83b72bdfef32
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (07/17/2019 01:16:42 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-2393600599-662570708-1542540813-1001}/">.


System errors:
=============
Error: (07/17/2019 11:33:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-117G5HU)
Description: El servidor {37998346-3765-45B1-8C66-AA88CA6B20B8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/17/2019 11:32:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de plataforma de dispositivos conectados se cerró con el siguiente error: 
Error no especificado

Error: (07/17/2019 11:31:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de plataforma de dispositivos conectados se cerró con el siguiente error: 
Error no especificado

Error: (07/17/2019 11:29:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 y APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/17/2019 11:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SystemUsageReportSvc_QUEENCREEK no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (07/17/2019 11:29:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio SystemUsageReportSvc_QUEENCREEK.

Error: (07/17/2019 11:28:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (07/17/2019 11:28:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio KMSEmulator no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.


Windows Defender:
===================================
Date: 2019-07-17 23:37:47.509
Description: 
Windows Defender detecto malware u otro software potencialmente no deseado.
Para obtener mas informacion consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Shetram!lnk&threatid=2147730333&enterprise=0
Nombre: Worm:Win32/Shetram!lnk
Id.: 2147730333
Gravedad: Grave
Categoria: Gusano
Ruta de acceso: file:_C:\Users\Normal\Desktop\llanero\llanero Copy.lnk
Origen de deteccion: Equipo local
Tipo de deteccion: Concreto
Fuente de deteccion: Proteccion en tiempo real
Usuario: DESKTOP-117G5HU\Normal
Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Version de firma: AV: 1.297.1217.0, AS: 1.297.1217.0, NIS: 1.297.1217.0
Version de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-17 23:23:14.238
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {5DF65073-6320-4067-AEBD-8CE83B94B579}
Tipo de examen: Antimalware
Parametros de examen: Examen rapido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-07-17 13:48:12.046
Description: 
Windows Defender detecto malware u otro software potencialmente no deseado.
Para obtener mas informacion consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoria: Herramienta
Ruta de acceso: file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe
Origen de deteccion: Equipo local
Tipo de deteccion: Concreto
Fuente de deteccion: Proteccion en tiempo real
Usuario: DESKTOP-117G5HU\Normal
Nombre de proceso: C:\Users\Normal\AppData\Roaming\ZHP\ZHPCleaner.exe
Version de firma: AV: 1.297.1217.0, AS: 1.297.1217.0, NIS: 1.297.1217.0
Version de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-17 13:47:58.987
Description: 
Windows Defender detecto malware u otro software potencialmente no deseado.
Para obtener mas informacion consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoria: Herramienta
Ruta de acceso: file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe
Origen de deteccion: Equipo local
Tipo de deteccion: Concreto
Fuente de deteccion: Proteccion en tiempo real
Usuario: DESKTOP-117G5HU\Normal
Nombre de proceso: C:\Users\Normal\AppData\Roaming\ZHP\ZHPCleaner.exe
Version de firma: AV: 1.297.1217.0, AS: 1.297.1217.0, NIS: 1.297.1217.0
Version de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-17 13:47:21.797
Description: 
Windows Defender detecto malware u otro software potencialmente no deseado.
Para obtener mas informacion consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoria: Herramienta
Ruta de acceso: file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe
Origen de deteccion: Equipo local
Tipo de deteccion: Concreto
Fuente de deteccion: Proteccion en tiempo real
Usuario: DESKTOP-117G5HU\Normal
Nombre de proceso: C:\Users\Normal\AppData\Roaming\ZHP\ZHPCleaner.exe
Version de firma: AV: 1.297.1217.0, AS: 1.297.1217.0, NIS: 1.297.1217.0
Version de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4

Date: 2019-07-17 11:08:47.895
Description: 
La caracteristica Proteccion en tiempo real de Windows Defender encontro un error:
Caracteristica: Supervision de comportamiento
Codigo de error: 0x80508023
Descripcion del error: El programa no encontro malware ni otro software potencialmente no deseado en este equipo. 
Motivo: La proteccion antimalware dejo de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

CodeIntegrity:
===================================

Date: 2019-07-17 13:05:26.098
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Normal\AppData\Local\Programs\Opera\62.0.3331.72_1\opera.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-22 16:55:15.703
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\MyDrivers\DriverGenius\dghmpg64.dll that did not meet the Store signing level requirements.

Date: 2018-10-22 16:54:40.436
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\MyDrivers\DriverGenius\dghmpg64.dll that did not meet the Store signing level requirements.

Date: 2018-10-04 21:52:49.312
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\MyDrivers\DriverGenius\dghmpg64.dll that did not meet the Store signing level requirements.

Date: 2018-10-04 21:52:11.360
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\MyDrivers\DriverGenius\dghmpg64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

BIOS: INSYDE 1.40 06/03/2010
Motherboard: Intel Corp. Base Board Product Name
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 2997.86 MB
Available physical RAM: 1495.1 MB
Total Virtual: 5685.86 MB
Available Virtual: 2783.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:296.74 GB) (Free:81.45 GB) NTFS

\\?\Volume{f33842d1-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{f33842d1-0000-0000-0000-e04e4a000000}\ () (Fixed) (Total:0.86 GB) (Free:0.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: F33842D1)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=877 MB) - (Type=27)

==================== End of Addition.txt ============================

Hola @Edgardo1

Mientra analizo los reportes, comenta si aun persiste el problema?

Salu2

1 me gusta

La Verdad es que el problema ya no persiste pero por curiosidad inicie 2 veces el análisis de usb fix y me dice que se ha eliminado streamer lo hice otra vez y streamer me apareció otra vez no se si es el mismo malware o otro?

Hola :slight_smile:

Es duro de roer pega el nuevo reporte y lo veo que por un rato mas voy a seguir conectada.

Salu2

1 me gusta

Usb Fix 2 xd:

# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.016
# Base de datos : 2019.05.21 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Normal (Administrador)
# Dispositivo : DESKTOP-117G5HU
# Comenzó : 18/07/2019 01:14:15
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(81GB/297GB)	[Fixed] 

------------ | Elemento(s) infectado(s) |

Borrado! C:\streamer

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] C:\Windows\explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Normal\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKCU\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
04 - [x64] HKLM\..\Run : [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [OneDrive] "C:\Users\Normal\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2393600599-662570708-1542540813-1001\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

------------ | Tasks |

Task - Adobe Flash Player PPAPI Notifier --> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe -check pepperplugin
Task - Adobe Flash Player Updater --> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task - CCleaner Update --> C:\Program Files\CCleaner\CCUpdate.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - Driver Booster SkipUAC (Normal) --> C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe /skipuac
Task - IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 --> "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" --automatic
Task - IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon --> "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" --automatic
Task - IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 --> C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic
Task - OneDrive Standalone Update Task-S-1-5-21-2393600599-662570708-1542540813-1001 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - Opera scheduled Autoupdate 1563229315 --> C:\Users\Normal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Task - USER_ESRV_SVC_QUEENCREEK --> "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task - User_Feed_Synchronization-{A2E1DCFD-D0B0-4CA3-9CBE-8B955F66EC37} --> C:\Windows\system32\msfeedssync.exe sync
Task - {3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0} --> C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe /Lubufa
Task - {D9E7C655-6C3E-4848-936D-33A40A8BAC87} --> C:\Windows\system32\pcalua.exe -a C:\Users\Normal\Downloads\Programs\chromium-4.0.205.0-(25021)_2.exe -d C:\Users\Normal\Downloads\Programs

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[18/07/2019 - 00:48:26 | ASH | 1227920 Ko] - hiberfil.sys
[18/07/2019 - 00:48:28 | ASH | 2752512 Ko] - pagefile.sys
[18/07/2019 - 00:48:28 | ASH | 262144 Ko] - swapfile.sys
[16/07/2019 - 22:28:38 | SHD] - Config.Msi
[18/07/2019 - 00:30:23 | D] - autorun.inf
[17/05/2017 - 18:29:45 | A | 9 Ko] - Sistema Preapertura de Cuentas - Comprobante Preapertura.html
[07/01/2017 - 09:01:35 | SHD] - $Recycle.Bin
[29/09/2017 - 11:58:06 | HD] - $WINDOWS.~BT
[16/07/2016 - 07:43:00 | ASH | 0 Ko] - BOOTNXT
[16/07/2016 - 07:43:00 | RASH | 375 Ko] - bootmgr
[16/07/2016 - 07:47:47 | D] - PerfLogs
[06/01/2017 - 23:08:37 | SHD] - Documents and Settings
[06/01/2017 - 23:08:38 | SHD] - Archivos de programa
[07/01/2017 - 00:44:37 | RD] - Users
[15/01/2017 - 03:52:37 | D] - Axeso5
[17/05/2017 - 19:05:41 | D] - Sistema Preapertura de Cuentas - Comprobante Preapertura_files
[12/08/2018 - 22:46:30 | D] - Recovery
[27/09/2018 - 01:14:49 | D] - MyDrivers
[15/11/2018 - 13:44:41 | D] - Intel
[01/03/2019 - 12:55:20 | D] - 08c223a6922914e07a
[23/04/2019 - 21:26:49 | A | 0 Ko] - History
[25/04/2019 - 19:05:13 | D] - Games
[12/07/2019 - 12:47:00 | HD] - OneDriveTemp
[17/07/2019 - 13:26:43 | D] - AdwCleaner
[17/07/2019 - 14:01:34 | RD] - Program Files
[17/07/2019 - 14:05:00 | RSHD] - streamer
[17/07/2019 - 14:56:26 | HD] - ProgramData
[18/07/2019 - 00:21:02 | RD] - Program Files (x86)
[18/07/2019 - 00:37:25 | D] - Windows
[18/07/2019 - 00:40:06 | D] - FRST

Elemento(s) infectado(s) : 1
Elementos analizados : 63135 en 00h 00m 15s

# UsbFix-Report-04.txt [6105B]

------------ | E.O.F  |

Hola:

Es el mismo archivo no lo puede eliminar, no te preocupes en un rato te pongo los pasos con FRST.

Ejecuta nuevamente USBFix y vacuna tu equipo si no lo hiciste ya, y ademas desactiva la reproducción automática.

Salu2

1 me gusta

Ok Ya la vacunacion esta completa pero que es exactamente la reproducción automática y como la desactivo?

Hola:

Cuando conectas un USB este no podrá reproducirse automáticamente, tendrás que ir a Equipo y allí si lo abrirás, esto evita que el malware se reproduzca, te deje enlace azul en mi anterior respuesta.

Salu2

1 me gusta

Listo Ya Termine Los 2 Pasos

Hola @Edgardo1

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\RunOnce: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {51B02C18-1DE2-471C-84CF-E6656417FFF2} - System32\Tasks\{3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0} => C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe
C:\Users\Normal\AppData\Roaming\Recodul
Task: C:\Windows\Tasks\{3DCB0C89-2F74-2E1A-48BA-2860FFFF93C0}.job => C:\Users\Normal\AppData\Roaming\Recodul\Gomatafo.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_2_dg&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-2393600599-662570708-1542540813-1001 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> C:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-02-11]
S2 KMSEmulator; temp.exe [X]
S1 bafkwdyy; \??\C:\Windows\system32\drivers\bafkwdyy.sys [X]
S0 bootsafe; system32\drivers\bootsafe64_ev.sys [X]
S1 ckmyfrde; \??\C:\Windows\system32\drivers\ckmyfrde.sys [X]
S1 cwwrngng; \??\C:\Windows\system32\drivers\cwwrngng.sys [X]
S1 djsktwhu; \??\C:\Windows\system32\drivers\djsktwhu.sys [X]
S1 fergugjp; \??\C:\Windows\system32\drivers\fergugjp.sys [X]
S1 fsjdmqwg; \??\C:\Windows\system32\drivers\fsjdmqwg.sys [X]
S1 fvxicksk; \??\C:\Windows\system32\drivers\fvxicksk.sys [X]
S1 heyhyfoz; \??\C:\Windows\system32\drivers\heyhyfoz.sys [X]
S1 ihkebpsg; \??\C:\Windows\system32\drivers\ihkebpsg.sys [X]
S2 ksapi64; system32\drivers\ksapi64.sys [X]
S1 lxpsrkaf; \??\C:\Windows\system32\drivers\lxpsrkaf.sys [X]
S1 mubblxro; \??\C:\Windows\system32\drivers\mubblxro.sys [X]
S1 nggolwdv; \??\C:\Windows\system32\drivers\nggolwdv.sys [X]
S1 nmyrotat; \??\C:\Windows\system32\drivers\nmyrotat.sys [X]
S1 rjwfcbio; \??\C:\Windows\system32\drivers\rjwfcbio.sys [X]
NETSVCx32: dg597 -> no filepath.
2019-07-16 22:40 - 2019-07-16 22:40 - 000000085 _____ C:\Windows\wininit.ini
2019-07-15 18:42 - 2019-07-15 18:42 - 000003372 _____ C:\Windows\System32\Tasks\{D9E7C655-6C3E-4848-936D-33A40A8BAC87}
2019-07-12 13:27 - 2019-07-12 13:27 - 000244616 _____ C:\Users\Normal\AppData\Roaming\Melem
2019-06-25 12:26 - 2019-06-25 12:26 - 000116667 _____ C:\Users\Normal\AppData\Roaming\Dokaraficu
2019-07-04 01:26 - 2019-07-04 01:26 - 000362246 _____ C:\Users\Normal\AppData\Roaming\Pahenolefas
2019-07-17 14:56 - 2019-05-12 00:25 - 000000000 ____D C:\ProgramData\{B7AA8B96-9F82-F3EE-C7DA-DBC62F32031E}
2019-07-17 14:56 - 2018-07-18 12:48 - 000000000 ____D C:\Users\Normal\AppData\Local\Baheb
2019-07-17 14:56 - 2018-06-26 13:17 - 000000000 ____D C:\Users\Normal\AppData\Local\Fobumud
2019-07-17 14:56 - 2017-03-12 15:12 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Kubapiboka
2019-07-17 14:05 - 2019-02-24 13:25 - 000000000 _RSHD C:\streamer
C:\streamer
2019-07-17 13:26 - 2019-05-12 00:26 - 000000000 ____D C:\Users\Normal\AppData\Roaming\Recodul
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\Users\Normal\AppData\Roaming\IObit
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\ProgramData\IObit
2019-07-17 13:26 - 2018-09-29 12:08 - 000000000 ____D C:\Program Files (x86)\IObit
2019-07-17 11:04 - 2019-04-23 22:20 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-16 22:40 - 2019-04-23 22:20 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-15 21:55 - 2017-08-06 03:16 - 000000000 ____D C:\ProgramData\Norton
2019-07-15 21:41 - 2017-08-06 03:16 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-02-01 13:41 - 2018-02-01 13:41 - 000000052 _____ () C:\Users\Normal\AppData\Local\b5wqke8ztn
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers1: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers2: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers4: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Normal\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
FirewallRules: [{802F434E-D60A-42BF-803E-F3EC495259B7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe No File
FirewallRules: [{1449D679-FA6E-433A-90C3-9CFC30891389}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe No File
FirewallRules: [{A665AB85-E6BF-499D-9D20-2EDDCD49D668}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe No File
FirewallRules: [{96F9D511-06C5-4019-A9F4-FD2259EBC9A8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe No File
FirewallRules: [{E8364BA5-7E1F-4CB9-9F30-4693EB00B756}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe No File
FirewallRules: [{02EAB122-F8A2-4D58-941C-43780D31DDDE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

4.- Luego de reiniciar actualiza Java a su ultima versión:

https://www.java.com/es/download/


Y por ultimo una pregunta por que no has actualizado tu Windows 10???

  • Platform: Windows 10 Home Version 1607

Y ya va por la 1903.

Nos comentas , hasta mañana…:upside_down_face:

Salu2.

1 me gusta