Notificaciones tmuo.bohemuchnehe.club


#1

de tanto en tanto me sale en el navegador chrome notificaciones molestosas como publicidad desde con el dominio tmuo.bohemuchnehe.club y el eset nod32 antivirus me indica tambien que chrome se quiso redireccionar al sitio tmuo.bohemuchnehe.club

me he ido a notificaciones del chrome y ahi estaban entradas desde ese dominio los elimine y aun siguen saliendo este adaware molestosa

les ruego me pueden ayudar??


#2

Hola @Cortana

Bienvenido a esta nueva etapa de InfoSpyware…!!!

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Lo ejecutas usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2


#3

ok lo haré hoy ya es tarde mañana te enviaré los reportes


#4

Hola:

Por aquí esperamos esos reportes.

Salu2


#5
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-16-2019
# Duration: 00:00:11
# OS:       Windows 7 Ultimate
# Scanned:  32265
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1328 octets] - [13/01/2019 22:41:34]
AdwCleaner[C00].txt - [1474 octets] - [13/01/2019 22:42:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

#6

he pegado el reporte de adw pero no sale lo ves? me sale un aviso de akismet


#7
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-16-2019
# Duration: 00:00:11
# OS:       Windows 7 Ultimate
# Scanned:  32265
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1328 octets] - [13/01/2019 22:41:34]
AdwCleaner[C00].txt - [1474 octets] - [13/01/2019 22:42:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

#8
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 16/1/19
Hora del análisis: 10:16
Archivo de registro: b3e20b73-19a1-11e9-b436-448a5b65d11a.json
Administrador: Sí

-Información del software-
Versión: 3.3.1.2183
Versión de los componentes: 1.0.236
Versión del paquete de actualización: 1.0.8818
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: marvis-PC\marvis

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 158440
Amenazas detectadas: 0
(No hay elementos maliciosos detectados)
Amenazas en cuarentena: 0
(No hay elementos maliciosos detectados)
Tiempo transcurrido: 2 min, 28 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)


(end)

#9

ya han pasado 8 horas y ninguna respuesta

bueno creo que me iré a otro foro por ayuda


#10

Hola:

Casualidad son las horas que duermo por día.

Somos personas, no robots, y si tienes urgencias puedes ir a un Servicio Técnico y pagar por el mantenimiento de tu equipo.

Si deseas continuar, realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2


#11

holas lo que pasa es que le di los reportes a las 9 de la mañana y estuve esperando y nada hasta que fueron las 6pm y me molesté crei que no me iban a ayudar, no la ofendí en ningun momento la verdad quizas el problema es el horario diferente que tenemos que horas tiene usted? yo aqui son las 22 horas

saludos hare lo que me recomendó


#12

Hola @Cortana

Exacto el problema es que aquí convergen compañeros de habla Hispana de todo el Mundo, aquí en Argentina en este momento son las 00 07, pero ademas todos tenemos diferentes costumbres/horarios y obligaciones.

Ejecuta FRST y trae los dos reportes para analizarlos.

Salu2.


#13

ok entiendo disculpa por el exabrupto

aqui estan los reportes


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2017 ([color=red]ATTENTION: ====> FRSTversion is 396 days old and could be outdated[/color])
Ran by marvis (administrator) on MARVIS-PC (17-01-2019 00:27:14)
Running from C:\Users\marvis\Desktop\datos ultimos 7
Loaded Profiles: marvis (Available Profiles: marvis)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Home Cooked Gadgets) C:\Users\marvis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DriveManager.gadget\helper\DriveManagerHelper.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6635224 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [2772128 2017-10-01] (Paramount Software UK Ltd)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-06-12] ()
HKLM\...\Run: [ysicp] => C:\Program Files\Instant Color Picker\icp.exe [1772032 2009-09-05] (Young Smart Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [169616 2018-12-14] (ESET)
HKLM\...\Run: [Braina] => "C:\Program Files\Braina\Braina.exe" -tray
HKU\S-1-5-21-523969785-2842616328-2162502144-1000\...\Run: [Google Update] => C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-19] (Google Inc.)
HKU\S-1-5-21-523969785-2842616328-2162502144-1000\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
HKU\S-1-5-21-523969785-2842616328-2162502144-1000\...\Run: [LAN Messenger] => C:\Program Files\LAN Messenger\lmc.exe
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{823E3DAC-9176-43A7-AFBB-2AF6060182A2}: [DhcpNameServer] 200.48.225.130 200.48.225.146

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-523969785-2842616328-2162502144-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-523969785-2842616328-2162502144-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-06-12] (Wondershare)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi [2017-11-18] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-23] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-523969785-2842616328-2162502144-1000: @tools.google.com/Google Update;version=3 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-523969785-2842616328-2162502144-1000: @tools.google.com/Google Update;version=9 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.pe/
CHR Profile: C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default [2019-01-17]
CHR Extension: (Presentaciones) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
CHR Extension: (Documentos) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-10]
CHR Extension: (Google Drive) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-10]
CHR Extension: (Búsqueda de Google) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-11-10]
CHR Extension: (Video Downloader professional) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-01-04]
CHR Extension: (Hojas de cálculo) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-10]
CHR Extension: (Fair AdBlocker) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2018-07-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\marvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-05]
StartMenuInternet: Google Chrome.F3QNTL7P6IXGARMBIMZKO5C6MY - C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-08-23] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1833552 2018-12-14] (ESET)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3298792 2017-11-09] (Paramount Software UK Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [124776 2018-11-06] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149192 2018-11-06] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [94712 2018-11-06] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2017-12-24] (LogMeIn, Inc.)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [31224 2017-01-18] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2017-11-08] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [25128 2017-11-10] (Windows (R) Win 7 DDK provider)
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-17 00:26 - 2019-01-17 00:27 - 000000000 ____D C:\FRST
2019-01-16 10:35 - 2019-01-16 10:35 - 000001558 _____ C:\Users\marvis\Desktop\informe.txt
2019-01-16 01:56 - 2019-01-16 01:56 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-16 01:56 - 2019-01-16 01:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-16 01:56 - 2019-01-16 01:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-16 01:56 - 2019-01-16 01:56 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-16 01:56 - 2017-11-01 08:54 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2019-01-14 00:53 - 2019-01-16 02:39 - 000068497 _____ C:\Users\marvis\Desktop\codigofuente2.txt
2019-01-04 00:41 - 2019-01-04 00:42 - 008961557 _____ C:\Users\marvis\Downloads\53281e9a-7836-431d-bf67-52bb19f1296e.tmp
2018-12-27 15:15 - 2018-12-27 15:15 - 000002671 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2018-12-27 15:15 - 2018-12-27 15:15 - 000000000 ____D C:\Program Files\MSECache
2018-12-27 15:15 - 2018-12-27 15:15 - 000000000 ____D C:\Program Files\Microsoft Office
2018-12-27 15:09 - 2018-12-27 15:09 - 000000000 ____D C:\Users\marvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2018-12-27 15:09 - 2018-12-27 15:09 - 000000000 ____D C:\Program Files\Microsoft Research
2018-12-24 20:51 - 2019-01-17 00:27 - 000000000 ____D C:\Users\marvis\Desktop\datos ultimos 7

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-17 00:11 - 2017-12-19 19:39 - 000000000 ____D C:\Program Files\sXe Injected
2019-01-16 23:15 - 2009-07-13 23:34 - 000020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-16 23:15 - 2009-07-13 23:34 - 000020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-16 20:22 - 2017-11-10 20:15 - 000585612 _____ C:\Users\marvis\Desktop\datos nuevos 1.txt
2019-01-16 09:15 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-14 20:11 - 2017-11-14 13:21 - 000000000 ____D C:\Program Files\Counter-Strike 1.6
2019-01-14 03:26 - 2017-11-17 02:19 - 000001456 _____ C:\Users\marvis\AppData\Local\Adobe Guardar para Web 11.0 Prefs
2019-01-14 02:29 - 2017-12-17 17:41 - 000000000 ____D C:\AdwCleaner
2019-01-12 20:15 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2019-01-04 16:30 - 2017-12-05 03:16 - 000000000 ____D C:\Windows\Minidump
2018-12-28 01:26 - 2018-12-13 16:15 - 000000000 ____D C:\Users\marvis\Desktop\nuevos archivos para la web
2018-12-27 15:15 - 2009-07-13 21:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-24 20:52 - 2018-10-15 13:33 - 000000000 ____D C:\Users\marvis\Desktop\datos ultimos 6

==================== Files in the root of some directories =======

2017-11-15 17:54 - 2017-11-09 13:10 - 000363200 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-11-10 13:03 - 2017-11-10 14:12 - 007649280 _____ () C:\Program Files\GUTA6E9.tmp
2018-01-23 10:37 - 2018-05-30 19:52 - 001249792 _____ (http://www.ruby-lang.org/) C:\Users\marvis\AppData\Roaming\msvcr90-ruby191.dll
2017-11-17 02:19 - 2019-01-14 03:26 - 000001456 _____ () C:\Users\marvis\AppData\Local\Adobe Guardar para Web 11.0 Prefs
2017-11-18 21:10 - 2017-11-18 21:10 - 000000756 _____ () C:\Users\marvis\AppData\Local\recently-used.xbel
2017-11-20 17:58 - 2017-11-20 17:58 - 000000017 _____ () C:\Users\marvis\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-13 17:04

==================== End of FRST.txt ============================

adition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2017
Ran by marvis (17-01-2019 00:27:40)
Running from C:\Users\marvis\Desktop\datos ultimos 7
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2017-11-08 19:53:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-523969785-2842616328-2162502144-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-523969785-2842616328-2162502144-1002 - Limited - Enabled)
Invitado (S-1-5-21-523969785-2842616328-2162502144-501 - Limited - Disabled)
marvis (S-1-5-21-523969785-2842616328-2162502144-1000 - Administrator - Enabled) => C:\Users\marvis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Alien Shooter versión 1.0 (HKLM\...\{D019D6D7-4F7B-4167-A564-970CAAB672AE}_is1) (Version: 1.0 - )
AnyBurn (HKLM\...\AnyBurn) (Version: 4.1 - Power Software Ltd)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudioShell 1.3.5 (HKLM\...\AudioShell_is1) (Version: 1.3.5 - Softpointer Inc)
AutoPlay Media Studio 8 Personal Edition (HKLM\...\AutoPlay Media Studio 8 Personal Edition) (Version: 8.0.1.1 - Indigo Rose Corporation)
BadCopy Pro (HKLM\...\BadCopy Pro) (Version:  - )
Chess Titans (HKLM\...\Chess Titans) (Version: 1.3 - Microsoft Windows)
ChordPulse (HKLM\...\ChordPulse) (Version:  - )
Colasoft MAC Scanner 2.3 (HKLM\...\Colasoft MAC Scanner 2.3_is1) (Version: 2.3 - Colasoft)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
Disk SpeedUp 5.0.1.61 (HKLM\...\Disk SpeedUp) (Version: 5.0.1.61 - Glarysoft Ltd)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
EASEUS Data Recovery Wizard Free Edition 5.0.1 (HKLM\...\EASEUS Data Recovery Wizard Free Edition 5.0.1_is1) (Version:  - EASEUS)
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
E-ditor 3.0 (HKLM\...\{C5DB7AC9-2A59-4431-8683-2EFBDC9E150F}) (Version: 3.0.1090 - Mediapacker)
ESET Security (HKLM\...\{F2816494-CF25-4B95-B483-1BC3B202BA74}) (Version: 11.0.144.0 - ESET, spol. s r.o.)
FlashText (remove only) (HKLM\...\FlashText) (Version:  - )
Folder Size 3.8.0.0 (HKLM\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.8.0.0 - MindGems, Inc.)
FPS Monitor (HKLM\...\FPS Monitor_is1) (Version: 1 - )
Free MP3 Cutter 2.1 (HKLM\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.21.5278 - GOM & Company)
Google Chrome (HKU\S-1-5-21-523969785-2842616328-2162502144-1000\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Helm (HKLM\...\{03FAA295-7DC6-47CE-9F27-1E383A48B4BF}) (Version: 0.9.0.0 - Matt Tytel)
Injected Anti-cheat (HKLM\...\Injected Anti-cheat) (Version: 17.2.0.0 - Alejandro Cortés)
Injected Anti-cheat Fix 2 15.8.2.0 (HKLM\...\Injected Anti-cheat Fix 2 15.8.2.0) (Version: 15.8.2.0 - © 2016, SantaCS)
Instant Color Picker 2.5.0.32 (HKLM\...\{2301DA07-8DC7-492F-8BC0-0C83BB0C6997}_is1) (Version: 2.5.0.31 - Young Smart Software)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
IsoBuster 1.6 (HKLM\...\IsoBuster_is1) (Version: 1.6 - Smart Projects)
K-Lite Codec Pack 10.3.0 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Limbo Full (HKLM\...\Limbo Full) (Version:  - )
LMMS 1.1.3 (HKLM\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Macrium Reflect Free Edition (HKLM\...\{4AF27645-08C5-47AD-A11A-8E8C104DAEE9}) (Version: 7.1.2697 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Macromedia Fireworks 8 (HKLM\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Photoshop CS5 Extended 12.0 (HKLM\...\Photoshop CS5 Extended 12.0) (Version:  - )
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
SMRecorder 1.3.2 (HKLM\...\SMRecorder) (Version: 1.3.2 - SMRecorder)
TeamTalk 4 (HKLM\...\TeamTalk4_is1) (Version:  - BearWare.dk)
VdhCoApp 1.2.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebP Codec for Windows 0.19 (HKLM\...\{4D8BB544-B7BF-4D50-AEED-ACECC25DADB4}) (Version: 0.19.9 - Google Inc)
Wi-Fi Scanner version 2.0.0.20 (HKLM\...\{2A3B6859-0CA1-4B6B-9E79-EAE7B28C0E0A}_is1) (Version: 2.0.0.20 - LizardSystems)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wise Memory Optimizer 3.5.2 (HKLM\...\Wise Memory Optimizer_is1) (Version: 3.5.2 - WiseCleaner.com, Inc.)
Wondershare Video Converter Ultimate(Build 8.7.0.5) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.0.5 - Wondershare Software)
YAMAHA SoundVQ Encoder Version2.60b9 (HKLM\...\YAMAHA-SVQenc-DeinstKey) (Version:  - )
YAMAHA SoundVQ Player and Plug-in Ver2.52eb1 (HKLM\...\YAMAHA-SVQ-PH-DeinstKey) (Version:  - )
Youtica Power Copy (HKLM\...\{2A872128-573D-4066-B511-68F2D47FD19E}) (Version: 1.6.0.0 - Youtica)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\marvis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\marvis\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{281CBB00-E8AE-4B03-A7C7-221446698C0A}\InprocServer32 -> C:\Program Files\AudioShell\AudioShellExt.dll (Softpointer Inc)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\marvis\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\marvis\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}\InprocServer32 -> C:\Program Files\AudioShell\AudioShellExt.dll (Softpointer Inc)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\marvis\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.23\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\marvis\AppData\Local\Google\Update\1.3.33.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-523969785-2842616328-2162502144-1000_Classes\CLSID\{FFEB2642-1362-4524-98BF-CE0806E36F5B}\InprocServer32 -> C:\Program Files\AudioShell\AudioShellExt.dll (Softpointer Inc)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-12-14] (ESET)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => C:\Windows\System32\WSCM32.dll [2015-02-27] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-12-14] (ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [PowerCopyContextMenuExtension] -> {F2C20ACA-139A-44A2-B02E-BA8E7E71613F} => C:\Program Files\Youtica Power Copy\PowerCopyShellExtensions.dll [2010-01-11] (Youtica)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-08-19] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-12-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D1A0BF6-E3B0-4FCD-B99E-AD7B7448BEE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-11-10] (Google Inc.)
Task: {544D0456-8E2D-4C17-9AA0-786327B76D03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523969785-2842616328-2162502144-1000UA => C:\Users\marvis\AppData\Local\Google\Update\GoogleUpdate.exe [2017-11-10] (Google Inc.)
Task: {72B90A3B-222C-411F-8319-6C8245E2D1BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523969785-2842616328-2162502144-1000Core => C:\Users\marvis\AppData\Local\Google\Update\GoogleUpdate.exe [2017-11-10] (Google Inc.)
Task: {D5CA2DD9-DCD0-4706-B8D8-0BE19DFBE650} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-11-10] (Google Inc.)
Task: {E6BA4593-848D-49D0-806A-FA2EBCA6555C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-12 15:23 - 2018-12-11 23:58 - 002260960 _____ () C:\Users\marvis\AppData\Local\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-12 15:23 - 2018-12-11 23:58 - 000128480 _____ () C:\Users\marvis\AppData\Local\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:088B37DC [312]
AlternateDataStreams: C:\ProgramData\TEMP:88812874 [412]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-523969785-2842616328-2162502144-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\marvis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.48.225.130 - 200.48.225.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3F72E446-962F-494D-B63C-6B626DC683EC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4D939475-33B9-44A9-9BD0-F9465F159F02}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{85731D8C-8C79-4437-94CD-DC1B031BF1C5}] => (Allow) C:\Program Files\TeamTalk4\TeamTalk4.exe
FirewallRules: [{A93A48AD-ED52-4335-8759-B824770B7AD1}] => (Allow) C:\Program Files\TeamTalk4\TeamTalk4.exe
FirewallRules: [{33A8A66A-B92B-41C9-86F8-6ADB48FE49E5}] => (Allow) C:\Program Files\Braina\Braina.exe
FirewallRules: [{729359B3-C7C6-4D02-B819-A33B6A1F585A}] => (Allow) C:\Program Files\Braina\Braina.exe
FirewallRules: [{0F8D777F-BA77-4449-8778-D7DA126C499E}] => (Allow) C:\Program Files\Braina\Braina.exe
FirewallRules: [{4665A205-3446-4CC8-A0D5-BCBF86ACE84B}] => (Allow) C:\Program Files\Braina\bhp.exe
FirewallRules: [{2A9BCA36-265A-4656-9F75-387A5684F5BB}] => (Allow) C:\Program Files\Braina\bhp.exe
FirewallRules: [{359CE07F-0E15-434C-907D-3ABDF456F47E}] => (Allow) C:\Program Files\Braina\bhp.exe
FirewallRules: [{A5DBF8D3-D040-4B8A-8563-E73808BDA04B}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{70650BC2-3ECE-4504-9C15-12EC32F1EFCC}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{30714E4C-A1B0-471E-834B-C719069A78A3}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{1F173D51-2DDB-4435-BDB9-430851E89270}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{E41400BE-1439-402B-B8CB-64F9BA97F8AA}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{5B10368E-1DED-4A2C-A026-E6C845870731}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{32F3ABAC-C442-4350-85CC-3F754365FB69}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\ra95-spawn.exe
FirewallRules: [{5B65743C-D5B4-4EF4-925A-4C1FA109D697}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\ra95-spawn.exe
FirewallRules: [{ABE2447C-11CB-40C2-B50A-7B1954217DED}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{7A07B3BF-18D6-4843-85D8-BED3D470D525}] => (Allow) C:\Games\CnCNet\RedAlert1_Online\cncnet5.exe
FirewallRules: [{5FDB5244-4CE1-4675-BF2F-760015453C72}] => (Allow) C:\Users\marvis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controladora de bus serie universal(USB)
Description: Controladora de bus serie universal(USB)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controladora simple de comunicaciones PCI
Description: Controladora simple de comunicaciones PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2019 01:37:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\Youtica Power Copy\Power Copy 1.6 (64-bit standalone).exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (01/16/2019 10:11:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\marvis\Desktop\datos ultimos 7\CCleaner 32 y 64 bitsPORTABLE\CCleaner PORTABLE\CCleaner64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (01/16/2019 09:17:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (01/16/2019 09:15:36 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (01/16/2019 09:15:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x80070005

Error: (01/15/2019 10:12:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (01/15/2019 10:11:09 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (01/15/2019 10:11:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x80070005

Error: (01/14/2019 04:52:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\Youtica Power Copy\Power Copy 1.6 (64-bit standalone).exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (01/14/2019 11:21:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (01/16/2019 01:47:18 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.

Error: (01/15/2019 05:29:25 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.

Error: (01/14/2019 09:13:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.

Error: (01/14/2019 01:23:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.

Error: (01/13/2019 10:42:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar la ruta especificada.

Error: (01/13/2019 10:42:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (01/13/2019 10:42:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Wondershare Application Framework Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/13/2019 10:42:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (01/13/2019 10:42:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Macrium Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (01/12/2019 08:45:30 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.


CodeIntegrity:
===================================
  Date: 2017-12-25 22:09:39.315
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G3220 @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 3464.01 MB
Available physical RAM: 1703.55 MB
Total Virtual: 6926.34 MB
Available Virtual: 5015.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.17 GB) (Free:2.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 37.3 GB) (Disk ID: 07319CEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#14

Hola @Cortana

No hiciste los pasos tal como te indique esa versión de FRST que ejecutaste tiene más de un año de Antigüedad.

(ATTENTION: ====> FRSTversion is 396 days old and could be outdated)

Elimina ese ejecutable y sigue los pasos.

Nos pegas los nuevos reportes.

Salu2


#15

ah ok entiendo me bajare la ultima version


#16

Hola:

Por acá te esperamos.:+1:

Salu2