Problemas al navegar


#1

tengo una canaimita con 2g de ram. al abrir paginas de internet se torna muy lenta incluso si es twitter , facebook, etc. al igual que al tratar de ver algo en youtube. descargue los programas que aca recomiendan pues los sigo para aprender. les dejare los informes y gracias de antemano


#3

malwarbytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del an√°lisis: 30/1/19
Hora del an√°lisis: 19:52
Archivo de registro: 0a20743a-24ea-11e9-ae04-00ff2d65cfcf.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.527
Versión del paquete de actualización: 1.0.9016
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: JHONNY\ricardo

-Resumen del an√°lisis-
Tipo de an√°lisis: An√°lisis de amenazas
An√°lisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 206403
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 17 min, 3 seg

-Opciones de an√°lisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del an√°lisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#4

ZHPCleaner

~ ZHPCleaner v2019.2.4.17 by Nicolas Coolman (2019/02/04)
~ Run by ricardo (Administrator)  (17/02/2019 18:19:18)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : 
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\ricardo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ricardo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Sans échec (Fail-safe boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)


---\\  Tareas autom√°ticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 45786
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h19mn57s

---\\  Reporte (3)
ZHPCleaner-[R]-16022019-21_06_31.txt
ZHPCleaner-[S]-16022019-21_04_23.txt
ZHPCleaner-[S]-17022019-18_39_15.txt

#5

frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 6-02-2019
Ran by ricardo (administrator) on JHONNY (17-02-2019 18:41:09)
Running from C:\Users\ricardo\Desktop
Loaded Profiles: ricardo (Available Profiles: ricardo & Invitado)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Espa√Īol (Espa√Īa, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\ricardo\Desktop\Downloads\ZHPCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

#6

FRST 2

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267576 2019-01-18] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [Chromium] => c:\users\ricardo\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [646144 2014-06-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2019-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\new photo today.wsf [2016-05-03] ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.5.50.1 10.6.60.1 192.168.0.1
Tcpip\..\Interfaces\{1BBCEB30-F24C-4155-BE1B-C6DD7565062C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{5F947BEF-41F3-4B36-BCD3-DF399B8B48A1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8EE8A847-147C-425D-ADEB-30F80D0EDE8D}: [DhcpNameServer] 192.168.0.1 10.5.50.1
Tcpip\..\Interfaces\{E26234D7-235B-42A0-914F-63ED911633C9}: [DhcpNameServer] 10.5.50.1 10.6.60.1 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.wupuf.com/?f=4&a=wbf_dpchi_18_23_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtC0C0EtBtC0CzztDtAtCtN0D0Tzu0StBtAyEyBtN1L2XzuyEtFtByEtFtDtFzyzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyE0CtAtC0DtBtBtGtCzztDyEtGyB0Dzz0CtGtAyC0FyDtGyB0Fzy0DtCyDzzzz0FyCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyCyCzyyBzztCtGtAyD1OyBtGyEyC1S1PtG1StDtDtCtG1QyB1S1P1QyB1PtCyD1TtDtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEtAyBtN1Q2Z1B1P1RzutCyDtBzztBtDyDtCyByD&cr=2040213107&ir=&uref=IE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.wupuf.com/?f=4&a=wbf_dpchi_18_23_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtC0C0EtBtC0CzztDtAtCtN0D0Tzu0StBtAyEyBtN1L2XzuyEtFtByEtFtDtFzyzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyE0CtAtC0DtBtBtGtCzztDyEtGyB0Dzz0CtGtAyC0FyDtGyB0Fzy0DtCyDzzzz0FyCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyCyCzyyBzztCtGtAyD1OyBtGyEyC1S1PtG1StDtDtCtG1QyB1S1P1QyB1PtCyD1TtDtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEtAyBtN1Q2Z1B1P1RzutCyDtBzztBtDyDtCyByD&cr=2040213107&ir=&uref=IE&q={searchTerms}

FireFox:
========
FF DefaultProfile: w08ubc2w.default
FF ProfilePath: C:\Users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\w08ubc2w.default [2019-01-31]
FF Homepage: Mozilla\Firefox\Profiles\w08ubc2w.default -> hxxps://www.malwarebytes.org/restorebrowser//?f=1&a=wbf_dpchi_18_23_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtC0C0EtBtC0CzztDtAtCtN0D0Tzu0StBtAyEyBtN1L2XzuyEtFtByEtFtDtFzyzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyE0CtAtC0DtBtBtGtCzztDyEtGyB0Dzz0CtGtAyC0FyDtGyB0Fzy0DtCyDzzzz0FyCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyCyCzyyBzztCtGtAyD1OyBtGyEyC1S1PtG1StDtDtCtG1QyB1S1P1QyB1PtCyD1TtDtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEtAyBtN1Q2Z1B1P1RzutCyDtBzztBtDyDtCyByD&cr=2040213107&ir=&uref=Firefox
FF Extension: (Google Code Correction) - C:\Users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\w08ubc2w.default\features\{d2ffd5be-191c-409d-9927-395979a47869}\[email protected] [2018-12-13] [Legacy]
FF Extension: (Telemetry coverage) - C:\Users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\w08ubc2w.default\features\{d2ffd5be-191c-409d-9927-395979a47869}\[email protected] [2018-12-13] [Legacy]
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default [2019-02-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
CHR Profile: C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2018-04-25]
CHR Extension: (Skype) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Profile: C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [5032848 2018-07-02] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [322792 2018-12-11] (McAfee, Inc. -> McAfee, Inc.)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] (Huawei Technologies Co.,Ltd. -> )
S2 UDisk Monitor Z5 Phone; C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe [585416 2013-11-18] (ZTE CORPORATION -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 DIGITEL. RunOuc; C:\Program Files\DIGITEL 3G\UpdateDog\ouc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 bmusbser; C:\Windows\System32\DRIVERS\bmusbser.sys [105216 2010-08-26] (Microsoft Windows Hardware Compatibility Publisher -> BM)
S3 GeneralusbserialserZ52203; C:\Windows\System32\DRIVERS\CT_U_USBSER_Z5.sys [213192 2013-11-18] (ZTE CORPORATION -> QUALCOMM Incorporated)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-13] (Microsoft Windows -> Hewlett-Packard Company)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [240440 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-13] (Microsoft Windows -> QLogic Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68608 2014-05-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial.sys [35840 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [190976 2012-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2362952 2013-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (NGO -> MBB)
S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 catchme; \??\C:\Users\ricardo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-17 18:41 - 2019-02-17 18:42 - 000012083 _____ C:\Users\ricardo\Desktop\FRST.txt
2019-02-17 18:22 - 2019-02-17 18:41 - 000000000 ____D C:\Users\ricardo\Desktop\informes
2019-02-17 18:14 - 2019-02-17 18:40 - 000227242 _____ C:\Windows\ntbtlog.txt
2019-02-16 21:22 - 2019-02-16 21:22 - 000000004 ____H C:\ProgramData\cm-lock
2019-02-16 21:20 - 2019-02-17 18:15 - 000240440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-16 19:38 - 2019-02-16 19:57 - 001599815 _____ C:\Users\ricardo\Desktop\IFS.exe
2019-02-16 18:55 - 2019-02-16 18:55 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-16 18:55 - 2019-02-16 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-16 18:54 - 2019-01-08 15:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-02-12 15:44 - 2019-02-12 15:44 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-02-12 15:44 - 2019-02-12 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-02-12 15:44 - 2019-02-12 15:44 - 000000000 ____D C:\Program Files\iPod
2019-02-12 14:40 - 2019-02-12 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-02-06 23:21 - 2019-02-17 18:41 - 000000000 ____D C:\FRST
2019-02-06 22:56 - 2019-02-06 22:57 - 001793024 _____ (Farbar) C:\Users\ricardo\Desktop\FRST.exe
2019-02-06 22:53 - 2019-02-17 18:39 - 000000000 ____D C:\Users\ricardo\AppData\Roaming\ZHP
2019-02-06 22:53 - 2019-02-06 22:53 - 000000000 ____D C:\Users\ricardo\AppData\Local\ZHP
2019-02-01 22:32 - 2019-02-01 22:32 - 000002045 _____ C:\Users\ricardo\Desktop\McAfee Security Scan Plus.lnk
2019-02-01 22:32 - 2019-02-01 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2019-02-01 22:31 - 2019-02-14 03:13 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2019-02-01 21:58 - 2019-02-01 22:32 - 000000000 ____D C:\Program Files\McAfee Security Scan
2019-01-31 14:29 - 2019-01-31 15:37 - 007666296 _____ (ESET spol. s r.o.) C:\Users\ricardo\Desktop\esetonlinescanner_esl.exe
2019-01-30 20:08 - 2019-01-30 20:08 - 000000000 ____D C:\Users\ricardo\AppData\Local\ESET
2019-01-22 19:32 - 2019-01-22 19:32 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-17 18:23 - 2010-05-06 00:31 - 000000000 ____D C:\Users\ricardo\Desktop\no tocar
2019-02-17 18:19 - 2018-11-24 10:46 - 000000000 ____D C:\Users\ricardo\Desktop\varios
2019-02-17 14:20 - 2018-10-04 23:23 - 000000068 __RSH C:\Windows\system32\Drivers\winhv.winsecurity
2019-02-17 13:53 - 2018-10-04 23:23 - 000000068 __RSH C:\Windows\system32\Drivers\wmiacpi.winsecurity
2019-02-17 13:22 - 2009-07-14 00:34 - 000010112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-17 13:22 - 2009-07-14 00:34 - 000010112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-16 22:20 - 2018-12-29 02:26 - 000000000 ___RD C:\Users\ricardo\iCloudDrive
2019-02-16 21:20 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-16 21:13 - 2018-01-24 15:27 - 000000000 ____D C:\FSTool
2019-02-16 18:49 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2019-02-15 13:07 - 2017-04-06 15:40 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-15 13:07 - 2009-07-14 04:48 - 000747230 _____ C:\Windows\system32\perfh00A.dat
2019-02-15 13:07 - 2009-07-14 04:48 - 000158670 _____ C:\Windows\system32\perfc00A.dat
2019-02-15 13:07 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2019-02-14 23:08 - 2018-12-14 19:38 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-14 23:08 - 2018-12-14 19:38 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-14 22:48 - 2018-05-28 09:43 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2019-02-14 22:48 - 2018-05-28 09:43 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-02-14 22:48 - 2018-05-28 09:43 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 15:44 - 2018-12-27 19:13 - 000000000 ____D C:\Program Files\iTunes
2019-02-04 17:09 - 2018-08-29 17:58 - 000001256 _____ C:\DelFix.txt
2019-02-04 16:24 - 2018-11-07 20:31 - 000000000 ____D C:\Users\ricardo\Desktop\JUEGOS
2019-02-04 16:24 - 2018-06-10 10:11 - 000000000 ____D C:\Users\ricardo\Desktop\FOTOP
2019-02-03 10:35 - 2018-12-12 08:25 - 000000000 ____D C:\Users\ricardo\AppData\Local\ElevatedDiagnostics
2019-02-03 00:42 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2019-02-02 22:23 - 2009-07-13 22:04 - 000000215 _____ C:\Windows\system.ini
2019-02-02 22:03 - 2018-08-04 09:06 - 005660510 ____R (Swearware) C:\Users\ricardo\Desktop\ComboFix.exe
2019-02-01 22:05 - 2018-05-25 14:26 - 000000000 ____D C:\Users\ricardo\AppData\Local\Adobe
2019-01-31 20:42 - 2009-07-14 00:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-01-31 14:38 - 2018-08-04 09:41 - 000000000 ____D C:\Windows\pss
2019-01-31 14:06 - 2018-08-04 09:24 - 000000000 ____D C:\Program Files\CCleaner
2019-01-31 13:52 - 2017-04-06 15:29 - 000000000 ____D C:\Users\ricardo
2019-01-31 08:22 - 2018-04-27 03:40 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-01-31 08:06 - 2018-12-29 15:36 - 000000000 ____D C:\Users\Invitado
2019-01-31 08:06 - 2018-06-22 19:45 - 000000000 ____D C:\Program Files\TAP-Windows
2019-01-31 08:06 - 2018-05-28 09:50 - 000000000 ____D C:\Program Files\McAfee Safe Connect
2019-01-31 08:06 - 2018-05-28 05:34 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-01-31 08:06 - 2018-05-28 05:34 - 000000000 ____D C:\Windows\system32\appraiser
2019-01-31 08:06 - 2018-01-24 15:33 - 000000000 ____D C:\Windows\erdnt
2019-01-31 08:06 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-01-31 08:05 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\registration
2019-01-31 08:00 - 2018-12-29 15:37 - 000000000 ____D C:\Users\Invitado\AppData\Local\Google
2019-01-31 08:00 - 2018-05-12 06:32 - 000000000 ____D C:\ProgramData\Apple Computer
2019-01-31 07:59 - 2019-01-10 16:07 - 000000000 ____D C:\Program Files\Hideman
2019-01-31 07:44 - 2019-01-13 19:55 - 000000000 ____D C:\Program Files\UsbFix

==================== Files in the root of some directories =======

2018-06-03 21:26 - 2018-07-04 22:09 - 000002926 _____ () C:\Users\ricardo\AppData\Roaming\Rim.Desktop.Exception.log
2018-06-03 21:17 - 2018-08-04 09:40 - 000002009 _____ () C:\Users\ricardo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2018-06-03 21:27 - 2018-07-04 22:12 - 000003080 _____ () C:\Users\ricardo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2018-05-13 21:02 - 2018-05-13 21:02 - 000007605 _____ () C:\Users\ricardo\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-03 00:00

==================== End of FRST.txt ============================

#7

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x86 
Ran by ricardo (Administrator) on 19/02/2019 at 12:07:51,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8 

Successfully deleted: C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1FPNTFE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHZLA9DD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIEIKX6Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8K1456P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1FPNTFE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHZLA9DD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIEIKX6Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8K1456P (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/02/2019 at 12:13:55,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8

IFS

[CODE][B]~~~~~~~~~~~| Inicio: [/B]

*IFS (InfoSpyware First Steps) v 1.3
*www.InfoSpyware.com | www.ForoSpyware.com
*Iniciado: 19/02/2019 a las 12h.15m.53s

[B]~~~~~~~~~~~|  Información del Sistema:[/B]

OS: Microsoft Windows 7 Professional  x86 Service Pack 1
Idioma: Spanish (Spain, International Sort) (Espa√Īa|es-ES)
Permisos de Administrador / ON
Windows se Inició en   Modo Normal
Drive: C:\Windows (Install: \Device\HarddiskVolume2)

[B]~~~~~~~~~~~| Arquitectura Fisica:[/B]

CPU: Intel Corporation
CPU Modelo: Intel powered classmate PC
Procesador: Intel(R) Atom(TM) CPU N455   @ 1.66GHz (x64-BasedPC)
Memoria RAM: 2 Gb. En Uso: 29 %
Video: Intel(R) Graphics Media Accelerator 3150
Chip:  Capacidad video:0 MB ()

[B]~~~~~~~~~~~| Unidades[/B]

C: [FIXED|NTFS|] - [297.10 Gb][204.3 Gb][93.1 Gb]
[COLOR=#FF0000][B]C:\ Fragmentación total 11.34% - Desfragmentar unidad [/B][/COLOR]

[B]~~~~~~~~~~~| Seguridad del SO[/B]

SafeBoot: Inicio en Modo seguro Correcto
Security Center: Correcto (Servicio Activo)
Windows Update: Correcto (Servicio Activo) [LST: 2019-01-31 18:02:15][LD: 2019-01-09 03:13:16][LI: 2019-01-09 13:48:35][LRP: 2019-01-09 13:48:35]
SP: Windows Defender *Protección Residente [ON] / Actualizado*
FW: Windows Firewall *Habilitado*

[B]~~~~~~~~~~~|  Update Check[/B]

Internet Explorer Versión Instalada 11
Google Chrome Versión Instalada 72.0.3626.109

[B]~~~~~~~~~~~| Process List[/B] 

MBAMTray.exe (Malwarebytes Anti-Malware)
MBAMservice.exe (Malwarebytes Anti-Malware)

[B]~~~~~~~~~~~| Install Check[/B] 



[B]~~~~~~~~~~~| Registry Check[/B]

HKLM\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
HKCU\Run: [Chromium] "c:\users\ricardo\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKCU\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
HKCU\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
HKCU\Run: [AppleIEDAV] C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKCU\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
Winlogon: Shell = Explorer.exe
Winlogon: Userinit = Explorer.exe

[HKCR\.\.open\command] -> Navegador Preferido es Internet Explorer
StarPage:hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
StarPage:hxxp://go.microsoft.com/fwlink/?LinkId=54896

[B]~~~~~~~~~~~| PUPs Check[/B]


[B]~~~~~~~~~~~| Listado 7 Días (Predeterminado)[/B]

[19/02/2019 09:28] - C:\Windows\LastGood
[17/02/2019 18:14] - C:\Windows\ntbtlog.txt
[17/02/2019 21:08] - C:\$RECYCLE.BIN
[17/02/2019 18:46] - C:\Qoobox

[B]~~~~~~~~~~~| C:\Windows\Tasks:[/B]


#9
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 6-02-2019
Ran by ricardo (17-02-2019 18:42:51)
Running from C:\Users\ricardo\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-04-06 19:28:55)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4001032227-4018829824-1926849531-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-4001032227-4018829824-1926849531-1002 - Limited - Enabled)
Invitado (S-1-5-21-4001032227-4018829824-1926849531-501 - Limited - Enabled) => C:\Users\Invitado
ricardo (S-1-5-21-4001032227-4018829824-1926849531-1000 - Administrator - Enabled) => C:\Users\ricardo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip Lite v18.05 (HKLM\...\3DP Chip Lite) (Version: v18.05 - 3DP)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Android USB Driver (HKLM\...\Z5 Android USB Driver_is1) (Version:  - )
Apple Application Support (32 bits) (HKLM\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AxessManager version 2.1.2.408 (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
BlackBerry Device Software Updater (HKLM\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Driver Support (HKLM\...\DriverSupport) (Version: 10.1.6.12 - PC Drivers HeadQuarters LP) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
iCloud (HKLM\...\{E64275CF-27C4-4BC9-8690-2BC2D1C2CF31}) (Version: 7.10.0.9 - Apple Inc.)
iTunes (HKLM\...\{147B4838-376C-4085-89CF-F5B2CF865E95}) (Version: 12.9.3.3 - Apple Inc.)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.895.1 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.26.02.03 - Huawei Technologies Co.,Ltd)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.001.06.01.500 - Huawei Technologies Co.,Ltd)
MODEM Mobile Connection (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Tenorshare ReiBoot versión 6.9.4 (HKLM\...\{reiboot}_is1) (Version: 6.9.4 - Tenorshare, Inc.)
Virtual DJ Pro Full - Atomix Productions (HKLM\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VirtualDJ 8 (HKLM\...\{84F87EDF-9361-4B11-ACEC-0D60F744E642}) (Version: 8.2.4291.0 - Atomix Productions)
Webcam Video Capture 7.0 (HKLM\...\WVCSetup7.0.0_is1) (Version: 7.0.0 - Webcam Simulator)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2275B3A3-489D-4CA1-88E9-BD6B60C81FF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [2019-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2904F2D8-4A53-4F8D-9811-0B6F6A511430} - System32\Tasks\{6C017324-4522-4A81-BCD3-0DDF49D7CD92} => C:\Windows\system32\pcalua.exe -a "C:\Users\ricardo\Desktop\BB SOF 8520\8520_5.0.0_rel860_instalador_rapido.exe" -d "C:\Users\ricardo\Desktop\BB SOF 8520"
Task: {35B34C27-A665-488E-8388-10FC6754F0E7} - System32\Tasks\{4E8937AC-ACAB-4F72-857F-94F36487CF7C} => C:\Windows\system32\pcalua.exe -a "C:\Users\ricardo\Desktop\whatsap pc\Memu-Setup-5.3.2.2-ha6cbc3cd3.exe" -d "C:\Users\ricardo\Desktop\whatsap pc"
Task: {39BDA342-EAF7-43F7-BEB8-D7DFE8505EDC} - System32\Tasks\{6471B931-F6D3-4F10-874B-B1648AC061CD} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {42F28E91-778A-46A5-BD51-2A4CDEE1C9DD} - System32\Tasks\{B73A7FD6-FF35-4F1E-A8BA-0CE9D2727E26} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {46588B5E-72A8-418B-8B22-E01CC40F202A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5E1B1EF8-1452-4D4F-AF3D-B871BD784715} - System32\Tasks\{DC112564-1A46-4CDC-B391-595C10541042} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {68ACC1F3-9B77-423B-BE8C-5708A88A7B2C} - System32\Tasks\{28EE41EE-D64F-4385-A311-88D25FD3B699} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {77A80ACB-E656-4CB5-8E7E-1C50A9FB047C} - System32\Tasks\{C6FE0E33-5F2E-4606-9410-2E75D840020F} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {787BA946-6AD0-4FD3-A842-1FD356A3E960} - System32\Tasks\{9B736179-386C-4A43-8B81-9D07454C033B} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe -d C:\Users\ricardo\Desktop\emuladores
Task: {802FA838-B750-41EC-A1A8-86852479D632} - System32\Tasks\{9D3F6191-234E-471D-B575-683132BCD0EB} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\nox_setup_v6.2.0.0_full_intl.exe -d C:\Users\ricardo\Desktop
Task: {86AD3A66-9A8E-46EC-9D50-ED8C0A2E64E1} - System32\Tasks\{9EAE936D-C61D-491D-BE6E-4B4138E7FDD9} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {9049AC64-242E-4B89-AF0D-88D4506DDEAA} - System32\Tasks\{B1CA8973-66EF-442A-8816-2B6FC14A9580} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {9BF9409F-8AD3-48C4-AD29-8D00C9A92ED5} - System32\Tasks\{C38B0911-2B37-4D37-ADE0-F5748626163D} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\Downloads\Memu-Setup-5.3.2.2-ha6cbc3cd3.exe -d C:\Users\ricardo\Desktop\Downloads
Task: {A756D7FC-FD15-4E8E-8AC4-30766F531599} - System32\Tasks\Opera scheduled Autoupdate 1528207248 => C:\Users\ricardo\AppData\Local\Programs\Opera\launcher.exe
Task: {ABF4C0D3-2202-461D-BD12-5C53F922182C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {ADB31599-01C0-4A27-9CD7-A083682A0DEF} - System32\Tasks\{5FED27EF-537C-4586-9E28-794245CEBBD3} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {AE1185BC-B3C2-4617-BE99-15C628B4E57B} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ricardo\Desktop\esetonlinescanner_esl.exe [2019-01-31] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {AE529A0B-4770-47E8-936E-44B051AFE3A8} - System32\Tasks\{46E39031-25F6-424D-AE14-D6C2C892AD4C} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5330.exe -d C:\Users\ricardo\Desktop
Task: {B7B4F924-0F78-49B3-A608-48456F7AA8C0} - System32\Tasks\{644B5BA9-E8FA-4861-8768-FDAFF30F946A} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {BE4B4DCE-1FBC-4888-A4E8-D70AF955E531} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc -> Google Inc.)
Task: {C17EEA41-88D2-4DC2-84E4-22F1099E1496} - System32\Tasks\{244FBE94-5A1B-450A-A970-C37827D8F9A2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Counter-Strike 1.6\unins000.exe"
Task: {C220203D-3EF1-40C4-9D20-D219884AC9C1} - System32\Tasks\{6E751319-A341-45BA-AA00-50C1B673BD50} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {C882AEC7-598A-434A-8807-7C882EB552FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc -> Google Inc.)
Task: {C940F3D9-2EE8-4B65-AC3E-B1EEA3ABCE7E} - System32\Tasks\{74A92763-F252-4F04-B44C-37868960C2C0} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {CCC2F6EA-F644-42D6-9C31-F48094353E30} - System32\Tasks\{A7677B2C-2C9B-4B9E-9237-765A848E9E85} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {E46A8574-C71E-4A49-9E74-97A790D06E3F} - System32\Tasks\{9F68DBA9-41EA-4614-A2F0-B3D85FD589BD} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {F24C8B19-186B-4C87-ADAA-C0AC431BAE80} - System32\Tasks\{16CDEF1F-668D-40C9-931F-C985E66798B9} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {FD7937E0-2087-4F11-9378-D2286A4E9CC0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ricardo\Desktop\esetonlinescanner_esl.exe [2019-01-31] (ESET, spol. s r.o. -> ESET spol. s r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-02-16 18:55 - 2019-01-24 11:09 - 002236232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74]
AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-06-07 11:29 - 2019-02-02 22:23 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: new photo today => wscript.exe //B "C:\Users\ricardo\new photo today.wsf"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0D8CC44D-D9C4-4AD2-B48A-953DECD996CB}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{36782ED0-4534-43AD-B7D9-A12CA57E6A10}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{C11300BB-0F09-4FF0-9D5C-D0C0B1BD816A}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{0A32E8F7-9E02-4552-BE38-EC1A214FF0B5}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{CD0A6141-3CDC-4D5E-97A7-DDCD7D2E4CFB}] => (Allow) C:\Users\ricardo\Desktop\Downloads\icarefone.exe No File
FirewallRules: [{788B8052-BDDB-414E-8C2D-D64ECC2EF5CD}] => (Allow) C:\Users\ricardo\Desktop\Downloads\icarefone.exe No File
FirewallRules: [{D1A9A707-5381-4AAA-9C44-CD727F5237BA}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{767C768D-29A4-42F8-AC39-243680E9BC6E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBC4A5F2-20EE-4C59-BC3E-20E29797CF2C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

03-01-2019 14:17:44 Instalación del paquete de controladores de dispositivo: Google, Inc.
04-01-2019 03:00:50 Windows Update
09-01-2019 08:53:42 Windows Update
10-01-2019 16:08:08 Instalación del paquete de controladores de dispositivo: TAP-Windows Provider V9 Adaptadores de red
03-02-2019 00:39:59 Punto de control programado
04-02-2019 16:55:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2019 10:20:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\ricardo\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (02/16/2019 10:20:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (02/16/2019 10:20:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9

Error: (02/16/2019 03:29:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9952

Error: (02/16/2019 03:29:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9952

Error: (02/16/2019 03:29:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2019 03:29:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8938

Error: (02/16/2019 03:29:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8938


System errors:
=============
Error: (02/17/2019 06:31:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (02/17/2019 06:31:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/17/2019 06:30:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (02/17/2019 06:17:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (02/17/2019 06:15:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (02/17/2019 06:15:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (02/17/2019 06:15:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (02/17/2019 06:15:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.


Windows Defender:
===================================
Date: 2018-12-14 19:00:35.305
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2018-05-22 09:01:33.072
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2018-05-13 14:23:53.439
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

Date: 2018-05-06 13:43:00.620
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 43%
Total physical RAM: 2037.36 MB
Available physical RAM: 1144.64 MB
Total Virtual: 4074.72 MB
Available Virtual: 3246.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:202.64 GB) NTFS

\\?\Volume{ab8e8678-1ac7-11e7-8dc3-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 000852C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#10

DELFIX

# DelFix v1.013 - Logfile created 19/02/2019 at 12:28:38
# Updated 17/04/2016 by Xplode
# Username : ricardo - JHONNY
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\Users\ricardo\Desktop\adwcleaner_7.2.7.0.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

########## - EOF - ##########

#11

trate de descargar el ccleaner y no pude trate de limpiar liberando espacio en el disco elimine los historiales de forma manual y aun con el problema incluso para que se carguen imagenes del face o twitter


#12

Hola @jhonn

Primeramente comentar que cuando pidas ayuda en un foro, exp√≤ngas el problema y esperes a recibir respuesta, pues si se ven tantas respuestas que has puesto, se pude pensar que ya recibes ayuda,y por otra, evitar hacer pasos sin ton ni son, que algunos que has echo, no son recomendables y otros los has echo mal, como usar Delfix, pues has eliminado coas que necesitabamos u usar Combofix, algo que pudo haber da√Īado tu pc, pues son herrameintas que deben usarse con supervisi√≥n.

Reviso todo con calma, y te daré respuesta

Saludos


#13

Vas a realizar de nuevo el analisis con Fabar, pero hazlo en modo normal de windows

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versi√≥n adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¬ŅC√≥mo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el bot√≥n Scan y espera a que concluya el an√°lisis.

  • Se abrir√°n dos (2) archivos (Logs), Frst.txt y Addition.txt, que estar√°n grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#14
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 6-02-2019
    Ran by ricardo (administrator) on JHONNY (20-02-2019 12:49:17)
    Running from C:\Users\ricardo\Desktop
    Loaded Profiles: ricardo (Available Profiles: ricardo & Invitado)
    Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Espa√Īol (Espa√Īa, internacional)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
    (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\osk.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267576 2019-01-18] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [Chromium] => c:\users\ricardo\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [354304 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [646144 2014-06-17] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2019-02-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\new photo today.wsf [2016-05-03] ()
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.5.50.1 10.10.10.1 192.168.0.1
    Tcpip\..\Interfaces\{1BBCEB30-F24C-4155-BE1B-C6DD7565062C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{5F947BEF-41F3-4B36-BCD3-DF399B8B48A1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{8EE8A847-147C-425D-ADEB-30F80D0EDE8D}: [DhcpNameServer] 192.168.0.1 10.5.50.1
    Tcpip\..\Interfaces\{E26234D7-235B-42A0-914F-63ED911633C9}: [DhcpNameServer] 10.5.50.1 10.10.10.1 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 

    FireFox:
    ========
    FF DefaultProfile: w08ubc2w.default
    FF ProfilePath: C:\Users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\w08ubc2w.default [2019-01-31]
    FF Homepage: Mozilla\Firefox\Profiles\w08ubc2w.default -> hxxps://www.malwarebytes.org/restorebrowser//?f=1&a=wbf_dpchi_18_23_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtC0C0EtBtC0CzztDtAtCtN0D0Tzu0StBtAyEyBtN1L2XzuyEtFtByEtFtDtFzyzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyE0CtAtC0DtBtBtGtCzztDyEtGyB0Dzz0CtGtAyC0FyDtGyB0Fzy0DtCyDzzzz0FyCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyCyCzyyBzztCtGtAyD1OyBtGyEyC1S1PtG1StDtDtCtG1QyB1S1P1QyB1PtCyD1TtDtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEtAyBtN1Q2Z1B1P1RzutCyDtBzztBtDyDtCyByD&cr=2040213107&ir=&uref=Firefox
    FF Extension: (Google Code Correction) - C:\Users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\w08ubc2w.default\features\{d2ffd5be-191c-409d-9927-395979a47869}\[email protected] [2018-12-13] [Legacy]
    FF Extension: (Telemetry coverage) - C:\Users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\w08ubc2w.default\features\{d2ffd5be-191c-409d-9927-395979a47869}\[email protected] [2018-12-13] [Legacy]
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)

    Chrome: 
    =======
    CHR Profile: C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default [2019-02-20]
    CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-14]
    CHR Extension: (Chrome Media Router) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
    CHR Profile: C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-31]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2018-04-25]
    CHR Extension: (Skype) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-25]
    CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
    CHR Profile: C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-25]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
    R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [5032848 2018-07-02] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [322792 2018-12-11] (McAfee, Inc. -> McAfee, Inc.)
    S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] (Huawei Technologies Co.,Ltd. -> )
    R2 UDisk Monitor Z5 Phone; C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe [585416 2013-11-18] (ZTE CORPORATION -> )
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    S2 DIGITEL. RunOuc; C:\Program Files\DIGITEL 3G\UpdateDog\ouc.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
    S3 bmusbser; C:\Windows\System32\DRIVERS\bmusbser.sys [105216 2010-08-26] (Microsoft Windows Hardware Compatibility Publisher -> BM)
    S3 GeneralusbserialserZ52203; C:\Windows\System32\DRIVERS\CT_U_USBSER_Z5.sys [213192 2013-11-18] (ZTE CORPORATION -> QUALCOMM Incorporated)
    S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-13] (Microsoft Windows -> Hewlett-Packard Company)
    R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [240440 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
    S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-13] (Microsoft Windows -> QLogic Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68608 2014-05-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial.sys [35840 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
    R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [190976 2012-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
    S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2362952 2013-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2014-09-24] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (NGO -> MBB)
    S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
    S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
    S3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
    S3 catchme; \??\C:\Users\ricardo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-20 12:49 - 2019-02-20 12:50 - 000013536 _____ C:\Users\ricardo\Desktop\FRST.txt
    2019-02-20 12:48 - 2019-02-20 12:49 - 000000000 ____D C:\FRST
    2019-02-19 14:45 - 2019-02-19 16:48 - 019341880 _____ (Piriform Software Ltd) C:\Users\ricardo\Desktop\ccsetup552.exe
    2019-02-19 12:28 - 2019-02-19 12:28 - 000000501 _____ C:\DelFix.txt
    2019-02-19 09:32 - 2019-02-19 09:37 - 001790024 _____ (Malwarebytes) C:\Users\ricardo\Documents\JRT (1).exe
    2019-02-19 09:29 - 2019-02-19 09:29 - 000001051 _____ C:\Users\ricardo\Desktop\Hideman.lnk
    2019-02-19 09:28 - 2019-02-19 09:28 - 000000000 ____D C:\Windows\LastGood
    2019-02-17 22:33 - 2019-02-17 22:41 - 001790024 _____ (Malwarebytes) C:\Users\ricardo\Documents\JRT.exe
    2019-02-17 22:10 - 2019-02-19 09:33 - 000000000 ____D C:\Users\ricardo\AppData\Roaming\Hideman
    2019-02-17 22:10 - 2019-02-17 22:10 - 000000000 ____D C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hideman
    2019-02-17 18:22 - 2019-02-19 12:29 - 000000000 ____D C:\Users\ricardo\Desktop\informes
    2019-02-17 18:14 - 2019-02-17 22:10 - 000247186 _____ C:\Windows\ntbtlog.txt
    2019-02-16 21:22 - 2019-02-16 21:22 - 000000004 ____H C:\ProgramData\cm-lock
    2019-02-16 21:20 - 2019-02-17 18:15 - 000240440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-02-16 21:15 - 2011-05-19 18:35 - 000000137 _____ C:\Users\ricardo\Documents\WinSockFix-Win7.bat
    2019-02-16 21:15 - 2009-05-17 20:58 - 001445888 _____ (Option^Explicit Software Solutions) C:\Users\ricardo\Documents\WinsockxpFix-WinXP.exe
    2019-02-16 19:38 - 2019-02-16 19:57 - 001599815 _____ C:\Users\ricardo\Documents\IFS.exe
    2019-02-16 19:37 - 2019-02-16 19:40 - 000702243 _____ C:\Users\ricardo\Documents\WinsockFix_InfoSpyware.zip
    2019-02-16 18:55 - 2019-02-16 18:55 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-02-16 18:55 - 2019-02-16 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-02-16 18:54 - 2019-01-08 15:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
    2019-02-12 15:44 - 2019-02-12 15:44 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
    2019-02-12 15:44 - 2019-02-12 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2019-02-12 15:44 - 2019-02-12 15:44 - 000000000 ____D C:\Program Files\iPod
    2019-02-12 14:40 - 2019-02-12 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2019-02-06 22:56 - 2019-02-06 22:57 - 001793024 _____ (Farbar) C:\Users\ricardo\Desktop\FRST.exe
    2019-02-06 22:53 - 2019-02-17 18:39 - 000000000 ____D C:\Users\ricardo\AppData\Roaming\ZHP
    2019-02-06 22:53 - 2019-02-06 22:53 - 000000830 _____ C:\Users\ricardo\Documents\ZHPCleaner.lnk
    2019-02-06 22:53 - 2019-02-06 22:53 - 000000000 ____D C:\Users\ricardo\AppData\Local\ZHP
    2019-02-06 21:43 - 2019-02-06 21:46 - 003307904 _____ C:\Users\ricardo\Documents\ZHPCleaner.exe
    2019-02-04 16:52 - 2019-02-04 16:54 - 001599815 _____ C:\Users\ricardo\Documents\IFS (2).exe
    2019-02-01 22:32 - 2019-02-01 22:32 - 000002045 _____ C:\Users\ricardo\Desktop\McAfee Security Scan Plus.lnk
    2019-02-01 22:32 - 2019-02-01 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2019-02-01 22:31 - 2019-02-14 03:13 - 000000000 ____D C:\ProgramData\McAfee Security Scan
    2019-02-01 21:58 - 2019-02-01 22:32 - 000000000 ____D C:\Program Files\McAfee Security Scan
    2019-01-31 14:29 - 2019-01-31 15:37 - 007666296 _____ (ESET spol. s r.o.) C:\Users\ricardo\Documents\esetonlinescanner_esl.exe
    2019-01-30 20:08 - 2019-01-30 20:08 - 000000000 ____D C:\Users\ricardo\AppData\Local\ESET
    2019-01-22 19:32 - 2019-01-22 19:32 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-20 12:40 - 2018-10-04 23:23 - 000000068 __RSH C:\Windows\system32\Drivers\wmiacpi.winsecurity
    2019-02-20 12:21 - 2009-07-14 00:34 - 000010112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-02-20 12:21 - 2009-07-14 00:34 - 000010112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-02-20 12:14 - 2018-10-04 23:23 - 000000068 __RSH C:\Windows\system32\Drivers\winhv.winsecurity
    2019-02-20 09:17 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
    2019-02-19 12:20 - 2018-01-24 15:27 - 000000000 ____D C:\FSTool
    2019-02-19 09:28 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
    2019-02-19 09:26 - 2019-01-10 16:07 - 000000000 ____D C:\Program Files\Hideman
    2019-02-18 20:23 - 2018-12-29 02:26 - 000000000 ___RD C:\Users\ricardo\iCloudDrive
    2019-02-18 20:21 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-02-17 22:14 - 2009-07-14 00:53 - 000032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2019-02-17 22:08 - 2010-05-06 00:31 - 000000000 ____D C:\Users\ricardo\Desktop\no tocar
    2019-02-17 22:00 - 2018-06-27 11:11 - 000000000 ____D C:\Users\ricardo\Documents\respald nuev 16g
    2019-02-15 13:07 - 2017-04-06 15:40 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-02-15 13:07 - 2009-07-14 04:48 - 000747230 _____ C:\Windows\system32\perfh00A.dat
    2019-02-15 13:07 - 2009-07-14 04:48 - 000158670 _____ C:\Windows\system32\perfc00A.dat
    2019-02-14 23:08 - 2018-12-14 19:38 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-02-14 23:08 - 2018-12-14 19:38 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-02-14 22:48 - 2018-05-28 09:43 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2019-02-14 22:48 - 2018-05-28 09:43 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2019-02-14 22:48 - 2018-05-28 09:43 - 000000000 ____D C:\Windows\system32\Macromed
    2019-02-12 15:44 - 2018-12-27 19:13 - 000000000 ____D C:\Program Files\iTunes
    2019-02-04 16:24 - 2018-11-07 20:31 - 000000000 ____D C:\Users\ricardo\Documents\JUEGOS
    2019-02-03 10:35 - 2018-12-12 08:25 - 000000000 ____D C:\Users\ricardo\AppData\Local\ElevatedDiagnostics
    2019-02-03 00:42 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
    2019-02-02 22:23 - 2009-07-13 22:04 - 000000215 _____ C:\Windows\system.ini
    2019-02-01 22:05 - 2018-05-25 14:26 - 000000000 ____D C:\Users\ricardo\AppData\Local\Adobe
    2019-01-31 20:42 - 2009-07-14 00:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2019-01-31 14:38 - 2018-08-04 09:41 - 000000000 ____D C:\Windows\pss
    2019-01-31 13:52 - 2017-04-06 15:29 - 000000000 ____D C:\Users\ricardo
    2019-01-31 08:22 - 2018-04-27 03:40 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2019-01-31 08:06 - 2018-12-29 15:36 - 000000000 ____D C:\Users\Invitado
    2019-01-31 08:06 - 2018-06-22 19:45 - 000000000 ____D C:\Program Files\TAP-Windows
    2019-01-31 08:06 - 2018-05-28 09:50 - 000000000 ____D C:\Program Files\McAfee Safe Connect
    2019-01-31 08:06 - 2018-05-28 05:34 - 000000000 ___SD C:\Windows\system32\CompatTel
    2019-01-31 08:06 - 2018-05-28 05:34 - 000000000 ____D C:\Windows\system32\appraiser
    2019-01-31 08:06 - 2018-01-24 15:33 - 000000000 ____D C:\Windows\erdnt
    2019-01-31 08:06 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\PolicyDefinitions
    2019-01-31 08:05 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\registration
    2019-01-31 08:00 - 2018-12-29 15:37 - 000000000 ____D C:\Users\Invitado\AppData\Local\Google
    2019-01-31 08:00 - 2018-05-12 06:32 - 000000000 ____D C:\ProgramData\Apple Computer
    2019-01-31 07:44 - 2019-01-13 19:55 - 000000000 ____D C:\Program Files\UsbFix

    ==================== Files in the root of some directories =======

    2018-06-03 21:26 - 2018-07-04 22:09 - 000002926 _____ () C:\Users\ricardo\AppData\Roaming\Rim.Desktop.Exception.log
    2018-06-03 21:17 - 2018-08-04 09:40 - 000002009 _____ () C:\Users\ricardo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2018-06-03 21:27 - 2018-07-04 22:12 - 000003080 _____ () C:\Users\ricardo\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2018-05-13 21:02 - 2018-05-13 21:02 - 000007605 _____ () C:\Users\ricardo\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\dllhost.exe => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2019-02-19 13:50

    ==================== End of FRST.txt ============================

#15
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 6-02-2019
Ran by ricardo (20-02-2019 12:51:43)
Running from C:\Users\ricardo\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-04-06 19:28:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4001032227-4018829824-1926849531-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-4001032227-4018829824-1926849531-1002 - Limited - Enabled)
Invitado (S-1-5-21-4001032227-4018829824-1926849531-501 - Limited - Enabled) => C:\Users\Invitado
ricardo (S-1-5-21-4001032227-4018829824-1926849531-1000 - Administrator - Enabled) => C:\Users\ricardo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip Lite v18.05 (HKLM\...\3DP Chip Lite) (Version: v18.05 - 3DP)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Android USB Driver (HKLM\...\Z5 Android USB Driver_is1) (Version:  - )
Apple Application Support (32 bits) (HKLM\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AxessManager version 2.1.2.408 (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
BlackBerry Device Software Updater (HKLM\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Driver Support (HKLM\...\DriverSupport) (Version: 10.1.6.12 - PC Drivers HeadQuarters LP) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hideman 3.3.0.0 (HKLM\...\Hideman) (Version: 3.3.0.0 - )
iCloud (HKLM\...\{E64275CF-27C4-4BC9-8690-2BC2D1C2CF31}) (Version: 7.10.0.9 - Apple Inc.)
iTunes (HKLM\...\{147B4838-376C-4085-89CF-F5B2CF865E95}) (Version: 12.9.3.3 - Apple Inc.)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.895.1 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.26.02.03 - Huawei Technologies Co.,Ltd)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.001.06.01.500 - Huawei Technologies Co.,Ltd)
MODEM Mobile Connection (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Tenorshare ReiBoot versión 6.9.4 (HKLM\...\{reiboot}_is1) (Version: 6.9.4 - Tenorshare, Inc.)
Virtual DJ Pro Full - Atomix Productions (HKLM\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VirtualDJ 8 (HKLM\...\{84F87EDF-9361-4B11-ACEC-0D60F744E642}) (Version: 8.2.4291.0 - Atomix Productions)
Webcam Video Capture 7.0 (HKLM\...\WVCSetup7.0.0_is1) (Version: 7.0.0 - Webcam Simulator)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2275B3A3-489D-4CA1-88E9-BD6B60C81FF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [2019-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2904F2D8-4A53-4F8D-9811-0B6F6A511430} - System32\Tasks\{6C017324-4522-4A81-BCD3-0DDF49D7CD92} => C:\Windows\system32\pcalua.exe -a "C:\Users\ricardo\Desktop\BB SOF 8520\8520_5.0.0_rel860_instalador_rapido.exe" -d "C:\Users\ricardo\Desktop\BB SOF 8520"
Task: {35B34C27-A665-488E-8388-10FC6754F0E7} - System32\Tasks\{4E8937AC-ACAB-4F72-857F-94F36487CF7C} => C:\Windows\system32\pcalua.exe -a "C:\Users\ricardo\Desktop\whatsap pc\Memu-Setup-5.3.2.2-ha6cbc3cd3.exe" -d "C:\Users\ricardo\Desktop\whatsap pc"
Task: {39BDA342-EAF7-43F7-BEB8-D7DFE8505EDC} - System32\Tasks\{6471B931-F6D3-4F10-874B-B1648AC061CD} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {42F28E91-778A-46A5-BD51-2A4CDEE1C9DD} - System32\Tasks\{B73A7FD6-FF35-4F1E-A8BA-0CE9D2727E26} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {46588B5E-72A8-418B-8B22-E01CC40F202A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5E1B1EF8-1452-4D4F-AF3D-B871BD784715} - System32\Tasks\{DC112564-1A46-4CDC-B391-595C10541042} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {68ACC1F3-9B77-423B-BE8C-5708A88A7B2C} - System32\Tasks\{28EE41EE-D64F-4385-A311-88D25FD3B699} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {77A80ACB-E656-4CB5-8E7E-1C50A9FB047C} - System32\Tasks\{C6FE0E33-5F2E-4606-9410-2E75D840020F} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {787BA946-6AD0-4FD3-A842-1FD356A3E960} - System32\Tasks\{9B736179-386C-4A43-8B81-9D07454C033B} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe -d C:\Users\ricardo\Desktop\emuladores
Task: {802FA838-B750-41EC-A1A8-86852479D632} - System32\Tasks\{9D3F6191-234E-471D-B575-683132BCD0EB} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\nox_setup_v6.2.0.0_full_intl.exe -d C:\Users\ricardo\Desktop
Task: {86AD3A66-9A8E-46EC-9D50-ED8C0A2E64E1} - System32\Tasks\{9EAE936D-C61D-491D-BE6E-4B4138E7FDD9} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {9049AC64-242E-4B89-AF0D-88D4506DDEAA} - System32\Tasks\{B1CA8973-66EF-442A-8816-2B6FC14A9580} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {9BF9409F-8AD3-48C4-AD29-8D00C9A92ED5} - System32\Tasks\{C38B0911-2B37-4D37-ADE0-F5748626163D} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\Downloads\Memu-Setup-5.3.2.2-ha6cbc3cd3.exe -d C:\Users\ricardo\Desktop\Downloads
Task: {A756D7FC-FD15-4E8E-8AC4-30766F531599} - System32\Tasks\Opera scheduled Autoupdate 1528207248 => C:\Users\ricardo\AppData\Local\Programs\Opera\launcher.exe
Task: {ABF4C0D3-2202-461D-BD12-5C53F922182C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {ADB31599-01C0-4A27-9CD7-A083682A0DEF} - System32\Tasks\{5FED27EF-537C-4586-9E28-794245CEBBD3} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {AE1185BC-B3C2-4617-BE99-15C628B4E57B} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ricardo\Desktop\esetonlinescanner_esl.exe
Task: {AE529A0B-4770-47E8-936E-44B051AFE3A8} - System32\Tasks\{46E39031-25F6-424D-AE14-D6C2C892AD4C} => C:\Windows\system32\pcalua.exe -a C:\Users\ricardo\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5330.exe -d C:\Users\ricardo\Desktop
Task: {B7B4F924-0F78-49B3-A608-48456F7AA8C0} - System32\Tasks\{644B5BA9-E8FA-4861-8768-FDAFF30F946A} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {BE4B4DCE-1FBC-4888-A4E8-D70AF955E531} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc -> Google Inc.)
Task: {C17EEA41-88D2-4DC2-84E4-22F1099E1496} - System32\Tasks\{244FBE94-5A1B-450A-A970-C37827D8F9A2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Counter-Strike 1.6\unins000.exe"
Task: {C220203D-3EF1-40C4-9D20-D219884AC9C1} - System32\Tasks\{6E751319-A341-45BA-AA00-50C1B673BD50} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {C882AEC7-598A-434A-8807-7C882EB552FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc -> Google Inc.)
Task: {C940F3D9-2EE8-4B65-AC3E-B1EEA3ABCE7E} - System32\Tasks\{74A92763-F252-4F04-B44C-37868960C2C0} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {CCC2F6EA-F644-42D6-9C31-F48094353E30} - System32\Tasks\{A7677B2C-2C9B-4B9E-9237-765A848E9E85} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {E46A8574-C71E-4A49-9E74-97A790D06E3F} - System32\Tasks\{9F68DBA9-41EA-4614-A2F0-B3D85FD589BD} => C:\Users\ricardo\Desktop\emuladores\nox_setup_v6.2.0.0_full_intl.exe
Task: {F24C8B19-186B-4C87-ADAA-C0AC431BAE80} - System32\Tasks\{16CDEF1F-668D-40C9-931F-C985E66798B9} => C:\Program Files\Tenorshare ReiBoot\ReiBoot.exe [2018-04-13] (Tenorshare Co.,Ltd. -> Tenorshare)
Task: {FD7937E0-2087-4F11-9378-D2286A4E9CC0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ricardo\Desktop\esetonlinescanner_esl.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-11-01 05:29 - 2018-11-01 05:29 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-27 15:01 - 2013-11-18 11:44 - 000585416 _____ () C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
2019-02-16 18:55 - 2019-01-24 11:09 - 002236232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2019-02-14 23:08 - 2019-02-13 01:29 - 002263024 _____ () C:\Program Files\Google\Chrome\Application\72.0.3626.109\swiftshader\libglesv2.dll
2019-02-14 23:08 - 2019-02-13 01:29 - 000128496 _____ () C:\Program Files\Google\Chrome\Application\72.0.3626.109\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74]
AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-06-07 11:29 - 2019-02-02 22:23 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.5.50.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: new photo today => wscript.exe //B "C:\Users\ricardo\new photo today.wsf"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0D8CC44D-D9C4-4AD2-B48A-953DECD996CB}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{36782ED0-4534-43AD-B7D9-A12CA57E6A10}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{C11300BB-0F09-4FF0-9D5C-D0C0B1BD816A}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{0A32E8F7-9E02-4552-BE38-EC1A214FF0B5}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{CD0A6141-3CDC-4D5E-97A7-DDCD7D2E4CFB}] => (Allow) C:\Users\ricardo\Desktop\Downloads\icarefone.exe No File
FirewallRules: [{788B8052-BDDB-414E-8C2D-D64ECC2EF5CD}] => (Allow) C:\Users\ricardo\Desktop\Downloads\icarefone.exe No File
FirewallRules: [{D1A9A707-5381-4AAA-9C44-CD727F5237BA}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{767C768D-29A4-42F8-AC39-243680E9BC6E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBC4A5F2-20EE-4C59-BC3E-20E29797CF2C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

03-02-2019 00:39:59 Punto de control programado
04-02-2019 16:55:26 JRT Pre-Junkware Removal
19-02-2019 09:27:29 Instalación del paquete de controladores de dispositivo: TAP-Windows Provider V9 Adaptadores de red
19-02-2019 12:07:53 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2019 08:22:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6849

Error: (02/20/2019 08:22:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6849

Error: (02/20/2019 08:22:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2019 08:21:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_MpsSvc, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc100
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.24335, marca de tiempo: 0x5c267e95
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0005292c
Id. del proceso con errores: 0x560
Hora de inicio de la aplicación con errores: 0x01d4c7e912546aa1
Ruta de acceso de la aplicación con errores: C:\Windows\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Id. del informe: 16004a3b-350a-11e9-a146-c89cdc1ce21c

Error: (02/20/2019 02:21:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5304

Error: (02/20/2019 02:21:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5304

Error: (02/20/2019 02:21:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/19/2019 03:47:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001


System errors:
=============
Error: (02/20/2019 09:14:41 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Error de inicialización debido a que el transporte rehusó abrir las direcciones iniciales.

Error: (02/20/2019 09:14:41 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Error de inicialización debido a que el transporte rehusó abrir las direcciones iniciales.

Error: (02/20/2019 08:21:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Configuración automática de WWAN terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/20/2019 08:21:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Firewall de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/20/2019 08:21:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de directivas de diagnóstico terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/20/2019 08:21:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Motor de filtrado de base terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/19/2019 09:46:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (02/19/2019 09:46:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.


Windows Defender:
===================================
Date: 2018-12-14 19:00:35.305
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2018-05-22 09:01:33.072
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2018-05-13 14:23:53.439
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

Date: 2018-05-06 13:43:00.620
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 66%
Total physical RAM: 2037.36 MB
Available physical RAM: 674.76 MB
Total Virtual: 4074.72 MB
Available Virtual: 2193.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:205.37 GB) NTFS

\\?\Volume{ab8e8678-1ac7-11e7-8dc3-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 000852C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#16

Desinstalas con Revo :

McAfee Security Scan Plus , que no sirve para nda

Descarga e instalas >> Revo Uninstaller | InfoSpyware

Luego, segun manual de Revo >> http://www.forospyware.com/t243205.html, desinstalas el / los programas indicados, seleccionando cuando lo indique Revo, el Modo Avanzado

Marcas NOMBRE PROGRAMA y pulsas desinstalar en el menu de Revo, en Modo Avanzado

Cuando lo hagas, se iniciara el desinstalador de NOMBRE DE PROGRAMA y al finalizar (si alguno te pide reiniciar, pulsas en NO o Cancelar y continuas con Revo), realizas:

  • [*]Pulsas Analizar en Revo, para que analice los restos del programa

  • [*]Pulsas seleccionar todo, para eliminar restos del registro

  • [*]Pulsas borrar todo

  • [*]Pulsas siguiente

  • [*]Pulsas seleccionar todo, para eliminar, si hay, carpetas

  • [*]Pulsas borrar todo

  • [*]Pulsas finalizar


Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atenci√≥n, ahora marca/selecciona √ļnicamente la casilla "Create registry backup", las dem√°s NO

  • Pulsar en Run.

Se abrir√° el informe (DelFix.txt), gu√°rdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
S2 DIGITEL. RunOuc; C:\Program Files\DIGITEL 3G\UpdateDog\ouc.exe [X]
S3 catchme; \??\C:\Users\ricardo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74]
AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora Inicia el pc en Modo Seguro, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el bot√≥n Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema


#17
    Fix result of Farbar Recovery Scan Tool (x86) Version: 6-02-2019
    Ran by ricardo (24-02-2019 22:32:51) Run:1
    Running from C:\Users\ricardo\Desktop
    Loaded Profiles: ricardo (Available Profiles: ricardo & Invitado)
    Boot Mode: Safe Mode (minimal)

    ==============================================

    fixlist content:
    *****************
    Start
    CreateRestorePoint:
    CloseProcesses:
    GroupPolicy: Restriction ? <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-4001032227-4018829824-1926849531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
    S2 DIGITEL. RunOuc; C:\Program Files\DIGITEL 3G\UpdateDog\ouc.exe [X]
    S3 catchme; \??\C:\Users\ricardo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74]
    AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74]
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]


    HOSTS:
    REMOVEPROXY:
    EMPTYTEMP:
    CMD: netsh winsock reset
    CMD: ipconfig /renew
    CMD: ipconfig /flushdns
    CMD: bitsadmin /reset /allusers
    END
    *****************

    Error: Restore point can only be created in normal mode.
    Processes closed successfully.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
    "HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
    HKLM\System\CurrentControlSet\Services\DIGITEL. RunOuc => removed successfully.
    DIGITEL. RunOuc => service removed successfully.
    HKLM\System\CurrentControlSet\Services\catchme => removed successfully.
    catchme => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ewusbmbb => removed successfully.
    ewusbmbb => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ewusbnet => removed successfully.
    ewusbnet => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ew_hwusbdev => removed successfully.
    ew_hwusbdev => service removed successfully.
    HKLM\System\CurrentControlSet\Services\Generalusbserialser20675 => removed successfully.
    Generalusbserialser20675 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\huawei_enumerator => removed successfully.
    huawei_enumerator => service removed successfully.
    HKLM\System\CurrentControlSet\Services\hwdatacard => removed successfully.
    hwdatacard => service removed successfully.
    HKLM\System\CurrentControlSet\Services\hwusbdev => removed successfully.
    hwusbdev => service removed successfully.
    C:\Windows => ":CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201" ADS removed successfully.
    C:\Windows => ":CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673" ADS removed successfully.
    C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= RemoveProxy: =========

    HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
    "HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
    "HKU\S-1-5-21-4001032227-4018829824-1926849531-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


    ========= End of RemoveProxy: =========


    ========= netsh winsock reset =========


    El cat logo Winsock se restableci¬Ę correctamente.
    Debe reiniciar el equipo para completar el restablecimiento.


    ========= End of CMD: =========


    ========= ipconfig /renew =========


    Configuraci¬Ęn IP de Windows


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Configuraci¬Ęn IP de Windows

    No se puede vaciar la cach‚Äö de resoluci¬Ęn de DNS: Error de una funci¬Ęn durante la ejecuci¬Ęn.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to connect to BITS - 0x8007042c
    No se puede iniciar el servicio o grupo de dependencia.



    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13647206 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 13738 B
    Edge => 0 B
    Chrome => 479599118 B
    Firefox => 13279957 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 33125 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 72308 B
    LocalService => 132244 B
    NetworkService => 84036 B
    ricardo => 6124251 B
    Invitado => 35816 B

    RecycleBin => 68889120 B
    EmptyTemp: => 555 MB temporary data Removed.

    ================================


    The system needed a reboot.

#18

gracias. segui los pasos, voy a revisar entre hoy y ma√Īana para verificar. dependiendo de como este informare


#19

ok, comentas como va todo