Hola @Beguelin
Recuerda que esto no es un Chat, no podemos estar todo el día conectados pues también tenemos una vida.
Por el momento no instales absolutamente nada.
Y mucho menos productos piratas.
No estas sin antivirus tienes el nativo de Windows 10 que es Windows Defender.
Sobre la imagen que muestras de Revo Uninstaller es parte de Windows Update, ya desaparecerá cuando actualices a la ultima versión.
Y en cuanto a lo bloqueado por Malwarebytes ya veremos cual es el problema.
1.- Ejecutaste FRST desde un lugar incorrecto:
- Running from C:\Users\gusta\Downloads
Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.
2.- Desinstala con Revo Uninstaller en su Modo Avanzado:
- SUPERAntiSpyware y el Sandbox que tengas instalado
3.- Luego de reiniciar sigue estos pasos:
Muy Importante >>> Realizar una copia de Seguridad de su Registro.
- Descarga DelFix en el escritorio de Windows.
- Clic Derecho, “Ejecutar como Administrador”.
- En la ventana principal, marca solamente la casilla “Create Registry Backup”.
- Clic en Run.
Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…
4.- Desactiva Temporalmente tu antivirus. >>> en tu caso Windows Defender
5.- Posteriormente con todos los programas cerrados inclusive los navegadores, abre un nuevo archivo Notepad y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {17106D3B-B2BF-4C92-8E6F-1F906CEE5AF0} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO
Task: {FE85CCA2-4C8F-4279-B6CA-5A2CBA2C2F61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Tcpip\..\Interfaces\{0e8df25f-9f12-4896-bf83-4cd651bd7b68}: [DhcpNameServer] 200.49.130.47 200.42.4.199
Tcpip\..\Interfaces\{255e2537-04f9-415d-85bc-68f011c30c9b}: [DhcpNameServer] 200.49.130.41 200.42.4.199
Tcpip\..\Interfaces\{4ab7eafa-0b58-49f6-9de3-7d6573c7d108}: [DhcpNameServer] 192.168.42.129
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL =
SearchScopes: HKU\.DEFAULT -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL =
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL =
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL =
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
FF Extension: (No Name) - C:\Users\gusta\AppData\Roaming\Mozilla\Firefox\Profiles\3qjab6pi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-07-30]
S2 CmdAgentProt; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" /ProtectedSvc [X]
U1 aswbdisk; no ImagePath
U0 aswblog; no ImagePath
2019-07-15 00:23 - 2019-07-18 02:57 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-15 00:23 - 2019-07-18 02:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-15 00:23 - 2019-07-15 00:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-07-15 00:20 - 2019-07-15 00:21 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\gusta\Downloads\spybotsd-2.7.64.0.exe
2019-07-30 19:39 - 2017-09-07 14:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-18 02:37 - 2019-06-17 19:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-18 02:22 - 2015-12-30 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-07-15 04:14 - 2018-09-30 21:38 - 000002428 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2019-07-15 00:48 - 2015-12-30 17:34 - 000000000 ____D C:\ProgramData\TEMP
2019-06-26 22:09 - 2019-04-16 08:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\BRCOM14A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pwdrvio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwdspio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwNative.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ACTSKIN4.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dao350.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRDES.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRID32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HiTime32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mfc42loc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msjet35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJINT35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJTER35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMASK32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrd2x35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSREPL35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWINSCK.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NystITFflip.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPIN32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\THREED32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VB5DB.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6R.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RESN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RUN.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetndis64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\gusta\Desktop\OrapeV3-27.7.X12.1-RB.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Desktop\sep-2016-calendario.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\flashplayer_25_sa.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\[SWF]OrapeV3-27.7.X12.1-RB.zip:$CmdZnID [26]
FirewallRules: [TCP Query User{21F2E717-9785-40F9-B4B7-AECD045BFE9F}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [UDP Query User{A40C7869-5743-4EDA-8D6F-B62981546B78}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
- Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
- Ejecutas Frst.exe.
- Presionas el botón Fix y aguardas a que termine.
- La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
- Lo pegas en tu próxima respuesta.
Reinicias si no lo hizo la herramienta y nos comentas como sigue el equipo.
Salu2.