TR/Crypt.XPACK.Gen' [trojan]


#1

Hola, Buenas tardes. Hace rato que me aparece este troyano TR/Crypt.XPACK.Gen’ [trojan]. . Avira lo detecta, lo envía a cuarentena. y cada tanto vuelve a surgir. Muchas gracias con lo que me puedan ayudar.


#3

Hola boores1931

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo


#4

Muchas gracias Daniela. Hare los pasos indicados


#5

Hola

De acuerdo, por aquí estaré esperando los reportes y comentarios :+1:

Un saludo


#6

He intentado descargar el Malwarebytes y cada vez que ejecuto la instalacion me aparece este troyano y pareciera que lo corrompe. Lo descargo pero cuando lo quiero abrir no aparece nada y asi cada vez que lo quiero ejecutar…


#7

Hola

Intentalo en modo seguro a ver si ocurre lo mismo.

Si sigue igual, continua con los demás pasos.

Un saludo


#8

Disculpas por la demora. He aqui el reporte de Malwarebytes;

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/11/18
Hora del análisis: 21:40
Archivo de registro: 01bd5be7-e3b8-11e8-ad41-705ab614bc48.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7757
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Portatil\compu

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 188147
Amenazas detectadas: 115
Amenazas en cuarentena: 115
Tiempo transcurrido: 5 min, 25 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 8
PUP.Optional.InstallCore, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\CSASTATS\ic, En cuarentena, [406], [586068],1.0.7757
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, [234], [254682],1.0.7757
PUP.Optional.WinYahoo, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En cuarentena, [234], [254682],1.0.7757
PUP.Optional.Conduit, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E5CF6809-BE15-429A-AF58-1E024D354058}, En cuarentena, [217], [236866],1.0.7757
PUP.Optional.InstallCore, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\PRODUCTSETUP, En cuarentena, [406], [481004],1.0.7757
PUP.Optional.FoxTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0399FFA1-DB7D-47AE-B24C-B67FE5AEC022}, En cuarentena, [4767], [254301],1.0.7757
PUP.Optional.FoxTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{0399FFA1-DB7D-47AE-B24C-B67FE5AEC022}, En cuarentena, [4767], [254301],1.0.7757
PUP.Optional.FoxTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FoxTab, En cuarentena, [4767], [254301],1.0.7757

Valor del registro: 6
PUP.Optional.WinYahoo, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, [234], [254682],1.0.7757
PUP.Optional.Conduit, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E5CF6809-BE15-429A-AF58-1E024D354058}|URL, En cuarentena, [217], [236866],1.0.7757
PUP.Optional.Conduit, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E5CF6809-BE15-429A-AF58-1E024D354058}|FAVICONURL, En cuarentena, [217], [236866],1.0.7757
Trojan.Agent.Generic, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|RADF8FF1, En cuarentena, [3701], [521269],1.0.7757
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, [234], [254683],1.0.7757
PUP.Optional.InstallCore, HKU\S-1-5-21-2240164480-2547828660-324338486-1000\SOFTWARE\PRODUCTSETUP|TB, En cuarentena, [406], [481004],1.0.7757

Datos del registro: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [234], [293283],1.0.7757

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 13
PUP.Optional.Conduit, C:\USERS\COMPU\APPDATA\LOCAL\CONDUIT, En cuarentena, [217], [182116],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Feeds, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Log, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\USERS\COMPU\APPDATA\LOCALLOW\CONDUIT, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\USERS\COMPU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D1CQPCPT.DEFAULT\CT2504091, En cuarentena, [1538], [443542],1.0.7757

Archivo: 87
Trojan.Agent.VBS, C:\USERS\COMPU\APPDATA\ROAMING\MICROSOFT\DelTemp.vbs, En cuarentena, [2782], [254251],1.0.7757
Trojan.Agent.VBS, C:\USERS\COMPU\APPDATA\ROAMING\MICROSOFT\Facebookss.vbs, En cuarentena, [2782], [254251],1.0.7757
PUP.Optional.ForcedInstalledExtensionFF, C:\USERS\COMPU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D1CQPCPT.DEFAULT\EXTENSIONS\{4CBEF3F0-4205-4165-8871-2844F9737602}.XPI, En cuarentena, [1715], [486482],1.0.7757
Trojan.Agent.Generic, C:\USERS\COMPU\APPDATA\LOCAL\TEMP\RADF8FF1.TMP.GPAST.VBS, En cuarentena, [3701], [521269],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_AR.xml, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit, C:\Users\compu\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml, En cuarentena, [217], [182117],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000.gif, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000.gif, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000.gif, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250.png, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000.gif, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbarImages\storage.conduit.com, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.1000034.Settings, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.129079840422026594.search.selectedEngineId, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.129079840422026594.search.settings, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.129079840422964131.feed_129079840422964131, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.AlertService, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.AlertsInfoData, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.appOptions, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.cookiesRepo, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_toolbarContextMenu, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_toolbarSettings, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_translation, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_serviceMap, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_toolbarContextMenu, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_toolbarSettings, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_translation, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_appsMetadata, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_appTrackingFirstTime, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_gottenAppsContextMenu, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_login, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_optimizer, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_otherAppsContextMenu, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_searchAPI, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\toolbar_initializing_logger.txt, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\uninstallData, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\uninstallUrl, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.NotificationSettings, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_searchAPI, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_RAW.serviceLayer_services_serviceMap, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.NOTIFICATION_ID.alert_login_service, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.NOTIFICATION_ID.notifications_serviceMap, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.pg_conf_global, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.savedPositions, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.searchProtectorData, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091.skin, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_appsMetadata, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_appTrackingFirstTime, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_gottenAppsContextMenu, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_login, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_optimizer, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.Conduit.Generic, C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_otherAppsContextMenu, En cuarentena, [1538], [443542],1.0.7757
PUP.Optional.WinYahoo, C:\USERS\COMPU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D1CQPCPT.DEFAULT\SEARCHPLUGINS\YAHOO! POWERED.XML, En cuarentena, [234], [302287],1.0.7757
MachineLearning/Anomalous.96%, C:\USERS\COMPU\APPDATA\LOCAL\TEMP\110244.EXE, En cuarentena, [0], [392687],1.0.7757

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Reporte de adwarecleaner

# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-08-2018
# Duration: 00:00:03
# OS:       Windows 7 Home Premium
# Cleaned:  15
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\Conduit
Deleted       C:\Windows\System32\config\systemprofile\AppData\Local\FileTypeAssistant
Deleted       C:\Users\compu\AppData\Local\FileTypeAssistant
Deleted       C:\ProgramData\apn

***** [ Files ] *****

Deleted       C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\SOFTWARE\3a4de808ce40384a7c340bbd4048ceab
Deleted       HKCU\Software\AppDataLow\Software\Conduit
Deleted       HKCU\Software\Conduit
Deleted       HKLM\Software\Conduit
Deleted       HKCU\Software\csastats
Deleted       HKCU\Software\AppDataLow\Software\Smartbar
Deleted       HKCU\Software\Bitberry Software
Deleted       HKLM\Software\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted       HKLM\Software\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted       HKLM\Software\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2262 octets] - [08/11/2018 22:21:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Estos dos analisis los hice en Modo Seguro, pero cuando le doy inicio normal, vuelve a aparecer


#9

Hola

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


#10

Gracias Daniela ! He aqui los reportes:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08.11.2018
Ran by compu (administrator) on PORTATIL (08-11-2018 22:55:27)
Running from C:\Users\compu\Desktop\Downloads
Loaded Profiles: compu (Available Profiles: compu)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DataCardService\DCService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-28] (Avira GmbH)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2240164480-2547828660-324338486-1000\...\Run: [Facebook Update] => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
Startup: C:\Users\compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\radF8FF1.tmp.gpast.vbs [2015-12-13] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 200.42.4.199 200.49.130.40
Tcpip\..\Interfaces\{4DBA2BCF-F006-452D-BDF3-D1E3C944673C}: [DhcpNameServer] 200.42.4.199 200.49.130.40
Tcpip\..\Interfaces\{F6B9647B-C471-4932-B77D-126A63308D8F}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2240164480-2547828660-324338486-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2240164480-2547828660-324338486-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2240164480-2547828660-324338486-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-13] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default [2018-11-08]
FF user.js: detected! => C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\user.js [2014-04-14]
FF Homepage: Mozilla\Firefox\Profiles\d1cqpcpt.default -> hxxp://www.google.com.ar/
FF NewTab: Mozilla\Firefox\Profiles\d1cqpcpt.default -> about:newtab
FF Extension: (Twoo Notifications) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Cuevana Stream) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012-11-25] [Legacy] [not signed]
FF Extension: (Versión de desarrollo de Adblock Plus) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-03]
FF Extension: (Firefox Monitor) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\features\{01a56b1e-959f-4890-8938-c9dd7957ce03}\[email protected] [2018-10-04]
FF Extension: (Telemetry coverage) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\features\{01a56b1e-959f-4890-8938-c9dd7957ce03}\[email protected] [2018-10-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-02] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2240164480-2547828660-324338486-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\compu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome: 
=======
CHR Profile: C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default [2018-11-08]
CHR Extension: (Presentaciones) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-22]
CHR Extension: (Documentos) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-22]
CHR Extension: (Google Drive) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-04]
CHR Extension: (YouTube) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-04]
CHR Extension: (Hojas de cálculo) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-22]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-04]
CHR Extension: (Gmail) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-03-28] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-09-18] (Avira GmbH)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 KinoniSvc; C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [524800 2014-11-12] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
S2 MpsSvc; no ImagePath
S2 WinDefend; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-09-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-09-18] (Avira GmbH)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-10-18] (Malwarebytes)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [69504 2010-04-09] (Huawei Technologies Co., Ltd.)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782080 2014-11-12] (Windows (R) Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [18432 2014-11-12] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173496 2018-11-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101216 2018-11-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [56552 2018-11-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [82112 2018-11-08] (Malwarebytes)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\compu\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [204800 2010-04-07] (Huawei Technologies Co., Ltd.)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-08 22:54 - 2018-11-08 22:55 - 000000000 ____D C:\FRST
2018-11-08 22:46 - 2018-11-08 22:46 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-08 22:46 - 2018-11-08 22:46 - 000101216 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-11-08 22:46 - 2018-11-08 22:46 - 000082112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-11-08 22:46 - 2018-11-08 22:46 - 000056552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-11-08 22:45 - 2018-11-08 22:45 - 000000480 _____ C:\Windows\ntbtlog.txt
2018-11-08 22:25 - 2018-11-08 22:25 - 000000316 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-11-08 22:20 - 2018-11-08 22:25 - 000000000 ____D C:\AdwCleaner
2018-11-08 21:30 - 2018-11-08 22:03 - 000173496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-11-08 21:30 - 2018-11-08 21:30 - 000000000 ____D C:\Users\compu\AppData\Local\mbamtray
2018-11-08 21:30 - 2018-11-08 21:30 - 000000000 ____D C:\Users\compu\AppData\Local\mbam
2018-11-08 21:29 - 2018-11-08 21:29 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-08 21:29 - 2018-11-08 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-08 21:29 - 2018-10-18 08:44 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-11-04 20:27 - 2018-11-04 20:27 - 000002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-04 20:09 - 2018-11-08 22:47 - 000002068 _____ C:\Users\compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desinstalar PowerDVD.lnk
2018-11-04 20:09 - 2018-11-08 22:46 - 000001290 _____ C:\Users\compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ayuda de PowerDVD.lnk
2018-11-04 20:09 - 2018-11-08 22:46 - 000001276 _____ C:\Users\compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Léame.lnk
2018-11-04 20:09 - 2018-11-08 22:46 - 000001106 _____ C:\Users\compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registro en línea.lnk
2018-11-04 19:52 - 2018-11-08 21:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-04 19:52 - 2018-11-04 22:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-03 18:46 - 2018-11-03 18:47 - 000000000 ____D C:\Users\compu\Desktop\TODO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-08 22:54 - 2009-07-14 01:34 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-08 22:54 - 2009-07-14 01:34 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-08 22:46 - 2011-08-16 22:34 - 000001095 _____ C:\Users\compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD.lnk
2018-11-08 22:45 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-08 22:45 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2018-11-08 21:34 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\tracing
2018-11-04 23:11 - 2012-07-05 23:00 - 000001066 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000UA.job
2018-11-04 20:26 - 2011-08-11 11:30 - 000000000 ____D C:\Program Files\Google
2018-11-04 20:17 - 2016-11-26 16:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-04 20:14 - 2016-11-26 16:21 - 000000000 ____D C:\Users\compu\AppData\LocalLow\Mozilla
2018-11-04 20:07 - 2011-11-04 22:41 - 000000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2018-11-04 20:04 - 2012-03-24 23:16 - 000007599 _____ C:\Users\compu\AppData\Local\Resmon.ResmonCfg
2018-11-04 19:46 - 2011-11-04 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2018-11-04 19:46 - 2011-08-10 23:22 - 000000000 ____D C:\Users\compu
2018-11-04 19:45 - 2012-05-04 01:29 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-04 19:44 - 2011-08-10 23:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-04 19:44 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\registration
2018-11-03 15:41 - 2011-08-11 11:24 - 000000000 ____D C:\Users\compu\AppData\LocalLow\Adobe

==================== Files in the root of some directories =======

2016-09-18 18:24 - 2016-09-18 18:24 - 000045290 _____ () C:\Program Files\AO7462.html
2014-04-14 23:41 - 2014-04-14 23:41 - 000000041 _____ () C:\Users\compu\AppData\Roaming\WB.CFG
2011-08-11 00:16 - 2011-08-11 00:16 - 000003159 _____ () C:\Users\compu\AppData\Local\HWVendorDetection.log
2016-07-26 23:49 - 2016-07-26 23:49 - 000000001 _____ () C:\Users\compu\AppData\Local\llftool.4.25.agreement
2012-03-24 23:16 - 2018-11-04 20:04 - 000007599 _____ () C:\Users\compu\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-04 20:58

==================== End of FRST.txt ============================

Y aqui está Addition.txt:

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 08.11.2018
Ran by compu (08-11-2018 22:57:04)
Running from C:\Users\compu\Desktop\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-08-11 02:21:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2240164480-2547828660-324338486-500 - Administrator - Disabled)
compu (S-1-5-21-2240164480-2547828660-324338486-1000 - Administrator - Enabled) => C:\Users\compu
HomeGroupUser$ (S-1-5-21-2240164480-2547828660-324338486-1003 - Limited - Enabled)
Invitado (S-1-5-21-2240164480-2547828660-324338486-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Disabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Ares 2.1.7 (HKLM\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
AutoCAD 2008 - Español (HKLM\...\{5783F2D7-6001-040A-0002-0060B0CE6BBA}) (Version: 17.1.51.0 - Autodesk) Hidden
AutoCAD 2008 - Español (HKLM\...\AutoCAD 2008 - Español) (Version: 17.1.51.0 - Autodesk)
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira GmbH)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
Claro Internet (HKLM\...\Claro Internet) (Version: 16.002.10.03.252 - Huawei Technologies Co.,Ltd)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
eMessenger 310 (HKLM\...\{6CE28479-63DF-4EE7-92C4-5FF2069CB358}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
EVEREST Corporate Edition v5.02 (HKLM\...\EVEREST Corporate Edition_is1) (Version: 5.02 - Lavalys, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KinoniDrivers 2.8.1 (HKLM\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
K-Lite Mega Codec Pack 7.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Launch Manager (HKLM\...\LManager) (Version: 3.0.02 - Acer Inc.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_STANDARD_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_STANDARD_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_STANDARD_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_STANDARD_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x86 es-AR) (HKLM\...\Mozilla Firefox 63.0.1 (x86 es-AR)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 Lite 8.2.8.0 (HKLM\...\Nero8Lite_is1) (Version: 8.2.8.0 - Updatepack.nl)
Páginas Amarillas (HKLM\...\Guía de Teléfonos de Páginas Amarillas_is1) (Version:  - YELL ARGENTINA S.A.)
Peggle Nights Deluxe (HKLM\...\Peggle Nights Deluxe) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.30.0000 - CyberLink) Hidden
PowerDVD (HKLM\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.30.0000 - CyberLink)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - )
Silicon Laboratories USBXpress Device (Driver Removal) (HKLM\...\SIUSBXP&10C4&EA61) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VBA (2627.01) (HKLM\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (HKLM\...\{5545EEE9-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Video Web Camera (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.1.0.1 - SuYin)
WeatherLink 6.0.3 (HKLM\...\{E344C807-7DE0-4CC2-81BB-1F895CF8CBDF}) (Version: 6.0.3 - Davis Instruments Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\compu\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\compu\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\compu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2240164480-2547828660-324338486-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2008\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Identif. de icono superpuesto para firmas digitales de AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2007-02-12] (Autodesk, Inc.)
ContextMenuHandlers1: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll [2006-11-09] (Autodesk, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\AntiVir Desktop\shlext.dll [2011-03-28] (Avira GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-09] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-09] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\AntiVir Desktop\shlext.dll [2011-03-28] (Avira GmbH)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-09] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BD6AB74-6FE1-40FF-AD4F-F1391A9916B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000UA => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {3E82816A-D310-4323-A2DF-FCBA15882902} - System32\Tasks\{EB88EFB9-A930-4009-B974-CFE14016FB4B} => C:\Windows\system32\pcalua.exe -a "C:\Users\compu\Desktop\AUTOCAD\AutoCAD 2008\Setup\Setup.exe" -d "C:\Users\compu\Desktop\AUTOCAD\AutoCAD 2008\Setup"
Task: {5380C541-5006-4D82-A2E6-CE62995D6ED8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {6C1E22DB-2E29-4F9E-AEC2-F081FCB653C2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000Core => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {7E85BD6F-A001-4F6F-985A-5F932DA22A36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A1923B2E-3CE9-4AA9-9C28-E58E59FC1B5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {E9576D85-5579-49DB-97E7-7AF475D589A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\compu\Desktop\Downloads\adwcleaner_7.2.4.0 (1).exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000Core.job => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000UA.job => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

==================== Loaded Modules (Whitelisted) ==============

2014-03-06 21:58 - 2010-06-17 15:27 - 000355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-05-08 08:48 - 2010-05-08 08:48 - 000229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-11-12 06:20 - 2014-11-12 06:20 - 000524800 _____ () C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
2014-11-11 11:22 - 2014-11-11 11:22 - 000147456 _____ () C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2014-11-11 11:22 - 2014-11-11 11:22 - 003703808 _____ () C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2014-11-11 11:22 - 2014-11-11 11:22 - 000224256 _____ () C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2011-08-11 11:33 - 2007-02-07 16:29 - 000173616 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2018-11-08 21:29 - 2018-10-18 08:44 - 002312648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-08 21:29 - 2018-10-18 08:44 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-04 20:27 - 2018-10-23 18:45 - 004238168 _____ () C:\Program Files\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-11-04 20:27 - 2018-10-23 18:45 - 000096600 _____ () C:\Program Files\Google\Chrome\Application\70.0.3538.77\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2240164480-2547828660-324338486-1000\Software\Classes\.scr: AutoCADScriptFile => "C:\Windows\system32\NOTEPAD.EXE" "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2015-09-26 15:06 - 000000031 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2240164480-2547828660-324338486-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\compu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.42.4.199 - 200.49.130.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A68F9E30-C66D-4A52-81DC-74D6CA8C2C14}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{45053AF0-76F8-45C4-BBAB-FC9AE877412E}] => (Allow) LPort=2869
FirewallRules: [{1BDB2501-FA23-43B8-97E0-0EC4B876F529}] => (Allow) LPort=1900
FirewallRules: [{2FA0BFD5-97BC-4212-830F-0F1C8A315D1E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3BB75608-E50D-4547-B7B6-1945B66F2ECE}] => (Allow) C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TCP Query User{2B3CD16D-BE96-4D71-8D36-1A6F142D5B0A}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe
FirewallRules: [UDP Query User{059C0965-5B41-43D8-80D5-2075DFBC83E9}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe
FirewallRules: [TCP Query User{B1CA2943-3C28-4A77-BE59-219C7B47D7B2}C:\program files\ares\chatserver.exe] => (Block) C:\program files\ares\chatserver.exe
FirewallRules: [UDP Query User{BDBF83A1-C607-43FF-AE51-28106770F634}C:\program files\ares\chatserver.exe] => (Block) C:\program files\ares\chatserver.exe
FirewallRules: [TCP Query User{9247BE77-576A-4D11-8D87-3953060D24AA}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
FirewallRules: [UDP Query User{3F735BD5-BE3C-4D57-B791-418BBCFBCB54}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe

==================== Restore Points =========================

03-11-2018 16:15:54 Punto de control programado
03-11-2018 18:35:39 Operación de restauración
04-11-2018 20:05:14 Windows Update

==================== Faulty Device Manager Devices =============

Name: Adaptador de minipuerto WiFi virtual de Microsoft
Description: Adaptador de minipuerto WiFi virtual de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2018 10:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.1.0.1644, marca de tiempo: 0x5bc8b269
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5b9bc256
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001b342b
Id. del proceso con errores: 0xfe4
Hora de inicio de la aplicación con errores: 0x01d477ce69cec6db
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: a89db99d-e3c1-11e8-a272-705ab614bc48

Error: (11/08/2018 10:48:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/08/2018 10:48:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.1.0.1644, marca de tiempo: 0x5bc8b269
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5b9bc256
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001b342b
Id. del proceso con errores: 0x1728
Hora de inicio de la aplicación con errores: 0x01d477ce5043e2cb
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 9101f3c6-e3c1-11e8-a272-705ab614bc48

Error: (11/08/2018 10:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (11/08/2018 10:27:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (11/08/2018 10:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (11/08/2018 09:59:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/08/2018 09:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.1.0.1644, marca de tiempo: 0x5bc8b269
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5b9bc256
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001b342b
Id. del proceso con errores: 0x1488
Hora de inicio de la aplicación con errores: 0x01d477c77a8ffc3e
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: b92f537a-e3ba-11e8-ba52-705ab614bc48


System errors:
=============
Error: (11/08/2018 10:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Defender no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar la ruta especificada.

Error: (11/08/2018 10:47:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.

Error: (11/08/2018 10:46:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143 = No hay más extremos disponibles desde el asignador de extremos..

Error: (11/08/2018 10:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Firewall de Windows no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar la ruta especificada.

Error: (11/08/2018 10:28:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Defender no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar la ruta especificada.

Error: (11/08/2018 10:26:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Proveedor de Grupo Hogar depende del servicio Host de proveedor de detección de función, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (11/08/2018 10:26:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/08/2018 10:26:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 3001.98 MB
Available physical RAM: 1522.18 MB
Total Virtual: 6002.28 MB
Available Virtual: 4014.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:125.37 GB) (Free:35.02 GB) NTFS
Drive d: (Datos) (Fixed) (Total:107.42 GB) (Free:48.23 GB) NTFS

\\?\Volume{66cd20c2-c3bf-11e0-b98a-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 832B6195)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=125.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#11

Hola

Mueve FRST al escritorio, es importante para realizar el siguiente paso si no no funcionará.

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2240164480-2547828660-324338486-1000\...\Run: [Facebook Update] => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
FF NewTab: Mozilla\Firefox\Profiles\d1cqpcpt.default -> about:newtab
FF Extension: (Cuevana Stream) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012-11-25] [Legacy] [not signed]
FF Extension: (Telemetry coverage) - C:\Users\compu\AppData\Roaming\Mozilla\Firefox\Profiles\d1cqpcpt.default\features\{01a56b1e-959f-4890-8938-c9dd7957ce03}\[email protected] [2018-10-04] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=1.1.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-2240164480-2547828660-324338486-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\compu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
CHR Extension: (Chrome Media Router) - C:\Users\compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-04]
S2 MpsSvc; no ImagePath
S2 WinDefend; no ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\compu\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
2018-11-04 23:11 - 2012-07-05 23:00 - 000001066 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000UA.job
Task: {1BD6AB74-6FE1-40FF-AD4F-F1391A9916B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000UA => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {6C1E22DB-2E29-4F9E-AEC2-F081FCB653C2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000Core => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000Core.job => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240164480-2547828660-324338486-1000UA.job => C:\Users\compu\AppData\Local\Facebook\Update\FacebookUpdate.exe

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo