Virus "antiusbshortcut" hace lenta la pc


#1

hola muy buenas tardes tengo una laptop HP pavilion dv6000 con windows 7 hace meses al iniciar windows me aparece el mensaje de la imagen repetidas veces y la pc se pone lentisima creo que es un virus, por favor decirme como puedo eliminarlo tengo el avast version gratuita y no detecta nada el ya mencionado

no se me permitio subir la captura de pantalla a este tema asi que colocare lo que dice la ventana es “line 0file C:/AntiShortCut/AntiUsbShortCut.zip” eso sale repetidas veces en multiples ventanas

muchas gracias de antemano


#2

Buenas @Daniel_Perez

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#3

hola muchas gracias aqui coloco los reportes este de malewarebytes;

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 21/12/18
Hora del análisis: 13:20
Archivo de registro: 118d524a-054d-11e9-a3eb-001b24b8a460.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8211
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Carmela-PC\Carmela

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 167042
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 3 min, 22 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, En cuarentena, [6845], [251589],1.0.8211

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
HackTool.FilePatch, C:\PROGRAM FILES\NERO\NERO15PATCH.EXE, En cuarentena, [7809], [281135],1.0.8211

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end) 

ahora el de adware

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-21-2018
# Duration: 00:00:04
# OS:       Windows 7 Home Premium
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [21/12/2018 13:33:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

ahora el de junkware

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x86 
Ran by Carmela (Administrator) on 21/12/2018 at 15:19:55,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 29 

Successfully deleted: C:\ProgramData\drivergenius (Folder) 
Successfully deleted: C:\Users\Carmela\Documents\add-in express (Folder) 
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\033S2MKW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2XQA5N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TGQP4Q3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48X5S84O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68KHACWO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M9GZ0OJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLGAFN7F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOY18FYH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY50U1O0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKV6C93B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCSNV2OM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R74OBP6M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y06YXOSN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\033S2MKW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2XQA5N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TGQP4Q3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48X5S84O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68KHACWO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M9GZ0OJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLGAFN7F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOY18FYH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY50U1O0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKV6C93B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCSNV2OM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R74OBP6M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y06YXOSN (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/12/2018 at 15:29:02,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ahora del farbar

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
Ran by Carmela (administrator) on CARMELA-PC (21-12-2018 23:18:22)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1466368 2009-05-05] (Motorola Inc.)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-03] (AVAST Software)
HKLM\...\Run: [YouCam Service] => C:\Program Files\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2018-10-22] (Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2018-10-22] (WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [455360 2018-10-22] (WinZip Computing, S.L.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AvastBrowserAutoLaunch_9B8B7F100EFE775F07CF254237F2FF6F] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1826600 2018-11-16] (AVAST Software)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14554696 2018-11-06] (Piriform Software Ltd)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{33C14BE5-2735-4365-9A6B-D7219A686119}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pe/
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0wvtwoq6.default
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\0wvtwoq6.default [2018-12-21]
FF Extension: (Avast Online Security) - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\0wvtwoq6.default\Extensions\[email protected] [2018-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2016-07-28] (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com.pe/"
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default [2018-12-21]
CHR Extension: (Presentaciones) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-05]
CHR Extension: (Documentos) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-05]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-18]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-25]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-21]
CHR Extension: (Hojas de cálculo) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Avast Online Security) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509456 2012-07-18] (Intel Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-12-03] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-03] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-20] (AVAST Software)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-08-23] (Intel(R) Corporation)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [199320 2016-07-28] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [394904 2016-07-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-07-18] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-07-18] (Windows (R) Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-12-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-12-03] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-12-03] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-12-03] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-12-03] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-12-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-12-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2018-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2018-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-12-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-12-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2018-12-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2018-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-12-03] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2018-12-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2018-12-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2018-12-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2018-12-21] (Malwarebytes)
S3 NETw3v32; C:\Windows\System32\DRIVERS\NETw3v32.sys [2225664 2008-01-18] (Intel Corporation) [File not signed]
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [44544 2006-11-02] (Realtek Corporation) [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-01-03] (Samsung Electronics) [File not signed]
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-16] (CyberLink Corp.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-21 23:18 - 2018-12-21 23:19 - 000018024 _____ C:\Users\Carmela\Desktop\FRST.txt
2018-12-21 23:18 - 2018-12-21 23:18 - 000000000 ____D C:\FRST
2018-12-21 23:15 - 2018-12-21 23:15 - 001778176 _____ (Farbar) C:\Users\Carmela\Desktop\FRST.exe
2018-12-21 23:08 - 2018-12-21 23:08 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-21 23:07 - 2018-12-21 23:19 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-21 23:07 - 2018-12-21 23:07 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-21 23:04 - 2018-12-21 23:04 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-21 15:29 - 2018-12-21 15:29 - 000005050 _____ C:\Users\Carmela\Desktop\JRT.txt
2018-12-21 13:32 - 2018-12-21 13:33 - 000000000 ____D C:\AdwCleaner
2018-12-21 13:27 - 2018-12-21 13:27 - 000001764 _____ C:\Users\Carmela\Downloads\reporte  malwarebytes 21.12.18 1.13.txt
2018-12-21 13:17 - 2018-12-21 13:17 - 000000000 ____D C:\Users\Carmela\AppData\Local\mbam
2018-12-21 13:15 - 2018-12-21 13:15 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-21 13:15 - 2018-12-21 13:15 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\Users\Carmela\AppData\Local\mbamtray
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-21 13:15 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-21 13:04 - 2018-12-21 13:04 - 000002510 _____ C:\Users\Carmela\Documents\cc_20181221_130441.reg
2018-12-21 11:29 - 2018-12-21 11:29 - 001790024 _____ (Malwarebytes) C:\Users\Carmela\Downloads\JRT (1).exe
2018-12-21 11:28 - 2018-12-21 11:28 - 007320272 _____ (Malwarebytes) C:\Users\Carmela\Desktop\adwcleaner_7.2.6.0.exe
2018-12-21 11:25 - 2018-12-21 11:28 - 081227760 _____ (Malwarebytes ) C:\Users\Carmela\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-21 11:24 - 2018-12-21 11:24 - 001790024 _____ (Malwarebytes) C:\Users\Carmela\Desktop\JRT.exe
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-18 13:30 - 2018-12-18 13:30 - 000101355 _____ C:\Users\Carmela\Downloads\18.04.23CampProjectLeaderJobDetails.pdf
2018-12-18 13:24 - 2018-12-18 13:24 - 000109330 _____ C:\Users\Carmela\Downloads\Depatment-Tax-Refund-November-2018-Id1287336.pdf
2018-12-18 13:22 - 2018-12-18 13:22 - 000109837 _____ C:\Users\Carmela\Downloads\HMRC_9292.pdf
2018-12-18 13:04 - 2018-12-18 13:04 - 000332740 _____ C:\Users\Carmela\Downloads\PERU_DEFINITIVO__Clausula_In_.pdf
2018-12-15 17:02 - 2018-12-15 17:02 - 000339459 _____ C:\Users\Carmela\Documents\expo11.pptx
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-14 09:38 - 2018-12-14 09:38 - 000008509 _____ C:\Users\Carmela\Downloads\20380456444-03-BA22-0000284.pdf
2018-12-06 00:46 - 2018-12-06 00:46 - 000412272 _____ C:\Users\Carmela\Documents\UNAS-UCPS Comercio Exterior.pptx
2018-12-05 19:51 - 2018-12-05 19:51 - 000120320 _____ C:\Users\Carmela\Downloads\CU-010-PVA-RAARE-2018.xls
2018-12-05 19:49 - 2018-12-05 19:49 - 000147461 _____ C:\Users\Carmela\Downloads\CM-013-SUP-RAARE-2018.xlsx
2018-12-05 19:48 - 2018-12-05 19:48 - 000236096 _____ C:\Users\Carmela\Downloads\CM-019-SUP-RAARE-2018.xlsx
2018-12-05 18:08 - 2018-12-05 18:08 - 001474158 _____ C:\Users\Carmela\Downloads\test2.pdf
2018-12-05 16:34 - 2018-12-05 16:34 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (3).xls
2018-12-05 16:34 - 2018-12-05 16:34 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (2).xls
2018-12-05 16:21 - 2018-12-05 16:21 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018.xls
2018-12-05 16:21 - 2018-12-05 16:21 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (1).xls
2018-12-05 10:38 - 2018-12-07 20:33 - 000000000 ____D C:\Users\Carmela\AppData\Local\ESET
2018-12-05 10:37 - 2018-12-05 10:38 - 006986872 _____ (ESET spol. s r.o.) C:\Users\Carmela\Downloads\esetonlinescanner_esl.exe
2018-12-03 23:54 - 2018-12-03 23:53 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-30 23:27 - 2018-11-30 23:27 - 000001930 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-11-30 23:27 - 2018-11-30 23:27 - 000001830 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-11-30 23:27 - 2018-11-30 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-11-30 23:26 - 2018-12-03 16:11 - 000000000 ____D C:\Users\Carmela\AppData\Local\WinZip
2018-11-30 23:25 - 2018-11-30 23:26 - 000000000 ____D C:\Program Files\WinZip
2018-11-27 12:46 - 2018-11-27 12:46 - 001261829 _____ C:\Users\Carmela\Downloads\CLIMA ORGANIZACIONAL Y PRODUCTIVIDAD LABORAL.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-21 23:18 - 2009-07-13 23:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-21 23:18 - 2009-07-13 23:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-21 23:14 - 2016-07-17 16:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-21 23:06 - 2018-04-20 11:29 - 000000000 ____D C:\Users\Carmela\AppData\Local\AVAST Software
2018-12-21 23:05 - 2016-07-18 19:41 - 000000000 ____D C:\Users\Carmela\Documents\Youcam
2018-12-21 23:02 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-21 13:26 - 2016-07-17 20:47 - 000000000 ____D C:\Program Files\Nero
2018-12-21 13:15 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2018-12-21 11:33 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-17 21:04 - 2016-07-17 21:47 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 21:04 - 2016-07-17 21:47 - 000002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-17 20:38 - 2016-07-17 21:38 - 000000000 ____D C:\Users\Carmela\AppData\Local\ElevatedDiagnostics
2018-12-17 12:27 - 2016-07-17 20:54 - 000000000 ____D C:\Users\Carmela\AppData\Roaming\Nitro PDF
2018-12-15 17:07 - 2011-01-22 05:22 - 000750828 _____ C:\Windows\system32\perfh00A.dat
2018-12-15 17:07 - 2011-01-22 05:22 - 000159838 _____ C:\Windows\system32\perfc00A.dat
2018-12-15 17:07 - 2010-11-20 16:01 - 001684772 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-14 09:32 - 2018-04-04 17:55 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-05 23:21 - 2016-07-17 16:31 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-05 23:21 - 2016-07-17 16:31 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-05 10:42 - 2016-07-17 20:24 - 000000000 __RHD C:\MSOCache
2018-12-03 23:56 - 2018-03-05 18:12 - 000183176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-12-03 23:53 - 2018-10-30 21:02 - 000040688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000284256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000188976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000167480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000165384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000057904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000784560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000397992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000310200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000156936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000135200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000100984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000072800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-12-03 16:19 - 2016-07-18 19:10 - 000000000 ____D C:\Temp
2018-12-03 16:19 - 2009-07-13 21:37 - 000000000 ____D C:\PerfLogs
2018-12-03 16:01 - 2016-07-17 20:36 - 000000000 ____D C:\ProgramData\WinZip
2018-11-30 23:27 - 2009-07-13 21:04 - 000000532 _____ C:\Windows\win.ini
2018-11-30 23:18 - 2016-07-17 16:45 - 000000974 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-30 20:56 - 2017-02-10 18:18 - 000000000 ____D C:\Users\Carmela\AppData\LocalLow\Adobe
2018-11-29 13:42 - 2018-07-13 18:12 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-28 04:52 - 2018-07-13 18:13 - 000000000 ____D C:\Users\Carmela\AppData\LocalLow\Mozilla
2018-11-28 04:51 - 2018-07-13 18:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-27 10:39 - 2018-04-20 11:38 - 000002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-27 10:39 - 2018-04-20 11:38 - 000002339 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 09:19

==================== End of FRST.txt ============================  

espero tu respuesta gracias de antemano


#6

Hola de nuevo @Daniel_Perez

Para que te podamos dar los siguientes pasos faltaría por poner el informe de Addition.txt que te pedimos y debes tener ubicado en tu escritorio y ademas falta que nos comentes como sigue el problema planteado por ti al inicio de este tema. :thinking:


#7

hola aqui lo que faltaba, el de adittion

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.12.2018
Ran by Carmela (21-12-2018 23:22:37)
Running from C:\Users\Carmela\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-07-17 18:22:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1712796923-342591897-1552680142-500 - Administrator - Disabled)
Carmela (S-1-5-21-1712796923-342591897-1552680142-1000 - Administrator - Enabled) => C:\Users\Carmela
Invitado (S-1-5-21-1712796923-342591897-1552680142-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast License by ZeNiX [2014-03-14] (HKLM\...\Avast_2050_ZeNiX [2014-03-14]_is1) (Version:  - )
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Blackboard Collaborate Launcher (HKLM\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.05 - Motorola Inc)
Mozilla Firefox 63.0.3 (x86 es-ES) (HKLM\...\Mozilla Firefox 63.0.3 (x86 es-ES)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Nero 2015 (HKLM\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nitro Pro 9 (HKLM\...\{9294DE94-C296-46EC-A206-23EDA73C7B63}) (Version: 9.5.4.22 - Nitro)
Prerequisite installer (HKLM\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Samsung SCX-4300 Series (HKLM\...\Samsung SCX-4300 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Software Intel® PROSet/Wireless WiFi (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
WinRAR 5.60 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411C}) (Version: 23.0.13300 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1712796923-342591897-1552680142-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.WinZipExpressForOffice.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers1: [NPShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2016-07-28] (Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A07EDC6-C0DB-496B-8B6D-1D9C9BE9ECAD} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-10-22] (Corel Corporation)
Task: {17A62198-576D-406F-A994-C60F7DC1F7B9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-30] (AVAST Software)
Task: {1E5345E7-70FA-4A48-BA4D-CB7EC8356417} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6B655461-11B8-49E0-9021-20C8FD8B56C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {6D6EEE7A-2441-461F-B70B-843B95059A9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-17] (Google Inc.)
Task: {6E2B9A80-042F-4CD3-9250-2008BB3D88E2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-12-03] (AVAST Software)
Task: {7F1F0872-78B6-44A9-9A2D-AAD02B4ABD40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {8BF3DB51-5322-475A-9FB0-B88CB0880045} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-10-22] (Corel Corporation)
Task: {9915A886-6C89-4DDF-9EE4-C4A7FAEA804E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-20] (AVAST Software)
Task: {9E96A75B-33A9-4D4B-9BDC-A4FEB6FCD851} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-17] ()
Task: {B740E0C1-3804-477B-BD2D-ECD46AE9FEA8} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {BC49A768-3664-4616-9F8F-4B8DAB692F19} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {D6C5955C-F759-47D1-A82B-10542364DD5F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-20] (AVAST Software)
Task: {EF4C71FF-019D-4FD6-8AD2-2C54FA9EAE8F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {EFF438B2-903E-44A0-99FE-56C1452250FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {FEFDC8B8-918A-4C05-A3C2-94496998E064} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-17] (Google Inc.)
Task: {FFCFD821-4413-4A2A-BEF0-004492036DD4} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-10-22] (Corel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-03 23:53 - 2018-12-03 23:53 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-12-21 13:50 - 2018-12-21 13:50 - 005734544 _____ () C:\Program Files\AVAST Software\Avast\defs\18122106\algo.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-28 17:43 - 2016-07-28 17:43 - 000394904 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2016-07-17 16:59 - 2014-03-17 01:38 - 000866056 _____ () C:\Program Files\CyberLink\PowerDVD14\common\UNO\UNO.dll
2016-07-17 16:59 - 2013-12-10 02:39 - 000074240 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2016-07-17 16:59 - 2013-12-10 02:39 - 000285184 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2016-07-17 16:59 - 2013-12-10 02:39 - 000040960 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2016-07-17 16:59 - 2013-12-10 02:39 - 000721920 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2016-07-17 16:59 - 2014-03-17 01:38 - 000043784 _____ () C:\Program Files\CyberLink\PowerDVD14\Kernel\DHProcedure\DHProcedure.dll
2018-03-05 18:10 - 2018-03-05 18:10 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-12-21 13:15 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-21 13:15 - 2018-11-21 11:07 - 002327640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 002121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 007745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 000135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-04-14 14:41 - 2014-04-14 14:41 - 000039192 _____ () C:\Program Files\CCleaner\branding.dll
2018-11-27 10:39 - 2018-11-16 14:23 - 002294000 _____ () C:\Program Files\AVAST Software\Browser\Application\70.0.917.102\swiftshader\libglesv2.dll
2018-11-27 10:39 - 2018-11-16 14:23 - 000138120 _____ () C:\Program Files\AVAST Software\Browser\Application\70.0.917.102\swiftshader\libegl.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000603864 _____ () C:\Program Files\AVAST Software\Avast\AvastNM.exe
2016-07-18 19:20 - 2013-10-03 20:45 - 000577536 _____ () C:\Windows\system32\SnMinDrv.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2018-12-21 13:45 - 000000825 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.113.220.18 - 190.113.220.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56C8C1DA-FD30-4ED4-BE25-49B71F23EF3C}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{7F432BFB-6E5B-40A0-A890-F828C9E104C2}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{53B4C862-F1E0-4603-815C-5CFC4DB8268E}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{6E92DA3D-C8B4-47B4-8C97-0CD97E33604C}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{57127A3A-0DB5-4590-987A-8600BBE77227}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{88DF627B-2934-45B4-99D0-BCCD336AD1D6}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{92EA90F5-22FF-4BAF-A0EE-7A31CF624147}] => (Allow) C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{2568C242-988A-4A16-A308-FC35693A43DC}] => (Allow) C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DFAD6BA6-6C84-4226-838F-857A706C3C4F}] => (Allow) C:\Program Files\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{C3DBBC60-50A0-417C-BA65-B2DDF8887887}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{A759B5D2-7EC7-4595-96FE-00B0C0A68772}] => (Allow) C:\Program Files\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{5F2C9E27-4700-42B1-8368-AD27F1541121}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{4EAC009E-6ACD-4AD6-8ED3-DFA503E49BAC}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{AD26F635-6150-4579-9B8B-A97FE2F8D611}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{946714C7-87C0-4116-B166-7B97110EED11}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{E8D997AD-ED8C-4D7E-A4A2-A36CA8A3D48C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4FD1E08C-01A0-4082-B662-9C2B41861EBE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47B83107-8CE7-4B86-A987-62E140B661AA}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{1109D478-F1DD-429E-AF12-1FAD9F76EBB2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{E0884E67-AB90-46BD-92EC-A649B1CBC4CE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{2804002B-5AB9-4511-9413-57551330561C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1CC7FE3C-03CB-434A-84AB-2079D4173184}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{8ECC01A7-42AB-44B5-9E6A-A10C75E6CDBC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-12-2018 15:20:00 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2018 11:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: ZeroConfigService.exe, versión: 15.3.0.0, marca de tiempo: 0x5036adc5
Nombre del módulo con errores: MurocApi.dll, versión: 15.3.0.0, marca de tiempo: 0x5036acf9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000219a8
Id. del proceso con errores: 0x9ec
Hora de inicio de la aplicación con errores: 0x01d499ab293199d5
Ruta de acceso de la aplicación con errores: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Ruta de acceso del módulo con errores: C:\Program Files\Intel\WiFi\bin\MurocApi.dll
Id. del informe: 874d80da-059e-11e9-875f-001b24b8a460

Error: (12/21/2018 11:03:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 01:42:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 01:16:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
.

Error: (12/21/2018 01:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1662, marca de tiempo: 0x5c070ada
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5bd23201
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Id. del proceso con errores: 0x170c
Hora de inicio de la aplicación con errores: 0x01d499592da82dca
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 6c6676ea-054c-11e9-991d-001b24b8a460

Error: (12/21/2018 10:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/19/2018 05:29:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/18/2018 12:17:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\Samsung\samsung universal scan driver\seinstall\Data\wiainst64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.


System errors:
=============
Error: (12/21/2018 11:07:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.

Error: (12/21/2018 11:06:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) PROSet/Wireless Zero Configuration Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/21/2018 11:03:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/21/2018 11:03:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/21/2018 11:03:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

Error: (12/21/2018 11:02:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio DgiVecp no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (12/21/2018 05:47:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.

Error: (12/21/2018 01:51:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.


CodeIntegrity:
===================================

Date: 2016-09-05 15:19:12.151
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-09-05 15:19:10.856
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-26 21:24:30.671
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-26 21:24:30.437
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 18:28:13.938
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 18:28:13.672
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 08:52:30.718
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 08:52:30.515
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 74%
Total physical RAM: 2038.43 MB
Available physical RAM: 520.64 MB
Total Virtual: 4076.86 MB
Available Virtual: 2385.03 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:58.59 GB) (Free:32.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:58.59 GB) (Free:55.31 GB) NTFS
Drive e: () (Fixed) (Total:61.97 GB) (Free:27.77 GB) NTFS
Drive f: (HP_RECOVERY) (Fixed) (Total:7.15 GB) (Free:0.68 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 186.3 GB) (Disk ID: 8AC38874)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

el equipo sigue muy lento y aun salen las ventanillas con comportamiento de maleware


#8

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#9

hola nuevamente la compu funciona mucho mejor y desaparecieron las molestas ventanillas de error parace que ya todo va bien mil gracias…!

Fix result of Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by Carmela (24-12-2018 15:21:11) Run:1
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinZip => removed successfully.
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinZip => removed successfully.
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinZip => removed successfully.
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
C:\Windows => ":nlsPreferences" ADS removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AntiShortCutUpdate" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AntiUsbShortCut" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AntiShortCutUpdate" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AntiUsbShortCut" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\MSVideo8" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.l3codecp" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FMVC" => removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk => moved successfully
C:\Windows\System32\cmd.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk => moved successfully
C:\AntiShortCut\AntiUsb.exe => moved successfully
HKLM\System\CurrentControlSet\Services\DgiVecp => removed successfully.
DgiVecp => service removed successfully.
C:\AntiUsbShortCut => moved successfully
C:\AntiShortCut => moved successfully
C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33} => moved successfully
C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A} => moved successfully
C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E} => moved successfully
"C:\AntiShortCut" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


========= End of CMD: =========


========= ipconfig /renew =========


========= End of CMD: =========


========= ipconfig /flushdns =========


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


========= End of CMD: =========


========= netsh advfirewall reset =========


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


========= End of CMD: =========


========= netsh int ipv4 reset =========


========= End of CMD: =========


========= netsh int ipv6 reset =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13708344 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 72613 B
Edge => 0 B
Chrome => 15465568 B
Firefox => 13534990 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66088 B
LocalService => 0 B
NetworkService => 66228 B
Carmela => 8280510 B

RecycleBin => 2420768 B
EmptyTemp: => 51.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:21:46 ====  

#10

Perfecto :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


#11