Virus "antiusbshortcut" hace lenta la pc

Daniel_Perez · 21 Diciembre, 2018 15:53

hola muy buenas tardes tengo una laptop HP pavilion dv6000 con windows 7 hace meses al iniciar windows me aparece el mensaje de la imagen repetidas veces y la pc se pone lentisima creo que es un virus, por favor decirme como puedo eliminarlo tengo el avast version gratuita y no detecta nada el ya mencionado

no se me permitio subir la captura de pantalla a este tema asi que colocare lo que dice la ventana es “line 0file C:/AntiShortCut/AntiUsbShortCut.zip” eso sale repetidas veces en multiples ventanas

muchas gracias de antemano

JavierHF · 21 Diciembre, 2018 16:05

Buenas @Daniel_Perez

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

CCleaner + Manual.
Malwarebytes’ Anti-Malware + Manual. revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
AdwCleaner + Manual.
Junkware Removal Tool.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecutas las herramientas de una en una y en el orden indicado :

CCleaner.-

Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Completo.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Historial encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los informes en tu próxima respuesta de :

Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado.

Saludos Javier.

Daniel_Perez · 22 Diciembre, 2018 04:47

hola muchas gracias aqui coloco los reportes este de malewarebytes;

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 21/12/18
Hora del análisis: 13:20
Archivo de registro: 118d524a-054d-11e9-a3eb-001b24b8a460.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8211
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Carmela-PC\Carmela

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 167042
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 3 min, 22 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, En cuarentena, [6845], [251589],1.0.8211

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
HackTool.FilePatch, C:\PROGRAM FILES\NERO\NERO15PATCH.EXE, En cuarentena, [7809], [281135],1.0.8211

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

ahora el de adware

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-21-2018
# Duration: 00:00:04
# OS:       Windows 7 Home Premium
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [21/12/2018 13:33:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

ahora el de junkware

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x86 
Ran by Carmela (Administrator) on 21/12/2018 at 15:19:55,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 29 

Successfully deleted: C:\ProgramData\drivergenius (Folder) 
Successfully deleted: C:\Users\Carmela\Documents\add-in express (Folder) 
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\033S2MKW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2XQA5N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TGQP4Q3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48X5S84O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68KHACWO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M9GZ0OJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLGAFN7F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOY18FYH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY50U1O0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKV6C93B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCSNV2OM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R74OBP6M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y06YXOSN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\033S2MKW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2XQA5N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TGQP4Q3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48X5S84O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68KHACWO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M9GZ0OJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLGAFN7F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOY18FYH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY50U1O0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKV6C93B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCSNV2OM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R74OBP6M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y06YXOSN (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/12/2018 at 15:29:02,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ahora del farbar

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
Ran by Carmela (administrator) on CARMELA-PC (21-12-2018 23:18:22)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1466368 2009-05-05] (Motorola Inc.)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-03] (AVAST Software)
HKLM\...\Run: [YouCam Service] => C:\Program Files\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2018-10-22] (Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2018-10-22] (WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [455360 2018-10-22] (WinZip Computing, S.L.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AvastBrowserAutoLaunch_9B8B7F100EFE775F07CF254237F2FF6F] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1826600 2018-11-16] (AVAST Software)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14554696 2018-11-06] (Piriform Software Ltd)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{33C14BE5-2735-4365-9A6B-D7219A686119}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pe/
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0wvtwoq6.default
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\0wvtwoq6.default [2018-12-21]
FF Extension: (Avast Online Security) - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\0wvtwoq6.default\Extensions\[email protected] [2018-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2016-07-28] (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com.pe/"
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default [2018-12-21]
CHR Extension: (Presentaciones) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-05]
CHR Extension: (Documentos) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-05]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-18]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-25]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-21]
CHR Extension: (Hojas de cálculo) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Avast Online Security) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509456 2012-07-18] (Intel Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-12-03] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-03] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-20] (AVAST Software)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-08-23] (Intel(R) Corporation)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [199320 2016-07-28] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [394904 2016-07-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-07-18] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-07-18] (Windows (R) Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-12-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-12-03] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-12-03] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-12-03] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-12-03] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-12-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-12-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2018-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2018-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-12-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-12-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2018-12-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2018-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-12-03] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2018-12-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2018-12-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2018-12-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2018-12-21] (Malwarebytes)
S3 NETw3v32; C:\Windows\System32\DRIVERS\NETw3v32.sys [2225664 2008-01-18] (Intel Corporation) [File not signed]
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [44544 2006-11-02] (Realtek Corporation) [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-01-03] (Samsung Electronics) [File not signed]
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-16] (CyberLink Corp.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-21 23:18 - 2018-12-21 23:19 - 000018024 _____ C:\Users\Carmela\Desktop\FRST.txt
2018-12-21 23:18 - 2018-12-21 23:18 - 000000000 ____D C:\FRST
2018-12-21 23:15 - 2018-12-21 23:15 - 001778176 _____ (Farbar) C:\Users\Carmela\Desktop\FRST.exe
2018-12-21 23:08 - 2018-12-21 23:08 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-21 23:07 - 2018-12-21 23:19 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-21 23:07 - 2018-12-21 23:07 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-21 23:04 - 2018-12-21 23:04 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-21 15:29 - 2018-12-21 15:29 - 000005050 _____ C:\Users\Carmela\Desktop\JRT.txt
2018-12-21 13:32 - 2018-12-21 13:33 - 000000000 ____D C:\AdwCleaner
2018-12-21 13:27 - 2018-12-21 13:27 - 000001764 _____ C:\Users\Carmela\Downloads\reporte  malwarebytes 21.12.18 1.13.txt
2018-12-21 13:17 - 2018-12-21 13:17 - 000000000 ____D C:\Users\Carmela\AppData\Local\mbam
2018-12-21 13:15 - 2018-12-21 13:15 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-21 13:15 - 2018-12-21 13:15 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\Users\Carmela\AppData\Local\mbamtray
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-21 13:15 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-21 13:04 - 2018-12-21 13:04 - 000002510 _____ C:\Users\Carmela\Documents\cc_20181221_130441.reg
2018-12-21 11:29 - 2018-12-21 11:29 - 001790024 _____ (Malwarebytes) C:\Users\Carmela\Downloads\JRT (1).exe
2018-12-21 11:28 - 2018-12-21 11:28 - 007320272 _____ (Malwarebytes) C:\Users\Carmela\Desktop\adwcleaner_7.2.6.0.exe
2018-12-21 11:25 - 2018-12-21 11:28 - 081227760 _____ (Malwarebytes ) C:\Users\Carmela\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-21 11:24 - 2018-12-21 11:24 - 001790024 _____ (Malwarebytes) C:\Users\Carmela\Desktop\JRT.exe
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-18 13:30 - 2018-12-18 13:30 - 000101355 _____ C:\Users\Carmela\Downloads\18.04.23CampProjectLeaderJobDetails.pdf
2018-12-18 13:24 - 2018-12-18 13:24 - 000109330 _____ C:\Users\Carmela\Downloads\Depatment-Tax-Refund-November-2018-Id1287336.pdf
2018-12-18 13:22 - 2018-12-18 13:22 - 000109837 _____ C:\Users\Carmela\Downloads\HMRC_9292.pdf
2018-12-18 13:04 - 2018-12-18 13:04 - 000332740 _____ C:\Users\Carmela\Downloads\PERU_DEFINITIVO__Clausula_In_.pdf
2018-12-15 17:02 - 2018-12-15 17:02 - 000339459 _____ C:\Users\Carmela\Documents\expo11.pptx
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-14 09:38 - 2018-12-14 09:38 - 000008509 _____ C:\Users\Carmela\Downloads\20380456444-03-BA22-0000284.pdf
2018-12-06 00:46 - 2018-12-06 00:46 - 000412272 _____ C:\Users\Carmela\Documents\UNAS-UCPS Comercio Exterior.pptx
2018-12-05 19:51 - 2018-12-05 19:51 - 000120320 _____ C:\Users\Carmela\Downloads\CU-010-PVA-RAARE-2018.xls
2018-12-05 19:49 - 2018-12-05 19:49 - 000147461 _____ C:\Users\Carmela\Downloads\CM-013-SUP-RAARE-2018.xlsx
2018-12-05 19:48 - 2018-12-05 19:48 - 000236096 _____ C:\Users\Carmela\Downloads\CM-019-SUP-RAARE-2018.xlsx
2018-12-05 18:08 - 2018-12-05 18:08 - 001474158 _____ C:\Users\Carmela\Downloads\test2.pdf
2018-12-05 16:34 - 2018-12-05 16:34 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (3).xls
2018-12-05 16:34 - 2018-12-05 16:34 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (2).xls
2018-12-05 16:21 - 2018-12-05 16:21 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018.xls
2018-12-05 16:21 - 2018-12-05 16:21 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (1).xls
2018-12-05 10:38 - 2018-12-07 20:33 - 000000000 ____D C:\Users\Carmela\AppData\Local\ESET
2018-12-05 10:37 - 2018-12-05 10:38 - 006986872 _____ (ESET spol. s r.o.) C:\Users\Carmela\Downloads\esetonlinescanner_esl.exe
2018-12-03 23:54 - 2018-12-03 23:53 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-30 23:27 - 2018-11-30 23:27 - 000001930 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-11-30 23:27 - 2018-11-30 23:27 - 000001830 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-11-30 23:27 - 2018-11-30 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-11-30 23:26 - 2018-12-03 16:11 - 000000000 ____D C:\Users\Carmela\AppData\Local\WinZip
2018-11-30 23:25 - 2018-11-30 23:26 - 000000000 ____D C:\Program Files\WinZip
2018-11-27 12:46 - 2018-11-27 12:46 - 001261829 _____ C:\Users\Carmela\Downloads\CLIMA ORGANIZACIONAL Y PRODUCTIVIDAD LABORAL.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-21 23:18 - 2009-07-13 23:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-21 23:18 - 2009-07-13 23:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-21 23:14 - 2016-07-17 16:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-21 23:06 - 2018-04-20 11:29 - 000000000 ____D C:\Users\Carmela\AppData\Local\AVAST Software
2018-12-21 23:05 - 2016-07-18 19:41 - 000000000 ____D C:\Users\Carmela\Documents\Youcam
2018-12-21 23:02 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-21 13:26 - 2016-07-17 20:47 - 000000000 ____D C:\Program Files\Nero
2018-12-21 13:15 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2018-12-21 11:33 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-17 21:04 - 2016-07-17 21:47 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 21:04 - 2016-07-17 21:47 - 000002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-17 20:38 - 2016-07-17 21:38 - 000000000 ____D C:\Users\Carmela\AppData\Local\ElevatedDiagnostics
2018-12-17 12:27 - 2016-07-17 20:54 - 000000000 ____D C:\Users\Carmela\AppData\Roaming\Nitro PDF
2018-12-15 17:07 - 2011-01-22 05:22 - 000750828 _____ C:\Windows\system32\perfh00A.dat
2018-12-15 17:07 - 2011-01-22 05:22 - 000159838 _____ C:\Windows\system32\perfc00A.dat
2018-12-15 17:07 - 2010-11-20 16:01 - 001684772 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-14 09:32 - 2018-04-04 17:55 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-05 23:21 - 2016-07-17 16:31 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-05 23:21 - 2016-07-17 16:31 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-05 10:42 - 2016-07-17 20:24 - 000000000 __RHD C:\MSOCache
2018-12-03 23:56 - 2018-03-05 18:12 - 000183176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-12-03 23:53 - 2018-10-30 21:02 - 000040688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000284256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000188976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000167480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000165384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000057904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000784560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000397992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000310200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000156936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000135200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000100984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000072800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-12-03 16:19 - 2016-07-18 19:10 - 000000000 ____D C:\Temp
2018-12-03 16:19 - 2009-07-13 21:37 - 000000000 ____D C:\PerfLogs
2018-12-03 16:01 - 2016-07-17 20:36 - 000000000 ____D C:\ProgramData\WinZip
2018-11-30 23:27 - 2009-07-13 21:04 - 000000532 _____ C:\Windows\win.ini
2018-11-30 23:18 - 2016-07-17 16:45 - 000000974 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-30 20:56 - 2017-02-10 18:18 - 000000000 ____D C:\Users\Carmela\AppData\LocalLow\Adobe
2018-11-29 13:42 - 2018-07-13 18:12 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-28 04:52 - 2018-07-13 18:13 - 000000000 ____D C:\Users\Carmela\AppData\LocalLow\Mozilla
2018-11-28 04:51 - 2018-07-13 18:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-27 10:39 - 2018-04-20 11:38 - 000002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-27 10:39 - 2018-04-20 11:38 - 000002339 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 09:19

==================== End of FRST.txt ============================

espero tu respuesta gracias de antemano

JavierHF · 22 Diciembre, 2018 16:23

Hola de nuevo @Daniel_Perez

Para que te podamos dar los siguientes pasos faltaría por poner el informe de Addition.txt que te pedimos y debes tener ubicado en tu escritorio y ademas falta que nos comentes como sigue el problema planteado por ti al inicio de este tema.

Daniel_Perez · 23 Diciembre, 2018 21:47

hola aqui lo que faltaba, el de adittion

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.12.2018
Ran by Carmela (21-12-2018 23:22:37)
Running from C:\Users\Carmela\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-07-17 18:22:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1712796923-342591897-1552680142-500 - Administrator - Disabled)
Carmela (S-1-5-21-1712796923-342591897-1552680142-1000 - Administrator - Enabled) => C:\Users\Carmela
Invitado (S-1-5-21-1712796923-342591897-1552680142-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast License by ZeNiX [2014-03-14] (HKLM\...\Avast_2050_ZeNiX [2014-03-14]_is1) (Version:  - )
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Blackboard Collaborate Launcher (HKLM\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.05 - Motorola Inc)
Mozilla Firefox 63.0.3 (x86 es-ES) (HKLM\...\Mozilla Firefox 63.0.3 (x86 es-ES)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Nero 2015 (HKLM\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nitro Pro 9 (HKLM\...\{9294DE94-C296-46EC-A206-23EDA73C7B63}) (Version: 9.5.4.22 - Nitro)
Prerequisite installer (HKLM\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Samsung SCX-4300 Series (HKLM\...\Samsung SCX-4300 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Software Intel® PROSet/Wireless WiFi (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
WinRAR 5.60 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411C}) (Version: 23.0.13300 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1712796923-342591897-1552680142-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.WinZipExpressForOffice.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers1: [NPShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2016-07-28] (Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-12-03] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A07EDC6-C0DB-496B-8B6D-1D9C9BE9ECAD} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-10-22] (Corel Corporation)
Task: {17A62198-576D-406F-A994-C60F7DC1F7B9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-30] (AVAST Software)
Task: {1E5345E7-70FA-4A48-BA4D-CB7EC8356417} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6B655461-11B8-49E0-9021-20C8FD8B56C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {6D6EEE7A-2441-461F-B70B-843B95059A9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-17] (Google Inc.)
Task: {6E2B9A80-042F-4CD3-9250-2008BB3D88E2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-12-03] (AVAST Software)
Task: {7F1F0872-78B6-44A9-9A2D-AAD02B4ABD40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {8BF3DB51-5322-475A-9FB0-B88CB0880045} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-10-22] (Corel Corporation)
Task: {9915A886-6C89-4DDF-9EE4-C4A7FAEA804E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-20] (AVAST Software)
Task: {9E96A75B-33A9-4D4B-9BDC-A4FEB6FCD851} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-17] ()
Task: {B740E0C1-3804-477B-BD2D-ECD46AE9FEA8} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {BC49A768-3664-4616-9F8F-4B8DAB692F19} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {D6C5955C-F759-47D1-A82B-10542364DD5F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-20] (AVAST Software)
Task: {EF4C71FF-019D-4FD6-8AD2-2C54FA9EAE8F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {EFF438B2-903E-44A0-99FE-56C1452250FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {FEFDC8B8-918A-4C05-A3C2-94496998E064} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-17] (Google Inc.)
Task: {FFCFD821-4413-4A2A-BEF0-004492036DD4} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-10-22] (Corel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-03 23:53 - 2018-12-03 23:53 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-12-21 13:50 - 2018-12-21 13:50 - 005734544 _____ () C:\Program Files\AVAST Software\Avast\defs\18122106\algo.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-28 17:43 - 2016-07-28 17:43 - 000394904 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2016-07-17 16:59 - 2014-03-17 01:38 - 000866056 _____ () C:\Program Files\CyberLink\PowerDVD14\common\UNO\UNO.dll
2016-07-17 16:59 - 2013-12-10 02:39 - 000074240 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2016-07-17 16:59 - 2013-12-10 02:39 - 000285184 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2016-07-17 16:59 - 2013-12-10 02:39 - 000040960 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2016-07-17 16:59 - 2013-12-10 02:39 - 000721920 _____ () C:\Program Files\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2016-07-17 16:59 - 2014-03-17 01:38 - 000043784 _____ () C:\Program Files\CyberLink\PowerDVD14\Kernel\DHProcedure\DHProcedure.dll
2018-03-05 18:10 - 2018-03-05 18:10 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-12-21 13:15 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-21 13:15 - 2018-11-21 11:07 - 002327640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 002121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 007745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 000135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-04-14 14:41 - 2014-04-14 14:41 - 000039192 _____ () C:\Program Files\CCleaner\branding.dll
2018-11-27 10:39 - 2018-11-16 14:23 - 002294000 _____ () C:\Program Files\AVAST Software\Browser\Application\70.0.917.102\swiftshader\libglesv2.dll
2018-11-27 10:39 - 2018-11-16 14:23 - 000138120 _____ () C:\Program Files\AVAST Software\Browser\Application\70.0.917.102\swiftshader\libegl.dll
2018-12-03 23:53 - 2018-12-03 23:53 - 000603864 _____ () C:\Program Files\AVAST Software\Avast\AvastNM.exe
2016-07-18 19:20 - 2013-10-03 20:45 - 000577536 _____ () C:\Windows\system32\SnMinDrv.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2018-12-21 13:45 - 000000825 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.113.220.18 - 190.113.220.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56C8C1DA-FD30-4ED4-BE25-49B71F23EF3C}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{7F432BFB-6E5B-40A0-A890-F828C9E104C2}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{53B4C862-F1E0-4603-815C-5CFC4DB8268E}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{6E92DA3D-C8B4-47B4-8C97-0CD97E33604C}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{57127A3A-0DB5-4590-987A-8600BBE77227}] => (Allow) C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{88DF627B-2934-45B4-99D0-BCCD336AD1D6}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{92EA90F5-22FF-4BAF-A0EE-7A31CF624147}] => (Allow) C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{2568C242-988A-4A16-A308-FC35693A43DC}] => (Allow) C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DFAD6BA6-6C84-4226-838F-857A706C3C4F}] => (Allow) C:\Program Files\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{C3DBBC60-50A0-417C-BA65-B2DDF8887887}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{A759B5D2-7EC7-4595-96FE-00B0C0A68772}] => (Allow) C:\Program Files\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{5F2C9E27-4700-42B1-8368-AD27F1541121}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{4EAC009E-6ACD-4AD6-8ED3-DFA503E49BAC}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{AD26F635-6150-4579-9B8B-A97FE2F8D611}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{946714C7-87C0-4116-B166-7B97110EED11}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{E8D997AD-ED8C-4D7E-A4A2-A36CA8A3D48C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4FD1E08C-01A0-4082-B662-9C2B41861EBE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47B83107-8CE7-4B86-A987-62E140B661AA}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{1109D478-F1DD-429E-AF12-1FAD9F76EBB2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{E0884E67-AB90-46BD-92EC-A649B1CBC4CE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{2804002B-5AB9-4511-9413-57551330561C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1CC7FE3C-03CB-434A-84AB-2079D4173184}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{8ECC01A7-42AB-44B5-9E6A-A10C75E6CDBC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-12-2018 15:20:00 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2018 11:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: ZeroConfigService.exe, versión: 15.3.0.0, marca de tiempo: 0x5036adc5
Nombre del módulo con errores: MurocApi.dll, versión: 15.3.0.0, marca de tiempo: 0x5036acf9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000219a8
Id. del proceso con errores: 0x9ec
Hora de inicio de la aplicación con errores: 0x01d499ab293199d5
Ruta de acceso de la aplicación con errores: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Ruta de acceso del módulo con errores: C:\Program Files\Intel\WiFi\bin\MurocApi.dll
Id. del informe: 874d80da-059e-11e9-875f-001b24b8a460

Error: (12/21/2018 11:03:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 01:42:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2018 01:16:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
.

Error: (12/21/2018 01:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1662, marca de tiempo: 0x5c070ada
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5bd23201
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Id. del proceso con errores: 0x170c
Hora de inicio de la aplicación con errores: 0x01d499592da82dca
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 6c6676ea-054c-11e9-991d-001b24b8a460

Error: (12/21/2018 10:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/19/2018 05:29:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/18/2018 12:17:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\Samsung\samsung universal scan driver\seinstall\Data\wiainst64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.


System errors:
=============
Error: (12/21/2018 11:07:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.

Error: (12/21/2018 11:06:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) PROSet/Wireless Zero Configuration Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/21/2018 11:03:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/21/2018 11:03:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/21/2018 11:03:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

Error: (12/21/2018 11:02:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio DgiVecp no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (12/21/2018 05:47:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.

Error: (12/21/2018 01:51:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.


CodeIntegrity:
===================================

Date: 2016-09-05 15:19:12.151
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-09-05 15:19:10.856
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-26 21:24:30.671
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-26 21:24:30.437
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 18:28:13.938
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 18:28:13.672
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 08:52:30.718
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2016-07-18 08:52:30.515
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 74%
Total physical RAM: 2038.43 MB
Available physical RAM: 520.64 MB
Total Virtual: 4076.86 MB
Available Virtual: 2385.03 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:58.59 GB) (Free:32.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:58.59 GB) (Free:55.31 GB) NTFS
Drive e: () (Fixed) (Total:61.97 GB) (Free:27.77 GB) NTFS
Drive f: (HP_RECOVERY) (Fixed) (Total:7.15 GB) (Free:0.68 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 186.3 GB) (Disk ID: 8AC38874)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

el equipo sigue muy lento y aun salen las ventanillas con comportamiento de maleware

JavierHF · 24 Diciembre, 2018 01:24

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora inicia tu equipo desde el Modo Seguro – con funciones de Red, de Windows

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

Daniel_Perez · 24 Diciembre, 2018 20:31

hola nuevamente la compu funciona mucho mejor y desaparecieron las molestas ventanillas de error parace que ya todo va bien mil gracias…!

Fix result of Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by Carmela (24-12-2018 15:21:11) Run:1
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinZip => removed successfully.
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinZip => removed successfully.
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinZip => removed successfully.
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
C:\Windows => ":nlsPreferences" ADS removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AntiShortCutUpdate" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AntiUsbShortCut" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AntiShortCutUpdate" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AntiUsbShortCut" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\MSVideo8" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.l3codecp" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FMVC" => removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk => moved successfully
C:\Windows\System32\cmd.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk => moved successfully
C:\AntiShortCut\AntiUsb.exe => moved successfully
HKLM\System\CurrentControlSet\Services\DgiVecp => removed successfully.
DgiVecp => service removed successfully.
C:\AntiUsbShortCut => moved successfully
C:\AntiShortCut => moved successfully
C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33} => moved successfully
C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A} => moved successfully
C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E} => moved successfully
"C:\AntiShortCut" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


========= End of CMD: =========


========= ipconfig /renew =========


========= End of CMD: =========


========= ipconfig /flushdns =========


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


========= End of CMD: =========


========= netsh advfirewall reset =========


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


========= End of CMD: =========


========= netsh int ipv4 reset =========


========= End of CMD: =========


========= netsh int ipv6 reset =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13708344 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 72613 B
Edge => 0 B
Chrome => 15465568 B
Firefox => 13534990 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66088 B
LocalService => 0 B
NetworkService => 66228 B
Carmela => 8280510 B

RecycleBin => 2420768 B
EmptyTemp: => 51.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:21:46 ====

JavierHF · 26 Diciembre, 2018 08:44

Perfecto excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos.

Tema Solucionado.

Saludos, Javier.