Virus de la doble tilde


#1

Hola buenas tardes desde España.

Veo que tengo en el ordenador el virus de la doble tilde o algo asi porque tampoco es que me funcione siempre bien ni mal la tecla en cuestión, he estado buscando por aqu´´i ya que habia una referencia a un programa DT-Kill y una guia, pero el enlace me envia a la pagina de entrada a este foro y no soy capaz de dar con ello. He intentado una b´´usqueda pero tampoco me ha funcionado.

Mientras escribo esto estoy descargando el Malwarebytes Anti Malware aunque MUY despacio. En breve tendre que dejar el ordenador, asi que disculpad que no conteste de inmediato. Esta noche, en cuatro o cinco horas, podre volver a estar.

Por ir orientando tengo un portatil con un Core 2 Duo T7700 2.4 GHz con 2 GB de RAM, Windows 7 Ultimate SP1 y obviamente 32 bits. Tambien he visto que no puedo activar las actualizaciones automaticas de Windows

Muchas gracias por cualquier pista/orientacion

Un saludo, Miguel Ángel

EDITO: Utilizo el Antivirus TotalAV


#2

Hola y [email protected] al nuevo Forospyware

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Realiza una análisis como se indica en el manual con Dr Web curelt

4) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y Dr Web y comentas como va el problema.



#3

Ok, Muchas gracias @Miguelgrado. Intentaré seguir los pasos que me has dado al pie de la letra esta noche cuando vuelva.

Un saludo!


#4

Ok, cualquier duda, comentas


#5

Buenas, ya lo conseguí. Lo primero me tengo que disculpar porque, por problemas ajenos a mi voluntad, he tenido que dar dos pasadas con el Malwarebytes. Ergo tengo dos informes :frowning: Mil perdones y espero que no sea mucho problema, pero no lo pude evitar (por cierto, 4 horazas que me ha tardado mi dinotátil en esto). Los pongo en dos respuestas aquí debajo mientras voy dando el siguiente paso

Gracias y perdón otra vez


#6

Informe de la primera pasada:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 15/10/18
Hora del análisis: 22:34
Archivo de registro: ac29439b-d0b9-11e8-be54-00ff4185a991.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7367
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: MADS-Dinotatil\MADS

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Cancelado
Objetos analizados: 123126
Amenazas detectadas: 51
Amenazas en cuarentena: 51
Tiempo transcurrido: 3 hr, 6 min, 17 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 8
Backdoor.IRCBot, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [3567], [215467],1.0.7367
Backdoor.IRCBot, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [3567], [215467],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\SECURITYSERVICE.EXE, En cuarentena, [4591], [503750],1.0.7367
Heuristics.Shuriken, C:\USERS\MADS\APPDATA\ROAMING\AMD64_MICROSOFT-WINDOWS-NETPLWIZ_31BF3856AD364E35_6.1.7601.17514_NONE_A97F640BCC255EC8\DPLAYX.EXE, En cuarentena, [9313], [167],1.0.7367
Heuristics.Shuriken, C:\USERS\MADS\APPDATA\ROAMING\AMD64_MICROSOFT-WINDOWS-NETPLWIZ_31BF3856AD364E35_6.1.7601.17514_NONE_A97F640BCC255EC8\DPLAYX.EXE, En cuarentena, [9313], [167],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\TOTALAV.EXE, En cuarentena, [4591], [503750],1.0.7367
MachineLearning/Anomalous.94%, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [0], [392687],1.0.7367
MachineLearning/Anomalous.94%, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [0], [392687],1.0.7367

Módulo: 8
Backdoor.IRCBot, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [3567], [215467],1.0.7367
Backdoor.IRCBot, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [3567], [215467],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\SECURITYSERVICE.EXE, En cuarentena, [4591], [503750],1.0.7367
Heuristics.Shuriken, C:\USERS\MADS\APPDATA\ROAMING\AMD64_MICROSOFT-WINDOWS-NETPLWIZ_31BF3856AD364E35_6.1.7601.17514_NONE_A97F640BCC255EC8\DPLAYX.EXE, En cuarentena, [9313], [167],1.0.7367
Heuristics.Shuriken, C:\USERS\MADS\APPDATA\ROAMING\AMD64_MICROSOFT-WINDOWS-NETPLWIZ_31BF3856AD364E35_6.1.7601.17514_NONE_A97F640BCC255EC8\DPLAYX.EXE, En cuarentena, [9313], [167],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\TOTALAV.EXE, En cuarentena, [4591], [503750],1.0.7367
MachineLearning/Anomalous.94%, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [0], [392687],1.0.7367
MachineLearning/Anomalous.94%, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [0], [392687],1.0.7367

Clave del registro: 14
Backdoor.IRCBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft Malware Protection Command Line Utility, En cuarentena, [3567], [215467],1.0.7367
Backdoor.IRCBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5617273E-F8CA-4E58-9CB7-66A711BA5397}, En cuarentena, [3567], [215467],1.0.7367
Backdoor.IRCBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5617273E-F8CA-4E58-9CB7-66A711BA5397}, En cuarentena, [3567], [215467],1.0.7367
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB0EF84B-1645-4EB4-B725-23E2D46D4DA4}, En cuarentena, [398], [557701],1.0.7367
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CB0EF84B-1645-4EB4-B725-23E2D46D4DA4}, En cuarentena, [398], [557700],1.0.7367
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Opera scheduled Autoupdate 2796787680, En cuarentena, [398], [557700],1.0.7367
PUP.Optional.TotalAV, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityService, En cuarentena, [4591], [503750],1.0.7367
Heuristics.Shuriken, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\A-9-8-28-1379449870-1118738007-1377598065-4856\{F9AKHEV7-4EK-OAVD-HE28-IY8RDNGZGVCM}, En cuarentena, [9313], [167],1.0.7367
Heuristics.Shuriken, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3062CDAF-647F-4774-967D-88E0A01A02FE}, En cuarentena, [9313], [167],1.0.7367
Heuristics.Shuriken, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3062CDAF-647F-4774-967D-88E0A01A02FE}, En cuarentena, [9313], [167],1.0.7367
MachineLearning/Anomalous.94%, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft Malware Protection Command Line Utility, En cuarentena, [0], [392687],1.0.7367
MachineLearning/Anomalous.94%, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5617273E-F8CA-4E58-9CB7-66A711BA5397}, En cuarentena, [0], [392687],1.0.7367
MachineLearning/Anomalous.94%, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5617273E-F8CA-4E58-9CB7-66A711BA5397}, En cuarentena, [0], [392687],1.0.7367
PUP.Optional.TotalAV, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TotalAV, En cuarentena, [4591], [503743],1.0.7367

Valor del registro: 3
Backdoor.IRCBot, HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WINDOWS UPDATE SERVICE, En cuarentena, [3567], [215467],1.0.7367
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB0EF84B-1645-4EB4-B725-23E2D46D4DA4}|PATH, En cuarentena, [398], [557701],1.0.7367
MachineLearning/Anomalous.94%, HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Windows Update Service, En cuarentena, [0], [392687],1.0.7367

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 17
Backdoor.IRCBot, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [3567], [215467],1.0.7367
Backdoor.IRCBot, C:\WINDOWS\SYSTEM32\TASKS\Microsoft Malware Protection Command Line Utility, En cuarentena, [3567], [215467],1.0.7367
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 2796787680, En cuarentena, [398], [557700],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\SECURITYSERVICE.EXE, En cuarentena, [4591], [503750],1.0.7367
Heuristics.Shuriken, C:\WINDOWS\SYSTEM32\TASKS\A-9-8-28-1379449870-1118738007-1377598065-4856\{F9AKHEV7-4EK-OAVD-HE28-IY8RDNGZGVCM}, En cuarentena, [9313], [167],1.0.7367
Heuristics.Shuriken, C:\USERS\MADS\APPDATA\ROAMING\AMD64_MICROSOFT-WINDOWS-NETPLWIZ_31BF3856AD364E35_6.1.7601.17514_NONE_A97F640BCC255EC8\DPLAYX.EXE, En cuarentena, [9313], [167],1.0.7367
PUP.Optional.TotalAV, C:\USERS\MADS\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\TotalAV.lnk, En cuarentena, [4591], [503750],1.0.7367
PUP.Optional.TotalAV, C:\USERS\MADS\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk, En cuarentena, [4591], [503750],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\TOTALAV.EXE, En cuarentena, [4591], [503750],1.0.7367
MachineLearning/Anomalous.94%, C:\WINDOWS\SYSTEM32\TASKS\Microsoft Malware Protection Command Line Utility, En cuarentena, [0], [392687],1.0.7367
MachineLearning/Anomalous.94%, C:\USERS\MADS\APPDATA\ROAMING\HOST\SVCHOST.EXE, En cuarentena, [0], [392687],1.0.7367
Trojan.MalPack.GS, C:\USERS\MADS\APPDATA\ROAMING\MICROSOFT\WINDOWS\UEBAUESB\JISDHEJE.EXE, En cuarentena, [9572], [578359],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\PASSWORDEXTENSION.WIN.EXE, En cuarentena, [4591], [503750],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\TOTALAV.EXE.0.OLD, En cuarentena, [4591], [536868],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\UNINST.EXE, En cuarentena, [4591], [503743],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\UPDATE.WIN.EXE, En cuarentena, [4591], [503750],1.0.7367
PUP.Optional.TotalAV, C:\PROGRAM FILES\TOTALAV\UPDATE.WIN.EXE.0.OLD, En cuarentena, [4591], [503750],1.0.7367

Sector físico: 1
Bootkit.Pitou.MBR, 0, Se reemplazará al reiniciar, [15128], [514091],0.0.0

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#7

Informe de la segunda pasada:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 16/10/18
Hora del análisis: 9:47
Archivo de registro: c51f4b84-d117-11e8-bb5f-00ff4185a991.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7375
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: MADS-Dinotatil\MADS

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 254396
Amenazas detectadas: 13
Amenazas en cuarentena: 13
Tiempo transcurrido: 4 hr, 23 min, 23 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 4
Adware.OnlineIO, C:\Users\MADS\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, En cuarentena, [1140], [399763],1.0.7375
Adware.OnlineIO, C:\Users\MADS\AppData\Roaming\Microleaves\Online Application 2.7.0\install, En cuarentena, [1140], [399763],1.0.7375
Adware.OnlineIO, C:\Users\MADS\AppData\Roaming\Microleaves\Online Application 2.7.0, En cuarentena, [1140], [399763],1.0.7375
Adware.OnlineIO, C:\Users\MADS\AppData\Roaming\Microleaves, En cuarentena, [1140], [399763],1.0.7375

Archivo: 9
Adware.OnlineIO, C:\Users\MADS\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, En cuarentena, [1140], [399763],1.0.7375
Trojan.Agent.Generic, C:\USERS\MADS\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\UEBAUESB.LNK, En cuarentena, [3700], [536200],1.0.7375
PUP.Optional.TotalAV, C:\USERS\MADS\DOWNLOADS\SOFTWARE\TOTAL AV\TOTALAV.EXE, En cuarentena, [4589], [503750],1.0.7375
PUP.Optional.TotalAV, C:\USERS\MADS\DOWNLOADS\SOFTWARE\TOTAL AV\TOTALAV_SETUP.EXE, En cuarentena, [4589], [503750],1.0.7375
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, En cuarentena, [3677], [391431],1.0.7375
Trojan.Agent, C:\WINDOWS\PSS\SALKSO SOFTS.EXE.STARTUP, En cuarentena, [398], [28590],1.0.7375
Trojan.Agent, C:\WINDOWS\PSS\SALKXSO SOFTSX.EXE.STARTUP, En cuarentena, [398], [28590],1.0.7375
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, En cuarentena, [5331], [353143],0.0.0
Backdoor.Tofsee, C:\WINDOWS\SYSTEM32\LETHJTHA\SRDZEOYL.EXE, En cuarentena, [3997], [578618],1.0.7375

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#8

Huy qué susto. Que ya pensaba que había puesto los informes fuera de lugar. Ya vi la notificación de que han sido ocultados por el sistema. Aquí pongo los resultados/informes del segundo paso. Por cierto, veo que el Malwarebytes se ha cargado el antivirus TotalAV que usaba. Lo fui a deshabilitar y ¡oh! Ya no está


Malwarebytes AdwCleaner 7.2.4.0
 Build:    09-25-2018
Database: 2018-10-12.1 (Cloud)
Support:  https://www.malwarebytes.com/support
#
# -------------------------------
 Mode: Clean
 -------------------------------
 Start:    10-16-2018
Duration: 00:00:11
OS:       Windows 7 Ultimate
 Cleaned:  7
 Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\TotalAV
Deleted       C:\Windows\System32\config\systemprofile\AppData\Roaming\TotalAV
Deleted       C:\Users\MADS\AppData\Roaming\TotalAV
Deleted       C:\Users\MADS\Documents\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1804 octets] - [16/10/2018 18:39:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#10

En que con todos los antivirus buenos y conocidos, vamos a escoger uno que vaya por dios…:roll_eyes:


#11

¡Vaya! Pues tuve el Avast, pero me iba recargando mucho el ordenador y probé éste que tenía además un VPN y PARECÍA que iba bien :frowning: y no estaba mal de precio. Gracias por la info y cualquier consejo al respecto será bien recibido y muy agradecido :frowning:


#12

Falta el Dr Web…

Pegalo cuando lo tengas y comenta como va todo.

En cuanto al antivirus,ya te recomendare algvno y te indicare algun paso para eliminar el que tenias del todo y si quedan infecciones


#15

Por fin el Dr Web. Es que ha sido casi cuatro horas y media la cosa. Por cierto, que para colmo tenía (lo he quitado) el Total AV en el móvil también. Muchas gracias Miguel!! Sigo leyendo los pasos del Dr. Web

Total 301709781569 bytes in 237786 files scanned (533920 objects) Total 237747 files (533818 objects) are clean Total 6 files are infected Total 95 files are raised error condition Scan time is 04:19:09.250


Start curing

C:\AdwCleaner\Quarantine\v1\20181016.184002\4\TotalAV\lib_SCAPI.dll#87F4D1310CC3FADE - quarantined C:\AdwCleaner\Quarantine\v1\20181016.184002\4\TotalAV\msvcm90.dll#FFE6922F3553E15B - quarantined C:\AdwCleaner\Quarantine\v1\20181016.184002\4\TotalAV\SCAPI.dll#05B1ACB38FB9BDEB - quarantined C:\AdwCleaner\Quarantine\v1\20181016.184002\4\TotalAV\x86\SQLite.Interop.dll#301E4E058FFCD32D - quarantined C:\AdwCleaner\Quarantine\v1\20181016.184002\4\TotalAV\x64\SQLite.Interop.dll#301E4E058FFCD32D - quarantined C:\Windows\pss\Salko Soft.exe.Startup - quarantined

Total 301709781569 bytes in 237786 files scanned (533920 objects) Total 237747 files (533818 objects) are clean Total 6 files are infected Total 6 files are neutralized Total 95 files are raised error condition Scan time is 04:19:09.250

Debo decir que, como éste, tenía 3 en inicio con nombres casi iguales. Añadía una s y/o una x después de Salko y de Soft si mal no recuerdo. Creo que los desactivé fuera del inicio con el Total AV

Creo que, visto lo visto, hago una pausa aquí porque el siguiente paso es eliminar y no sé si eliminar las 6 cosas que aparecen. Por si acaso

¡Merde! Acabo de ver esto. Como son pasos que dar iba leyendo a medida que avanzaba y, leyendo otro hilo, lo he visto. Mil perdones. Entiendo que por esto me los ocultaba el sistema y os he cargado la labor de “activarlos” a vosotros. Mil perdones.

Como idea/sugerencia se me ocurre que puede ser buena idea subir esta advertencia arriba donde dice que enviemos logs por primera vez :frowning:


#16

Hola

Comenta como va el problema, aunque veo que no se produce al escribir…

Pra asegura r de que no quede nada, realizas lo siguiente y al final te recomiendo un antivirus .

El tema de los logs estamos tratando de que no sea necesario hacer lo del code

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#17

Hola buenos días. Perdona, que me quedé en el Dr Web. Entonces elimino todo de la cuarentena (los seis que me salieron) ¿verdad? Es que me queda después hacer lo del Ccleaner.

Voy dándole al Dr Web entonces y siguiendo los pasos. A ver si soy capaz de ventilarlo hoy, que me tiene paradete un par de cosillas que ando preparando. Muchas gracias otra vez, Miguel.

Edito: Lo dejé sin dar ese paso porque vi en el ejemplo que sólo seleccionaba uno de los tres “éxitos” y… :slight_smile:


#18

Olvida cuarentenas y demás por ahora…solo comenta como va el problema por ahora planteado y realizas lo que te indique en mi ultima respuesta ( heces antes lo de CCleaner…), para ver si queda algo por eliminar


#19

Reporte del FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.10.2018
Ran by MADS (administrator) on MADS-DINOTATIL (17-10-2018 11:40:31)
Running from C:\Users\MADS\Desktop
Loaded Profiles: MADS (Available Profiles: MADS)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT\bin\hppusg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [Lightshot] => c:\program files\skillbrains\lightshot\lightshot.exe [225944 2017-04-11] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\...\Run: [Dropbox Update] => C:\Users\MADS\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2018-07-21] (Dropbox, Inc.)
Startup: C:\Users\MADS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-10-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4185A991-B3AF-4D7A-8F40-3279B41492E0}: [DhcpNameServer] 10.114.50.1
Tcpip\..\Interfaces\{75D90876-62C3-4255-BE51-4284E3D84D2F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{89B4FAF2-18E7-4BF6-9760-511FFE44AD76}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-09-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-10-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-21] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-21] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-11] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default [2018-10-17]
CHR Extension: (Presentaciones) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-21]
CHR Extension: (Documentos) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-21]
CHR Extension: (Google Drive) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-21]
CHR Extension: (YouTube) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-21]
CHR Extension: (Adobe Acrobat) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-21]
CHR Extension: (Hojas de cálculo) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Player para ver Movistar+) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2018-09-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-21]
CHR Extension: (Gmail) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\MADS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\458335ADDF886BC4 <==== ATTENTION (Rootkit!)
"lethjtha" => service was unlocked. <==== ATTENTION

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [6119720 2018-09-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-11-14] (NVIDIA Corporation)
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2017-01-06] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-11-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-11-14] (NVIDIA Corporation)
S2 lethjtha; C:\Windows\system32\lethjtha\cahdclja.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [156088 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-11-14] (NVIDIA Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-14] (Realtek Semiconductor Corporation )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33664 2016-05-24] (The OpenVPN Project)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-17 11:40 - 2018-10-17 11:41 - 000013894 _____ C:\Users\MADS\Desktop\FRST.txt
2018-10-17 11:40 - 2018-10-17 11:40 - 000000000 ____D C:\FRST
2018-10-17 11:39 - 2018-10-17 11:39 - 001774592 _____ (Farbar) C:\Users\MADS\Desktop\FRST.exe
2018-10-17 11:39 - 2018-10-17 11:39 - 000000854 _____ C:\Users\MADS\Documents\cc_20181017_113915.reg
2018-10-16 18:55 - 2018-10-16 23:18 - 000000000 ____D C:\Users\MADS\Doctor Web
2018-10-16 18:55 - 2018-10-16 18:55 - 000000000 ____D C:\ProgramData\Doctor Web
2018-10-16 18:51 - 2018-10-16 18:54 - 179933528 _____ C:\Users\MADS\Desktop\cureit.exe
2018-10-16 18:38 - 2018-10-16 18:40 - 000000000 ____D C:\AdwCleaner
2018-10-16 18:33 - 2018-10-16 18:33 - 007592144 _____ (Malwarebytes) C:\Users\MADS\Desktop\adwcleaner_7.2.4.0.exe
2018-10-15 22:27 - 2018-10-15 22:27 - 000000000 ____D C:\Users\MADS\AppData\Local\mbam
2018-10-15 22:26 - 2018-10-15 22:26 - 000000000 ____D C:\Users\MADS\AppData\Local\mbamtray
2018-10-15 22:18 - 2018-10-15 22:18 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-15 22:18 - 2018-10-15 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-15 22:18 - 2018-09-11 13:18 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-10-15 22:14 - 2018-10-15 22:13 - 000143888 _____ C:\Users\MADS\Documents\Virus de la doble tilde - Eliminar Malwares - ForoSpyware.pdf
2018-10-15 22:03 - 2018-10-16 01:43 - 000000000 __SHD C:\Users\MADS\AppData\Roaming\Host
2018-10-15 17:15 - 2018-10-15 17:13 - 000601072 _____ C:\Users\MADS\Documents\Guía de detección y eliminación de Malw...pdf
2018-10-15 15:48 - 2018-10-16 23:20 - 000000000 ____D C:\Windows\pss
2018-10-15 15:27 - 2018-10-15 15:27 - 000001412 _____ C:\Users\MADS\Documents\cc_20181015_152717.reg
2018-10-14 21:39 - 2018-10-14 21:39 - 000000000 ____D C:\ProgramData\RzwGPwNbGQ
2018-10-14 21:37 - 2018-10-16 01:43 - 000000000 __SHD C:\Users\MADS\AppData\Roaming\amd64_microsoft-windows-netplwiz_31bf3856ad364e35_6.1.7601.17514_none_a97f640bcc255ec8
2018-10-14 21:36 - 2018-10-14 21:37 - 000000000 ____D C:\Users\MADS\AppData\Roaming\Element
2018-10-12 22:23 - 2018-10-12 22:34 - 000003362 _____ C:\Users\MADS\Desktop\ImportaciónCantabria.txt
2018-10-12 15:26 - 2018-10-12 15:26 - 000000000 ____D C:\Users\MADS\AppData\Local\Turbo.net
2018-10-11 19:35 - 2018-10-11 19:35 - 016791041 _____ C:\Users\MADS\Downloads\CS22_(EN)_Dragon's_Lair.pdf
2018-10-11 11:55 - 2018-10-11 11:55 - 003201594 _____ C:\Users\MADS\Downloads\SoloPlay-Alhambra.pdf
2018-10-08 17:30 - 2018-10-08 17:30 - 000000000 ____D C:\Users\MADS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-07 19:35 - 2018-10-07 19:35 - 000014444 _____ C:\Users\MADS\Documents\cc_20181007_193538.reg
2018-10-07 13:03 - 2018-10-16 18:09 - 000000000 ____D C:\Windows\system32\lethjtha
2018-10-07 12:53 - 2018-10-07 12:53 - 000000000 ____D C:\Users\MADS\AppData\Local\AdvinstAnalytics
2018-10-07 11:58 - 2018-10-07 11:58 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-10-07 11:55 - 2018-10-07 12:57 - 000000033 _____ C:\Users\MADS\AppData\Roaming\AdobeWLCMCache.dat
2018-10-07 11:49 - 2018-10-07 11:49 - 000002701 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018 (32 Bit).lnk
2018-10-06 20:16 - 2018-10-06 20:17 - 000243460 _____ C:\Users\MADS\Documents\cc_20181006_201649.reg
2018-10-04 22:33 - 2018-10-11 12:01 - 000001072 _____ C:\Users\MADS\Desktop\FundasKoolio.txt
2018-10-04 22:00 - 2018-10-04 22:22 - 200372134 _____ C:\Users\MADS\Downloads\AiCS.5.rar
2018-10-04 19:41 - 2018-10-04 19:41 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-04 19:41 - 2018-10-04 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2018-10-04 19:23 - 2018-07-21 20:21 - 000000873 _____ C:\Windows\system32\Drivers\etc\hosts - copia
2018-10-03 17:24 - 2018-10-03 17:25 - 000508111 _____ C:\Users\MADS\Downloads\BoardingPass.pdf
2018-09-25 17:04 - 2018-10-15 15:51 - 000000000 ____D C:\Users\MADS\Downloads\NFL
2018-09-19 18:47 - 2018-09-19 18:47 - 000450563 _____ C:\Users\MADS\Downloads\EDGZG36.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-17 11:38 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-10-17 11:33 - 2009-07-14 06:34 - 000021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-17 11:33 - 2009-07-14 06:34 - 000021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-17 11:29 - 2018-07-21 11:48 - 000000000 ____D C:\Users\MADS\AppData\Local\Adobe
2018-10-17 02:20 - 2018-07-21 11:29 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-17 02:20 - 2018-07-21 00:14 - 000000000 ____D C:\Users\MADS
2018-10-17 02:20 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-17 00:07 - 2018-07-21 15:03 - 000000374 _____ C:\Windows\Tasks\update-S-1-5-21-2402948379-2091278062-4122600024-1000.job
2018-10-16 23:59 - 2018-07-21 16:35 - 000000998 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2402948379-2091278062-4122600024-1000UA.job
2018-10-16 21:31 - 2018-07-21 15:03 - 000000374 _____ C:\Windows\Tasks\update-sys.job
2018-10-16 18:34 - 2018-07-21 19:30 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-16 18:33 - 2018-08-17 22:16 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-10-16 18:33 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-10-16 18:30 - 2018-07-21 17:12 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-16 03:00 - 2009-07-14 06:53 - 000032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-10-15 22:22 - 2018-07-21 11:43 - 000000000 ____D C:\Program Files\Opera
2018-10-15 22:18 - 2018-07-21 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-15 22:14 - 2018-07-26 18:47 - 000000000 ____D C:\Users\MADS\AppData\Local\CutePDF Writer
2018-10-15 22:06 - 2018-07-20 16:31 - 000000000 ____D C:\Users\MADS\Downloads\Software
2018-10-15 15:59 - 2018-07-21 16:35 - 000000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2402948379-2091278062-4122600024-1000Core.job
2018-10-15 15:58 - 2018-07-22 21:38 - 000000000 ____D C:\Users\MADS\AppData\Roaming\Telegram Desktop
2018-10-15 15:22 - 2018-07-21 15:15 - 000000000 ____D C:\Users\MADS\AppData\Roaming\uTorrent
2018-10-15 15:21 - 2018-08-24 16:57 - 000000000 ____D C:\Users\MADS\AppData\Local\CrashDumps
2018-10-14 23:38 - 2018-07-24 06:29 - 000000000 ____D C:\Windows\Minidump
2018-10-14 18:38 - 2018-07-21 17:43 - 000000000 ____D C:\Users\MADS\AppData\Roaming\5KPlayer
2018-10-14 12:52 - 2018-07-20 16:25 - 000000000 ____D C:\Users\MADS\Documents\01 - Planificando el Viaje
2018-10-13 19:08 - 2018-07-20 16:39 - 000000000 ____D C:\Users\MADS\Downloads\_uTorrent
2018-10-13 17:13 - 2018-07-22 17:27 - 000000000 ____D C:\Users\MADS\AppData\Roaming\vlc
2018-10-12 22:53 - 2018-07-20 16:33 - 000000000 ____D C:\Users\MADS\Downloads\Telegram Desktop
2018-10-11 11:12 - 2018-07-21 11:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-08 17:30 - 2018-07-21 16:38 - 000000000 ____D C:\Users\MADS\AppData\Roaming\Dropbox
2018-10-08 09:00 - 2018-07-21 11:51 - 000000000 ____D C:\ProgramData\Adobe
2018-10-07 17:33 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2018-10-07 12:31 - 2018-07-21 11:52 - 000000000 ____D C:\Program Files\Adobe
2018-10-07 12:02 - 2018-07-21 11:54 - 000000000 ____D C:\Users\MADS\AppData\Roaming\Adobe
2018-10-07 11:49 - 2018-07-21 11:52 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-10-06 20:16 - 2018-07-21 01:03 - 000000000 ____D C:\Windows\Panther
2018-10-06 20:02 - 2018-07-21 20:20 - 000000000 ____D C:\Program Files\CCleaner
2018-10-03 15:40 - 2018-07-21 11:54 - 000000000 ____D C:\Users\MADS\AppData\LocalLow\Adobe
2018-09-30 22:28 - 2011-04-12 03:30 - 000747970 _____ C:\Windows\system32\perfh00A.dat
2018-09-30 22:28 - 2011-04-12 03:30 - 000159410 _____ C:\Windows\system32\perfc00A.dat
2018-09-30 22:28 - 2010-11-20 23:01 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-27 21:32 - 2018-08-22 17:08 - 000000000 ____D C:\Users\MADS\AppData\Local\ElevatedDiagnostics
2018-09-23 15:58 - 2018-07-21 19:35 - 000002195 _____ C:\Users\MADS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-09-23 15:58 - 2018-07-21 19:35 - 000000000 ___RD C:\Users\MADS\OneDrive
2018-09-20 11:49 - 2018-07-21 11:54 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-19 18:34 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2018-10-07 11:55 - 2018-10-07 12:57 - 000000033 _____ () C:\Users\MADS\AppData\Roaming\AdobeWLCMCache.dat
2018-08-19 12:23 - 2018-08-19 12:43 - 000001456 _____ () C:\Users\MADS\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-09-28 11:32 - 2018-09-28 11:32 - 000000000 _____ () C:\Users\MADS\AppData\Local\oobelibMkey.log
2018-07-21 15:03 - 2018-07-21 15:03 - 000000003 _____ () C:\Users\MADS\AppData\Local\updater.log
2018-07-21 15:03 - 2018-07-22 20:52 - 000000413 _____ () C:\Users\MADS\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-16 09:42

==================== End of FRST.txt ============================

#20

Reporte del Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.10.2018
Ran by MADS (17-10-2018 11:42:16)
Running from C:\Users\MADS\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-07-20 22:14:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2402948379-2091278062-4122600024-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2402948379-2091278062-4122600024-1002 - Limited - Enabled)
Invitado (S-1-5-21-2402948379-2091278062-4122600024-501 - Limited - Disabled)
MADS (S-1-5-21-2402948379-2091278062-4122600024-1000 - Administrator - Enabled) => C:\Users\MADS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
5KPlayer (HKLM\...\5KPlayer) (Version: 5.2 - DearMob, Inc.)
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{679355EA-AA94-4C39-A5E8-50DD4BB0AB98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Actualización de NVIDIA 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (32 Bit) (HKLM\...\ILST_22_0_0_32) (Version: 22.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (32 Bit) (HKLM\...\PHSP_19_1_4_32) (Version: 19.1.4 - Adobe Systems Incorporated)
Application Verifier x86 External Package (HKLM\...\{D8C25705-EDDE-D5FA-A353-DFB471703DD2}) (Version: 10.1.17134.12 - Microsoft) Hidden
Application Verifier x86 External Package (HKLM\...\{EE9188C0-8E7C-BFC2-2B2A-DF02EF5199E8}) (Version: 10.1.14393.795 - Microsoft) Hidden
CCleaner (HKLM\...\{7B011DC0-196A-461A-93C8-40B3ED19F344}) (Version: 5.29.6033 - Piriform Ltd)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Dropbox (HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
hppMSRedist (HKLM\...\{58ECE031-9AAD-4011-B34A-BC78E77527E2}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppusgP1000 (HKLM\...\{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}) (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kits Configuration Installer (HKLM\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
Lightshot-5.4.0.10 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Help Viewer 2.3 (HKLM\...\Microsoft Help Viewer 2.3) (Version: 2.3.27617 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.10827.20150 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{C66DD90B-960F-480D-9F2D-ED1A18A7E766}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{4A1DEB7A-341B-453E-A3AF-7EA9902F9711}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server vNext CTP1.6 (HKLM\...\{E4839F78-C3C2-493F-BB2F-472F6BBD2ED6}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.17.1289.727 - Microsoft Corporation)
MrvlUsgTracking (HKLM\...\{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}) (Version: 1.0.1 - Marvell)
MrvlUsgTracking (HKLM\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MSI Development Tools (HKLM\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Nero (HKLM\...\Nero) (Version:  - )
NVIDIA Controlador de 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10827.20150 - Microsoft Corporation) Hidden
Opera Stable 56.0.3051.43 (HKLM\...\Opera 56.0.3051.43) (Version: 56.0.3051.43 - Opera Software)
Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Paquete acumulativo de Intellisense de Microsoft .NET Framework para Visual Studio (español) (HKLM\...\{A8F7ACD7-A4E4-42FD-A978-DB6488DD6B3A}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Paquete de idioma de Visor de Ayuda de Microsoft 2.3 - ESN (HKLM\...\{8585906D-5435-320C-9F6E-B57E3C41953A}) (Version: 2.3.27617 - Microsoft Corporation) Hidden
Paquete de idioma de Visor de Ayuda de Microsoft 2.3 - ESN (HKLM\...\Paquete de idioma de Visor de Ayuda de Microsoft 2.3 - ESN) (Version: 2.3.27617 - Microsoft Corporation)
SDK ARM Additions (HKLM\...\{346B2C02-CC0D-6E09-8B9D-CAA2821473CF}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM\...\{825784BB-114D-ADB3-B65F-E1EB2A63C3BC}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SDK de Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{07570008-8840-4A14-A752-1367157138A5}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Skype versión 8.25 (HKLM\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Telegram Desktop version 1.4.3 (HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.4.3 - Telegram Messenger LLP)
UltraISO Premium V9.53 (HKLM\...\UltraISO_is1) (Version:  - )
Universal CRT Extension SDK (HKLM\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM\...\{4E8F20FD-6BC7-B65C-D4F2-5D7CEDE3352E}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM\...\{233B73D9-650E-9CEC-1002-767C916C1B61}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM\...\{6E43CA0C-046E-4F38-A0A2-3B1BA139B661}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM\...\{F2EB74A7-148A-8DC9-82A5-B5A88093EEC4}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VASSAL (3.2.17) (HKLM\...\VASSAL (3.2.17)) (Version: 3.2.17 - vassalengine.org)
vcpp_crt.redist.clickonce (HKLM\...\{63FE5FB8-97F3-416F-9F6D-F35D2C5B922B}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM\...\{D182FB25-9A73-4725-A2C4-2C33900B920E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Visual Studio 2017 Express para escritorio (HKLM\...\108bb927) (Version: 15.8.28010.2003 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Script Debugging Common (HKLM\...\{4176B257-DADE-4171-BE31-AA6FD9FFC5D0}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM\...\{4C60D242-B039-4DBB-A202-BE55478E8500}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM\...\{340226AB-D0EF-4715-A331-AB3A416B5018}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM\...\{31312BFA-5D30-4B56-BACB-BFE26CE2E285}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
vs_helpconfigmsi (HKLM\...\{7C3B1CC1-C34F-4ABE-8866-C028FADAA11C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_helpconfigmsi (HKLM\...\{CD5CB527-3E14-4478-A2E6-5AA6C3D89B52}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM\...\{082DBA20-8C1E-4D4C-85F4-A813283B7849}) (Version: 15.8.28010 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM\...\{E70CC1B8-7ED5-4495-9C52-603FE87F38F4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM\...\{3BE62AA1-60B9-42EA-99BC-1A46B31C7E0C}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.795 (HKLM\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{2DE43ED5-AF0D-4285-97E8-EC5ACEA34D1F}\InprocServer32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\1.3.141.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\1.3.141.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\1.3.141.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\1.3.141.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\1.3.141.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402948379-2091278062-4122600024-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\MADS\AppData\Local\Dropbox\Update\1.3.141.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2402948379-2091278062-4122600024-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2402948379-2091278062-4122600024-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2402948379-2091278062-4122600024-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\MADS\AppData\Roaming\Dropbox\bin\DropboxExt.25.0.dll [2018-10-09] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2050D0BE-B69C-443F-8BBF-1F2346A99648} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2402948379-2091278062-4122600024-1000Core => C:\Users\MADS\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2018-07-21] (Dropbox, Inc.)
Task: {272E09E8-0786-46C0-938F-0975048B8CEC} - System32\Tasks\Opera scheduled Autoupdate 1532166239 => C:\Program Files\Opera\launcher.exe [2018-10-10] (Opera Software)
Task: {536298FC-4FB1-43C7-AA90-B48421EDD1E6} - System32\Tasks\update-S-1-5-21-2402948379-2091278062-4122600024-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {5D9E1469-657D-4776-9BEF-C239D6028209} - System32\Tasks\AdobeGCInvoker-1.0-MADS-Dinotatil-MADS => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {640BB3FA-10BA-4DE5-90C9-CECFF6577326} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {80E2CE57-67BC-4987-BCDE-2D957D32B716} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-16] (Microsoft Corporation)
Task: {81FB342B-1CA7-40AD-9341-7960AB551B06} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-29] (Microsoft Corporation)
Task: {89C3F08D-43C6-4A95-A9AE-481ED9637419} - System32\Tasks\AdobeAAMUpdater-1.0-MADS-Dinotatil-MADS => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {AA6AEF5F-D92E-4A4E-A158-4C4222F66B63} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-16] (Microsoft Corporation)
Task: {ADCD0C9F-5907-4ED8-977E-B1BA92B220C8} - \A-9-8-28-1379449870-1118738007-1377598065-4856\{F9AKHEV7-4EK-OAVD-HE28-IY8RDNGZGVCM} -> No File <==== ATTENTION
Task: {AFF684A5-4FC8-442B-8ED3-0F2C6E515573} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B459233D-3167-45CD-9908-626E6CB98289} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-16] (Microsoft Corporation)
Task: {C17AEDE3-F191-4923-A8F8-7ABB89816522} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {D2FC2322-602F-494E-A550-37334BC83B66} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {DFD158B4-C307-44E4-B1FD-3D03880B390D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-29] (Microsoft Corporation)
Task: {F2B25CDC-1041-4B77-9C07-A7E08B36D806} - System32\Tasks\{741E1F53-B21C-4DCE-8541-9BC5475B1F00} => C:\Windows\system32\pcalua.exe -a E:\___CopiaSeguridadOCT17\M\Descargas\Software\Instalados\CutePDF\converter.exe -d E:\___CopiaSeguridadOCT17\M\Descargas\Software\Instalados\CutePDF
Task: {F69CC359-3D3C-4C59-A437-AD9ACBE81596} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-16] (Microsoft Corporation)
Task: {F877F346-B34B-465E-AFF1-90F7FB596A7A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-16] (Microsoft Corporation)
Task: {FE794207-6F74-40AE-BBD9-22ABA2FD4590} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2402948379-2091278062-4122600024-1000UA => C:\Users\MADS\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2018-07-21] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2402948379-2091278062-4122600024-1000Core.job => C:\Users\MADS\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2402948379-2091278062-4122600024-1000UA.job => C:\Users\MADS\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2402948379-2091278062-4122600024-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-07-21 11:28 - 2016-11-14 13:00 - 000123448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-07-21 13:08 - 2016-01-22 16:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000407632 _____ () C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll
2018-07-21 11:30 - 2016-11-14 14:35 - 000018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2008-02-07 10:05 - 2008-02-07 10:05 - 000163840 _____ () C:\Windows\system32\hppatusg01.dll
2018-09-20 11:49 - 2018-09-15 10:48 - 004317528 _____ () C:\Program Files\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-20 11:49 - 2018-09-15 10:48 - 000096600 _____ () C:\Program Files\Google\Chrome\Application\69.0.3497.100\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [5779800]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MADS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^MADS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Salko Soft.exe => C:\Windows\pss\Salko Soft.exe.Startup
MSCONFIG\startupfolder: C:^Users^MADS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Salkso Softs.exe => C:\Windows\pss\Salkso Softs.exe.Startup
MSCONFIG\startupfolder: C:^Users^MADS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Salkxso Softsx.exe => C:\Windows\pss\Salkxso Softsx.exe.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFA3085E-16B4-4245-AAE2-FB964DA972C8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{53281B61-A08E-451B-9C10-EB5D93257DC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0984F076-3087-43DC-A1E2-A3DEE7CB4D0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99627B9E-9192-4D24-8EA1-5BBEFEE1348F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4EED7B5D-E4A6-4FA0-8BEE-F30126765D4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6C52CA74-EF25-4CB8-A00F-92DDA96FC898}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4258016E-5119-4FE9-884C-674E1F0573FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BFBBA02A-E045-4284-B344-58C7B474DA89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39FA554D-4E94-406E-B0CA-0B89640A410E}] => (Allow) C:\Users\MADS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA0E227D-24F9-48CA-ACF5-0393DB207249}] => (Allow) C:\Users\MADS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34ADA857-7010-41C1-8994-7AEB381A9CCE}] => (Allow) C:\Users\MADS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F347C6ED-C683-440F-BB6D-90444EC316E7}] => (Allow) C:\Users\MADS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36365F81-C714-4D37-B102-438FB13B5965}] => (Allow) C:\Users\MADS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{87CB5D75-3CB4-41AB-ADF3-D633865D3A90}] => (Allow) C:\Users\MADS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{87C39562-A72E-41F2-977D-A79CB82EAED2}C:\program files\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{CDEDD983-C6A6-439A-8754-D5020C635D68}C:\program files\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{339F84D2-FFD3-43FF-94F8-CBC82DA0FAE8}] => (Block) C:\program files\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{F8A002E1-A4E3-463B-AA6D-F93F0A43EB74}] => (Block) C:\program files\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{7C23361E-3E7E-434C-9410-620AF3BB06E2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{06E7C094-03A9-4661-9841-7119843DB9BD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E0B7256D-8743-4C21-9F00-BEB5127592AE}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A98F009C-D038-4C5E-A2A4-75501DE36EA7}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{8379B5EF-DEE5-4134-8674-CA5761AB1A5B}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{676D356F-00E3-4E92-8999-C8CCA014EBA4}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{203C1BB8-0639-4BEE-8F6A-6E4DCD5184C8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8EB024EC-8922-4EB6-BD55-38AFB2B87D37}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E07D1E7F-246F-4ACA-A32B-B25F34253B3C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F6E39D43-B3F8-414A-B00B-53712B38DDBB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{FC91AD2E-0A6E-4B58-9FA3-F5A2F95DA352}] => (Allow) C:\Program Files\Opera\56.0.3051.36\opera.exe
FirewallRules: [{F4201860-41DF-4433-A2B4-E9B77F601A0E}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe

==================== Restore Points =========================

16-10-2018 14:37:17 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: Dispositivo base del sistema
Description: Dispositivo base del sistema
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo base del sistema
Description: Dispositivo base del sistema
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2018 02:22:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/16/2018 11:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/16/2018 06:42:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/16/2018 06:35:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/16/2018 06:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/16/2018 06:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: NvStreamUserAgent.exe, versión: 7.1.2117.8928, marca de tiempo: 0x57e24212
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.24231, marca de tiempo: 0x5b6db285
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000472a2
Id. del proceso con errores: 0x17d4
Hora de inicio de la aplicación con errores: 0x01d4656a44967328
Ruta de acceso de la aplicación con errores: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Id. del informe: 8ef39929-d15d-11e8-890e-0090f59698d5

Error: (10/16/2018 03:02:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/15/2018 07:24:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (10/17/2018 11:28:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (10/17/2018 11:28:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (10/17/2018 11:20:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (10/17/2018 11:20:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (10/17/2018 02:24:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (10/17/2018 02:24:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (10/17/2018 02:22:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (10/17/2018 02:22:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
Percentage of memory in use: 71%
Total physical RAM: 2045.17 MB
Available physical RAM: 574.13 MB
Total Virtual: 4090.34 MB
Available Virtual: 2350.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:46.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 26C507AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#21

Bueno, pues ahí está todo. El problema no sé. Al menos parece que al escribir ya funciona el teclado correctamente siempre y no sólo a veces. Porque antes lo de la tilde era una cosa muy errática. Ahora sale, luego diez veces que no, luego otras tantas que salían dos pero no encima de la vocal sino antes… Esto parece que va genial. El ordenador no te sé decir porque sólo ha trabajado con esto y la mitad de las herramientas no las conocía y, obviamente, no las había usado mucho. Quiero decir que más de 4 horas que se han tirado tanto el Malwarebytes (nunca había hecho un examen de estas características yo creo) y otras tantas el DrWeb no sé si es lo normal teniendo en cuenta el ordenador tan viejete que tengo y el número de archivos que comprobar. Supongo que cuando tenga luz verde para tirar de word, navegar por facebook y demás (o sea, más allá de este superforo que tenéis aquí montado) quizá sea capaz de decir que va genial o no. Por ahora sólo sé hablarte del teclado y eso va genial.

Muchísimas gracias de verdad. Soberbia vuestra ayuda

EDITO: Sí que veo que abajo a la derecha (al lado del reloj) sigue la banderita con la x en círculo rojo dando el error de que Windows Update no está activado (además de activar windows defender y recomendarme que instale un antivirus, claro)


#22

Lo de que tarden. es normal, sobre todo si el pc no es muy potente.

Por otra parte, tienes todavía infecciones graves, a si que realizas lo que te indico y me comentas como va el pc, y si sigue lo de la banderita roja.

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Services\458335ADDF886BC4 <==== ATTENTION (Rootkit!)
"lethjtha" => service was unlocked. <==== ATTENTION
S2 lethjtha; C:\Windows\system32\lethjtha\cahdclja.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-14 21:39 - 2018-10-14 21:39 - 000000000 ____D C:\ProgramData\RzwGPwNbGQ
2018-10-07 13:03 - 2018-10-16 18:09 - 000000000 ____D C:\Windows\system32\lethjtha
Task: {ADCD0C9F-5907-4ED8-977E-B1BA92B220C8} - \A-9-8-28-1379449870-1118738007-1377598065-4856\{F9AKHEV7-4EK-OAVD-HE28-IY8RDNGZGVCM} -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [5779800]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema , y ademas estos otros logs:


#23

Aquí dejo el Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.10.2018
Ran by MADS (17-10-2018 12:26:32) Run:1
Running from C:\Users\MADS\Desktop
Loaded Profiles: MADS (Available Profiles: MADS)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Services\458335ADDF886BC4 <==== ATTENTION (Rootkit!)
"lethjtha" => service was unlocked. <==== ATTENTION
S2 lethjtha; C:\Windows\system32\lethjtha\cahdclja.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-14 21:39 - 2018-10-14 21:39 - 000000000 ____D C:\ProgramData\RzwGPwNbGQ
2018-10-07 13:03 - 2018-10-16 18:09 - 000000000 ____D C:\Windows\system32\lethjtha
Task: {ADCD0C9F-5907-4ED8-977E-B1BA92B220C8} - \A-9-8-28-1379449870-1118738007-1377598065-4856\{F9AKHEV7-4EK-OAVD-HE28-IY8RDNGZGVCM} -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [5779800]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
"HKU\KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION\SOFTWARE\Policies\Microsoft\Internet Explorer" => not found
HKLM\SYSTEM\CurrentControlSet\Services\458335ADDF886BC4 <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
"lethjtha" => service was unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\lethjtha => removed successfully.
lethjtha => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully.
VGPU => service removed successfully.
C:\ProgramData\RzwGPwNbGQ => moved successfully
C:\Windows\system32\lethjtha => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADCD0C9F-5907-4ED8-977E-B1BA92B220C8}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADCD0C9F-5907-4ED8-977E-B1BA92B220C8}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A-9-8-28-1379449870-1118738007-1377598065-4856\{F9AKHEV7-4EK-OAVD-HE28-IY8RDNGZGVCM} => not found
C:\Windows\system32\config\systemprofile => ":.repos" ADS removed successfully.
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-2402948379-2091278062-4122600024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12586316 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2798092 B
Edge => 0 B
Chrome => 71225942 B
Firefox => 0 B
Opera => 1864724 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 30472680 B
LocalService => 66228 B
NetworkService => 66228 B
MADS => 92493 B

RecycleBin => 0 B
EmptyTemp: => 113.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:26:55 ====