Start:: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN HKU\S-1-5-21-3699256274-3504046497-4249305333-1000\...\Run: [Chromium] => "c:\users\yamila\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-3699256274-3504046497-4249305333-1000\...\MountPoints2: {5e4f83e3-4dcb-11e9-8cf9-806e6f6e6963} - E:\DriverPackSolution.exe HKU\S-1-5-21-3699256274-3504046497-4249305333-1000\...\MountPoints2: {88782657-b820-11dc-b4bc-806e6f6e6963} - E:\DriverPackSolution.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrmstp.exe [2020-06-17] (Google LLC -> Google LLC) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN Task: {8C7C0C31-B534-4468-9C58-23B505747851} - System32\Tasks\{165EECE5-068F-4F53-8232-87E0C22319EA} => C:\Users\yamila\Desktop\GTA PC FRACO ABOUT GAMES\GTA PC MUITO FRACO\gta_sa.exe Task: {984D8B64-4A2E-48FE-B839-F3C0A553876F} - System32\Tasks\{4E4D1AD3-EAF9-42F4-957D-28D19F0127F5} => C:\Users\yamila\Desktop\GTA PC FRACO ABOUT GAMES\GTA PC MUITO FRACO\gta_sa.exe Task: {FA8AD423-BAE6-4324-A32A-D43BAB9F5F2D} - System32\Tasks\{268CC7DF-92CD-4A60-B828-C249079E03DD} => C:\Windows\system32\pcalua.exe -a E:\AutoPlay\Docs\Peluqueria\instala_prosicar_peluqueria.exe -d E:\AutoPlay\Docs\Peluqueria ProxyServer: [S-1-5-21-3699256274-3504046497-4249305333-1000] => 51.68.228.131:80 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricción <==== ATENCIÓN SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3699256274-3504046497-4249305333-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ar.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88leroe3ky9bdfhjlxsikmoqsu3h001620¶m1=y6bdVFVIsvuYsgEClQfz8NKhign327jpj7DjZab2XZNGHlqtDt855VLjMjeFsPR0%2FuxLra3ZdZhViLXzWdhUIUkkPSfVK%2FMSIx69oxMtnifkf%2BZWdL1n6A53k0yAhaHj6j0NjsfWZSdvCN8h%2BMyAMU3MrE1J%2F9CdmsjkyXUP2k1zRWv2GwhXb0JUCEaHP5FB7NVpUrlACTWBWqzKPDf6DNcLXEk4qmchLt%2F8CyPfNMpy9bvwc609dRa%2FvhvctVNTuYg3VTJeUMEFyn%2BkUi%2FzsgAImk96ro00aHWaIrvRE9pPN030I39ia8AliqWDsC1Ne%2BI1K7%2BMz8Mt%2BMAtfeg%2FpEXtbOi08K2pjeCZYpbrNTEZ0PQqD41zsd1yRCULwRUkrPf4gCcKCL0FPJv1Vg4mf3Vq1%2FQh%2F2i03OXpuq85BZA%3D&p={searchTerms} SearchScopes: HKU\S-1-5-21-3699256274-3504046497-4249305333-1000 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-3699256274-3504046497-4249305333-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ar.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88leroe3ky9bdfhjlxsikmoqsu3h001620¶m1=y6bdVFVIsvuYsgEClQfz8NKhign327jpj7DjZab2XZNGHlqtDt855VLjMjeFsPR0%2FuxLra3ZdZhViLXzWdhUIUkkPSfVK%2FMSIx69oxMtnifkf%2BZWdL1n6A53k0yAhaHj6j0NjsfWZSdvCN8h%2BMyAMU3MrE1J%2F9CdmsjkyXUP2k1zRWv2GwhXb0JUCEaHP5FB7NVpUrlACTWBWqzKPDf6DNcLXEk4qmchLt%2F8CyPfNMpy9bvwc609dRa%2FvhvctVNTuYg3VTJeUMEFyn%2BkUi%2FzsgAImk96ro00aHWaIrvRE9pPN030I39ia8AliqWDsC1Ne%2BI1K7%2BMz8Mt%2BMAtfeg%2FpEXtbOi08K2pjeCZYpbrNTEZ0PQqD41zsd1yRCULwRUkrPf4gCcKCL0FPJv1Vg4mf3Vq1%2FQh%2F2i03OXpuq85BZA%3D&p={searchTerms} Edge HomePage: Default -> hxxps://ar.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88leroe3ky9bdfhjlxsikmoqsu3h001620¶m1=y6bdVFVIsvuYsgEClQfz8NKhign327jpj7DjZab2XZNGHlqtDt855VLjMjeFsPR0%2FuxLra3ZdZhViLXzWdhUIRN%2FfkD6TgMME5M8WUOD80CtGM5l3JYUoWeSaB2iHpZJ%2FpBdO4OIpzpjc6k%2BnkTQAiuf9V23RQmwM2jzK73m2WxDKckP%2FIVAebOCSgv2lbsnyWZUhANo7hFimbhnntj75aaj5iZFST8qmWFELUrB8CHWjSSjdfGpY80dlnip00evw7Tb4NBtBR1xUza3PIMVm0pgcUpdKff4nAgF9JDDR6O4n8DW63uVRB7UWO1G3BJavkxDLRTH2TF7cnMjwgYNK2XsE2%2BEl%2BX%2Bga5GuweNoNWb1dNI2Th1iMFgw9DPttkkkFb8%2BxXBzOz14Rud8rHP86wSjPu3MW%2FWiPZz43lyph0%3D Edge StartupUrls: Default -> "hxxps://ar.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88leroe3ky9bdfhjlxsikmoqsu3h001620¶m1=y6bdVFVIsvuYsgEClQfz8NKhign327jpj7DjZab2XZNGHlqtDt855VLjMjeFsPR0%2FuxLra3ZdZhViLXzWdhUIRN%2FfkD6TgMME5M8WUOD80BAG3M3t8YK4DMk3Rk6rEqg1U0ClGImf1EZTi3fivCUYZiohuaVkl%2FfKB4UKVsDInxoHMCnSMCON6v4Tdc3zrRys8pcDjEwFR%2B06DTiyFtHt6%2FJwwpyMPg8wPozua9KStNzDRnyKXNyhkO3xyjj%2F7Q%2B%2FUABaXf9Vb%2BwW3ZAP2tvEAMlR9m7hED4dKP6V%2FByLPf2vBS4cAT4AozQjXhnb5R6tZlYgYF51ECGAUQ6Cgek3q8xxmQctAjdfdefrbvyPUYSK%2BC7WP3kA9C%2Fl5osAahltkrQP3iO3KpHAkNcRFO29QD9fQrZblVqi0WBvGhjOLA%3D" Edge DefaultSearchURL: Default -> hxxps://ar.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88leroe3ky9bdfhjlxsikmoqsu3h001620¶m1=y6bdVFVIsvuYsgEClQfz8NKhign327jpj7DjZab2XZNGHlqtDt855VLjMjeFsPR0%2FuxLra3ZdZhViLXzWdhUIRN%2FfkD6TgMME5M8WUOD80BVSfMnUoDmcTdL5RrX0oc%2Fk1TkLKBmZGQsrL%2FPy9TL%2FrM%2FlGNpEOe4vbBsGzj9hfInLmxeObSgIZFst2tmEZjOlJ7AAor5tDyxe%2Be5dxB%2FbY1zjaxIJ4wdLpmz5EenrJAXq%2FnsIHwzHA7uh27g2KUYhWhrLQEHcKsnQ%2FJMhm4kUQ0zUtN7YyUOltJTohh7a8IaguwqFojgxlRiJ0bcWXl82EHkaOE0X82xRAVS8gWZ3uKp9iL%2B8XW%2F5P7RMg1sKYi%2BldtjFVUIrwDSsqNhGJLK5wQsV3XRf2ytJ7NeGeytEt%2BoqiSIzmkJXw61yBjeQN0%3D&p={searchTerms} Edge DefaultSearchKeyword: Default -> search.yahoo.com Edge DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} Edge HKU\S-1-5-21-3699256274-3504046497-4249305333-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] FF Plugin: @microsoft.com/GENUINE -> disabled [Ningún archivo] FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Ningún archivo] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js [2018-11-08] <==== ATENCIÓN (Apunta a archivo *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\cck2.cfg [2018-11-08] <==== ATENCIÓN CHR Notifications: Default -> hxxps://meet.google.com CHR HomePage: Default -> hxxps://ar.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88leroe3ky9bdfhjlxsikmoqsu3h001620¶m1=y6bdVFVIsvuYsgEClQfz8NKhign327jpj7DjZab2XZNGHlqtDt855VLjMjeFsPR0%2FuxLra3ZdZhViLXzWdhUIaQtsuNwUBxXLSY0iK%2BLtZcgFTUkB%2FbKv1D2d132Iaejv8HWMng9pUEMUO3C8CXQ9uuu2dTXAuc5ElIvhgTCZUyMCx%2Bb%2Fl8c4bYgVIoqdidBkaO92G8Ibvm3jY2TSpCrnjSqdCpL3xZbI6xCVGMpXxR1S1LN0FDeI4IIdBnmPdjpu6%2Bi7dcl5MQgrTWkeH68E0KdTbCIh5ZalWoyTh7%2BuPWiYYhHTUItEnOn48m1CaNv%2BRdFVEOpuDxJM2OJQCi0d8K8%2FJhbhvLDuHLc3rPWAm1GSfpZdZ7KkiUmbGhVN04poyiCQMxSCNbWF0C3%2BUJS1wblPBfZiHu%2FPL2vOCkjtkU%3D CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk S2 QMEmulatorService; "D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe" [X] D:\Program Files\TxGameAssistant S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [802920 2020-04-17] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [572744 2020-04-17] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S2 aow_drv; \??\D:\Program Files\TxGameAssistant\UI\aow_drv_x64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2020-06-18 19:56 - 2020-06-18 19:56 - 008402608 ____C (Malwarebytes) C:\Users\yamila\Downloads\adwcleaner_8.0.5.exe 2020-06-18 14:52 - 2020-06-18 14:58 - 022267336 ____C (Piriform Software Ltd) C:\Users\yamila\Downloads\ccsetup565.exe 2020-06-18 14:41 - 2020-06-18 14:41 - 002834264 ____C (Kaspersky) C:\Users\yamila\Downloads\ks3.020.0.14.1085abcdefghijes_22567.exe 2020-06-15 18:40 - 2020-06-15 18:40 - 000000000 ___DC C:\Users\yamila\Desktop\mame 32 2020-06-15 18:16 - 2020-06-15 18:16 - 000000000 ___DC C:\Windows\system32\appmgmt 2020-06-14 19:01 - 2020-06-14 19:01 - 000000000 ____C C:\SDTBE4.tmp 2020-06-07 21:30 - 2020-06-14 12:19 - 000000000 ___DC C:\ProgramData\Avast Software 2020-06-03 16:32 - 2020-06-03 16:32 - 000000000 ____C C:\SDT2D76.tmp 2020-06-18 17:14 - 2020-03-21 20:38 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com 2020-06-18 17:12 - 2020-02-24 09:53 - 000000000 ___DC C:\Users\yamila\AppData\Roaming\Gomberto Muraca 2020-06-18 17:10 - 2020-02-24 09:54 - 000000000 ___DC C:\Users\yamila\AppData\Roaming\decacopy 2020-06-18 13:30 - 2020-03-22 18:20 - 000000000 ___DC C:\Program Files (x86)\Cheating-Death 2020-06-18 13:30 - 2019-03-23 21:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2020-06-18 13:30 - 2019-03-23 21:57 - 000000000 ___DC C:\Program Files (x86)\PopCap Games 2020-06-18 13:29 - 2019-03-23 21:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantas Contra Zombis 2020-06-18 13:29 - 2019-03-23 21:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chuzzle Christmas Edition en Español 2020-06-18 13:29 - 2019-03-23 21:57 - 000000000 ___DC C:\Program Files (x86)\Plantas Contra Zombis 2020-06-18 13:29 - 2019-03-23 21:56 - 000000000 ___DC C:\Program Files (x86)\Chuzzle Christmas Edition 2020-06-17 10:55 - 2020-03-21 20:38 - 000001318 ____C C:\Users\yamila\AppData\Roaming\Microsoft\Windows\Start Menu\MyPlayCity Games.lnk 2020-06-16 23:47 - 2019-03-23 21:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bejeweled 2 Deluxe en Español 2020-04-17 19:25 - 2020-04-17 19:25 - 000000068 ____C () C:\Users\yamila\AppData\Roaming\changzhi_leidian.data ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Ningún archivo ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Ningún archivo AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846] CMD: ipconfig /flushdns CMD: ipconfig /renew CMD: bitsadmin /reset /allusers CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: Hosts: END::