Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 9/10/18
Hora del análisis: 15:16
Archivo de registro: 160f5050-cbfc-11e8-9990-00ff25ee63f7.json
Administrador: Sí
-Información del software-
Versión: 3.4.5.2467
Versión de los componentes: 1.0.342
Versión del paquete de actualización: 1.0.7271
Licencia: Gratis
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Julio-PC\Julio
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 241404
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 11 min, 20 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 3
RiskWare.PowerShellSP.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\a691d5de-bda4-5f91-4b6be8bce7b47ae9, En cuarentena, [14196], [509453],1.0.7271
RiskWare.PowerShellSP.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6529B511-ECF1-4391-AD99-99C080322E4D}, En cuarentena, [14196], [509453],1.0.7271
RiskWare.PowerShellSP.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{6529B511-ECF1-4391-AD99-99C080322E4D}, En cuarentena, [14196], [509453],1.0.7271
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 1
RiskWare.PowerShellSP.Generic, C:\WINDOWS\SYSTEM32\TASKS\a691d5de-bda4-5f91-4b6be8bce7b47ae9, En cuarentena, [14196], [509453],1.0.7271
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
Malwarebytes AdwCleaner
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-10-2018
# Duration: 00:00:18
# OS: Windows 7 Professional
# Scanned: 31927
# Detected: 19
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\ProgramData\Tencent
PUP.Optional.Legacy C:\Users\Julio\AppData\Roaming\Tencent
Rogue.ForcedExtension C:\ProgramData\apn
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\DownloadProxy.EXE
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
PUP.Optional.Legacy HKLM\Software\Classes\METNSD
PUP.Optional.Vittalia HKCU\Software\Vittalia
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Farbar Recovery Scan Tool
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by Julio (administrator) on JULIO-PC (10-10-2018 06:40:56)
Running from C:\Users\Julio\Desktop
Loaded Profiles: Julio (Available Profiles: Julio)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-06] (Razer Inc.)
HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\...\Run: [WiseMemoryOptimzer] => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe [2197160 2018-05-28] (WiseCleaner.com)
HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\...\MountPoints2: {8f8f039b-ba73-11e5-bbb9-00acae071926} - F:\setup.exe
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{25EE63F7-1C5C-4E6F-8CAE-8FB6BC212ABE}: [NameServer] 146.148.119.121,104.130.169.74
Tcpip\..\Interfaces\{26E12AD5-1BD6-4F59-B715-15DDAC377D48}: [DhcpNameServer] 200.44.32.12 200.109.78.12
Internet Explorer:
==================
HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: kv6ljrtk.default
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\kv6ljrtk.default [2018-10-10]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-04-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.ve/
CHR StartupUrls: Default -> "hxxp://www.google.co.ve/"
CHR DefaultSearchURL: Default -> hxxps://translate.google.co.ve/favicon.ico
CHR Profile: C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default [2018-10-10]
CHR Extension: (Presentaciones) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Búsqueda de Google) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Hojas de cálculo) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Traductor de Google) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdlbnkmkmiclalkffnoeffkepmeejp [2015-10-02]
CHR Extension: (Cronómetro / Temporizador) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2016-07-11]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-06-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\Julio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1532089978-2648638393-2772106311-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [595704 2016-10-26] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2618104 2016-06-01] (Astrill)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-06-05] ()
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [28552 2016-10-03] (Microsoft)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5256128 2018-03-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
S3 cpuz145; C:\Windows\temp\cpuz145\cpuz145_x64.sys [49968 2018-10-09] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-01-14] (Disc Soft Ltd)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0047.sys [38432 2015-10-02] (SoftEther Corporation)
S3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0039.sys [38432 2015-11-13] (SoftEther Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
S3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [11136 2009-10-13] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-06-28] (Oracle Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-10 06:40 - 2018-10-10 06:41 - 000010490 _____ C:\Users\Julio\Desktop\FRST.txt
2018-10-10 06:40 - 2018-10-10 06:40 - 000000000 ____D C:\FRST
2018-10-10 06:39 - 2018-10-10 06:39 - 000057560 _____ C:\Users\Julio\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-10 06:38 - 2018-10-10 06:38 - 000275936 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 06:12 - 2018-10-10 06:13 - 002414592 _____ (Farbar) C:\Users\Julio\Desktop\FRST64.exe
2018-10-10 06:11 - 2018-10-10 06:13 - 007592144 _____ (Malwarebytes) C:\Users\Julio\Desktop\adwcleaner_7.2.4.0.exe
2018-10-10 06:08 - 2018-10-10 06:08 - 000002087 _____ C:\Users\Julio\Desktop\AdwCleaner[C05].txt
2018-10-10 05:48 - 2018-10-10 05:48 - 000003197 _____ C:\Users\Julio\Desktop\AdwCleaner[S00].txt
2018-10-10 05:46 - 2018-10-10 05:46 - 000002114 _____ C:\Users\Julio\Desktop\rkill1.txt
2018-10-10 05:43 - 2018-10-10 05:48 - 000000000 ____D C:\AdwCleaner
2018-10-10 05:39 - 2018-10-10 06:28 - 000002173 _____ C:\Users\Julio\Desktop\antivirus.txt
2018-10-09 18:42 - 2018-10-10 05:59 - 000000000 ____D C:\Users\Julio\AppData\Local\ESET
2018-10-09 18:41 - 2018-10-09 18:42 - 006985848 _____ (ESET spol. s r.o.) C:\Users\Julio\Downloads\esetonlinescanner_esn.exe
2018-10-09 17:38 - 2018-10-10 06:30 - 000002112 _____ C:\Users\Julio\Desktop\Rkill.txt
2018-10-09 17:35 - 2018-10-09 17:35 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Julio\Desktop\iExplorer.exe
2018-10-09 17:19 - 2018-10-09 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-09 15:28 - 2018-10-09 15:28 - 000002127 _____ C:\Users\Julio\Downloads\Fixlog.txt
2018-10-09 15:27 - 2018-10-09 15:27 - 000000095 _____ C:\Users\Julio\Downloads\fixlist.txt
2018-10-09 14:45 - 2018-10-09 14:45 - 000000000 __SHD C:\Windows\system32\%APPDATA%
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-10 06:40 - 2017-09-01 16:19 - 000000474 _____ C:\Windows\Tasks\Wise Memory Optimizer Task.job
2018-10-10 06:39 - 2015-10-01 23:59 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-10-10 06:38 - 2018-03-08 23:41 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-10 06:38 - 2009-07-14 00:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-10 06:21 - 2018-05-02 21:42 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-10 06:21 - 2009-07-13 22:50 - 000000000 ____D C:\Windows\inf
2018-10-10 06:17 - 2009-07-14 00:15 - 000014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-10 06:17 - 2009-07-14 00:15 - 000014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-10 05:58 - 2009-07-13 22:50 - 000000000 ____D C:\Windows\registration
2018-10-09 19:01 - 2015-10-24 19:57 - 000000000 ____D C:\Windows\Minidump
2018-10-09 19:01 - 2015-10-01 16:48 - 000000000 ____D C:\Windows\Panther
2018-10-09 17:11 - 2009-07-13 22:50 - 000000000 ____D C:\Windows\system32\NDF
2018-10-09 17:10 - 2016-05-17 15:16 - 000007653 _____ C:\Users\Julio\AppData\Local\Resmon.ResmonCfg
2018-10-09 14:34 - 2016-04-24 22:41 - 000003656 _____ C:\Windows\SysWOW64\ASProxyOff.ini
2018-10-09 14:34 - 2016-04-24 22:41 - 000003656 _____ C:\Windows\system32\ASProxyOff.ini
2018-09-19 21:39 - 2017-11-22 04:34 - 000000000 ____D C:\Users\Julio\AppData\Roaming\WhatsApp
2018-09-19 15:33 - 2015-10-01 22:56 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-19 15:33 - 2015-10-01 22:56 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-18 04:22 - 2017-12-12 01:32 - 000000000 ____D C:\Users\Julio\AppData\Local\Tibia
2018-09-16 13:21 - 2016-07-11 08:51 - 000000000 ____D C:\Users\Julio\AppData\Local\Razer
2018-09-16 13:21 - 2016-07-11 08:50 - 000000000 ____D C:\ProgramData\Razer
2018-09-16 13:21 - 2016-07-11 08:50 - 000000000 ____D C:\Program Files (x86)\Razer
2018-09-15 19:16 - 2009-07-14 05:01 - 000746372 _____ C:\Windows\system32\perfh00A.dat
2018-09-15 19:16 - 2009-07-14 05:01 - 000158358 _____ C:\Windows\system32\perfc00A.dat
2018-09-15 19:16 - 2009-07-14 00:43 - 001673974 _____ C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2018-03-16 03:57 - 2018-05-09 03:20 - 000000304 _____ () C:\ProgramData\nvUnsupRes.dat
2016-04-24 22:35 - 2016-06-01 17:13 - 001719048 _____ () C:\Users\Julio\AppData\Roaming\addr2line.exe
2016-05-06 19:19 - 2016-05-06 19:19 - 000000001 _____ () C:\Users\Julio\AppData\Local\llftool.4.12.agreement
2018-02-18 01:53 - 2018-02-18 01:53 - 000000001 _____ () C:\Users\Julio\AppData\Local\llftool.4.40.agreement
2018-04-06 12:19 - 2018-04-09 08:47 - 000000600 _____ () C:\Users\Julio\AppData\Local\PUTTY.RND
2016-05-17 15:16 - 2018-10-09 17:10 - 000007653 _____ () C:\Users\Julio\AppData\Local\Resmon.ResmonCfg
2015-10-07 15:22 - 2018-06-08 16:14 - 000000003 _____ () C:\Users\Julio\AppData\Local\user_data.ini
2015-12-31 10:08 - 2015-12-31 10:08 - 000000000 _____ () C:\Users\Julio\AppData\Local\{5B7DFCA1-0A8B-475C-9885-12349F235AD8}
2015-12-03 06:38 - 2015-12-03 06:38 - 000000000 _____ () C:\Users\Julio\AppData\Local\{D098D814-4B0F-46A0-ACD9-3B3D32007275}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-10-05 00:01
==================== End of FRST.txt ============================