Amenaza muy resistente SMB : CVE - 2017-0144 y Como cerrar el Puerto 445?

Windows Update parece estar funcionando bien, pero a veces el sistema me informa que está desactivado. Aquí te dejo los informes de FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2019
Ran by ADM-ll (administrator) on ADM-LL-PC (BIOSTAR Group P4M89-M7B) (27-09-2019 16:05:28)
Running from C:\Users\ADM-ll\Desktop
Loaded Profiles: ADM-ll & Invitado (Available Profiles: ADM-ll & Invitado)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files\Google\Update\1.3.34.13\GoogleCrashHandler.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\PAStiSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.) C:\Windows\System32\VTTrayp.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.) C:\Windows\System32\VTTimer.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc. -> Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VTTimer] => C:\Windows\system32\VTTimer.exe [53248 2006-09-21] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\Windows\system32\VTtrayp.exe [176128 2007-02-06] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.)
HKLM\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files\OkayFreedom\Notifier.exe [4233208 2019-03-05] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [339968 2005-10-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [6188536 2019-03-05] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\76.0.1632.101\Installer\chrmstp.exe [2019-09-07] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-06-04]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2019-09-27]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C8F5A83-E3B1-493C-B939-D5A6C6BE0F3C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {2C28409A-DE27-4724-86D0-6D764FF77EE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154920 2019-08-12] (Google Inc -> Google LLC)
Task: {432E3376-D49B-4EA8-A500-7B655DB24423} - System32\Tasks\{36BD45AE-5079-43D9-823A-3F1670353CC7} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
Task: {466E7AD5-95D3-4A0E-978F-16DCC067512D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1574320 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {5508A693-0760-4C04-A0C2-6A430397F8D7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2707563477-1181458908-4289881501-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2576384 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {6FBC92E4-931E-4DE3-8599-271592277118} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-10] (Adobe Inc. -> Adobe)
Task: {7056E3DF-2CC7-4BF4-A4ED-B4DA87605FE0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
Task: {8EDACA7D-7696-4F1C-A955-20BA94E78ED5} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
Task: {917F04E1-64F6-4B77-8FD0-0FEDA5C48D5C} - System32\Tasks\Avast Cleanup Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {972C2D8D-B279-4D03-AB16-182FAA0261B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {AB933F44-8CBE-465F-A41E-2C1C42B54A4F} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\ADM-ll\Downloads\PrivaZer.exe [17289944 2019-05-20] (Goversoft LLC -> Goversoft LLC)
Task: {ABAD3AE3-BA09-4B24-B3FC-E4851BA8A5C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-10] (Adobe Inc. -> Adobe)
Task: {ACF5552D-3B73-4E67-A7B6-C42115436C5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154920 2019-08-12] (Google Inc -> Google LLC)
Task: {B96D579F-66C2-410D-9A99-8AFBAE07DCEC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {C7DF93BB-D8F1-4279-A404-C1862BF853AE} - System32\Tasks\Opera scheduled Autoupdate 1543873804 => C:\Program Files\Opera\launcher.exe [1348632 2019-09-18] (Opera Software AS -> Opera Software)
Task: {DCA3911C-CD3D-41B0-BC72-214060111F26} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {F159A567-2F65-44DD-808D-9AFD66D52BAA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2707563477-1181458908-4289881501-1000 => C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-09-27] (Mega Limited -> Mega Limited)
Task: {F2273CC9-0306-4401-AC58-F4FE1AEA5DAB} - System32\Tasks\{89A6836E-57A9-4A4E-B1B8-6F35AD59DBAC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{05B91FA1-A3B2-492E-9D70-4EC4A3E6B51D}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{7CF52F30-F611-40F7-A761-0454563ED30E}: [DhcpNameServer] 200.44.32.12 200.109.78.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://search.comodo.com/?p={searchTerms}&hsimp=yhs-securitybundle&cc=ve&type=33050001005_12.0.0.6818_i_ds_sp&cri=43FA119C60FA0AA2F4254C07E9EC1887&cni=33050001
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Toolbar: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

FireFox:
========
FF DefaultProfile: w5oi6h56.default-1551223974728
FF ProfilePath: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 [2019-09-27]
FF Homepage: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF NewTab: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> about:newtab
FF Extension: (OkayFreedom) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2019-01-29] [UpdateUrl:hxxps://www.steganos.com/updates/okayfreedom/update_okayfreedom_ff.rdf]
FF Extension: (Avira Navegación segura) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-08-26]
FF Extension: (media-capture) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-08-03]
FF Extension: (HTTPS Everywhere) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-07-06]
FF Extension: (Español (México) Language Pack) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-09-08]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-07-17]
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-09-27]
FF Extension: (square red) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{8de1c33e-d562-43ef-9122-6cfb439df06c}.xpi [2019-05-13]
FF Extension: (Video DownloadHelper) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF SearchPlugin: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\searchplugins\yahoo-avast.xml [2019-07-29]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.13\npGoogleUpdate3.dll [2019-08-12] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.13\npGoogleUpdate3.dll [2019-08-12] (Google Inc -> Google LLC)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default [2019-09-27]
CHR Extension: (Presentaciones) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-11]
CHR Extension: (Flash Video Downloader) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-07-29]
CHR Extension: (The Flash Video Downloader) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2019-05-16]
CHR Extension: (Documentos) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-11]
CHR Extension: (Google Drive) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-03]
CHR Extension: (YouTube) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-03]
CHR Extension: (Hojas de cálculo) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-11]
CHR Extension: (KProxy Extension) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2019-09-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-11]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-09-25]
CHR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Mp3 Songs Download) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifeaicfhbgimajeibbceipjefbldmlod [2018-12-11]
CHR Extension: (PP VPN gratuito Desbloqueo de seguridad VPN / Proxy) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljopmgdobloagejpohpldgkiellmfnc [2019-07-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-11]
CHR Extension: (Gmail) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-03-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5035312 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373928 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\76.0.1632.101\elevation_service.exe [976608 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [218576 2019-08-09] (TEFINCOM S.A. -> )
S4 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [361480 2019-03-05] (Steganos Software GmbH -> Steganos Software GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [236528 2016-11-22] (Visicom Media Inc. -> Visicom Media Inc.)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 AfVpnService; "C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe" [X]
S3 Panda VPN Service; "C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe" [X]
S3 PSINanoRun_15E6; C:\Users\ADM-ll\AppData\Local\Temp\15E6\PSINanoRun_15E6.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-06-15] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [411088 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [703184 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [401696 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (Microsoft Windows -> VIA Technologies, Inc. )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141136 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [786256 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S1 NNSDNS; C:\Windows\System32\DRIVERS\NNSDns.sys [105656 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [86760 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.)
S3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-04-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2017-04-20] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [31496 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [281856 2007-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
U3 iswSvc; no ImagePath
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-27 16:05 - 2019-09-27 16:07 - 000026717 _____ C:\Users\ADM-ll\Desktop\FRST.txt
2019-09-27 15:49 - 2019-09-27 16:06 - 000000000 ____D C:\FRST
2019-09-27 15:33 - 2019-09-27 15:34 - 001451520 _____ (Farbar) C:\Users\ADM-ll\Desktop\FRST.exe
2019-09-27 15:09 - 2019-09-27 15:09 - 000000000 _____ C:\Users\ADM-ll\Documents\Nuevo documento de texto.txt
2019-09-27 14:06 - 2019-09-27 14:06 - 000308616 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-27 13:02 - 2019-09-27 13:02 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\IsolatedStorage
2019-09-27 12:10 - 2019-09-27 12:10 - 000001101 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2019-09-27 12:10 - 2019-09-27 12:10 - 000001101 _____ C:\ProgramData\Desktop\Avast Cleanup Premium.lnk
2019-09-27 11:44 - 2019-09-27 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-09-27 11:44 - 2019-09-27 11:44 - 000002079 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2019-09-27 11:44 - 2019-09-27 11:44 - 000002079 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2019-09-27 11:38 - 2019-09-27 11:39 - 000703184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-09-27 11:38 - 2019-09-27 11:39 - 000401696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000411088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000305032 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-09-27 11:38 - 2019-09-27 11:38 - 000277408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000224008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000176760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000174712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000169408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000145048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000095168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000073312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000059368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000041200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000036104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2019-09-27 11:38 - 2019-09-27 11:38 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-09-27 11:16 - 2019-09-27 14:09 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-27 11:15 - 2019-09-27 11:15 - 000000000 ____D C:\ProgramData\panda_url_filtering
2019-09-27 08:57 - 2019-09-27 08:57 - 000027379 _____ C:\Users\ADM-ll\Downloads\ZHPCleaner-[R]-27092019-08_55_47.html
2019-09-27 08:57 - 2019-09-27 08:57 - 000000000 ____D C:\Users\ADM-ll\Downloads\ZHPCleaner-[R]-27092019-08_55_47 Archivos
2019-09-27 08:52 - 2019-09-27 08:52 - 000005114 _____ C:\Users\ADM-ll\Desktop\ZHPCleaner (S).txt
2019-09-26 14:45 - 2019-09-26 14:47 - 000000038 _____ C:\Users\ADM-ll\Documents\Taurus.txt
2019-09-18 17:59 - 2019-09-18 17:59 - 001207336 _____ (Adobe Inc) C:\Users\ADM-ll\Downloads\flashplayer32pp_xa_install.exe
2019-09-17 10:53 - 2019-09-17 10:53 - 000027460 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]VA.-.NOW.100.HITS.MOVIES..5CD...2019..Mp3.320kbps.GROO.torrent
2019-09-16 16:47 - 2019-09-27 13:02 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\NordVPN
2019-09-16 16:47 - 2019-09-16 16:48 - 000000000 ____D C:\ProgramData\NordVpn
2019-09-16 16:47 - 2019-09-16 16:47 - 000001871 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-09-16 16:47 - 2019-09-16 16:47 - 000001871 _____ C:\ProgramData\Desktop\NordVPN.lnk
2019-09-16 16:47 - 2019-09-16 16:47 - 000000000 ____D C:\ProgramData\Caphyon
2019-09-16 16:46 - 2019-09-16 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-09-16 16:46 - 2019-09-16 16:47 - 000000000 ____D C:\Program Files\NordVPN
2019-09-16 16:43 - 2019-09-16 16:43 - 000000000 ____D C:\Program Files\NordVPN network TAP
2019-09-16 16:40 - 2019-09-16 16:40 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\NordVPN
2019-09-16 16:01 - 2019-09-16 16:02 - 012960040 _____ (NordVPN) C:\Users\ADM-ll\Downloads\NordVPNSetup (1).exe
2019-09-16 16:00 - 2019-09-16 16:01 - 012960040 _____ (NordVPN) C:\Users\ADM-ll\Downloads\NordVPNSetup.exe
2019-09-15 14:38 - 2019-09-15 14:54 - 199123348 _____ C:\Users\ADM-ll\Downloads\orig_0e9d2836c2670613324af0a1265eb9ea.mp4
2019-09-11 09:52 - 2019-08-26 23:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-11 09:52 - 2019-08-26 22:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-11 09:51 - 2019-08-28 22:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-11 09:51 - 2019-08-28 22:56 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-09-11 09:51 - 2019-08-28 22:56 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-09-11 09:51 - 2019-08-28 22:56 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-09-11 09:51 - 2019-08-28 22:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-09-11 09:51 - 2019-08-28 22:55 - 001315912 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-11 09:51 - 2019-08-28 22:55 - 000138168 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-09-11 09:51 - 2019-08-28 22:55 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-09-11 09:51 - 2019-08-28 22:52 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-09-11 09:51 - 2019-08-28 22:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-09-11 09:51 - 2019-08-28 22:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-09-11 09:51 - 2019-08-28 22:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-09-11 09:51 - 2019-08-28 22:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-09-11 09:51 - 2019-08-28 22:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-09-11 09:51 - 2019-08-28 22:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-09-11 09:51 - 2019-08-28 22:25 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-09-11 09:51 - 2019-08-28 22:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-09-11 09:51 - 2019-08-28 22:22 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-09-11 09:51 - 2019-08-28 22:22 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-09-11 09:51 - 2019-08-28 22:22 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-09-11 09:51 - 2019-08-28 22:22 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-11 09:51 - 2019-08-28 22:22 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-09-11 09:51 - 2019-08-28 22:22 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-09-11 09:51 - 2019-08-28 22:21 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-09-11 09:51 - 2019-08-28 22:21 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-09-11 09:51 - 2019-08-28 22:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-09-11 09:51 - 2019-08-28 22:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-09-11 09:51 - 2019-08-28 22:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-09-11 09:51 - 2019-08-28 22:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-09-11 09:51 - 2019-08-27 15:59 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-09-11 09:51 - 2019-08-26 23:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-09-11 09:51 - 2019-08-26 23:14 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-09-11 09:51 - 2019-08-26 23:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-11 09:51 - 2019-08-26 23:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-09-11 09:51 - 2019-08-26 23:02 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-09-11 09:51 - 2019-08-26 23:02 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-09-11 09:51 - 2019-08-26 23:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-09-11 09:51 - 2019-08-26 22:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-11 09:51 - 2019-08-26 22:56 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-09-11 09:51 - 2019-08-26 22:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-09-11 09:51 - 2019-08-26 22:54 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-11 09:51 - 2019-08-26 22:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-11 09:51 - 2019-08-26 22:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-09-11 09:51 - 2019-08-26 22:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-09-11 09:51 - 2019-08-26 22:53 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-09-11 09:51 - 2019-08-26 22:47 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-09-11 09:51 - 2019-08-26 22:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-09-11 09:51 - 2019-08-26 22:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-09-11 09:51 - 2019-08-26 22:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-09-11 09:51 - 2019-08-26 22:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-09-11 09:51 - 2019-08-26 22:38 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-11 09:51 - 2019-08-26 22:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-09-11 09:51 - 2019-08-26 22:36 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-11 09:51 - 2019-08-26 22:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-09-11 09:51 - 2019-08-26 22:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-09-11 09:51 - 2019-08-26 22:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-11 09:51 - 2019-08-26 22:28 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-11 09:51 - 2019-08-26 22:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-11 09:51 - 2019-08-26 22:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-11 09:51 - 2019-08-26 22:27 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-09-11 09:51 - 2019-08-26 22:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-09-11 09:51 - 2019-08-26 22:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-11 09:51 - 2019-08-26 22:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-11 09:51 - 2019-08-26 22:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-11 09:51 - 2019-08-22 18:07 - 000530688 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-11 09:51 - 2019-08-20 21:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-11 09:51 - 2019-08-20 21:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-09-11 09:51 - 2019-08-20 21:56 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-09-11 09:51 - 2019-08-20 21:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-09-11 09:51 - 2019-08-20 19:26 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-11 09:51 - 2019-08-20 19:20 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-11 09:51 - 2019-08-20 19:19 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-09-11 09:51 - 2019-08-19 22:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-11 09:51 - 2019-08-15 03:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-11 09:51 - 2019-08-14 13:58 - 000253880 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-09-11 09:51 - 2019-08-14 13:54 - 003229184 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-11 09:51 - 2019-08-14 13:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-11 09:51 - 2019-08-14 13:53 - 000253440 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2019-09-11 09:51 - 2019-08-14 13:53 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2019-09-11 09:51 - 2019-08-14 01:04 - 001053184 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2019-09-11 09:51 - 2019-08-14 01:04 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2019-09-11 09:51 - 2019-08-14 01:04 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-09-11 09:51 - 2019-08-14 00:57 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-11 09:51 - 2019-08-13 18:17 - 000732600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-11 09:51 - 2019-08-13 18:17 - 000221624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-09-11 09:51 - 2019-08-13 18:17 - 000137144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-11 09:51 - 2019-08-13 18:13 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-09-11 09:51 - 2019-08-13 18:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-11 09:51 - 2019-08-13 18:13 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-11 09:51 - 2019-08-13 18:12 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-11 09:51 - 2019-08-13 18:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-09-11 09:51 - 2019-08-12 22:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2019-09-11 09:51 - 2019-08-12 22:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2019-09-11 09:51 - 2019-08-12 22:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2019-09-11 09:51 - 2019-08-12 22:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 002703360 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-11 09:51 - 2019-08-12 20:56 - 001460224 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-11 09:51 - 2019-08-12 20:56 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-11 09:50 - 2019-08-15 21:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-08-31 11:02 - 2019-08-31 11:02 - 000425304 _____ (Secure By Design Inc.) C:\Users\ADM-ll\Downloads\Ninite PeaZip Installer.exe
2019-08-31 07:23 - 2019-08-31 07:23 - 000000000 ____D C:\Program Files\PrivaZer
2019-08-31 07:20 - 2019-08-31 07:22 - 025800312 _____ (Goversoft LLC) C:\Users\ADM-ll\Downloads\PrivaZer_free.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-27 15:47 - 2019-08-19 14:02 - 000000000 ____D C:\Users\ADM-ll\Downloads\Nueva carpeta
2019-09-27 14:25 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-27 14:25 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-27 14:11 - 2019-06-24 11:49 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\AVAST Software
2019-09-27 14:07 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-27 13:06 - 2019-06-26 14:13 - 000000000 ____D C:\Program Files\Panda Security URL Filtering
2019-09-27 13:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2019-09-27 12:09 - 2019-07-21 10:03 - 000000000 ____D C:\Program Files\AVAST Software
2019-09-27 11:44 - 2019-08-16 15:38 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\AVAST Software
2019-09-27 11:28 - 2019-06-24 11:38 - 000000000 ____D C:\ProgramData\AVAST Software
2019-09-27 10:26 - 2019-03-16 17:17 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\MEGAsync
2019-09-27 09:16 - 2019-01-02 14:25 - 000000000 ____D C:\Users\ADM-ll\AppData\LocalLow\Mozilla
2019-09-27 08:31 - 2009-07-14 00:53 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-09-26 09:17 - 2019-05-28 11:30 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\CrashDumps
2019-09-26 09:00 - 2011-04-11 21:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-09-26 09:00 - 2011-04-11 21:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-09-26 09:00 - 2010-11-20 17:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-25 12:31 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2019-09-25 00:27 - 2019-07-06 22:48 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-09-24 22:06 - 2019-08-12 22:34 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 22:06 - 2019-08-12 22:34 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 22:06 - 2019-08-12 22:34 - 000002127 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 11:54 - 2019-06-25 13:36 - 000000000 ____D C:\Users\ADM-ll\Documents\Bandicam
2019-09-23 17:13 - 2019-05-10 10:54 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\vlc
2019-09-23 09:17 - 2019-07-20 11:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-23 09:17 - 2019-01-03 12:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-09-20 14:27 - 2019-05-25 06:14 - 000000289 _____ C:\Users\ADM-ll\Documents\C.txt
2019-09-20 09:40 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2019-09-19 22:11 - 2018-12-03 17:49 - 000000000 ____D C:\Program Files\Opera
2019-09-18 21:09 - 2019-03-02 15:52 - 000000133 _____ C:\Users\ADM-ll\Documents\cl.txt
2019-09-13 16:52 - 2019-08-01 11:09 - 000000000 _____ C:\Windows\system32\last.dump
2019-09-11 12:22 - 2018-12-02 21:26 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-09-10 17:44 - 2019-07-10 23:01 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-09-10 17:44 - 2019-07-10 23:01 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-09-10 17:44 - 2019-07-10 23:01 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-10 12:39 - 2018-12-02 20:58 - 000000000 ____D C:\Windows\Minidump
2019-09-07 10:01 - 2019-07-21 10:28 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-09-07 10:01 - 2019-07-21 10:28 - 000002330 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-09-07 10:01 - 2019-07-21 10:28 - 000002330 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2019-08-31 11:03 - 2018-12-03 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2019-08-31 11:03 - 2018-12-03 17:55 - 000000000 ____D C:\Program Files\PeaZip
2019-08-31 07:27 - 2018-12-04 16:12 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\PrivaZer
2019-08-31 07:23 - 2019-06-07 09:45 - 000001847 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk

==================== Files in the root of some directories ================

2018-12-03 18:53 - 2018-12-03 18:53 - 000001111 _____ () C:\Users\ADM-ll\AppData\Local\gamma_ramp.reg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-20 09:33
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2019
Ran by ADM-ll (27-09-2019 16:07:44)
Running from C:\Users\ADM-ll\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2018-12-03 00:31:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADM-ll (S-1-5-21-2707563477-1181458908-4289881501-1000 - Administrator - Enabled) => C:\Users\ADM-ll
Administrador (S-1-5-21-2707563477-1181458908-4289881501-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2707563477-1181458908-4289881501-1002 - Limited - Enabled)
Invitado (S-1-5-21-2707563477-1181458908-4289881501-501 - Limited - Disabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Street-Boy) All Cards Unlocker (HKLM\...\(Street-Boy) All Cards Unlocker) (Version: 2.0 - )
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 76.0.1632.101 - Los creadores de Avast Secure Browser)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
Bandicam (HKLM\...\Bandicam) (Version: 4.4.2.1550 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandicam.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.)
Google Chrome (HKLM\...\{F0CA664D-0B4E-39BB-8CF9-CED7DC87AE65}) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 69.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 69.0.1 (x86 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1.7199 - Mozilla)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NordVPN (HKLM\...\{135A06CE-0901-4493-A417-756A592C760E}) (Version: 6.23.11 - NordVPN) Hidden
NordVPN (HKLM\...\NordVPN 6.23.11) (Version: 6.23.11 - NordVPN)
NordVPN network TAP (HKLM\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.8.6 - Steganos Software GmbH)
Opera Stable 63.0.3368.94 (HKLM\...\Opera 63.0.3368.94) (Version: 63.0.3368.94 - Opera Software)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panda Devices Agent (HKLM\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
PeaZip 6.9.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.9.1 - Giorgio Tani)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.) Hidden
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.76.0 - Goversoft LLC)
qBittorrent 3.0.5 (HKLM\...\qbittorrent) (Version:  - )
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VIA/S3G Display Driver 6.14.10.0359 (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Yu-Gi-Oh! MythOfAtem v 3.0 (HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Yu-Gi-Oh! MythOfAtem v 3.0) (Version:  - )
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION (HKLM\...\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION_is1) (Version:  - Konami)
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (HKLM\...\Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE_is1) (Version:  - Konami)
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY (HKLM\...\Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY_is1) (Version:  - Konami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu5.dll [2019-08-31] () [File not signed]
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu5.dll [2019-08-31] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu5.dll [2019-08-31] () [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu5.dll [2019-08-31] () [File not signed]
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu5.dll [2019-08-31] () [File not signed]
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-09-27 12:10 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll
2019-08-31 07:23 - 2019-08-31 07:23 - 002159415 _____ () [File not signed] C:\Program Files\PrivaZer\PrivaMenu5.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.

IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-12-11 09:41 - 000454640 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15606 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2707563477-1181458908-4289881501-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.44.32.12 - 200.109.78.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{20F66259-FFB2-435C-B06E-A7178DBFAFD2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36F98ED7-E555-4064-8F6B-1D562AFB4127}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{678D174C-B3CB-4171-B96E-5CA3A7C204E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{68ED46DE-5246-4A28-943A-298ADC41307D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{8C9371B6-78FB-489F-97B0-4FBDBE9CD616}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{664DFF90-D23C-47D5-9E1C-188B01BDA922}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{83AFA050-80EB-4DC7-A61C-73C943DEA132}] => (Allow) C:\Program Files\Opera\63.0.3368.71\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F1DE43ED-3B74-499D-B3E0-DD285D415F19}] => (Allow) C:\Program Files\Opera\63.0.3368.94\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{51381474-72D7-427A-9021-528E6C861A99}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

16-09-2019 16:44:03 Instalación del paquete de controladores de dispositivo: TAP-NordVPN Windows Provider V9 Adaptadores de red
16-09-2019 17:19:06 Revo Uninstaller's restore point - Avast SecureLine
16-09-2019 17:21:38 Revo Uninstaller's restore point - Windscribe
25-09-2019 10:49:24 Revo Uninstaller's restore point - Avast SecureLine VPN
27-09-2019 07:39:09 Revo Uninstaller's restore point - Avast Premium Security
27-09-2019 07:44:22 Revo Uninstaller's restore point - Avast Cleanup Premium
27-09-2019 07:49:54 Revo Uninstaller's restore point - Avast Premium Security
27-09-2019 08:03:08 Windows Update
27-09-2019 12:13:52 Revo Uninstaller's restore point - CCleaner
27-09-2019 12:15:54 Revo Uninstaller's restore point - ZHPcleaner

==================== Faulty Device Manager Devices =============

Name: NNSDns
Description: NNSDns
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NNSDNS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2019 02:10:12 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/27/2019 02:10:12 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/27/2019 02:10:12 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/27/2019 02:10:12 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/27/2019 02:10:12 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (09/27/2019 02:10:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/27/2019 02:10:08 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El servidor de índice de contenido no puede actualizar o tener acceso a la información debido a un error de base de datos. Detenga y reinicie el servicio de búsqueda. Si el problema persiste, restablezca el índice de contenido y vuelva a rastrearlo. A veces puede ser necesario eliminar el índice de contenido y volver a crearlo.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (09/27/2019 02:10:08 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=1100}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/27/2019 02:10:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (09/27/2019 02:10:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

Error: (09/27/2019 02:10:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (09/27/2019 02:10:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (09/27/2019 02:08:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
NNSDNS

Error: (09/27/2019 02:06:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 01:54:49 p.m. del ‎27/‎09/‎2019 resultó inesperado.

Error: (09/27/2019 11:44:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.

Error: (09/27/2019 11:44:26 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.


Windows Defender:
===================================
Date: 2019-03-16 21:37:27.074
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{374B5416-D844-4399-94CB-322BA1FE902A}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:ADM-ll-PC\ADM-ll

Date: 2019-03-04 05:43:31.745
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{62CCDAC8-1779-4BF6-B58B-81DABFDC7351}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2019-07-13 11:03:38.989
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2019-05-28 13:57:15.412
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

CodeIntegrity:
===================================

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.155
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.155
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.140
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-17 05:29:35.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-17 05:29:35.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: Phoenix Technologies, LTD 6.00 PG 08/02/2007
Motherboard: BIOSTAR Group P4M89-M7B
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 71%
Total physical RAM: 1982.49 MB
Available physical RAM: 559.19 MB
Total Virtual: 3964.98 MB
Available Virtual: 2154.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:86.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: CFBBCFBB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola @Jaime64

Lo que te detecta Avast en si no es una infección, si una vulnerabilidad.

Revisa en tus actualizaciones instaladas si tienes:

Ademas verifica si tienes los puertos cerrados:

Estos puertos son el 445 y 139 en TCP , y 137 y 138 en UDP


Luego realizas lo siguiente:

Paso 1:

Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Panda Devices Agent
  • Panda Cloud Cleaner
  • Panda Security URL Filtering
  • Avast Secure Browser <<< Este si no lo utilizas.

Manual de Revo Uninstaller.


Paso 2:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
Task: {432E3376-D49B-4EA8-A500-7B655DB24423} - System32\Tasks\{36BD45AE-5079-43D9-823A-3F1670353CC7} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
Task: {466E7AD5-95D3-4A0E-978F-16DCC067512D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1574320 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
C:\Program Files\Common Files\AVG
Task: {F2273CC9-0306-4401-AC58-F4FE1AEA5DAB} - System32\Tasks\{89A6836E-57A9-4A4E-B1B8-6F35AD59DBAC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://search.comodo.com/?p={searchTerms}&hsimp=yhs-securitybundle&cc=ve&type=33050001005_12.0.0.6818_i_ds_sp&cri=43FA119C60FA0AA2F4254C07E9EC1887&cni=33050001
Toolbar: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
S3 AfVpnService; "C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe" [X]
C:\Program Files\Bitdefender
S3 Panda VPN Service; "C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe" [X]
C:\Program Files\Panda Security
S3 PSINanoRun_15E6; C:\Users\ADM-ll\AppData\Local\Temp\15E6\PSINanoRun_15E6.exe [X] <==== ATTENTION
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141136 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [786256 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
S1 NNSDNS; C:\Windows\System32\DRIVERS\NNSDns.sys [105656 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
C:\Program Files\Panda Security URL Filtering
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
2019-09-27 11:15 - 2019-09-27 11:15 - 000000000 ____D C:\ProgramData\panda_url_filtering
2019-09-27 13:06 - 2019-06-26 14:13 - 000000000 ____D C:\Program Files\Panda Security URL Filtering
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
C:\Program Files\Panda Security
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

No tengo ninguno de los parches acumulativos a que haces referencia.

Hola @Jaime64

Son parches del año 2017, deberías tenerlos todos.

Busca actualizaciones manualmente y nos comentas que pasa.

Sino trata de instalar los parches comentados del enlace.

Luego continuamos con los demás pasos.

Cualquier problema u error toma capturas y nos subes una imagen:

Salu2

Solo me aparecen actualizaciones del año 2019.

Estos son los puertos TCP:

Estos son los puertos UDP:

No veo Panda Devices Agent y Panda Security URL Filtering, en la lista de Revo Uninstaller, pero veo sus carpetas en la carpeta de Archivos de Programa de Windows, Que debo hacer?

Hola @Jaime64

Esas imágenes no son las que te pedí.

Te comente que trataras de instalar esos parches y si te daban un error subieras esas imágenes.


Realizar los pasos para verificar y / o cerrar los puertos 445 y 139.


Y Luego seguir con los pasos del Fixlist.

Salu2

Este es el informe de Frst.exe.

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-09-2019
Ran by ADM-ll (30-09-2019 14:11:00) Run:1
Running from C:\Users\ADM-ll\Desktop
Loaded Profiles: ADM-ll (Available Profiles: ADM-ll & Invitado)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
Task: {432E3376-D49B-4EA8-A500-7B655DB24423} - System32\Tasks\{36BD45AE-5079-43D9-823A-3F1670353CC7} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
Task: {466E7AD5-95D3-4A0E-978F-16DCC067512D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1574320 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
C:\Program Files\Common Files\AVG
Task: {F2273CC9-0306-4401-AC58-F4FE1AEA5DAB} - System32\Tasks\{89A6836E-57A9-4A4E-B1B8-6F35AD59DBAC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://search.comodo.com/?p={searchTerms}&hsimp=yhs-securitybundle&cc=ve&type=33050001005_12.0.0.6818_i_ds_sp&cri=43FA119C60FA0AA2F4254C07E9EC1887&cni=33050001
Toolbar: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
S3 AfVpnService; "C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe" [X]
C:\Program Files\Bitdefender
S3 Panda VPN Service; "C:\Program Files\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe" [X]
C:\Program Files\Panda Security
S3 PSINanoRun_15E6; C:\Users\ADM-ll\AppData\Local\Temp\15E6\PSINanoRun_15E6.exe [X] <==== ATTENTION
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141136 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [786256 2016-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
S1 NNSDNS; C:\Windows\System32\DRIVERS\NNSDns.sys [105656 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
C:\Program Files\Panda Security URL Filtering
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
2019-09-27 11:15 - 2019-09-27 11:15 - 000000000 ____D C:\ProgramData\panda_url_filtering
2019-09-27 13:06 - 2019-06-26 14:13 - 000000000 ____D C:\Program Files\Panda Security URL Filtering
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
C:\Program Files\Panda Security
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.mjpg" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.mpeg" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.bdmpeg" => removed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{432E3376-D49B-4EA8-A500-7B655DB24423}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{432E3376-D49B-4EA8-A500-7B655DB24423}" => removed successfully.
C:\Windows\System32\Tasks\{36BD45AE-5079-43D9-823A-3F1670353CC7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36BD45AE-5079-43D9-823A-3F1670353CC7}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{466E7AD5-95D3-4A0E-978F-16DCC067512D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{466E7AD5-95D3-4A0E-978F-16DCC067512D}" => removed successfully.
C:\Windows\System32\Tasks\AVG\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully.
C:\Program Files\Common Files\AVG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2273CC9-0306-4401-AC58-F4FE1AEA5DAB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2273CC9-0306-4401-AC58-F4FE1AEA5DAB}" => removed successfully.
C:\Windows\System32\Tasks\{89A6836E-57A9-4A4E-B1B8-6F35AD59DBAC} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89A6836E-57A9-4A4E-B1B8-6F35AD59DBAC}" => removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => removed successfully.
HKLM\Software\Classes\CLSID\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => not found
"HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully.
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found
HKLM\System\CurrentControlSet\Services\AfVpnService => removed successfully.
AfVpnService => service removed successfully.
"C:\Program Files\Bitdefender" => not found
HKLM\System\CurrentControlSet\Services\Panda VPN Service => removed successfully.
Panda VPN Service => service removed successfully.
C:\Program Files\Panda Security => moved successfully
HKLM\System\CurrentControlSet\Services\PSINanoRun_15E6 => removed successfully.
PSINanoRun_15E6 => service removed successfully.
kl1 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\kl1 => removed successfully.
kl1 => service removed successfully.
klflt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\klflt => removed successfully.
klflt => service removed successfully.
klhk => Unable to stop service.
HKLM\System\CurrentControlSet\Services\klhk => removed successfully.
klhk => service removed successfully.
KLIF => Unable to stop service.
HKLM\System\CurrentControlSet\Services\KLIF => removed successfully.
KLIF => service removed successfully.
HKLM\System\CurrentControlSet\Services\NNSDNS => removed successfully.
NNSDNS => service removed successfully.
HKLM\System\CurrentControlSet\Services\panda_url_filteringd => removed successfully.
panda_url_filteringd => service removed successfully.
C:\Program Files\Panda Security URL Filtering => moved successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully.
SWDUMon => service removed successfully.
C:\ProgramData\panda_url_filtering => moved successfully
"C:\Program Files\Panda Security URL Filtering" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ZLAVShExt => removed successfully.
HKLM\Software\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"C:\Program Files\Panda Security" => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ZLAVShExt => removed successfully.
HKLM\Software\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB} => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 7 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 6 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 5 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 4 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 3 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local 7:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 6:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 5:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : Belkin
   V¡nculo: direcci¢n IPv6 local. . . : fe80::1d63:321f:b6fa:8414%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.2.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.2.1

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{215954E0-B86A-4C5E-8D7E-798134D423AE}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{BEAD42EB-BD2B-407E-8EA7-1FC3E9C00B7C}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Reusable ISATAP Interface {29081660-5386-4C1B-B441-514E3CDBE4B1}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Reusable ISATAP Interface {64E2089E-BF89-4006-80EC-8BE7E8B09769}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{05B91FA1-A3B2-492E-9D70-4EC4A3E6B51D}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.Belkin:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : Belkin

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6811303 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 41220090 B
Edge => 0 B
Chrome => 388490645 B
Firefox => 105537996 B
Opera => 8538872 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 504 B
LocalService => 357 B
NetworkService => 357 B
ADM-ll => 101920485 B
Invitado => 56961 B

RecycleBin => 4015854 B
EmptyTemp: => 634.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:13:41 ====

Ya no sale mas el mensaje.

Hola @Jaime64

Muy bueno :clap::clap:

Comenta si pudiste instalar los parches o cerrar los puertos???


Prueba el equipo durante el día realizando dos o tres reinicios y vuelves a comentar que tal va.

Salu2

Los parches no pueden ser instalados en este equipo. No he podido cerrar los puertos, no se como hacerlo a través del firewall de Avast, hay un sistema para hacerlo a través del firewall de Windows. Debo desinstalar el Avast, para cerrar el puerto?

Hola @Jaime64

Tienes abiertos los puertos 445 en TCP , y 137 y 138 en UDP según tus imágenes de CMD.

Deberías poder bloquear los puertos desde el mismo Firewall de Avast.

Como desconozco su uso, y como tienes una licencia valida contactate con el Foro de Avast en Español, para que te den los pasos correctos.


Con respecto a nuestro tema y para eliminar las herramientas utilizadas:

Ejecutas >> Delfix, desde tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Nos comentas si todo esta en orden para dar por Solucionado el tema.

Salu2.

Supongo que pude cerrar los puertos a que haces referencia. Me fuí para -> Cortafuegos -> Opciones -> Politicas ->Reglas del sistema, y alli le di a No Permitir que Windows comparta Archivos e Impresoras