AutoIt Error Line 0 ,¿no es un virus?

#1
Saludos desde Ecuador.
Tengo un problema en una laptop Hp que tiene instalado Windows 10, y a veces se actualiza sola. Ayer a eso de las 7 de la noche cuando iba a apagarla me salió la notificación de actualización, así que actualicé y apague. Hoy cuando la encendí, me aparecieron 2 ventanas que decian:
AutoIt Error
Line 0 (File “C:\windows\system32&exit”)
Error: Error: opening the file
Le di aceptar pensando que era por la actualización. La computadora se puso super lenta, no podía ni siquiera abrir Avira para escanear.
Busque en internet y dice que puede ser virus o problema de registro, trate de seguir los pasos con regedit, pero no me detectó nada (no edite ningún registro) , escaneé con MalwareByte en modo seguro y nada.
Intenté reestablecer a un punto anterior pero al final me salió un mensaje de que no se pudo reestablecer por un archivo y que no se perdió nada Se reinició la laptop y ahora apareció:
AutoIt Error
Line 0 (File “C:\windows\system32’”)
Error: Error: opening the file
Pero todo anda bien, la escaneé con Avira y no detectó nada, la escaneé con MalwareByte otra vez y nada, le pasé el CCleaner y arregló un poco de registros , reinicié pero me siguen apareciendo esas 2 ventanas, aunque la laptop de momento funciona normal.
Sé que otras personas ya han posteado sobre el mismo AutoIt, pero veo que hay varias soluciones para diferentes casos,así que quisiera saber que debo hacer ahora.
Agradezco de antemano cualquier respuesta que me saque de la duda.
0 me gusta

#2

Buenas @Katherine_Cordova_Ar bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

Realiza cada uno de los pasos aunque alguno YA lo hubieras realizado anteriormente.

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

1 me gusta

#4
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/4/19
Hora del análisis: 9:48
Archivo de registro: 65bf1276-5a0d-11e9-b8ad-1458d0c7a959.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10042
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 14393.2189)
CPU: x64
Sistema de archivos: NTFS
Usuario: MINEDUC019740\ADMIN-MINEDUC

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 287119
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 3 min, 32 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-08-2019
# Duration: 00:00:15
# OS:       Windows 10 Pro
# Scanned:  27198
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1249 octets] - [07/04/2019 22:46:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by ADMIN-MINEDUC (Administrator) on 08/04/2019 at 10:02:51,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default\extensions\staged (Folder) 
Successfully deleted: C:\Users\Public\Desktop\play more great games!.url (Shortcut) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/04/2019 at 10:05:26,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (administrator) on MINEDUC019740 (08-04-2019 10:07:24)
Running from C:\Users\ADMIN-MINEDUC\Desktop
Loaded Profiles: ADMIN-MINEDUC (Available Profiles: ADMIN-MINEDUC)
Platform: Windows 10 Pro Version 1607 14393.2189 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Absolute Software Corp. -> Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-22] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [strdat] => C:\WINDOWS\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "& exit
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-06] (Google LLC -> Google Inc.)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96c7adf0-797c-4cc7-855f-1c2f1830798d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{96c7adf0-797c-4cc7-855f-1c2f1830798d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e69c2a93-bd5e-4b96-acdc-bfbab4b28c2f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{e69c2a93-bd5e-4b96-acdc-bfbab4b28c2f}: [DhcpNameServer] 186.47.201.10 186.42.193.2

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hy1sxmgs.default
FF ProfilePath: C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default [2019-04-08]
FF Extension: (Avira Navegación segura) - C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default\Extensions\[email protected] [2019-03-27]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default [2019-04-08]
CHR Extension: (Documentos) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16]
CHR Extension: (Gmail) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-25]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [893008 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [314264 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1191152 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [466280 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCATELUSB; C:\WINDOWS\System32\Drivers\AlcatelUsb.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [75432 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [188008 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [175104 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2019-02-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MEDIATEK INC. -> MediaTek Inc.)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [242688 2013-01-16] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [57648 2015-12-08] (DEVGURU CO LTD -> QUALCOMM Incorporated)
S3 UsbserFilt; C:\WINDOWS\System32\drivers\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-08 10:07 - 2019-04-08 10:08 - 000016160 _____ C:\Users\ADMIN-MINEDUC\Desktop\FRST.txt
2019-04-08 10:07 - 2019-04-08 10:07 - 000000000 ____D C:\FRST
2019-04-08 10:05 - 2019-04-08 10:05 - 000001048 _____ C:\Users\ADMIN-MINEDUC\Desktop\JRT.txt
2019-04-08 09:41 - 2019-04-08 09:45 - 021205512 _____ (Piriform Software Ltd) C:\Users\ADMIN-MINEDUC\Desktop\ccsetup555.exe
2019-04-08 09:39 - 2019-04-08 10:07 - 002434048 _____ (Farbar) C:\Users\ADMIN-MINEDUC\Desktop\FRST64.exe
2019-04-08 09:34 - 2019-04-08 10:02 - 001790024 _____ (Malwarebytes) C:\Users\ADMIN-MINEDUC\Desktop\JRT.exe
2019-04-07 22:53 - 2019-04-07 22:53 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-07 22:45 - 2019-04-07 22:46 - 000000000 ____D C:\AdwCleaner
2019-04-07 22:41 - 2019-04-07 22:45 - 007025360 _____ (Malwarebytes) C:\Users\ADMIN-MINEDUC\Desktop\adwcleaner_7.3.exe
2019-04-07 21:44 - 2019-04-07 21:45 - 000000000 ___HD C:\$WINDOWS.~BT
2019-04-07 21:05 - 2019-04-07 21:05 - 000054902 _____ C:\Users\ADMIN-MINEDUC\Documents\cc_20190407_210506.reg
2019-04-07 21:05 - 2019-04-07 21:05 - 000001656 _____ C:\Users\ADMIN-MINEDUC\Documents\cc_20190407_210554.reg
2019-04-07 18:42 - 2019-04-07 18:42 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\mbam
2019-04-07 18:41 - 2019-04-07 22:07 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-07 18:41 - 2019-04-07 18:41 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-07 18:41 - 2019-04-07 18:41 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\mbamtray
2019-04-07 18:41 - 2019-04-07 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-06 16:16 - 2019-04-06 16:16 - 000002170 _____ C:\Users\ADMIN-MINEDUC\Desktop\Love Nikki.lnk
2019-04-02 12:42 - 2019-04-06 16:25 - 000000000 _RSHD C:\streamer
2019-04-02 12:42 - 2019-04-02 12:42 - 000000000 _RSHD C:\streamerdata
2019-04-02 12:33 - 2019-04-02 12:35 - 000000000 ____D C:\Users\ADMIN-MINEDUC\Desktop\PLANIFICACIONES-2019-2020
2019-03-31 23:08 - 2019-03-31 23:08 - 000002142 _____ C:\Users\ADMIN-MINEDUC\Desktop\VSCO.lnk
2019-03-29 23:54 - 2019-03-29 23:54 - 000002224 _____ C:\Users\ADMIN-MINEDUC\Desktop\BanG Dream!.lnk
2019-03-29 22:40 - 2019-03-29 22:40 - 000001200 _____ C:\Users\Public\Desktop\Avira.lnk
2019-03-29 22:40 - 2019-03-29 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-03-25 00:04 - 2019-03-25 00:04 - 000000000 ____D C:\Windows.old
2019-03-16 22:34 - 2019-03-16 22:28 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-08 09:46 - 2018-09-12 23:48 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-08 09:46 - 2017-07-19 00:26 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-08 09:46 - 2017-07-19 00:26 - 000000000 ____D C:\Program Files\CCleaner
2019-04-08 09:27 - 2016-10-18 09:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-08 09:27 - 2016-10-18 02:09 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2019-04-08 09:27 - 2016-05-19 23:43 - 000000000 __SHD C:\Users\ADMIN-MINEDUC\IntelGraphicsProfiles
2019-04-07 22:53 - 2016-10-18 09:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-07 22:53 - 2016-10-18 09:34 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2019-04-07 22:53 - 2016-10-18 02:09 - 000029528 _____ C:\WINDOWS\system32\wpbbin.exe
2019-04-07 22:53 - 2016-10-18 02:09 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2019-04-07 22:53 - 2016-09-17 11:06 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2019-04-07 22:53 - 2016-07-16 01:04 - 004194304 _____ C:\WINDOWS\system32\config\BBI
2019-04-07 21:47 - 2016-10-17 20:08 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-07 21:03 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2019-04-07 18:53 - 2016-10-18 09:40 - 000000000 ____D C:\Users\ADMIN-MINEDUC
2019-04-07 18:41 - 2018-09-12 21:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-07 18:20 - 2017-07-18 17:13 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-07 18:20 - 2016-10-18 09:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-07 16:43 - 2016-09-17 11:11 - 000000149 __RSH C:\ProgramData\3002.xml
2019-04-07 16:43 - 2016-09-17 11:11 - 000000049 __RSH C:\ProgramData\3012.xml
2019-04-07 16:41 - 2016-09-17 11:09 - 000000153 _____ C:\ProgramData\2012.par
2019-04-07 16:40 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-06 19:15 - 2016-09-17 11:11 - 000002957 _____ C:\ProgramData\netsh.out
2019-04-06 17:43 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-06 17:15 - 2018-12-14 00:13 - 000000036 _____ C:\WINDOWS\progress.ini
2019-04-06 17:15 - 2016-10-18 09:58 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2019-04-06 17:15 - 2016-10-18 09:58 - 000001890 _____ C:\WINDOWS\diagerr.xml
2019-04-06 17:05 - 2016-09-25 22:15 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-06 17:05 - 2016-09-25 22:15 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-06 17:04 - 2018-11-13 23:45 - 000000000 ___HD C:\$GetCurrent
2019-04-06 17:03 - 2018-11-02 00:30 - 000000000 ____D C:\Windows10Upgrade
2019-04-06 16:58 - 2018-10-30 22:24 - 000000000 ____D C:\Program Files\rempl
2019-04-06 16:10 - 2016-09-17 11:11 - 000000268 _____ C:\ProgramData\SmartCallConfig.xml
2019-03-31 22:47 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-31 22:15 - 2017-07-24 19:31 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2562697441-1061409529-4134975898-1001
2019-03-31 22:14 - 2016-09-16 19:36 - 000002432 _____ C:\Users\ADMIN-MINEDUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-31 22:14 - 2014-11-18 02:39 - 000000000 ___RD C:\Users\ADMIN-MINEDUC\OneDrive
2019-03-29 22:40 - 2017-07-18 22:29 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-28 11:14 - 2016-09-23 17:47 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\ElevatedDiagnostics
2019-03-28 10:46 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\Registration
2019-03-28 10:22 - 2016-10-18 09:57 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 10:22 - 2016-10-18 09:57 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 21:10 - 2016-11-21 20:59 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\LocalLow\Mozilla
2019-03-17 23:32 - 2016-10-10 21:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-17 23:24 - 2016-10-10 21:04 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-17 23:22 - 2016-09-17 13:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-03-17 23:22 - 2016-09-16 12:32 - 000000167 _____ C:\WINDOWS\win.ini
2019-03-16 22:35 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-16 22:28 - 2017-07-18 23:48 - 000188008 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000175104 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000075432 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2019-03-09 01:11 - 2016-09-16 19:32 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\Packages

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-08 10:01

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (08-04-2019 10:09:03)
Running from C:\Users\ADMIN-MINEDUC\Desktop
Windows 10 Pro Version 1607 14393.2189 (X64) (2016-10-18 15:00:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN-MINEDUC (S-1-5-21-2562697441-1061409529-4134975898-1001 - Administrator - Enabled) => C:\Users\ADMIN-MINEDUC
Administrador (S-1-5-21-2562697441-1061409529-4134975898-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2562697441-1061409529-4134975898-503 - Limited - Disabled)
Invitado (S-1-5-21-2562697441-1061409529-4134975898-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.103 - Alps Electric)
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22617 - Microsoft Corporation)
Avira (HKLM-x32\...\{9c4627af-2a2f-4e06-aa50-e0d70979e4b6}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{BE930E27-DF4B-44AF-8037-EB0A1D419787}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.44.143 - Avira Operations GmbH & Co. KG)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.50.5.1003 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version:  - PopCap Games)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 62.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0 (x64 es-ES)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{EC4F72E8-52FE-454E-B70F-DBE5C0FA44C5}) (Version: 1.20.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2562697441-1061409529-4134975898-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {078AC3A5-8E1D-47D4-B579-714D3996E9C0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1DB852BE-C963-41E2-9D32-F84B3CDE2AFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2C42E70F-771D-44D1-B1FF-718B242ADE5F} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {2F811D54-B44B-4E12-A030-CF81EE29508F} - System32\Tasks\pmkllzctegdrcpecomjlw => C:\yvkzjtznyrvxelrbrujte\pmkllzctegdrcpecomjlw.exe
Task: {3E24C2DC-DB7D-4827-8E23-C84E6A3F2CD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5A1B49D0-DE23-42FF-8E3D-C29A0EFB3858} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {74BC45A1-E85B-4ED5-A8E7-E5A1AB2626BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8170EA0E-891E-4575-88B7-5DB5E050A90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9C427566-A856-4C11-99A6-B4A650E196FF} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B35521C9-B6F2-4851-80F3-9B3C169CD88F} - no filepath
Task: {C4BCBB22-87CD-4834-A322-722317C1299E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DDDAB3BC-9A8A-4418-9A3B-F8D7A7803193} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E46E3783-F1A8-4B28-8BE2-CD03822B525A} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-12 21:48 - 2019-04-07 22:07 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-16 12:32 - 2016-09-16 12:27 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2017-05-08 16:03 - 2017-05-08 20:46 - 000000512 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN-MINEDUC\Pictures\andes_cotopaxi.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E91A9545-05D5-4384-92ED-8A882F0B82E4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F33152DC-DEDD-4960-A6A7-E99AD62E6E1D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B55B74F7-EC2E-4F0B-B530-ACC2F76E2A24}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14A8F0A6-D540-4404-8F08-1674D35E6073}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1BA7602F-120C-463C-81D6-65AD912F4AFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{49219266-915D-4728-8B9B-640B5552C4D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9A71268C-2CF1-4152-BD04-28409DC29520}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F8FC80-7119-4AB4-9AD4-843487A4D8BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D828006D-E106-400A-98CF-B5CE4A3EA48C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BFA7838-D2D0-44F0-9ED7-386A5A092068}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EAE6902E-3838-4B6E-B5FF-7C5C50620DB2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7553AF30-EC8E-4598-9E2A-6173CABBC953}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5CC912C7-9132-4A0D-AB97-24CCD39ED83C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FEAD807D-A6FC-438C-B1F8-C38F77452CAF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B3720137-F7FB-4E6B-84DF-D1A563424BB8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7C3C3F75-9153-4F8C-B734-03BFCBB6C90B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{38A8066C-5B1D-4619-B210-E53078EAC288}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

05-02-2019 17:26:47 Punto de control programado
18-02-2019 16:31:10 Punto de control programado
16-03-2019 23:26:04 Windows Update
24-03-2019 22:16:42 Windows Update
28-03-2019 10:39:33 Windows Update
06-04-2019 16:55:37 Windows Update
08-04-2019 10:02:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2019 10:03:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (04/07/2019 08:52:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Error no especificado durante Restaurar sistema: (Windows Update). Información adicional: 0x80070091.

Error: (04/07/2019 06:20:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Getstarted_5.12.2691.2000_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/07/2019 06:14:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/07/2019 06:14:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/07/2019 06:12:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/07/2019 06:12:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/07/2019 06:11:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.


System errors:
=============
Error: (04/08/2019 09:27:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 y APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/07/2019 11:01:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/07/2019 10:55:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 y APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/07/2019 10:53:52 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: A causa de un error no determinado en el adaptador Bluetooth local, éste no se usará. Se descargó el controlador.

Error: (04/07/2019 10:53:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Avira Programador se cerró con el error específico de servicio 
Función incorrecta.

Error: (04/07/2019 10:52:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/07/2019 09:48:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Actualización de características a Windows 10, versión 1803.

Error: (04/07/2019 08:53:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 y APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2017-07-18 22:44:20.369
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {35CB2CDF-329F-4B25-BE94-A6A1BDF5B382}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-06-09 13:01:52.140
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 116.1.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 2.1.12706.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:52.130
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:52.129
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:51.599
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2017-07-18 22:41:58.879
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 40%
Total physical RAM: 4027.84 MB
Available physical RAM: 2376.7 MB
Total Virtual: 5243.84 MB
Available Virtual: 3467.05 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:281.09 GB) (Free:199.79 GB) NTFS
Drive d: (Nuevo vol) (Fixed) (Total:183.83 GB) (Free:183.72 GB) NTFS

\\?\Volume{90461e07-cb18-46ad-a085-24ef4ce6a351}\ () (Fixed) (Total:0.45 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
0 me gusta

#5

Y sobre el funcionamiento del equipo, como mencioné ayer, la laptop funciona aparentemente normal. Al terminar de usar el Farbar Recovery Stan Tool, reinicié, para ver si seguían apareciendo los mensajes…y sí, todavía aparecen las 2 ventanas de AutoIt: la una de system32&exit y la otra de system32\¨¨.

0 me gusta

#6

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {2F811D54-B44B-4E12-A030-CF81EE29508F} - System32\Tasks\pmkllzctegdrcpecomjlw => C:\yvkzjtznyrvxelrbrujte\pmkllzctegdrcpecomjlw.exe
Task: {B35521C9-B6F2-4851-80F3-9B3C169CD88F} - no filepath
Task: {E46E3783-F1A8-4B28-8BE2-CD03822B525A} - no filepath
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-22] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [strdat] => C:\WINDOWS\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript "& exit
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-06] (Google LLC -> Google Inc.)
GroupPolicyScripts: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2019-04-08 09:27 - 2016-10-18 09:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

1 me gusta

#7

Disculpa,

  1. ¿no tengo que desactivar el antivirus y el internet para esos nuevos pasos?
  2. ¿es necesario descargar ese nuevo programa para ingresar en el modo seguro? ¿no puedo hacerlo desde Configuración?
0 me gusta

#8

Hola.

Con acceder a Windows en modo seguro es suficiente, lo normal es que accediendo desde modo seguro el antivirus se medio desactiva.

Y NO es necesario que uses ese programa/utilidad, si tu sabes acceder al modo seguro por ti sola hazlo como tu sepas, los pasos los damos para aquellos usuarios que NO sean hacerlo y que les resulte mas fácil. :+1:

Saludos.

0 me gusta

#9

Saludos, y gracias por contestar mis dudas. Seguí los pasos tal cual, y cuando pegué en Notepad.exe los códigos se me abrió una ventana que decía: ctfmon.exe Error del sistema Exception Processing Message 0xc0000005 Parameters 0x7ffd7f3c1d28 0x7ffd7f3c1d28 0x7ffd7f3c1d28 0x7ffd7f3c1d28

Luego la reinicié en modo seguro y usé el FRST.exe, y me volvió a salir el mismo mensaje.

A continuación el reporte:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (08-04-2019 21:33:27) Run:1
Running from C:\Users\ADMIN-MINEDUC\Desktop
Loaded Profiles: ADMIN-MINEDUC (Available Profiles: ADMIN-MINEDUC)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {2F811D54-B44B-4E12-A030-CF81EE29508F} - System32\Tasks\pmkllzctegdrcpecomjlw => C:\yvkzjtznyrvxelrbrujte\pmkllzctegdrcpecomjlw.exe
Task: {B35521C9-B6F2-4851-80F3-9B3C169CD88F} - no filepath
Task: {E46E3783-F1A8-4B28-8BE2-CD03822B525A} - no filepath
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-22] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [strdat] => C:\WINDOWS\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript "& exit
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-06] (Google LLC -> Google Inc.)
GroupPolicyScripts: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2019-04-08 09:27 - 2016-10-18 09:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F811D54-B44B-4E12-A030-CF81EE29508F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F811D54-B44B-4E12-A030-CF81EE29508F}" => removed successfully
C:\WINDOWS\System32\Tasks\pmkllzctegdrcpecomjlw => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pmkllzctegdrcpecomjlw" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B35521C9-B6F2-4851-80F3-9B3C169CD88F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B35521C9-B6F2-4851-80F3-9B3C169CD88F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E46E3783-F1A8-4B28-8BE2-CD03822B525A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E46E3783-F1A8-4B28-8BE2-CD03822B525A}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\flaterem" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\strdat" => removed successfully
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 324975643 B
Java, Flash, Steam htmlcache => 733 B
Windows/system/drivers => 254888 B
Edge => 19352 B
Chrome => 196091812 B
Firefox => 15748779 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 2474 B
NetworkService => 0 B
ADMIN-MINEDUC => 8995391 B

RecycleBin => 5435334 B
EmptyTemp: => 526 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:33:55 ====

Luego reinicié, y ya no me aparece ningún mensaje, por el momento…y la laptop sigue funcionando aparentemente normal… Entonces las preguntas son: ¿que sucedió? ¿qué hago para prevenir esa clase de eventos?

0 me gusta

#10

Perfecto, :+1: nos alegra que todo vaya bien, ahora solo queda eliminar las herramientas usadas.

Para terminar:

  • Descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Marca todas las casillas.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), copia y pega ese informe en tu próxima respuesta.

Y nos comentas como sigue el problema inicialmente planteado. :face_with_monocle:

Saludos.

1 me gusta

#11

Saludos, quería informar sobre algo antes de usar el DelFix.exe

Avira detectó una amenaza: DR/Autoit.tixkh C:\streamer\stream.txt, fue repentino, cuando cerré los programas y apagué el internet para usar el DelFix.exe. Mandé a cuarentena, revisé la cuarentena y ya había detectado esta amenaza el día antes de que aparecieran esas ventanas molestas. Mi mamá (que es la que usa la laptop) me informó que esta tarde cuando la usaba se le desconectó (del cargador) por error y encenderla aparecieron muchos íconos blancos en el escritorio y que una compañera de trabajo “los borró” porque eran “virus”. También usó una usb pero no cree que esté infectada. La puse en modo seguro y Malwarebytes no detectó nada, y al salir del modo seguro volvieron a aparecer las 2 ventanas de AutoIt. Pero la laptop sigue funcionando aparentemente bien.

0 me gusta

#12

Hola.

Que raro que se detecte ese fichero TXT como problemático. :thinking:

Habría que haber analizado esos archivos antes de borrarlos, es poco probable que sean todos virus.

Es mas normal que esos archivos hayan aparecido con la imagen en blanco por el apagón y mal funcionamiento posterior que pueda haber provocado ese apagón.

Eso es mas probable que pueda tener una infección. :roll_eyes:

Pues si han vuelto las ventanas es porque se ha reproducido la infección y puede que sea por culpa de ese USB. :woozy_face:

Ahora debes usar de nuevo FRST y generar dos nuevos informes(Addition y FRST) para que pueda revisarlos.

Saludos.

1 me gusta

#13

Saludos, Sólo por si acaso escanee el usb y salió aparentemente sin amenazas.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (administrator) on MINEDUC019740 (10-04-2019 11:12:26)
Running from C:\Users\ADMIN-MINEDUC\Desktop
Loaded Profiles: ADMIN-MINEDUC (Available Profiles: ADMIN-MINEDUC)
Platform: Windows 10 Pro Version 1607 14393.2189 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-22] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [strdat] => C:\WINDOWS\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "& exit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96c7adf0-797c-4cc7-855f-1c2f1830798d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{96c7adf0-797c-4cc7-855f-1c2f1830798d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e69c2a93-bd5e-4b96-acdc-bfbab4b28c2f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{e69c2a93-bd5e-4b96-acdc-bfbab4b28c2f}: [DhcpNameServer] 186.47.201.10 186.42.193.2

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hy1sxmgs.default
FF ProfilePath: C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default [2019-04-08]
FF Extension: (Avira Navegación segura) - C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default\Extensions\[email protected] [2019-03-27]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default [2019-04-09]
CHR Extension: (Documentos) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16]
CHR Extension: (Gmail) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-25]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AbtSvcHost; C:\WINDOWS\SysWOW64\AbtSvcHost_.exe [84888 2015-10-09] (Absolute Software Corp. -> Absolute Software Corp.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [893008 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [314264 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1191152 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [466280 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> )
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation -> Microsoft Corporation)
S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCATELUSB; C:\WINDOWS\System32\Drivers\AlcatelUsb.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [75432 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [188008 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [175104 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2019-02-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MEDIATEK INC. -> MediaTek Inc.)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [242688 2013-01-16] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [57648 2015-12-08] (DEVGURU CO LTD -> QUALCOMM Incorporated)
S3 UsbserFilt; C:\WINDOWS\System32\drivers\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-10 11:12 - 2019-04-10 11:13 - 000014041 _____ C:\Users\ADMIN-MINEDUC\Desktop\FRST.txt
2019-04-10 11:10 - 2019-04-10 11:10 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-09 22:59 - 2019-04-09 23:00 - 000000000 ___HD C:\$WINDOWS.~BT
2019-04-08 21:48 - 2019-04-08 21:49 - 000102541 ____N C:\WINDOWS\SysWOW64\abtsvchost.xml
2019-04-08 21:35 - 2019-04-10 11:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-08 21:23 - 2019-04-08 21:23 - 000000252 _____ C:\DelFix.txt
2019-04-08 21:23 - 2019-04-08 21:23 - 000000000 ____D C:\WINDOWS\ERUNT
2019-04-08 11:31 - 2019-04-08 21:22 - 000797760 _____ C:\Users\ADMIN-MINEDUC\Desktop\delfix.exe
2019-04-08 10:07 - 2019-04-10 11:12 - 000000000 ____D C:\FRST
2019-04-08 10:05 - 2019-04-08 10:05 - 000001048 _____ C:\Users\ADMIN-MINEDUC\Desktop\JRT.txt
2019-04-08 09:41 - 2019-04-08 09:45 - 021205512 _____ (Piriform Software Ltd) C:\Users\ADMIN-MINEDUC\Desktop\ccsetup555.exe
2019-04-08 09:39 - 2019-04-08 10:07 - 002434048 _____ (Farbar) C:\Users\ADMIN-MINEDUC\Desktop\FRST64.exe
2019-04-08 09:34 - 2019-04-08 10:02 - 001790024 _____ (Malwarebytes) C:\Users\ADMIN-MINEDUC\Desktop\JRT.exe
2019-04-07 22:45 - 2019-04-07 22:46 - 000000000 ____D C:\AdwCleaner
2019-04-07 22:41 - 2019-04-07 22:45 - 007025360 _____ (Malwarebytes) C:\Users\ADMIN-MINEDUC\Desktop\adwcleaner_7.3.exe
2019-04-07 21:05 - 2019-04-07 21:05 - 000054902 _____ C:\Users\ADMIN-MINEDUC\Documents\cc_20190407_210506.reg
2019-04-07 21:05 - 2019-04-07 21:05 - 000001656 _____ C:\Users\ADMIN-MINEDUC\Documents\cc_20190407_210554.reg
2019-04-07 18:42 - 2019-04-07 18:42 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\mbam
2019-04-07 18:41 - 2019-04-09 21:47 - 000002104 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-07 18:41 - 2019-04-07 22:07 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-07 18:41 - 2019-04-07 18:41 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\mbamtray
2019-04-07 18:41 - 2019-04-07 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-06 16:16 - 2019-04-06 16:16 - 000002170 _____ C:\Users\ADMIN-MINEDUC\Desktop\Love Nikki.lnk
2019-04-02 12:42 - 2019-04-09 21:26 - 000000000 _RSHD C:\streamer
2019-04-02 12:42 - 2019-04-02 12:42 - 000000000 _RSHD C:\streamerdata
2019-04-02 12:33 - 2019-04-02 12:35 - 000000000 ____D C:\Users\ADMIN-MINEDUC\Desktop\PLANIFICACIONES-2019-2020
2019-03-31 23:08 - 2019-03-31 23:08 - 000002142 _____ C:\Users\ADMIN-MINEDUC\Desktop\VSCO.lnk
2019-03-29 22:40 - 2019-03-29 22:40 - 000001200 _____ C:\Users\Public\Desktop\Avira.lnk
2019-03-29 22:40 - 2019-03-29 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-03-25 00:04 - 2019-03-25 00:04 - 000000000 ____D C:\Windows.old
2019-03-16 22:34 - 2019-03-16 22:28 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-10 11:10 - 2017-07-18 17:13 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-10 11:09 - 2016-10-18 09:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-10 11:09 - 2016-07-16 01:04 - 004194304 _____ C:\WINDOWS\system32\config\BBI
2019-04-10 11:08 - 2016-09-17 11:11 - 000007360 _____ C:\ProgramData\netsh.out
2019-04-10 11:02 - 2018-09-12 23:48 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-10 11:01 - 2016-05-19 23:43 - 000000000 __SHD C:\Users\ADMIN-MINEDUC\IntelGraphicsProfiles
2019-04-10 11:00 - 2016-10-18 02:09 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2019-04-09 23:12 - 2016-09-17 13:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-04-09 23:08 - 2016-10-10 21:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 23:02 - 2016-10-10 21:04 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 23:01 - 2016-10-17 20:08 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-09 22:26 - 2016-09-17 11:11 - 000000149 __RSH C:\ProgramData\3002.xml
2019-04-09 22:26 - 2016-09-17 11:11 - 000000049 __RSH C:\ProgramData\3012.xml
2019-04-09 22:26 - 2016-09-17 11:09 - 000000192 _____ C:\ProgramData\2012.par
2019-04-09 22:05 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\Registration
2019-04-09 22:02 - 2016-10-18 09:34 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2019-04-09 22:02 - 2016-10-18 02:09 - 000029528 _____ C:\WINDOWS\system32\wpbbin.exe
2019-04-09 22:02 - 2016-10-18 02:09 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2019-04-09 22:02 - 2016-09-17 11:06 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2019-04-09 21:30 - 2016-09-23 17:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 21:11 - 2016-10-18 09:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-09 16:20 - 2016-10-18 09:40 - 000000000 ____D C:\Users\ADMIN-MINEDUC
2019-04-09 16:14 - 2016-09-23 17:47 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\ElevatedDiagnostics
2019-04-09 14:39 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-09 14:29 - 2016-10-18 09:58 - 000003795 _____ C:\WINDOWS\diagwrn.xml
2019-04-09 14:29 - 2016-10-18 09:58 - 000003795 _____ C:\WINDOWS\diagerr.xml
2019-04-08 21:37 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-08 21:35 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2019-04-08 21:33 - 2016-09-16 12:32 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-04-08 21:33 - 2015-09-29 17:40 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\LocalLow\Temp
2019-04-08 09:46 - 2017-07-19 00:26 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-08 09:46 - 2017-07-19 00:26 - 000000000 ____D C:\Program Files\CCleaner
2019-04-07 18:41 - 2018-09-12 21:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-06 17:43 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-06 17:15 - 2018-12-14 00:13 - 000000036 _____ C:\WINDOWS\progress.ini
2019-04-06 17:05 - 2016-09-25 22:15 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-06 17:05 - 2016-09-25 22:15 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-06 17:04 - 2018-11-13 23:45 - 000000000 ___HD C:\$GetCurrent
2019-04-06 17:03 - 2018-11-02 00:30 - 000000000 ____D C:\Windows10Upgrade
2019-04-06 16:58 - 2018-10-30 22:24 - 000000000 ____D C:\Program Files\rempl
2019-04-06 16:10 - 2016-09-17 11:11 - 000000268 _____ C:\ProgramData\SmartCallConfig.xml
2019-03-31 22:15 - 2017-07-24 19:31 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2562697441-1061409529-4134975898-1001
2019-03-31 22:14 - 2016-09-16 19:36 - 000002432 _____ C:\Users\ADMIN-MINEDUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-31 22:14 - 2014-11-18 02:39 - 000000000 ___RD C:\Users\ADMIN-MINEDUC\OneDrive
2019-03-29 22:40 - 2017-07-18 22:29 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-28 10:22 - 2016-10-18 09:57 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 10:22 - 2016-10-18 09:57 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 21:10 - 2016-11-21 20:59 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\LocalLow\Mozilla
2019-03-17 23:22 - 2016-09-16 12:32 - 000000167 _____ C:\WINDOWS\win.ini
2019-03-16 22:35 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-16 22:28 - 2017-07-18 23:48 - 000188008 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000175104 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000075432 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-08 10:01

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (10-04-2019 11:14:29)
Running from C:\Users\ADMIN-MINEDUC\Desktop
Windows 10 Pro Version 1607 14393.2189 (X64) (2016-10-18 15:00:30)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

ADMIN-MINEDUC (S-1-5-21-2562697441-1061409529-4134975898-1001 - Administrator - Enabled) => C:\Users\ADMIN-MINEDUC
Administrador (S-1-5-21-2562697441-1061409529-4134975898-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2562697441-1061409529-4134975898-503 - Limited - Disabled)
Invitado (S-1-5-21-2562697441-1061409529-4134975898-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.103 - Alps Electric)
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22617 - Microsoft Corporation)
Avira (HKLM-x32\...\{9c4627af-2a2f-4e06-aa50-e0d70979e4b6}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{BE930E27-DF4B-44AF-8037-EB0A1D419787}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.44.143 - Avira Operations GmbH & Co. KG)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.50.5.1003 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version:  - PopCap Games)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 62.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0 (x64 es-ES)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{EC4F72E8-52FE-454E-B70F-DBE5C0FA44C5}) (Version: 1.20.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2562697441-1061409529-4134975898-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {078AC3A5-8E1D-47D4-B579-714D3996E9C0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1DB852BE-C963-41E2-9D32-F84B3CDE2AFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2C42E70F-771D-44D1-B1FF-718B242ADE5F} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3E24C2DC-DB7D-4827-8E23-C84E6A3F2CD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5A1B49D0-DE23-42FF-8E3D-C29A0EFB3858} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {74BC45A1-E85B-4ED5-A8E7-E5A1AB2626BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8170EA0E-891E-4575-88B7-5DB5E050A90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9C427566-A856-4C11-99A6-B4A650E196FF} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {C4BCBB22-87CD-4834-A322-722317C1299E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DDDAB3BC-9A8A-4418-9A3B-F8D7A7803193} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-12 21:48 - 2019-04-07 22:07 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-16 12:32 - 2019-04-08 21:33 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2017-05-08 16:03 - 2017-05-08 20:46 - 000000512 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN-MINEDUC\Pictures\andes_cotopaxi.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E91A9545-05D5-4384-92ED-8A882F0B82E4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F33152DC-DEDD-4960-A6A7-E99AD62E6E1D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B55B74F7-EC2E-4F0B-B530-ACC2F76E2A24}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14A8F0A6-D540-4404-8F08-1674D35E6073}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1BA7602F-120C-463C-81D6-65AD912F4AFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{49219266-915D-4728-8B9B-640B5552C4D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9A71268C-2CF1-4152-BD04-28409DC29520}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F8FC80-7119-4AB4-9AD4-843487A4D8BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D828006D-E106-400A-98CF-B5CE4A3EA48C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BFA7838-D2D0-44F0-9ED7-386A5A092068}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EAE6902E-3838-4B6E-B5FF-7C5C50620DB2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7553AF30-EC8E-4598-9E2A-6173CABBC953}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5CC912C7-9132-4A0D-AB97-24CCD39ED83C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FEAD807D-A6FC-438C-B1F8-C38F77452CAF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B3720137-F7FB-4E6B-84DF-D1A563424BB8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7C3C3F75-9153-4F8C-B734-03BFCBB6C90B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{38A8066C-5B1D-4619-B210-E53078EAC288}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

05-02-2019 17:26:47 Punto de control programado
18-02-2019 16:31:10 Punto de control programado
16-03-2019 23:26:04 Windows Update
24-03-2019 22:16:42 Windows Update
28-03-2019 10:39:33 Windows Update
06-04-2019 16:55:37 Windows Update
08-04-2019 10:02:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2019 11:11:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Getstarted_5.12.2691.2000_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/09/2019 09:45:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Getstarted_5.12.2691.2000_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/09/2019 09:41:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_tiledatamodelsvc, versión: 10.0.14393.0, marca de tiempo: 0x57899b1c
Nombre del módulo con errores: ntdll.dll, versión: 10.0.14393.1715, marca de tiempo: 0x59b0d03e
Código de excepción: 0xc000000d
Desplazamiento de errores: 0x00000000000ff52c
Identificador del proceso con errores: 0xa4c
Hora de inicio de la aplicación con errores: 0x01d4ef42adcb4cbc
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 3a884f2c-6f8e-4985-9509-e9ac2d0cc850
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/09/2019 03:41:54 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Error al controlar PowerEvent. Error: System.NullReferenceException: Referencia a objeto no establecida como instancia de un objeto.
   en Avira.OE.ServiceHost.ServiceHost.OnPowerEvent(Object sender, PowerBroadcastStatusEventArgs e)
   en Avira.OE.ServiceHost.Program.WindowsServiceOnPowerEvent(Object sender, PowerBroadcastStatusEventArgs powerBroadcastStatusEventArgs)
   en Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs)
   en Avira.OE.ServiceHost.WindowsService.OnPowerEvent(PowerBroadcastStatus powerStatus)
   en System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (04/08/2019 09:30:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Getstarted_5.12.2691.2000_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/08/2019 10:03:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (04/07/2019 08:52:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Error no especificado durante Restaurar sistema: (Windows Update). Información adicional: 0x80070091.

Error: (04/07/2019 06:20:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Getstarted_5.12.2691.2000_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.


System errors:
=============
Error: (04/10/2019 11:15:36 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "No disponible" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/10/2019 11:14:59 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/10/2019 11:14:30 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/10/2019 11:14:30 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/10/2019 11:14:28 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/10/2019 11:14:28 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/10/2019 11:14:28 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/10/2019 11:13:42 AM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Windows Defender:
===================================
Date: 2017-07-18 22:44:20.369
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {35CB2CDF-329F-4B25-BE94-A6A1BDF5B382}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-06-09 13:01:52.140
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 116.1.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 2.1.12706.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:52.130
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:52.129
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:51.599
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2017-07-18 22:41:58.879
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 24%
Total physical RAM: 4027.84 MB
Available physical RAM: 3031.09 MB
Total Virtual: 5371.84 MB
Available Virtual: 4524.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:281.09 GB) (Free:200.76 GB) NTFS
Drive d: (Nuevo vol) (Fixed) (Total:183.83 GB) (Free:183.72 GB) NTFS

\\?\Volume{90461e07-cb18-46ad-a085-24ef4ce6a351}\ () (Fixed) (Total:0.45 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
0 me gusta

#14

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-22] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [strdat] => C:\WINDOWS\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript "& exit
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
2019-04-08 21:35 - 2019-04-10 11:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-02 12:42 - 2019-04-09 21:26 - 000000000 _RSHD C:\streamer
2019-04-02 12:42 - 2019-04-02 12:42 - 000000000 _RSHD C:\streamerdata
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

0 me gusta

#15

Saludos, otra vez :expressionless:

Sucedió lo mismo de la primera vez que usé los programas, así que otra vez ya no se abren las ventanas.:partying_face:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (10-04-2019 21:07:31) Run:2
Running from C:\Users\ADMIN-MINEDUC\Desktop
Loaded Profiles: ADMIN-MINEDUC (Available Profiles: ADMIN-MINEDUC)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [] => [X]
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-22] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [strdat] => C:\WINDOWS\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript "& exit
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
2019-04-08 21:35 - 2019-04-10 11:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-02 12:42 - 2019-04-09 21:26 - 000000000 _RSHD C:\streamer
2019-04-02 12:42 - 2019-04-02 12:42 - 000000000 _RSHD C:\streamerdata
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\flaterem" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Software\Microsoft\Windows\CurrentVersion\Run\\strdat" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\rpcld => removed successfully
rpcld => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\streamer => moved successfully
C:\streamerdata => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26344746 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 73760670 B
Edge => 0 B
Chrome => 239218096 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 7418 B
NetworkService => 0 B
ADMIN-MINEDUC => 164381 B

RecycleBin => 71299 B
EmptyTemp: => 323.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:07:45 ====

Muchas gracias por la ayuda brindada, pero quería saber si no hay algo que pueda para prevenir que estos eventos sucedan de nuevo.

0 me gusta

#16

Hola.

Por favor, antes de hacer nada mas, saca un nuevo informe con FRST.exe y me pones el nuevo informe de FRST.txt que se generara, esta vez únicamente quiero ese, gracias.

:warning: Y de momento , Por Favor, mientras estemos desinfectando/arreglando tu maquina :

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…)

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo/arreglarlo siguiendo nuestras indicaciones.

Saludos.

0 me gusta

#17

Saludos. Siguiendo indicaciones:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (administrator) on MINEDUC019740 (11-04-2019 22:58:50)
Running from C:\Users\ADMIN-MINEDUC\Desktop
Loaded Profiles: ADMIN-MINEDUC (Available Profiles: ADMIN-MINEDUC)
Platform: Windows 10 Pro Version 1607 14393.2189 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96c7adf0-797c-4cc7-855f-1c2f1830798d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{96c7adf0-797c-4cc7-855f-1c2f1830798d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e69c2a93-bd5e-4b96-acdc-bfbab4b28c2f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{e69c2a93-bd5e-4b96-acdc-bfbab4b28c2f}: [DhcpNameServer] 186.47.201.10 186.42.193.2

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hy1sxmgs.default
FF ProfilePath: C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default [2019-04-08]
FF Extension: (Avira Navegación segura) - C:\Users\ADMIN-MINEDUC\AppData\Roaming\Mozilla\Firefox\Profiles\hy1sxmgs.default\Extensions\[email protected] [2019-03-27]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default [2019-04-11]
CHR Extension: (Documentos) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16]
CHR Extension: (Gmail) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-25]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN-MINEDUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AbtSvcHost; C:\WINDOWS\SysWOW64\AbtSvcHost_.exe [84888 2015-10-09] (Absolute Software Corp. -> Absolute Software Corp.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [893008 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [314264 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1191152 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [466280 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> )
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation -> Microsoft Corporation)
S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCATELUSB; C:\WINDOWS\System32\Drivers\AlcatelUsb.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [75432 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [188008 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [175104 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2019-02-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MEDIATEK INC. -> MediaTek Inc.)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [242688 2013-01-16] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [57648 2015-12-08] (DEVGURU CO LTD -> QUALCOMM Incorporated)
S3 UsbserFilt; C:\WINDOWS\System32\drivers\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 22:57 - 2019-04-11 22:57 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-10 21:09 - 2019-04-11 22:55 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-10 21:07 - 2019-04-10 21:07 - 000006001 _____ C:\Users\ADMIN-MINEDUC\Desktop\Fixlog.txt
2019-04-10 20:59 - 2019-04-10 20:59 - 000000252 _____ C:\Users\ADMIN-MINEDUC\Desktop\DelFix.txt
2019-04-10 20:55 - 2019-04-10 20:55 - 000001246 _____ C:\Users\ADMIN-MINEDUC\Desktop\códigos2.txt
2019-04-10 11:14 - 2019-04-10 11:15 - 000030158 _____ C:\Users\ADMIN-MINEDUC\Desktop\Addition.txt
2019-04-10 11:12 - 2019-04-11 23:00 - 000013588 _____ C:\Users\ADMIN-MINEDUC\Desktop\FRST.txt
2019-04-08 21:48 - 2019-04-08 21:49 - 000102541 ____N C:\WINDOWS\SysWOW64\abtsvchost.xml
2019-04-08 21:23 - 2019-04-10 20:59 - 000000252 _____ C:\DelFix.txt
2019-04-08 21:23 - 2019-04-08 21:23 - 000000000 ____D C:\WINDOWS\ERUNT
2019-04-08 11:31 - 2019-04-08 21:22 - 000797760 _____ C:\Users\ADMIN-MINEDUC\Desktop\delfix.exe
2019-04-08 10:07 - 2019-04-11 22:58 - 000000000 ____D C:\FRST
2019-04-08 10:05 - 2019-04-08 10:05 - 000001048 _____ C:\Users\ADMIN-MINEDUC\Desktop\JRT.txt
2019-04-08 09:41 - 2019-04-08 09:45 - 021205512 _____ (Piriform Software Ltd) C:\Users\ADMIN-MINEDUC\Desktop\ccsetup555.exe
2019-04-08 09:39 - 2019-04-08 10:07 - 002434048 _____ (Farbar) C:\Users\ADMIN-MINEDUC\Desktop\FRST64.exe
2019-04-08 09:34 - 2019-04-08 10:02 - 001790024 _____ (Malwarebytes) C:\Users\ADMIN-MINEDUC\Desktop\JRT.exe
2019-04-07 22:45 - 2019-04-07 22:46 - 000000000 ____D C:\AdwCleaner
2019-04-07 22:41 - 2019-04-07 22:45 - 007025360 _____ (Malwarebytes) C:\Users\ADMIN-MINEDUC\Desktop\adwcleaner_7.3.exe
2019-04-07 21:05 - 2019-04-07 21:05 - 000054902 _____ C:\Users\ADMIN-MINEDUC\Documents\cc_20190407_210506.reg
2019-04-07 21:05 - 2019-04-07 21:05 - 000001656 _____ C:\Users\ADMIN-MINEDUC\Documents\cc_20190407_210554.reg
2019-04-07 18:42 - 2019-04-07 18:42 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\mbam
2019-04-07 18:41 - 2019-04-09 21:47 - 000002104 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-07 18:41 - 2019-04-07 22:07 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-07 18:41 - 2019-04-07 18:41 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\mbamtray
2019-04-07 18:41 - 2019-04-07 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-06 16:16 - 2019-04-06 16:16 - 000002170 _____ C:\Users\ADMIN-MINEDUC\Desktop\Love Nikki.lnk
2019-04-02 12:33 - 2019-04-02 12:35 - 000000000 ____D C:\Users\ADMIN-MINEDUC\Desktop\PLANIFICACIONES-2019-2020
2019-03-31 23:08 - 2019-03-31 23:08 - 000002142 _____ C:\Users\ADMIN-MINEDUC\Desktop\VSCO.lnk
2019-03-29 22:40 - 2019-03-29 22:40 - 000001200 _____ C:\Users\Public\Desktop\Avira.lnk
2019-03-29 22:40 - 2019-03-29 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-03-25 00:04 - 2019-03-25 00:04 - 000000000 ____D C:\Windows.old
2019-03-16 22:34 - 2019-03-16 22:28 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 22:57 - 2017-07-18 17:13 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-11 22:57 - 2016-07-16 01:04 - 004194304 _____ C:\WINDOWS\system32\config\BBI
2019-04-11 22:56 - 2016-10-18 09:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-11 22:56 - 2016-10-18 09:40 - 000000000 ____D C:\Users\ADMIN-MINEDUC
2019-04-11 22:55 - 2016-05-19 23:43 - 000000000 __SHD C:\Users\ADMIN-MINEDUC\IntelGraphicsProfiles
2019-04-11 22:54 - 2016-10-18 09:34 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2019-04-11 22:54 - 2016-10-18 09:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-11 22:54 - 2016-10-18 02:09 - 000029528 _____ C:\WINDOWS\system32\wpbbin.exe
2019-04-11 22:54 - 2016-10-18 02:09 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2019-04-11 22:54 - 2016-10-18 02:09 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2019-04-11 22:54 - 2016-09-17 11:06 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2019-04-11 22:52 - 2016-09-17 11:11 - 000004595 _____ C:\ProgramData\netsh.out
2019-04-11 22:51 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\Registration
2019-04-11 22:43 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-11 22:22 - 2018-04-12 12:35 - 000000000 ___HD C:\$WINDOWS.~BT
2019-04-11 22:21 - 2016-10-18 09:58 - 000005700 _____ C:\WINDOWS\diagwrn.xml
2019-04-11 22:21 - 2016-10-18 09:58 - 000005700 _____ C:\WINDOWS\diagerr.xml
2019-04-11 22:19 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-11 21:22 - 2016-09-17 11:11 - 000000149 __RSH C:\ProgramData\3002.xml
2019-04-11 21:22 - 2016-09-17 11:11 - 000000049 __RSH C:\ProgramData\3012.xml
2019-04-11 21:22 - 2016-09-17 11:09 - 000000192 _____ C:\ProgramData\2012.par
2019-04-11 18:09 - 2018-05-01 00:04 - 000000000 ____D C:\Users\ADMIN-MINEDUC\Desktop\ASISTENCIA2018-2019
2019-04-11 17:55 - 2018-09-12 23:48 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-10 22:46 - 2016-10-17 20:08 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-10 20:52 - 2016-09-17 11:11 - 000000268 _____ C:\ProgramData\SmartCallConfig.xml
2019-04-09 23:12 - 2016-09-17 13:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-04-09 23:08 - 2016-10-10 21:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 23:02 - 2016-10-10 21:04 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 21:30 - 2016-09-23 17:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 16:14 - 2016-09-23 17:47 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\Local\ElevatedDiagnostics
2019-04-09 14:39 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-08 21:35 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2019-04-08 21:33 - 2016-09-16 12:32 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-04-08 21:33 - 2015-09-29 17:40 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\LocalLow\Temp
2019-04-08 09:46 - 2017-07-19 00:26 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-08 09:46 - 2017-07-19 00:26 - 000000000 ____D C:\Program Files\CCleaner
2019-04-07 18:41 - 2018-09-12 21:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-06 17:15 - 2018-12-14 00:13 - 000000036 _____ C:\WINDOWS\progress.ini
2019-04-06 17:05 - 2016-09-25 22:15 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-06 17:05 - 2016-09-25 22:15 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-06 17:04 - 2018-11-13 23:45 - 000000000 ___HD C:\$GetCurrent
2019-04-06 17:03 - 2018-11-02 00:30 - 000000000 ____D C:\Windows10Upgrade
2019-04-06 16:58 - 2018-10-30 22:24 - 000000000 ____D C:\Program Files\rempl
2019-03-31 22:15 - 2017-07-24 19:31 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2562697441-1061409529-4134975898-1001
2019-03-31 22:14 - 2016-09-16 19:36 - 000002432 _____ C:\Users\ADMIN-MINEDUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-31 22:14 - 2014-11-18 02:39 - 000000000 ___RD C:\Users\ADMIN-MINEDUC\OneDrive
2019-03-29 22:40 - 2017-07-18 22:29 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-28 10:22 - 2016-10-18 09:57 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 10:22 - 2016-10-18 09:57 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 21:10 - 2016-11-21 20:59 - 000000000 ____D C:\Users\ADMIN-MINEDUC\AppData\LocalLow\Mozilla
2019-03-17 23:22 - 2016-09-16 12:32 - 000000167 _____ C:\WINDOWS\win.ini
2019-03-16 22:35 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-16 22:28 - 2017-07-18 23:48 - 000188008 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000175104 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000075432 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2019-03-16 22:28 - 2017-07-18 23:48 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-08 10:01

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by ADMIN-MINEDUC (11-04-2019 23:00:59)
Running from C:\Users\ADMIN-MINEDUC\Desktop
Windows 10 Pro Version 1607 14393.2189 (X64) (2016-10-18 15:00:30)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

ADMIN-MINEDUC (S-1-5-21-2562697441-1061409529-4134975898-1001 - Administrator - Enabled) => C:\Users\ADMIN-MINEDUC
Administrador (S-1-5-21-2562697441-1061409529-4134975898-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2562697441-1061409529-4134975898-503 - Limited - Disabled)
Invitado (S-1-5-21-2562697441-1061409529-4134975898-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.103 - Alps Electric)
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22617 - Microsoft Corporation)
Avira (HKLM-x32\...\{9c4627af-2a2f-4e06-aa50-e0d70979e4b6}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{BE930E27-DF4B-44AF-8037-EB0A1D419787}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.44.143 - Avira Operations GmbH & Co. KG)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.50.5.1003 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version:  - PopCap Games)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 62.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0 (x64 es-ES)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{EC4F72E8-52FE-454E-B70F-DBE5C0FA44C5}) (Version: 1.20.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2562697441-1061409529-4134975898-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {078AC3A5-8E1D-47D4-B579-714D3996E9C0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1DB852BE-C963-41E2-9D32-F84B3CDE2AFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2C42E70F-771D-44D1-B1FF-718B242ADE5F} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3E24C2DC-DB7D-4827-8E23-C84E6A3F2CD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5A1B49D0-DE23-42FF-8E3D-C29A0EFB3858} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {74BC45A1-E85B-4ED5-A8E7-E5A1AB2626BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8170EA0E-891E-4575-88B7-5DB5E050A90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9C427566-A856-4C11-99A6-B4A650E196FF} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {C4BCBB22-87CD-4834-A322-722317C1299E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DDDAB3BC-9A8A-4418-9A3B-F8D7A7803193} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-12 21:48 - 2019-04-07 22:07 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-07 18:41 - 2019-04-07 22:07 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-09-12 21:48 - 2019-04-07 22:07 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-07 22:07 - 2019-04-07 22:07 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-16 12:32 - 2019-04-10 21:07 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2017-05-08 16:03 - 2017-05-08 20:46 - 000000512 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2562697441-1061409529-4134975898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN-MINEDUC\Pictures\andes_cotopaxi.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E91A9545-05D5-4384-92ED-8A882F0B82E4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F33152DC-DEDD-4960-A6A7-E99AD62E6E1D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B55B74F7-EC2E-4F0B-B530-ACC2F76E2A24}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14A8F0A6-D540-4404-8F08-1674D35E6073}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1BA7602F-120C-463C-81D6-65AD912F4AFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{49219266-915D-4728-8B9B-640B5552C4D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9A71268C-2CF1-4152-BD04-28409DC29520}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F8FC80-7119-4AB4-9AD4-843487A4D8BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D828006D-E106-400A-98CF-B5CE4A3EA48C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BFA7838-D2D0-44F0-9ED7-386A5A092068}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EAE6902E-3838-4B6E-B5FF-7C5C50620DB2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7553AF30-EC8E-4598-9E2A-6173CABBC953}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5CC912C7-9132-4A0D-AB97-24CCD39ED83C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FEAD807D-A6FC-438C-B1F8-C38F77452CAF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B3720137-F7FB-4E6B-84DF-D1A563424BB8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7C3C3F75-9153-4F8C-B734-03BFCBB6C90B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{38A8066C-5B1D-4619-B210-E53078EAC288}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

05-02-2019 17:26:47 Punto de control programado
18-02-2019 16:31:10 Punto de control programado
16-03-2019 23:26:04 Windows Update
24-03-2019 22:16:42 Windows Update
28-03-2019 10:39:33 Windows Update
06-04-2019 16:55:37 Windows Update
08-04-2019 10:02:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2019 10:58:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Getstarted_5.12.2691.2000_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:50:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:50:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:49:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:49:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:49:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:49:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (04/11/2019 10:49:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINEDUC019740)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144980991. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.


System errors:
=============
Error: (04/11/2019 11:02:05 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "No disponible" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/11/2019 11:01:29 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/11/2019 11:01:00 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/11/2019 11:01:00 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/11/2019 11:00:58 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/11/2019 11:00:58 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/11/2019 11:00:58 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/11/2019 11:00:11 PM) (Source: DCOM) (EventID: 10005) (User: MINEDUC019740)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Windows Defender:
===================================
Date: 2017-07-18 22:44:20.369
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {35CB2CDF-329F-4B25-BE94-A6A1BDF5B382}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-06-09 13:01:52.140
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 116.1.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 2.1.12706.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:52.130
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:52.129
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2017-06-09 13:01:51.599
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.221.14.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.12805.0
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2017-07-18 22:41:58.879
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 36%
Total physical RAM: 4027.84 MB
Available physical RAM: 2559.84 MB
Total Virtual: 5371.84 MB
Available Virtual: 4060.06 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:281.09 GB) (Free:188.73 GB) NTFS
Drive d: (Nuevo vol) (Fixed) (Total:183.83 GB) (Free:183.72 GB) NTFS

\\?\Volume{90461e07-cb18-46ad-a085-24ef4ce6a351}\ () (Fixed) (Total:0.45 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
0 me gusta

#18

Perfecto, :+1: nos alegra que todo vaya bien, ahora solo queda eliminar las herramientas usadas.

Para terminar:

  • Descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Marca todas las casillas.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), copia y pega ese informe en tu próxima respuesta.

Y nos comentas como sigue el problema inicialmente planteado. :face_with_monocle:

Saludos.

1 me gusta

#19

Saludos.

Siguiendo la indicación anterior:

# DelFix v1.013 - Logfile created 12/04/2019 at 14:05:37
# Updated 17/04/2016 by Xplode
# Username : ADMIN-MINEDUC - MINEDUC019740
# Operating System : Windows 10 Pro  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\Addition.txt
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\adwcleaner_7.3.exe
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\Fixlog.txt
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\FRST.txt
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\FRST64.exe
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\JRT.exe
Deleted : C:\Users\ADMIN-MINEDUC\Desktop\JRT.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #77 [Punto de control programado | 02/05/2019 22:26:47]
Deleted : RP #78 [Punto de control programado | 02/18/2019 21:31:10]
Deleted : RP #79 [Windows Update | 03/17/2019 04:26:04]
Deleted : RP #80 [Windows Update | 03/25/2019 03:16:42]
Deleted : RP #81 [Windows Update | 03/28/2019 15:39:33]
Deleted : RP #82 [Windows Update | 04/06/2019 21:55:37]
Deleted : RP #83 [JRT Pre-Junkware Removal | 04/08/2019 15:02:52]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Como indique ayer ya no se abren las ventanas de AutoIt, y la laptop sigue funcionando con normalidad.:ok_hand:

Una pregunta: tengo una duda sobre la presencia de carpetas con nombres “sospechosos”, incluida una carpeta llamada streamerdata que creo fue pasada junto con otros documentos por un usb unos dias antes de la alerta del AVIRA. ¿Debo iniciar un nuevo tema en el foro cuando se cierre este?

0 me gusta

#20

Hola @Katherine_Cordova_Ar

Esa carpeta que indicas YA no debería estar en tu ordenador, la puse a eliminar en el ultimo script que te mande. :roll_eyes:

Puedes verificarlo y comentarnos SI es correcto, gracias.

Saludos.

0 me gusta

#21

Saludos, Si ya revisé, incluso le he prohibido a mi mamá el uso de usb y descargas, y sí hay 2 carpetas dentro de una carpeta (que ella indica le pasaron el 2 de abril , osea antes de las detecciones de Avira). En realidad vimos esas carpetas por casualidad, porque son los últimos documentos que tiene la compu.

Las carpetas son: streamerdata y ziocoudyaxrrlukfuylua. La computadora sigue funcionando normalmente y ya no aparece ninguna ventana de AutoIt.

0 me gusta