AutoIt v3 Script en el inicio del sistema

Buenas tardes.

Me acaba de aparecer este programa entre los que se inician con Windows y detecto una actividad inusual del disco duro.

Tengo windows 8.1 64 bits y el antivirus del sistema operativo.

Un saludo.

Hola @edu24x

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis personalizado, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

Saludos Daniela. Te recuerdo que ya tuve problemas con este virus hace unos meses y no sé si me he vuelto a infectar o el virus en el inicio es un resto de la infección anterior. Me he percatado del problema cuando el centro de actividades de Windows me ha alertado de un programa en el inicio con un alto impacto sobre el rendimiento.

Como puedes ver, MB no me ha detectado nada.


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 23/8/19
Hora del análisis: 21:45
Archivo de registro: 8a83a864-c5de-11e9-ae99-00241dd6a5ad.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.12157
Licencia: Gratis

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: EGONAUTA\Joker

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 389336
Amenazas detectadas: 1
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 min, 35 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
HackTool.Agent.KMS, C:\PROGRAM FILES\KMSPICO\KMSELDI.EXE, Sin acciones por parte del usuario, [7679], [700614],1.0.12157

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end) 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-23-2019
# Duration: 00:00:01
# OS:       Windows 8.1 Pro
# Cleaned:  9
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\Users\Joker\Documents\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPMediaSmart
Deleted       Preinstalled.LenovoYouCam


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1707 octets] - [23/08/2019 22:47:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Hola

Si, ya lo vi después de responderte, puede cualquiera de las dos cosas, que quedara algo en tu equipo o que te hayas infectado de nuevo.En esta ocasión pasaremos FRST para revisar tu equipo y eliminar lo que encontremos.

Si que detectó, utilizas un activador para windows u oficce? En el reporte se ve que no se tomaron acciones por parte del usuario.

Realizaste un análisis de amenazas y te indiqué que lo hicieras personalizado, vuelve a ejecutar Malwarebytes y pon el reporte en tu siguiente respuesta.

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Buenos días.

Sí, es un activador de productos Microsoft. Lo uso para Office en este caso.


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 24/8/19
Hora del análisis: 7:56
Archivo de registro: f813c1d4-c633-11e9-a377-00241dd6a5ad.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12163
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: EGONAUTA\Joker

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 772691
Amenazas detectadas: 5
Amenazas en cuarentena: 4
Tiempo transcurrido: 25 min, 10 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 5
HackTool.Agent.KMS, C:\PROGRAM FILES\KMSPICO\KMSELDI.EXE, Sin acciones por parte del 

usuario, [7680], [700614],1.0.12163
Trojan.Agent.CK, C:\USERS\JOKER\ONEDRIVE\PúBLICO\KEYMAKER.NERO.9.4.26.0 V5.55.EXE, En 

cuarentena, [3866], [26371],1.0.12163
Trojan.Agent.CK, C:\USERS\JOKER\SKYDRIVE\PúBLICO\KEYMAKER.NERO.9.4.26.0 V5.55.EXE, En 

cuarentena, [3866], [26371],1.0.12163
Generic.Malware/Suspicious, C:\USERS\JOKER\ONEDRIVE\DOCUMENTOS

\KMSAUTO.LITE.PORTABLE.V1.2.4-RATIBORUS\KMSAUTO LITE PORTABLE V1.2.4.ZIP, En 

cuarentena, [0], [392686],1.0.12163
Generic.Malware/Suspicious, C:\USERS\JOKER\SKYDRIVE\DOCUMENTOS

\KMSAUTO.LITE.PORTABLE.V1.2.4-RATIBORUS\KMSAUTO LITE PORTABLE V1.2.4.ZIP, En 

cuarentena, [0], [392686],1.0.12163

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-24-2019
# Duration: 00:00:20
# OS:       Windows 8.1 Pro
# Scanned:  35493
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1707 octets] - [23/08/2019 22:47:10]
AdwCleaner[C00].txt - [1813 octets] - [23/08/2019 22:48:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

(end)


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2019
Ran by Joker (24-08-2019 08:34:32)
Running from C:\Users\Joker\Desktop
Windows 8.1 Pro (Update) (X64) (2017-05-16 08:11:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1429871492-45722225-1832122274-500 - Administrator - Enabled) => C:\Users\Administrador
HomeGroupUser$ (S-1-5-21-1429871492-45722225-1832122274-1027 - Limited - Enabled)
Invitado (S-1-5-21-1429871492-45722225-1832122274-501 - Limited - Enabled)
Joker (S-1-5-21-1429871492-45722225-1832122274-1001 - Administrator - Enabled) => C:\Users\Joker
___VMware_Conv_SA___ (S-1-5-21-1429871492-45722225-1832122274-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\uTorrent) (Version: 3.5.5.45225 - BitTorrent Inc.)
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.4.1500 - Open Media LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{DF6E3E14-7C32-47CD-AA09-BB591286C776}) (Version: 1.2.734 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Advanced Port Scanner v1.3 (HKLM-x32\...\Advanced Port Scanner v1.3) (Version:  - )
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.84 - Hulubulu Software)
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
AirDroid 3.6.4.0 (HKLM-x32\...\AirDroid) (Version: 3.6.4.0 - Sand Studio)
Amazon Music (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Amazon Amazon Music) (Version: 7.5.0.1823 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{10813B5C-D346-C028-5550-220FA31EC809}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Autodesk ReCap Language Pack-English (HKLM\...\{31ABA3F2-0010-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
BBS Tools (HKLM-x32\...\BBS Tools) (Version: 1.0.89 - BBS_Tools)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bluesoleil 10.0.494.0 (HKLM\...\{C84D7B29-FFAF-4380-A63C-C7B5EC2861E1}) (Version: 10.0.494.0 - IVT Corporation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.90.0.8006 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BQ Firmware Flash Tool versión 3.0.4 (HKLM-x32\...\{58946287-F553-4D93-AC53-8296836A500A}_is1) (Version: 3.0.4 - Mundo Reader S.L.)
calibre (HKLM-x32\...\{BA356893-F9F4-4C84-B10B-6EB2FC3C3B90}) (Version: 1.5.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{494B912A-3D1E-46F5-9E82-E0AB5449BD06}) (Version: 3.15.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{904AC0F0-F69E-467E-A719-B083940F608A}) (Version: 8.5.2.1999 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
cd.cover.++ (HKLM-x32\...\cd.cover.++) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata)
CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World)
CyberLink PowerDVD 18 (HKLM-x32\...\{0F4F617F-E8D5-46A3-A0F9-43855182A3B1}) (Version: 18.0.2202.62 - CyberLink Corp.)
CyberLink YouCam 7 (HKLM-x32\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0623.0 - CyberLink Corp.)
dBpoweramp [Calculate Audio CRC] Codec (HKLM-x32\...\dBpoweramp [Calculate Audio CRC] Codec) (Version: Release 1 - Illustrate)
dBpoweramp Dalet Codec (HKLM-x32\...\dBpoweramp Dalet Codec) (Version: Release 5 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 9 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 3  (FDK v0.1.3) - Illustrate)
dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version: Release 11 (Monkeys v4.06 PP) - Illustrate)
dBPowerAMP Mp2 and BwfMp2 codec (HKLM-x32\...\dBPowerAMP Mp2 and BwfMp2 codec) (Version: Release 6 - Illustrate)
dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM-x32\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2a (v4.0.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 22 (Vorbis v1.3.3) - Illustrate)
dBPowerAMP Real Audio (Helix) Encoder (HKLM-x32\...\dBPowerAMP Real Audio (Helix) Encoder) (Version: Release 6 - Illustrate)
dBPoweramp tooLame MP2 codec (HKLM-x32\...\dBPoweramp tooLame MP2 codec) (Version:  - )
dBpoweramp Wave64 Codec (HKLM-x32\...\dBpoweramp Wave64 Codec) (Version:  - )
dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version: Release 8 (WavPack v4.60) - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 7 - Illustrate)
Directory Lister Pro v1.35 (HKLM-x32\...\Directory Lister Pro_is1) (Version:  - KRKSoft)
Driver Magician 3.71 (HKLM-x32\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
Dualpix Exchange (HKLM-x32\...\{2FDDE008-7BAA-4CAC-9AC3-92C0C1111A3A}) (Version: 4.0.2.1 - Hercules)
Easy Tune 6 B13.1211.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version:  - )
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 16.1.0 - Breaktru Software)
eMule (HKLM-x32\...\eMule) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.6.0 - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EScribe Suite (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\EScribe) (Version:  - Evolv)
FAT Sorter (HKLM-x32\...\{10505E4D-618F-402A-90BE-651475AAE5F6}) (Version: 1.0.4 - HolosTek, Inc.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FileBot (HKLM\...\{58D65487-B775-4B9E-B4F2-B0D57A3A49A5}) (Version: 4.7.2 - Reinhard Pointner)
Filmora Blockbuster Vol.3 Set (ask4pc) version 8.1 (HKLM-x32\...\{05001F4F-B629-4631-B587-3069CBC84D37}_is1) (Version: 8.1 - ask4pc)
Filmora Blockbuster Vol.4 Set (ask4pc) version 8.1 (HKLM-x32\...\{842A07B6-3616-4DE5-B19F-398FF4AA2581}_is1) (Version: 8.1 - ask4pc)
Filmora Blockbuster Vol.5 Set (ask4pc) version 8.1 (HKLM-x32\...\{18BC5A60-6818-4A9A-962C-321932A6184A}_is1) (Version: 8.1 - ask4pc)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3970 - OpenSight Software LLC)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
FRITZ!Powerline (HKLM-x32\...\{EB579783-79C4-461A-9493-B9F19EAA23B2}) (Version: 01.02.00 - AVM GmbH)
GoldWave v5.69 (HKLM-x32\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Hercules Webcam Station Evolution (HKLM-x32\...\{B60D61FD-1CB1-4ED5-974E-8C959F14208E}) (Version: 4.1.1.2 - Hercules)
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.2 - Hercules)
IHMC CmapTools v5.05.01 (HKLM\...\IHMC CmapTools v5.05.01) (Version: 5.0.5.1 - Institute for Human & Machine Cognition)
Intel(R) Update Manager (HKLM-x32\...\{AA8BC571-E96E-4478-927F-CB44CC7D7D07}) (Version: 3.5.2247 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.5.1.400 - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
KeepVid Pro(Build 7.1.0.6) (HKLM-x32\...\KeepVid Pro_is1) (Version: 7.1.0.6 - KeepVid Studio)
K-Lite Codec Pack 14.9.4 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.9.4 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kodi (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Kodi) (Version:  - XBMC-Foundation)
LastPass (desinstalar solamente) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
MAGIX Fotos en DVD 2013 Deluxe (HKLM\...\{343C08A0-03A8-40F0-A633-94947F87C61A}) (Version: 12.0.2.78 - MAGIX AG) Hidden
MAGIX Fotos en DVD 2013 Deluxe (HKLM-x32\...\MAGIX_{343C08A0-03A8-40F0-A633-94947F87C61A}) (Version: 12.0.2.78 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{3299045C-D472-45CD-921D-D227A4EFB16B}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3299045C-D472-45CD-921D-D227A4EFB16B}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MemoriesOnTV 4.1.1 (HKLM-x32\...\MemoriesOnTV4_is1) (Version:  - )
MetaProducts StartUp Organizer (HKLM-x32\...\MetaProducts StartUp Organizer) (Version:  - )
Mi Cloud Photo Manager version 1.2.2 (HKLM-x32\...\{B7B80F10-5677-470A-8C2F-BEF7998070D1}_is1) (Version: 1.2.2 - MIUI)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0C0A-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiFlashPro version 3.3.1112.82 (HKLM-x32\...\{3618BC41-BC4C-4B60-8B52-8A24F4D61EC1}_is1) (Version: 3.3.1112.82 - Xiaomi, Inc.)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 68.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 68.0.2 (x64 es-ES)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 68.0.2.7164 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 es-ES)) (Version: 38.5.1 - Mozilla)
Mp3Gain PRO (HKLM-x32\...\Mp3Gain PRO_is1) (Version: 1.01 - Pro-Software.)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version:  - )
Nmap 6.00 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)
OpenOffice 4.1.1 (HKLM-x32\...\{EFC97BC6-345A-4861-ACD5-0D3181252924}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 62.0.3331.116 (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
Oracle VM VirtualBox 6.0.4 (HKLM\...\{79366295-CD6A-4467-9901-4A7DFCF90F40}) (Version: 6.0.4 - Oracle Corporation)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de controladores de Windows - Dimension Engineering USB Serial Converter (03/31/2015 1.0.2.4) (HKLM\...\C30B74ACFAFD1853988384EC603AA996253E38F1) (Version: 03/31/2015 1.0.2.4 - Dimension Engineering)
Paquete de controladores de Windows - Dimension Engineering USB Serial Converter (07/23/2016 1.0.3.17) (HKLM\...\A47B0ACE2D6E8887115B5A5AE0998558DE698070) (Version: 07/23/2016 1.0.3.17 - Dimension Engineering)
Paquete de controladores de Windows - Dimension Engineering USB Serial Converter (11/11/2016 1.0.3.21) (HKLM\...\377DE9679F7155ADE94AA4BCBF4CA02472B49707) (Version: 11/11/2016 1.0.3.21 - Dimension Engineering)
Paquete de controladores de Windows - Dimension Engineering USB Serial Converter (11/12/2015 1.0.3.13) (HKLM\...\32A12E2F88EE40BDBADBB41ECCB8559DEE67F7A3) (Version: 11/12/2015 1.0.3.13 - Dimension Engineering)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Paragon Alignment Tool™ 3.0 (HKLM-x32\...\{4D83E500-4D0C-11DF-A750-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PingStatus 3.0.0 (HKLM-x32\...\PingStatus_is1) (Version:  - )
Plex Media Player (HKLM\...\{FF7510A1-4E26-4007-A555-CDEAB8253650}) (Version: 2.35.1 - Plex) Hidden
Plex Media Player (HKLM-x32\...\{9a3e0f3d-d26a-4b6b-9393-97c2e811e53f}) (Version: 2.35.1 - Plex)
Plex Media Server (HKLM-x32\...\{017EC936-F40B-46B4-B4F3-780FA47060B3}) (Version: 1.16.1226 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{3185722c-8e5f-42f5-a135-7bc633e77ee4}) (Version: 1.16.0.1226 - Plex, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{1499E21B-5E70-404B-95FA-9225A8C514DE}) (Version: 3.0.50 - Portforward, LLC)
PowerLine Utility (HKLM-x32\...\{5D1E5ED5-E436-4A0D-8812-953FFBDFF3B3}) (Version: 1.2.709 - TP-LINK)
Purrint26 (remove only) (HKLM-x32\...\Purrint) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAPID Mode (HKLM\...\{AE75272A-6421-4A65-80F8-31568BCF6E75}) (Version: 1.0.0.101 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RenameMaestro v4.1 (the easy way to rename files and folders) (HKLM-x32\...\{8984F750-69DC-4F22-BF91-152F9195ABD5}_is1) (Version:  - Ulfwood Ltd)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.2.0.1610 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Sidify Music Converter 1.4.1 (HKLM-x32\...\Sidify Music Converter) (Version: 1.4.1 - Sidify)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Snagit 13 (HKLM-x32\...\{35159268-7E2F-47D1-AAF2-A951A61DB5B4}) (Version: 13.1.0 - TechSmith Corporation) Hidden
Snagit 13 (HKLM-x32\...\{f40213e2-b7e5-45fa-9bc3-a671ed6d94ea}) (Version: 13.1.0.7494 - TechSmith Corporation)
SoftPerfect Switch Port Mapper version 1.0.11 (HKLM\...\{AAB4DDA3-D705-4D91-9AFC-46F43422E46A}_is1) (Version: 1.0.11 - SoftPerfect)
Software Logitech Unifying 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Songr (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Songr) (Version: 2.1 - Xamasoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Speedtest by Ookla (HKLM\...\{84EF7A8D-CEC5-44D9-A889-4C576EBCB8C4}) (Version: 1.1.23.001 - Ookla)
Spotify (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Spotify) (Version: 1.1.12.451.gdb77255f - Spotify AB)
Stopping Plex (HKLM-x32\...\{C3FA8D60-EF35-4946-944D-91CD68AFA109}) (Version: 1.16.1226 - Plex, Inc.) Hidden
Tag&Rename 3.9.9 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.9 - Softpointer Inc)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
Telegram Desktop version 1.8.2 (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.2 - Telegram FZ-LLC)
TL-PA511 Powerline Utility (HKLM-x32\...\{54A2A229-5D94-436B-A10E-A66757095A18}) (Version: 1.0 - TP-LINK)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - Nombre de su organización)
TomTom HOME (HKLM-x32\...\{C51F55EC-477D-4385-B951-BDEFA5DFC90B}) (Version: 2.11.6 - Nombre de su organización)
TP-LINK PLC Utility (HKLM-x32\...\{B0E80E49-FBC8-4A5B-B04C-222CBD95B2F6}) (Version: 2.1.2309 - TP-LINK)
TrackChecker version 1.0.15.481 (HKLM-x32\...\{73C4CE23-8D4C-4B67-B1DC-30533208DC3F}_is1) (Version: 1.0.15.481 - )
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
TreeSize V7.0.5 (HKLM\...\TreeSize_is1) (Version: 7.0.5 - JAM Software)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.6 - Tweaking.com)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Skype for Business 2015 (KB4464593) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5BDCA2BB-3BAD-4461-A3A7-35B526AC2039}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4464593) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{5BDCA2BB-3BAD-4461-A3A7-35B526AC2039}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4464593) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5BDCA2BB-3BAD-4461-A3A7-35B526AC2039}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{EF2B2840-ED91-11E2-B66E-F04DA23A5C58}) (Version: 12.0.670 - Sony)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VMware Workstation (HKLM\...\{EB744631-8800-4185-9E00-429A08F2D067}) (Version: 15.0.4 - VMware, Inc.)
VSO Image Resizer 4.0.2.5 (HKLM-x32\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.2.5 - VSO-Software)
Vysor (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Vysor) (Version: 1.8.2 - ClockworkMod)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhatsApp (HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\WhatsApp) (Version: 0.3.4375 - WhatsApp)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.62  - Nullsoft, Inc)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8688 - WinZip Computing, S.L. )
Wondershare Filmora Scrn(Build 2.0.1) (HKLM\...\Wondershare Filmora Scrn_is1) (Version:  - Wondershare Software)
Wondershare Filmora(Build 8.5.2) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
Xtra Controller Ex (HKLM-x32\...\{59579B12-97E6-437E-B988-BA032165D355}) (Version: 4.0.2.1 - Hercules)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.15 - Securax LTD)

Packages:
=========
Blocks Win8 -> C:\Program Files\WindowsApps\52167UnityMakesSoftware.TetrisWin8_1.0.0.13_neutral__r56gw62h6e50j [2018-04-20] (Unity Makes Software) [MS Ad]
Juegos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
Mi cronometro -> C:\Program Files\WindowsApps\316597CA43E00.Micronometro_1.0.0.2_neutral__t7wzpf5qxw5kr [2018-04-20] (r.m.s.)
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
MSN Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
Pong Pong, El juego -> C:\Program Files\WindowsApps\51679SingleTechGames.PongPongEljuego_1.0.0.2_neutral__fzzgtd1s5538m [2018-04-20] (Single Tech Games)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2018-04-20] (Skype) [MS Ad]
Tetris 8 -> C:\Program Files\WindowsApps\43463Simpleisbeautiful.Tetris8_1.0.0.1_neutral__qae2xxv4kam5a [2018-04-20] (Simple Win8)
Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2018-04-20] (Microsoft Corporation) [MS Ad]
Xmarks -> C:\Program Files\WindowsApps\LastPass.Xmarks_1.5.0.15_neutral__qq0fmhteeht3j [2018-04-20] (LastPass)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-09-24] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-09-24] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-09-24] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [$PowerDVD18] -> {EF1ED1FB-2224-4150-B12A-CDDE6D442D5A} => C:\ProgramData\CyberLink\PowerDVD18\OpenWith\PDVD_Shell64.dll [2018-10-02] (CyberLink Corp. -> CyberLink Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [InstallContextMenuEx] -> {00C28BE9-26B6-4224-9DD8-65DC4CF5A535} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\InstallApkWithcPhone.dll [2014-11-03] () [File not signed]
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers1: [SendToContextMenuExt] -> {797B9DC4-9C44-4621-8E63-08DF5C7C476F} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\SendTocPhone.dll [2014-11-03] (TODO: <公司名>) [File not signed]
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-01-20] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers1: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)
ContextMenuHandlers1: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} => C:\Program Files (x86)\TagRename\TRshell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2012-09-24] (Acronis International GmbH -> Acronis)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2009-11-18] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2019-03-25] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2019-03-25] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [ImageResizerShellExt64] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer 4\RSZShell64.dll [2010-09-20] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-01-20] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers4: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} => C:\Program Files (x86)\TagRename\TRshell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2009-11-18] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} => C:\Program Files (x86)\TagRename\TRshell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [DirLister] -> {EF479680-EA35-4EA9-B093-7114F3E3E0DA} => C:\Program Files (x86)\Directory Lister Pro\DirListerExt.dll [2010-01-14] (KRKsoft -> KRKsoft.com)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers6: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2012-09-24] (Acronis International GmbH -> Acronis)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2009-11-18] (WinZip Computing -> WinZip Computing, S.L.)



==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-11-03 15:31 - 2014-11-03 15:31 - 000194048 _____ () [File not signed] C:\Program Files (x86)\IVT Corporation\BlueSoleil\InstallApkWithcPhone.dll
2014-04-07 16:31 - 2014-04-07 16:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000113664 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ctypes.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000173568 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_elementtree.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001800192 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_hashlib.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000032256 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_multiprocessing.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000046080 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_psutil_windows.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000047616 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_socket.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 002230784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ssl.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000026112 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_yappi.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000080896 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\bz2.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 006277632 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\cello.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000014848 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\common.time34.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000007680 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\hashobjs_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000301568 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\PIL._imaging.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000169472 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pyexpat.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001084416 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pysqlite2._sqlite.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000548864 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pythoncom27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000137728 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pywintypes27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000010752 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\select.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020992 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\thumbnails_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000689664 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\unicodedata.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000118784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\usb_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000128512 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32api.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000438784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32com.shell.shell.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000011776 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32crypt.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000023040 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32event.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000149504 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32file.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000223232 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32gui.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000048128 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32inet.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000029696 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pdh.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000027648 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pipe.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000044032 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32process.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020480 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32profile.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000136192 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32security.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000026624 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32ts.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000034304 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.conditional.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000038400 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.connectivity.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000073216 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.device_monitor.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000110592 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.volumes.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020480 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.winwrap.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001325056 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._controls_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001489408 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._core_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001007104 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._gdi_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000103424 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._html2.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000916992 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._misc_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001039872 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._windows_.pyd
2014-11-03 15:31 - 2014-11-03 15:31 - 000353792 _____ () [File not signed] C:\WINDOWS\SYSTEM32\cPhoneSDK.dll
2014-11-03 15:31 - 2014-11-03 15:31 - 000020480 _____ () [File not signed] C:\WINDOWS\SYSTEM32\cPhoneSDKCSps.dll
2014-11-03 15:31 - 2014-11-03 15:31 - 000086528 _____ () [File not signed] C:\WINDOWS\SYSTEM32\cPhoneSDKTL.dll
2012-09-24 17:50 - 2012-09-29 18:58 - 001323008 _____ (Acronis) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000013824 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp
2017-05-09 09:40 - 2017-05-09 09:40 - 000475648 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000716288 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\sqlite3.dll
2017-05-16 10:02 - 2017-05-16 10:02 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2019-08-24 08:27 - 2019-08-24 08:27 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\python27.dll
2015-11-11 11:06 - 2011-08-30 14:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2015-11-11 11:06 - 2011-08-01 19:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2014-11-03 15:31 - 2014-11-03 15:31 - 001177088 _____ (TODO: <公司名>) [File not signed] C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneControl64.dll
2014-11-03 15:28 - 2014-11-03 15:28 - 000048128 _____ (TODO: <公司名>) [File not signed] C:\Program Files (x86)\IVT Corporation\BlueSoleil\SendTocPhone.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_net_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_adv_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_core_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_html_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_webview_vc90_x64.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 001519104 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfl340.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 000256000 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfle340.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Joker\Configuración local:ZsXli6ibGf5XPbD1cTWgbL [2404]
AlternateDataStreams: C:\Users\Joker\AppData\Local:ZsXli6ibGf5XPbD1cTWgbL [2404]
AlternateDataStreams: C:\Users\Joker\AppData\Local\Datos de programa:ZsXli6ibGf5XPbD1cTWgbL [2404]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-07-13 12:00 - 2019-07-13 12:02 - 000000922 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\KDeasy;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Nmap;C:\adb;C:\Program Files (x86)\Skype\Phone\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\wbem;C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile;C:\Program Files\FileBot\
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joker\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\blood pour (dual screen) [33650x1050].jpg
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ralink Wireless Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Translate Client.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TSC_SI_13.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "CamserviceExchange"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "AMD AVT"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "MiPhoneManager"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "YouCam Service7"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\StartupApproved\Run: => "MiPhoneManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{01085F37-101E-48B8-906F-3FA40D5A1DFF}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D7B466D-277F-425A-AD8C-6B479EC21B40}] => (Allow) LPort=8298
FirewallRules: [UDP Query User{DD1159B6-2868-488A-95DA-1D65BE7078D6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F72E1BA1-CCAE-497F-9FB7-53D72D077808}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [UDP Query User{92543281-037D-4D87-BA03-DA6BE8AD8C88}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{96946C71-64EC-4970-9DED-3683C077A1F1}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{418C6814-BB42-4B36-AA2B-3B132197DAB6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{995AC704-F407-401F-95D2-E585BFD4B8EC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{FFB2E23B-9DDB-4CEC-9EA2-7D696A57E69E}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{70FC3294-12A5-423F-ADBB-9B442A97C198}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{8827A930-FAE3-4FAE-92CB-73DA84AE7E8E}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{08841FD4-02F1-49DD-92B5-BCA9F3D5070C}] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{407C78B4-9B5E-4067-BCDF-1705BE55B37F}] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{FFDC6297-2ACD-407B-B520-168708A5C53E}C:\users\joker\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joker\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A28F015F-3CAC-4395-865A-9B90068495C1}C:\users\joker\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joker\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{CA038448-A462-41FD-A7D8-7E3FB2A95CB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN) [File not signed]
FirewallRules: [UDP Query User{5261031E-AC40-47A8-87FF-590196DAC439}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN) [File not signed]
FirewallRules: [{76FD1335-A1F1-45D0-9E9A-B18F01635931}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN) [File not signed]
FirewallRules: [{150E4CDD-71C6-4FB3-BC05-5F847824DEBC}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN) [File not signed]
FirewallRules: [{AA598CF5-D9F1-428B-9556-85EA24416CC9}] => (Allow) C:\Program Files (x86)\Directory Lister Pro\DirListerPro.exe (KRKsoft) [File not signed]
FirewallRules: [{A2F74BBE-9FD1-482C-B12A-9A7AB78F42EA}] => (Allow) C:\Program Files (x86)\Directory Lister Pro\DirListerPro.exe (KRKsoft) [File not signed]
FirewallRules: [{3A9B7B2F-4866-48D2-8C47-A8FCC795D671}] => (Allow) C:\Program Files (x86)\Directory Lister Pro\DirListerPro.exe (KRKsoft) [File not signed]
FirewallRules: [{5EB2B684-ADBB-4FFC-8B3F-3D948A88C089}] => (Allow) C:\Program Files (x86)\Directory Lister Pro\DirListerPro.exe (KRKsoft) [File not signed]
FirewallRules: [{301DA382-0DA5-4E71-A33A-E72399F0C250}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{203B17E8-08A8-4680-84FB-BE4737A229BE}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe] => (Allow) C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe (Guillemot Corporation -> Guillemot Corporation S.A.)
FirewallRules: [UDP Query User{A18C62E8-9915-48CA-82BD-EC6B19370DA4}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe] => (Allow) C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe (Guillemot Corporation -> Guillemot Corporation S.A.)
FirewallRules: [{282555FD-4B61-41FF-9985-344A04850290}] => (Allow) C:\Windows\Prey\versions\1.1.5\bin\node.exe (Joyent Inc -> Joyent, Inc)
FirewallRules: [TCP Query User{B9B301E9-C0E5-4A69-B3BF-F12BC6D34C2C}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [UDP Query User{FC7A3AE6-632F-424E-A0AD-B22F0C8EBB62}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [TCP Query User{65B2E832-14EC-46C0-A05F-1B1452701C34}M:\powerline utility\powerline scan\powerline scan.exe] => (Allow) M:\powerline utility\powerline scan\powerline scan.exe No File
FirewallRules: [UDP Query User{DCA42568-063A-4B00-A650-01299B4C1331}M:\powerline utility\powerline scan\powerline scan.exe] => (Allow) M:\powerline utility\powerline scan\powerline scan.exe No File
FirewallRules: [TCP Query User{10801F95-D02F-4554-8E28-6F648B868E53}L:\backups\tp_link 551kit cd\powerline utility\powerline scan\powerline scan.exe] => (Allow) L:\backups\tp_link 551kit cd\powerline utility\powerline scan\powerline scan.exe (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
FirewallRules: [UDP Query User{149F290C-F0C5-42AC-9E39-CDD22DE35902}L:\backups\tp_link 551kit cd\powerline utility\powerline scan\powerline scan.exe] => (Allow) L:\backups\tp_link 551kit cd\powerline utility\powerline scan\powerline scan.exe (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
FirewallRules: [TCP Query User{9214F225-F3F8-45FF-A55C-BCCA4F9627AF}C:\program files (x86)\hercules\dualpix exchange\xtrctrlex.exe] => (Allow) C:\program files (x86)\hercules\dualpix exchange\xtrctrlex.exe (Guillemot Corporation -> Guillemot Corporation S.A.)
FirewallRules: [UDP Query User{879BF750-0770-4C62-8498-78C58A0F1AEA}C:\program files (x86)\hercules\dualpix exchange\xtrctrlex.exe] => (Allow) C:\program files (x86)\hercules\dualpix exchange\xtrctrlex.exe (Guillemot Corporation -> Guillemot Corporation S.A.)
FirewallRules: [{752E1F10-102E-4D3C-913A-5FFADD2F656C}] => (Allow) C:\Users\Joker\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A578CECB-5153-416F-8E8D-59651FE4F1BF}] => (Allow) C:\Users\Joker\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{47C7040B-3B14-448E-BD2E-3A037B677050}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe (Giga-Byte Technology -> GIGABYTE)
FirewallRules: [UDP Query User{04359FF7-328B-4ED8-8F81-7DF87274D72D}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe (Giga-Byte Technology -> GIGABYTE)
FirewallRules: [TCP Query User{87EBF83B-5395-48FD-96AB-B8E983762EF5}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\et6\gbtupd.exe (Giga-Byte Technology -> GIGABYTE)
FirewallRules: [UDP Query User{A3067BE5-F7CA-4828-B002-D9E756FB7DA1}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\et6\gbtupd.exe (Giga-Byte Technology -> GIGABYTE)
FirewallRules: [{0236F985-ECE3-44C7-857D-3F4B333C0CBC}] => (Allow) C:\Windows\Prey\versions\1.4.2\bin\node.exe (Joyent, Inc -> Joyent, Inc)
FirewallRules: [{7DB3988F-4CD4-44D1-9E8C-1C86B0106471}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{A6DC503C-1CD4-4B5F-AE13-79835DFFB3D1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{4F05D663-A6E5-44EB-95B6-2AA9E6750833}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{4D569127-8EDC-4E4C-B8FC-3F3B752C7D05}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{073FA51E-826C-4BF6-A7E4-0EFD1527A0F7}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{5ECFF95E-2F50-48C4-A869-F8BFE9442999}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{8C988FC9-D8F8-4669-B8C7-C3BFD4223FCF}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1CC11895-C31A-4B69-B60A-07681FDED0A5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{EE8464D9-8910-4A5F-8A80-9922F220F1BA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{163BDE8D-BF07-4E83-9619-6EC5E2BB4718}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{A56136DA-30FD-4986-A325-C6CF93B340FF}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{63B12524-8112-41B0-8415-D421FE081937}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{54CF439F-E40A-454F-A482-C21629C53927}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{85DA6D22-DD6A-404A-9CA6-5EA969E226EC}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{DC161370-8C2E-4C53-81E3-20B84D646964}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{A36A246D-4FCC-4603-A89C-7CE8A8E6B6F1}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{F4398D58-3CDD-418A-B835-77AAC15E6C12}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{DAEDBC2E-7D39-4FC9-87E4-53AC3EF591E0}] => (Allow) M:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{9AAEFEFA-EB92-4199-9188-FF4E5F4924C9}] => (Allow) M:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{A21717C8-69E8-4D2A-AED2-C9AE6E4F39AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{02D6A3C4-3F28-4A33-9B57-A461010A1E09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9CE182E6-875B-414A-B7C4-AD3CFACABBCE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5928F730-4C50-41FB-A218-036B2814F801}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C255DC3F-66ED-4FB8-979F-8D5FB3CEB79E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{67DAFC55-383E-4BFA-93BD-BF17A0D0E989}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CDEC5497-ED8E-4D9A-B48E-5292765E965A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD8D89F5-EAE6-4D98-AB20-811528579B35}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46457A70-B045-4C48-BBFF-E04BB49F4B71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4DA278A7-B873-4D75-BFF0-6BEF2C956571}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D20F55D0-A390-49D4-8316-C6704FDFE8D0}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe] => (Allow) C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe (Guillemot Corporation -> Guillemot Corporation S.A.)
FirewallRules: [UDP Query User{5C07F2BC-D066-4A08-A744-CE74708BA6A3}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe] => (Allow) C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe (Guillemot Corporation -> Guillemot Corporation S.A.)
FirewallRules: [{DE518E22-A5F9-42FF-A1B2-7CCEF38BF6E6}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{F3FA8BE8-FA42-46AF-9651-DEA0C744A0AD}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{B7C93EFF-7667-4A2D-B3E1-EE22A69B1DE6}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{52DC5034-45AC-4367-82C1-F237254A8EE4}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{EC133777-0B58-47E3-BC3E-CDC467484FE2}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{E90DA844-DFF2-4041-A077-AADCFE17D673}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{CD16D20B-6D8D-4BFD-8354-ED81563E816B}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{69C92582-4290-4C09-BA87-182B72E12CFF}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [TCP Query User{A1D07DE4-A2D5-49AA-A663-4FDF1A57F774}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{72C063A7-59B6-411A-BFD8-A16FE3F91E10}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2C303EE1-8C8A-42EF-A728-043D77A46AB8}] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1D476381-14AF-4C46-BA62-54AA9AD6DD08}] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{89AC34C9-DBE4-4C95-A8B6-9CE43C5F459E}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe] => (Allow) C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe No File
FirewallRules: [UDP Query User{38870C94-8D51-4A61-B142-4E7ECDF9D323}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe] => (Allow) C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe No File
FirewallRules: [TCP Query User{E1F2E49C-F8EE-4295-8C1D-5463DBE475C7}C:\users\joker\appdata\local\vysor\app-1.8.2\vysor.exe] => (Allow) C:\users\joker\appdata\local\vysor\app-1.8.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{DEE269C0-FC15-435D-8620-C8E652BB148F}C:\users\joker\appdata\local\vysor\app-1.8.2\vysor.exe] => (Allow) C:\users\joker\appdata\local\vysor\app-1.8.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{DDD26BCF-8105-4D85-8591-98973CE6532B}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [UDP Query User{CC251FBE-CCED-4940-ABC6-FF7B2B668D67}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [TCP Query User{8E29B310-AFB0-47C2-BF15-3EB81C19D73D}C:\users\joker\desktop\programas instalados\red\netscan.exe] => (Allow) C:\users\joker\desktop\programas instalados\red\netscan.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect)
FirewallRules: [UDP Query User{03A60E00-69E3-4E27-8D98-505EA76C78C5}C:\users\joker\desktop\programas instalados\red\netscan.exe] => (Allow) C:\users\joker\desktop\programas instalados\red\netscan.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect)
FirewallRules: [TCP Query User{58B5AA6D-0DB5-48AC-9A0B-03DCBA2D4216}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [UDP Query User{67048E8F-5051-4A32-BAD5-3DF620164229}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [{645F6575-8A76-4D0D-B980-BBF7891AE8C1}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{5199E73F-7B79-447C-B793-1127FB3C46C9}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{1E201F50-E28A-4677-9486-BDF9E5460003}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe (SECURAX -> )
FirewallRules: [UDP Query User{CD55722C-1A05-4E49-9243-4FC8C569AA9F}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe (SECURAX -> )
FirewallRules: [{B0BC3AC8-D70F-4398-A20A-D5F34A4E917F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{153CCBC5-A68C-480D-A198-3382DA550D1B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSServerPDVD18.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{916C20CF-DFE8-4B6E-851B-60440FFF0DF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B036D347-615F-4D28-91D3-C3EF42F5A54B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7BE85498-F244-4B04-91B7-93BDFC964F61}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\CastingStation.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{3C8C9484-972E-4AEC-B372-7C039E0570FB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{76C85BB8-87D6-4368-8D0D-6BAD0D783026}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{9EDCD902-EA78-4C55-8C2B-DB00B4F82A45}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{230685AD-DBCB-41E8-A10E-444ABBB3B00C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [TCP Query User{0796DC1D-7065-4D2A-BF3E-98FE2F472686}C:\program files (x86)\tp-link\tp-link plc utility\tpplc.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\tpplc.exe (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
FirewallRules: [UDP Query User{EFF5E5F8-0C5B-4257-8E0A-776AC3F8F7FD}C:\program files (x86)\tp-link\tp-link plc utility\tpplc.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\tpplc.exe (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
FirewallRules: [TCP Query User{412A9CBF-8F1B-4BBB-874E-11D3EFFC1BF8}C:\users\joker\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\joker\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{743E6412-F94D-4F77-9E21-0E3D426B4791}C:\users\joker\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\joker\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{698DEAA5-4204-4B6D-83E8-530351C7B548}C:\users\joker\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\joker\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{C2E15651-F4DC-4426-BDA5-2481925DA1C5}C:\users\joker\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\joker\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [{E73824ED-004F-4706-BF3C-E01B12613262}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C2D61C76-1625-4F8C-AB1C-F7DEC5BED992}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4421C026-8DD9-4C3D-844B-CEB1F102163A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{E32E76DE-38CA-402F-84C9-64A692948D46}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{6E275226-A7E8-4F55-ACD9-7086101C34A9}] => (Allow) C:\Users\Joker\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AB382CFF-97A2-4F62-A474-7CAB2146276B}] => (Allow) C:\Users\Joker\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9CF0B28A-F1B5-4700-83D3-07548D6113FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{70DEF273-903C-4E31-942E-345A1D4A25C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EA87D43A-1FB5-4E54-9987-B1D60FB358CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{53ECF00B-068C-498C-8DA9-F963D90F6221}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8AEB4816-DF93-4F1A-A529-BB32CEF961B7}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{CD2A8459-3AE2-4389-BB7D-10229A6F051B}] => (Allow) C:\Program Files\Plex\Plex Media Player\PlexMediaPlayer.exe (Plex, Inc -> )
FirewallRules: [{FCCEB34A-1FA2-4A2C-A98A-C4A3A01794F6}] => (Allow) C:\Program Files\Plex\Plex Media Player\PMPHelper.exe () [File not signed]
FirewallRules: [{C5CF9A19-EADB-455B-9007-AA076602D379}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{769998B7-696A-45D7-AECE-4D3017F54F58}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [{CCD76DE9-60FC-4154-867A-CC8238361A53}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{1FD06504-5BEF-4A34-A8E6-2D91F704B2DF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc -> )
FirewallRules: [TCP Query User{23951A95-A0F9-43D9-BEF4-23B8EDFCAE48}C:\program files (x86)\miflashpro\xldl\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\miflashpro\xldl\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{E5806382-635C-4951-9362-9195BF7C4F51}C:\program files (x86)\miflashpro\xldl\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\miflashpro\xldl\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{3F758E08-0860-4C8E-A6B3-757CD82EFC0B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Windows\system32\rundll32.exe] => *:Enabled:rundll32

==================== Restore Points =========================

19-08-2019 16:04:29 Installed HexEdit
23-08-2019 22:48:35 AdwCleaner_BeforeCleaning_23/08/2019_22:48:35

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2019 10:48:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (08/23/2019 09:57:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: No se optimizó el volumen Reservado para el sistema (F:) porque se detectó un error: El parámetro no es correcto. (0x80070057)

Error: (08/23/2019 09:10:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: No se optimizó el volumen Reservado para el sistema (F:) porque se detectó un error: El parámetro no es correcto. (0x80070057)

Error: (08/22/2019 09:16:04 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/21/2019 11:11:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 6.3.9600.18460, marca de tiempo: 0x57c1b8c1
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.19304, marca de tiempo: 0x5c7f684f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0000000000081698
Identificador del proceso con errores: 0x12a0
Hora de inicio de la aplicación con errores: 0x01d5584e3db8f22b
Ruta de acceso de la aplicación con errores: C:\WINDOWS\Explorer.EXE
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 3236f9b7-c458-11e9-8ca5-00241dd6a5ad
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (08/21/2019 10:52:22 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/21/2019 12:17:31 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/19/2019 04:04:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.


System errors:
=============
Error: (08/24/2019 08:27:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019082706986-ntuser.dat

Error: (08/24/2019 08:26:04 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio VMware Workstation Server se cerró con el error específico de servicio 
%%4294967295

Error: (08/24/2019 08:22:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019082202548-ntuser.dat

Error: (08/24/2019 07:58:57 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019075857204-ntuser.dat

Error: (08/24/2019 07:57:02 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019075702615-ntuser.dat

Error: (08/24/2019 07:56:57 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019075657372-ntuser.dat

Error: (08/24/2019 07:46:48 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019074647692-ntuser.dat

Error: (08/24/2019 07:46:41 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a117\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1429871492-45722225-1832122274-1001-08242019074641562-ntuser.dat


Windows Defender:
===================================
Date: 2019-08-24 07:54:34.721
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Nombre: HackTool:Win32/Patcher
Id.: 2147659947
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_J:\amtemu.v0.9.2-painter.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: EGONAUTA\Joker
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.299.2325.0, AS: 1.299.2325.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-24 07:50:41.228
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: containerfile:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe;file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.exe]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.299.2325.0, AS: 1.299.2325.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-24 07:50:12.539
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: containerfile:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe;containerfile:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe;file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.exe];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.exe]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: EGONAUTA\Joker
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.299.2325.0, AS: 1.299.2325.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-24 07:49:48.077
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: containerfile:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe;containerfile:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe;file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.exe];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.exe]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: EGONAUTA\Joker
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.299.2325.0, AS: 1.299.2325.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-24 07:49:40.539
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: containerfile:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe;file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll];file:_J:\PROGRAMAS EXTRAS\KMSpico.v10.2.0.FINAL-heldigard\KMSpico Portable\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.exe]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: EGONAUTA\Joker
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.299.2325.0, AS: 1.299.2325.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.16200.1, NIS: 2.1.14600.4

CodeIntegrity:
===================================

Date: 2019-08-24 08:11:54.174
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-24 08:11:53.658
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-24 07:04:51.953
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-24 07:04:51.669
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-23 23:37:21.318
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-23 23:37:20.797
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-23 21:46:53.092
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-23 21:46:52.660
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: Award Software International, Inc. F5 03/10/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-MA785GT-UD3H
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 21%
Total physical RAM: 16381.07 MB
Available physical RAM: 12894.02 MB
Total Virtual: 32765.08 MB
Available Virtual: 29056.93 MB

==================== Drives ================================

Drive c: (W8 RTM) (Fixed) (Total:209.25 GB) (Free:37.07 GB) NTFS
Drive d: (XP Home) (Fixed) (Total:20.22 GB) (Free:5.44 GB) NTFS
Drive e: (Datos) (Fixed) (Total:307.78 GB) (Free:94.51 GB) NTFS
Drive f: (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (MULTIMEDIA) (Fixed) (Total:931.51 GB) (Free:136.37 GB) NTFS
Drive h: (SERIES) (Fixed) (Total:390.62 GB) (Free:325.91 GB) NTFS
Drive j: (Almacen) (Fixed) (Total:1081.76 GB) (Free:656.19 GB) NTFS
Drive l: (Copia Segur) (Fixed) (Total:603.51 GB) (Free:215.37 GB) NTFS
Drive n: (Virtual Machines 2) (Fixed) (Total:390.62 GB) (Free:95 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 426FF260)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=209.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: F8DA30FD)
Partition 1: (Active) - (Size=20.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=307.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=603.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2EF94F75)
Partition 1: (Not Active) - (Size=1081.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 33EF91AE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08-2019
Ran by Joker (administrator) on EGONAUTA (Gigabyte Technology Co., Ltd. GA-MA785GT-UD3H) (24-08-2019 08:33:30)
Running from C:\Users\Joker\Desktop
Loaded Profiles: Joker (Available Profiles: Joker & Administrador)
Platform: Windows 8.1 Pro (Update) (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM GmbH) [File not signed] C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSMonitorServicePDVD18.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSServerPDVD18.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Ivaylo Beltchev -> IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(IVT CORPORATION -> IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(IVT CORPORATION -> IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(IVT CORPORATION -> IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(IVT CORPORATION -> IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Joker\AppData\Local\Programs\Opera\62.0.3331.116\opera_crashreporter.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Ralink Technology Corporation -> Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology Corporation -> Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [404200 2012-09-24] (Acronis International GmbH -> Acronis)
HKLM\...\Run: [CamserviceExchange] => C:\Program Files (x86)\Hercules\Dualpix Exchange\XtrCtrlEx.exe [3382568 2011-09-07] (Guillemot Corporation -> Guillemot Corporation S.A.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [123488 2017-11-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46993264 2019-06-27] (Google LLC -> )
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24860136 2019-06-13] (Plex, Inc -> Plex, Inc.)
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Run: [Amazon Music Helper] => C:\Users\Joker\AppData\Local\Amazon Music\Amazon Music Helper.exe [2385336 2019-06-26] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\scrnsave.scr [11776 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24860136 2019-06-13] (Plex, Inc -> Plex, Inc.)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-19] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{67187239-0780-4d9b-895B-7F0968AA474E}] -> C:\Program Files (x86)\CyberLink\YouCam7\CLCredProv\x64\CLCredProv.dll [2015-06-23] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{BE423CF8-7C59-4179-B70C-88901B6EC506}] -> C:\Windows\system32\IVTcPhoneProvider.dll [2014-11-03] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{EF1BCB6C-FEA5-4a04-905F-190375E5B996}] -> C:\Windows\system32\IVTCredentialProvider.dll [2016-04-07] (IVT CORPORATION -> )
HKLM\Software\...\Authentication\Credential Provider Filters: [{67187239-0780-4d9b-895B-7F0968AA474E}] -> C:\Program Files (x86)\CyberLink\YouCam7\CLCredProv\x64\CLCredProv.dll [2015-06-23] (CyberLink Corp. -> CyberLink)
Lsa: [Notification Packages] scecli IVTCredentialProvider
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E5E2C2-9ED2-40A9-9AEF-6386AFC51B8B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {0BC2A04E-516F-444B-B9F1-0CC90C2C83A1} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {0E9EFDC2-7DE1-40EE-827F-CB4778E442A0} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {18AA0ED9-E096-4520-BCC0-F0BCA37E2F9F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {22087000-C7F6-451C-AB43-A6386C8E7B73} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {3902983E-EEAA-4810-BD2B-43774DE61B8B} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [71232 2016-09-06] (TechSmith Corporation -> TechSmith Corporation)
Task: {42AD62F3-73D5-47C6-B534-4436A452642A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {42EEFFBD-CB83-49E0-A0DD-5A97766B1A0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-12-21] (Intel(R) Update Manager -> Intel Corporation)
Task: {4A314217-E253-453A-B700-E47C33270142} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {4B562412-B309-4DDD-9019-B899B42C30D7} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {4C3F4C26-82F0-43ED-AF4C-73A718F02BD2} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {5487D762-D542-494B-BB66-5945E3C8BBC3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-12-21] (Intel(R) Update Manager -> Intel Corporation)
Task: {557FBF04-3439-4081-9B19-C40D8BA63749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd -> Piriform Ltd)
Task: {5984160B-7FAA-4564-9716-756A2A336AF2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1429871492-45722225-1832122274-1001 => {F063A606-6748-4B89-82A0-3D19D94CE8D3} C:\Windows\System32\VaultRoaming.dll [92672 2014-11-21] (Microsoft Windows -> Microsoft)
Task: {5B9EAA2A-2ADB-4532-9D44-2D222521A152} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6426D1C8-C6C2-4C29-937F-160787B6F1D2} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [6191616 2017-05-16] () [File not signed]
Task: {7652ECA2-7724-42F1-A9CE-572BB2F42F03} - System32\Tasks\{1CED264A-6DDC-442A-8B6A-389F2D8D6D96} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/es/abandoninstall?page=tsWLM
Task: {778A7071-35F9-4015-ABAD-6709BD52CA8E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {84CDE8E5-E10E-4EC8-A777-221BF7E174F5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {87334650-8CAD-4420-8528-B18234D9BAED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BC76B44-4B99-48E5-8970-A26A90B0EC8B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2019-03-21] () [File not signed]
Task: {97F990C6-9764-4E15-846B-82B220F6B7E1} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {98649524-990E-4F55-8110-7A66FEB28C1D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Joker\Downloads\esetonlinescanner_esn.exe
Task: {9C1AF074-2915-4817-8344-287F92028DD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {9D066FBC-1459-4AB8-A5CF-7CAFB50505DA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe [1138320 2018-01-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {AB6E005C-73C2-4FA4-85AD-2D18A97BB377} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {AB8E64B0-57E1-4A61-8831-7ABE837C872B} - System32\Tasks\elevated_GodMode_1~EMUCODrekoJsresUC => C:\Users\Joker\Documents\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Task: {B4A837A8-5189-45D8-9E5B-0D5F4900E6E6} - System32\Tasks\{6D45AC4F-143D-4BAE-88E1-29C21434E02B} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Joker\Desktop\pingest.exe -d C:\Users\Joker\Desktop
Task: {B6110277-0CF4-48FD-81D1-1473128CDDDB} - System32\Tasks\{FA29C888-AD5F-4505-A58C-58DD98961442} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\VMware\VMware Workstation\Uninstaller\\uninstall.exe" -c -x -S "C:\ProgramData\VMware\VMware Workstation\Uninstaller\"
Task: {C216B866-AD07-4A2C-AC2A-546802D24ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {C66C811C-A180-498F-8478-7AA5D3297A63} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {CAD7B40F-F1DB-47BF-95BC-04E3D50BA70F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Joker\Downloads\esetonlinescanner_esn.exe
Task: {CDCF7F70-ECDC-433E-A145-69C5DB8C5529} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {CE682313-4E81-473D-BA50-B79B064853E2} - System32\Tasks\{4A789155-EBB5-41C2-B957-2854FCEBBF9C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\JDownloader\JDUninstall.exe"
Task: {DC0D2A8C-3273-48BC-907E-24289024595B} - System32\Tasks\Opera scheduled Autoupdate 1553411691 => C:\Users\Joker\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {F1C669AA-BCA3-4A49-A308-7268E7D3F5A4} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F25C9FC9-10C5-47B9-95D8-1DD640CED457} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-14] (Adobe Inc. -> Adobe)
Task: {F2808F36-71F1-46BD-A855-36B3EFEFAF63} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {FE51BA1A-8507-4BE9-B8A7-4EB5D1E29CDC} - System32\Tasks\{30FF471F-36DB-4F44-8C41-5962B47FE08A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\CyberLink\PowerDVD18\Common\CLVirtualDriver\Drivers\DriverInstaller.exe" -d "C:\Program Files (x86)\CyberLink\PowerDVD18" -c /i CLVirtualBus02.inf DE85B8F3-D088-4D6E-A970-EE0BC7883A66

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 10 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\WINDOWS\system32\wlidnsp.dll [74240 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{9CB40C20-3DF5-4256-9B89-08AD1425D954}: [DhcpNameServer] 80.58.61.254 80.58.61.250

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1429871492-45722225-1832122274-1001 -> {BFAD8314-A960-41EA-81EA-B0DC17C60895} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-09] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-09] (Eyeo GmbH -> Adblock Plus) [File not signed]
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1429871492-45722225-1832122274-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\SysWow64\skype4com.dll [2016-04-07] (IVT CORPORATION -> Skype Technologies)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File



FireFox:
========
FF DefaultProfile: ytm88g4y.default-1549782345937
FF ProfilePath: C:\Users\Joker\AppData\Roaming\TomTom\HOME\Profiles\duiawnw0.default [2019-06-30]
FF Extension: (Emulator) - C:\Users\Joker\AppData\Roaming\TomTom\HOME\Profiles\duiawnw0.default\Extensions\[email protected] [2017-08-02] [Legacy] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2019-06-30] [Legacy] [not signed]
FF ProfilePath: C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 [2019-08-24]
FF Homepage: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> hxxps://www.google.es/
FF NetworkProxy: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937 -> Enabled: [email protected]
FF Extension: (SaveFrom.net helper) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-08-21]
FF Extension: (New Tab Override) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-07-04]
FF Extension: (Simple Translate) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-08-23]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-08-14]
FF Extension: (Tab Session Manager) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-02-16]
FF Extension: (Google Translator for Firefox) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-02-10]
FF Extension: (Tree Style Tab) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-08-09]
FF Extension: (Undo Closed Tabs Menu) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\[email protected] [2019-02-10]
FF Extension: (Absolute Right Click) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\{9350bc42-47fb-4598-ae0f-825e3dd9ceba}.xpi [2019-02-10]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Joker\AppData\Roaming\Mozilla\Firefox\Profiles\ytm88g4y.default-1549782345937\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF ProfilePath: C:\Users\Joker\AppData\Roaming\KompoZer\Profiles\p6ke3a9j.default [2018-08-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-03-14] [not signed]
FF HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Joker\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-14] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-1429871492-45722225-1832122274-1001: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Joker\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2019-05-22]

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default [2019-08-24]
CHR Extension: (Presentaciones) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-17]
CHR Extension: (Documentos) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-17]
CHR Extension: (Google Drive) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-17]
CHR Extension: (YouTube) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-17]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-10]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-06-29]
CHR Extension: (Hojas de cálculo) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-08-23]
CHR Extension: (Tab Session Manager) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiomicjabeggjcfkbimgmglanimpnae [2019-06-17]
CHR Extension: (Tab Activate) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj [2019-06-17]
CHR Extension: (Player para ver Movistar+) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2019-06-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-17]
CHR Extension: (eXkup) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogffpkaafebiehkphjadgdlhbkmkgajg [2019-06-18]
CHR Extension: (Gmail) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\Joker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-07]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Vertical Tabs) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2019-03-24]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-08-23]
OPR Extension: (Tabs to the front!) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\klopcmjfbnloijpmjheabncmohieaaoo [2019-03-24]
OPR Extension: (SaveFrom.net helper) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2019-08-23]
OPR Extension: (Mate Translate – translator, dictionary) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2019-04-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [238080 2012-11-16] (Advanced Micro Devices, Inc. -> AMD)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc. -> Apple Inc.)
R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [245760 2017-02-28] (AVM GmbH) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [4032816 2016-04-07] (IVT CORPORATION -> IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [160560 2016-04-07] (IVT CORPORATION -> IVT Corporation)
R2 cPhoneSDKCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [279968 2014-11-03] (IVT CORPORATION -> IVT Corporation)
S4 CronService; C:\Windows\Prey\versions\1.1.3\bin\windows\cronsvc.exe [18432 2014-05-05] (Fork Ltd.) [File not signed]
R2 CyberLink PowerDVD 18 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSMonitorServicePDVD18.exe [130744 2018-10-02] (CyberLink Corp. -> CyberLink)
R2 CyberLink PowerDVD 18 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSServerPDVD18.exe [375992 2018-10-02] (CyberLink Corp. -> CyberLink)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-12-21] (Intel(R) Update Manager -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2120168 2019-06-13] (Plex, Inc -> Plex, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28768 2017-11-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Sony Mobile Communications -> Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [690424 2019-01-25] (Oracle Corporation -> Oracle Corporation)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15446960 2019-03-25] (VMware, Inc. -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-05-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-05-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\KeepVid\KeepVid Pro\DriverInstall.exe [109688 2018-01-09] (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [11922944 2012-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [359936 2012-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [80552 2012-09-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [26280 2012-09-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 androidusb; C:\WINDOWS\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Google Inc)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 athrusb; C:\WINDOWS\system32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 BlueletAudio; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT CORPORATION -> IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT CORPORATION -> IVT Corporation)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-06-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 BT; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT CORPORATION -> IVT Corporation.)
S3 BTCOM; C:\WINDOWS\system32\DRIVERS\btcomport.sys [28456 2014-10-16] (IVT CORPORATION -> IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [53776 2016-01-25] (IVT CORPORATION -> IVT Corporation.)
R3 BtHidBus; C:\WINDOWS\System32\Drivers\BtHidBus.sys [22568 2014-08-12] (IVT CORPORATION -> IVT Corporation.)
R2 CLFCL5.18; C:\WINDOWS\system32\DRIVERS\CLFCL5.18\000.fcl [46848 2018-10-02] (CyberLink Corp. -> CyberLink Corp.)
R3 CLVirtualBus02; C:\WINDOWS\System32\drivers\CLVirtualBus02.sys [111840 2018-10-02] (CyberLink Corp. -> CyberLink)
R3 clwvd; C:\WINDOWS\system32\DRIVERS\clwvd.sys [31088 2010-08-20] (CyberLink -> CyberLink Corporation)
R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corp. -> CyberLink Corporation)
S3 DESerialPort; C:\WINDOWS\system32\DRIVERS\DimensionSerialPort.sys [24576 2016-11-12] (Dimension Engineering LLC -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 etdrv; C:\Windows\etdrv.sys [25640 2018-01-31] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2018-01-31] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2018-01-31] (GIGA-BYTE TECHNOLOGY CO., LTD -> )
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-05-29] (SurfRight B.V. -> )
R3 hxctlflt; C:\WINDOWS\System32\Drivers\hxctlflt.sys [111104 2009-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Guillemot Corporation)
R3 IvtAudioBusSrv; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT CORPORATION -> IVT Corporation.)
R3 IvtComBusSrv; C:\WINDOWS\System32\Drivers\btcombus.sys [25824 2014-05-06] (IVT CORPORATION -> IVT Corporation.)
R3 IvtPanBusSrv; C:\WINDOWS\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT CORPORATION -> IVT Corporation.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-24] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\WINDOWS\system32\DRIVERS\netr28ux.sys [2408208 2013-06-18] (Mediatek Inc. -> Ralink Technology Corp.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software Pty Ltd -> PassMark Software)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-01-05] (PAIPTAC  Driver -> )
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RTL8168; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [287360 2017-11-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119424 2017-11-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [3552384 2009-04-22] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [54104 2015-07-22] (STMicroelectronics -> STMicroelectronics)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [1093256 2012-11-19] (Acronis, Inc -> Acronis)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [235832 2019-01-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247216 2019-01-28] (Oracle Corporation -> Oracle Corporation)
S3 VHidMinidrv; C:\WINDOWS\system32\drivers\VHIDMini.sys [18088 2014-08-12] (IVT CORPORATION -> IVT Corporation.)
R2 vmparport; C:\WINDOWS\system32\DRIVERS\vmparport.sys [49216 2019-03-25] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [92040 2018-06-22] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-05-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-05-16] (Microsoft Windows -> Microsoft Corporation)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-24 08:33 - 2019-08-24 08:34 - 000051689 _____ C:\Users\Joker\Desktop\FRST.txt
2019-08-24 08:33 - 2019-08-24 08:33 - 000000000 ____D C:\FRST
2019-08-24 08:27 - 2019-08-24 08:27 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-24 08:27 - 2019-08-24 08:27 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-24 08:27 - 2019-08-24 08:27 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-24 08:26 - 2019-08-24 08:26 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-24 08:24 - 2019-08-24 08:31 - 000003760 _____ C:\Users\Joker\Desktop\Nuevo documento de texto.txt
2019-08-24 08:11 - 2019-08-24 08:11 - 001612800 _____ (Farbar) C:\Users\Joker\Desktop\FRST64.exe
2019-08-24 07:08 - 2019-08-24 07:08 - 000002042 _____ C:\Users\Joker\Desktop\Malwarebytes.lnk
2019-08-24 07:07 - 2019-08-24 07:07 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-24 07:07 - 2019-08-24 07:07 - 000001889 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-24 07:07 - 2019-08-24 07:07 - 000000000 ____D C:\Users\Joker\AppData\Local\mbam
2019-08-24 07:07 - 2019-08-24 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-24 07:07 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-24 07:05 - 2019-08-24 02:36 - 065084496 _____ (Malwarebytes ) C:\Users\Joker\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.12151.exe
2019-08-24 02:36 - 2019-08-24 02:36 - 065084496 _____ (Malwarebytes ) C:\Users\Joker\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.12151.exe
2019-08-23 22:46 - 2019-08-23 22:48 - 000000000 ____D C:\AdwCleaner
2019-08-23 21:46 - 2019-08-23 21:46 - 007623880 _____ (Malwarebytes) C:\Users\Joker\Desktop\adwcleaner_7.4.exe
2019-08-23 11:43 - 2019-08-23 11:43 - 000018559 _____ C:\Users\Joker\Downloads\[mejortorrent.pw]El hijo-HDRip.torrent
2019-08-23 11:43 - 2019-08-23 11:43 - 000018542 _____ C:\Users\Joker\Downloads\[mejortorrent.pw]Eerie-HDRip.torrent
2019-08-23 11:41 - 2019-08-23 11:41 - 000076366 _____ C:\Users\Joker\Downloads\[mejortorrent.pw]Sin piedad-HDRip.torrent
2019-08-22 09:05 - 2019-08-22 09:15 - 000000000 ____D C:\Users\Joker\Desktop\Firmware
2019-08-21 19:39 - 2019-08-21 19:39 - 000195931 _____ C:\Users\Joker\Desktop\tetris_packed.bin
2019-08-20 19:39 - 2019-08-20 19:39 - 000019849 _____ C:\Users\Joker\Downloads\La_Espia_Roja.torrent
2019-08-20 18:22 - 2019-08-20 18:22 - 000013085 _____ C:\Users\Joker\Downloads\The-Handmaids-Tale-3-11-HDTV.torrent
2019-08-20 18:22 - 2019-08-20 18:22 - 000011965 _____ C:\Users\Joker\Downloads\The-Handmaids-Tale-3-12-HDTV.torrent
2019-08-20 16:38 - 2019-08-20 16:38 - 000002061 _____ C:\Users\Joker\Downloads\02af201cedb94ea4a15d42f2822b991c.zip
2019-08-19 16:25 - 2019-08-19 16:26 - 000197550 _____ C:\Users\Joker\Downloads\hugoboss-61253-1da20d8a1e.bin
2019-08-19 16:02 - 2019-08-19 16:02 - 010408221 _____ C:\Users\Joker\Downloads\HexEdit.zip
2019-08-19 11:33 - 2019-08-19 11:33 - 000000000 ____D C:\Users\Joker\Desktop\watch_skin_local
2019-08-16 08:12 - 2019-08-16 08:12 - 000019493 _____ C:\Users\Joker\Downloads\126098_-1565863639-The-Handmaids-Tale---Temporada-3--HDTV-720p-AC3-5-1.torrent
2019-08-14 12:35 - 2019-08-14 12:35 - 006297144 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-08-14 07:58 - 2019-08-14 13:29 - 000000000 ____D C:\Users\Joker\AppData\Roaming\Notepad++
2019-08-14 07:58 - 2019-08-14 07:58 - 000000854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-08-14 07:58 - 2019-08-14 07:58 - 000000842 _____ C:\Users\Public\Desktop\Notepad++.lnk
2019-08-14 07:58 - 2019-08-14 07:58 - 000000000 ____D C:\Program Files\Notepad++
2019-08-14 07:57 - 2019-08-14 07:57 - 003929368 _____ (Don HO [email protected]) C:\Users\Joker\Downloads\npp.7.7.1.Installer.x64.exe
2019-08-13 11:24 - 2019-08-13 11:24 - 000036260 _____ C:\Users\Joker\Downloads\ds_digital.zip
2019-08-12 22:57 - 2019-08-12 22:57 - 000026659 _____ C:\Users\Joker\Downloads\goffik-shadow.zip
2019-08-12 22:43 - 2019-08-12 22:43 - 000019746 _____ C:\Users\Joker\Downloads\sans-serif-shaded.zip
2019-08-12 18:43 - 2019-08-12 18:43 - 000048034 _____ C:\Users\Joker\Downloads\iloveimg-compressed.zip
2019-08-10 20:45 - 2019-08-10 20:45 - 000224575 _____ C:\Users\Joker\Downloads\vcgzybica4hicarv2oqm3jjwpngxbmv9rsoviq16-23942-75a6a87568.bin
2019-08-09 10:10 - 2019-08-09 10:10 - 109907824 _____ C:\Users\Joker\Downloads\mifit_reqgd_4.0.3-7611.apk
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112cOLD
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D C:\kvwtuvjm
2019-08-08 07:44 - 2019-08-20 11:47 - 000000000 ____D C:\Users\Joker\Desktop\WATCH FACES
2019-08-08 07:44 - 2019-08-20 11:45 - 000000000 ____D C:\Users\Joker\Desktop\RECURSOS
2019-08-07 18:47 - 2019-08-07 18:47 - 000000000 ____D C:\Users\Joker\Desktop\MiBandWFTool_1.3.8
2019-08-07 18:44 - 2019-08-07 18:44 - 001380430 _____ C:\Users\Joker\Downloads\MiBandWFTool_1.3.8.zip
2019-08-07 18:32 - 2019-08-07 18:32 - 000180948 _____ C:\Users\Joker\Downloads\synar_mod_fit_hno_eng-49804-ba708f6a42.bin
2019-08-06 17:44 - 2019-08-06 17:44 - 000470020 _____ C:\Users\Joker\Downloads\wickhop_a-dripping-marker.zip
2019-08-06 15:59 - 2019-08-06 15:59 - 000140745 _____ C:\Users\Joker\Downloads\galaxyfitpacked-3469-f0566eded2.bin
2019-08-06 15:55 - 2019-08-06 15:56 - 024157392 _____ C:\Users\Joker\Downloads\patternmuros.zip
2019-08-06 07:16 - 2019-08-06 07:16 - 002180544 _____ C:\Users\Joker\Downloads\stone_patterns.zip
2019-08-06 06:12 - 2019-08-06 06:12 - 000015313 _____ C:\Users\Joker\Downloads\Week_days_psd.zip
2019-08-05 16:14 - 2019-08-13 07:34 - 000000000 ____D C:\Users\Joker\Desktop\Herramientas y ejemplo v2
2019-08-04 10:22 - 2019-08-04 10:22 - 001769533 _____ C:\Users\Joker\Downloads\PB-Installer-v1.1-20181117.zip
2019-08-04 01:18 - 2019-08-05 11:25 - 000000000 ____D C:\Users\Joker\Desktop\Mi Band 4
2019-08-03 08:58 - 2019-08-03 08:58 - 000093105 _____ C:\Users\Joker\Downloads\drive-download-20190803T065838Z-001.zip
2019-08-03 01:03 - 2019-08-03 01:03 - 000000000 ____D C:\Users\Joker\Downloads\MiBandWFTool_1.3.7
2019-08-03 01:01 - 2019-08-03 01:01 - 001378792 _____ C:\Users\Joker\Downloads\MiBandWFTool_1.3.7.zip
2019-08-03 00:56 - 2019-08-03 00:56 - 000365552 _____ C:\Users\Joker\Downloads\AmazfitCorTools-1.0.0.1.7z
2019-08-02 20:19 - 2019-08-02 20:19 - 000156355 _____ C:\Users\Joker\Downloads\wwau7sntwf6cyxifnjxq9wifiwvfjwea48rglyl2-52496-d1dff1370d.bin
2019-07-31 09:46 - 2019-07-31 09:46 - 271332311 _____ C:\Users\Joker\Downloads\cm12_dior-beta-0.1-1507181535.zip
2019-07-30 21:46 - 2019-07-30 21:46 - 000002044 _____ C:\Users\Joker\Desktop\MiFlash.lnk
2019-07-30 16:21 - 2019-07-30 16:21 - 000002575 _____ C:\Users\Joker\Desktop\XiaoMiFlash.exe.lnk
2019-07-30 16:21 - 2019-07-30 16:21 - 000000000 ____D C:\XiaoMi
2019-07-30 16:21 - 2019-07-30 16:21 - 000000000 _____ C:\MiFlashvcom.ini
2019-07-30 16:05 - 2019-07-30 16:06 - 512337037 _____ C:\Users\Joker\Downloads\miui_HMNoteLTEGlobal_V9.2.3.0.KHIMIEK_58223ed5f9_4.4.zip
2019-07-30 13:53 - 2019-07-30 13:53 - 000000000 ____D C:\dior_global_images_V9.2.3.0.KHIMIEK_20180406.0000.00_4.4_global
2019-07-30 12:48 - 2019-07-30 12:49 - 048863232 _____ C:\Users\Joker\Downloads\MiFlashSetup_eng.msi
2019-07-30 08:22 - 2019-07-30 08:22 - 017060864 _____ C:\Users\Joker\Downloads\UniversalAdbDriverSetup.msi
2019-07-30 07:57 - 2019-08-01 06:35 - 000000000 ____D C:\Users\Joker\Desktop\Redmi Note 4G

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-24 08:32 - 2014-11-21 04:14 - 001827932 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-24 08:32 - 2014-11-21 03:24 - 000806704 _____ C:\WINDOWS\system32\perfh00A.dat
2019-08-24 08:32 - 2014-11-21 03:24 - 000165168 _____ C:\WINDOWS\system32\perfc00A.dat
2019-08-24 08:32 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2019-08-24 08:28 - 2017-05-16 11:43 - 000003606 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2019-08-24 08:27 - 2017-05-16 10:13 - 000000000 ___DO C:\Users\Joker\OneDrive
2019-08-24 08:27 - 2015-01-27 10:22 - 000000000 ___RD C:\Users\Joker\Google Drive
2019-08-24 08:27 - 2012-12-04 16:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-08-24 08:26 - 2018-02-13 19:18 - 000000000 ____D C:\ProgramData\VMware
2019-08-24 08:26 - 2016-04-12 15:39 - 000001518 _____ C:\WINDOWS\SysWOW64\bscs.ini
2019-08-24 08:26 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-24 08:24 - 2016-01-25 08:31 - 000000000 ____D C:\Users\Joker\AppData\Local\ClassicShell
2019-08-24 08:17 - 2012-10-29 17:18 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1429871492-45722225-1832122274-1001
2019-08-24 07:07 - 2013-10-11 11:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-24 07:03 - 2012-10-29 17:15 - 000003978 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C1D800E-0666-4C31-8881-2299DBD9EAA7}
2019-08-24 07:01 - 2013-09-20 20:06 - 000011264 _____ C:\Users\Joker\AppData\Local\SageThumbs.db3
2019-08-24 02:36 - 2018-04-01 09:19 - 000000000 ____D C:\Users\Joker\AppData\Roaming\WhatsApp
2019-08-24 02:13 - 2014-08-28 10:32 - 000000000 ____D C:\Users\Joker\AppData\Local\Adobe
2019-08-23 23:20 - 2016-11-18 08:27 - 000000000 ____D C:\Users\Joker\AppData\LocalLow\Mozilla
2019-08-23 23:15 - 2018-11-20 11:00 - 000000000 ____D C:\Users\Joker\Downloads\Telegram Desktop
2019-08-23 23:05 - 2017-01-19 00:13 - 000000000 ____D C:\Users\Joker\AppData\Roaming\Telegram Desktop
2019-08-23 22:56 - 2019-04-18 08:06 - 000000000 ____D C:\Users\Joker\AppData\Roaming\uTorrent
2019-08-23 22:56 - 2019-03-17 07:41 - 000000000 ____D C:\Users\Joker\AppData\Roaming\MPC-HC
2019-08-23 22:56 - 2017-07-09 11:30 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-23 22:56 - 2015-04-12 20:08 - 000000000 ____D C:\Users\Joker\AppData\Local\CrashDumps
2019-08-23 21:35 - 2016-11-10 17:23 - 000000000 ____D C:\Users\Joker\Documents\Archivos de Outlook
2019-08-23 16:26 - 2019-05-02 06:12 - 000000000 ____D C:\Users\Joker\AppData\LocalLow\uTorrent
2019-08-23 10:12 - 2014-03-25 08:31 - 000000000 ____D C:\Users\Joker\AppData\Roaming\TrackChecker
2019-08-22 01:10 - 2017-05-16 09:57 - 000000000 ____D C:\Users\Joker
2019-08-21 20:14 - 2015-03-19 19:52 - 000000000 ____D C:\Users\Joker\AppData\Roaming\Spotify
2019-08-21 12:22 - 2015-03-19 19:52 - 000000000 ____D C:\Users\Joker\AppData\Local\Spotify
2019-08-21 01:04 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2019-08-19 23:38 - 2012-12-24 18:13 - 000000132 _____ C:\Users\Joker\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2019-08-19 18:41 - 2019-04-11 17:39 - 000000000 ____D C:\Users\Joker\AppData\Local\Amazon Music
2019-08-18 06:18 - 2013-08-22 16:44 - 005192800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-18 06:18 - 2012-10-29 18:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-17 17:39 - 2016-10-02 10:34 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-17 17:39 - 2016-10-02 10:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-08-16 08:15 - 2018-04-01 09:18 - 000000000 ____D C:\Users\Joker\AppData\Local\WhatsApp
2019-08-15 18:27 - 2014-02-12 17:32 - 000001456 _____ C:\Users\Joker\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2019-08-14 12:36 - 2018-03-14 07:08 - 000004492 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-14 12:36 - 2015-01-20 12:39 - 000004296 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-08-14 12:35 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-14 12:35 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-12 20:21 - 2012-12-24 10:22 - 000000000 ____D C:\Users\Joker\AppData\Roaming\VSO
2019-08-12 20:19 - 2015-02-10 10:33 - 000000493 _____ C:\Users\Joker\AppData\Local\Images.fl
2019-08-10 17:34 - 2017-07-26 05:34 - 000003174 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1429871492-45722225-1832122274-1001
2019-08-10 17:34 - 2017-05-16 19:52 - 000002338 _____ C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive para la Empresa.lnk
2019-08-10 06:37 - 2016-01-26 13:06 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-09 20:21 - 2019-03-24 09:14 - 000004062 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1553411691
2019-08-09 20:21 - 2019-03-24 09:14 - 000001340 _____ C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-08-09 00:44 - 2014-03-13 20:00 - 000000000 ____D C:\Users\Joker\Desktop\VAPEO
2019-08-08 16:09 - 2018-12-04 17:41 - 000000000 ____D C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112c
2019-08-08 16:09 - 2015-11-22 13:42 - 000000000 ____D C:\ProgramData\Intel
2019-08-08 07:18 - 2013-04-10 18:12 - 000000000 ___HD C:\ProgramData\CyberLink
2019-08-07 06:20 - 2019-06-17 11:13 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-04 20:09 - 2019-07-15 08:53 - 000000000 ____D C:\Users\Joker\Desktop\Redmi Note 3 Pro(kenzo)
2019-08-02 15:49 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 17:44 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-07-30 16:58 - 2019-07-08 19:04 - 000000000 ____D C:\Program Files (x86)\Minimal ADB and Fastboot
2019-07-30 16:21 - 2019-01-16 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash

==================== Files in the root of some directories ================

2017-03-15 12:43 - 2017-03-15 13:13 - 000000069 _____ () C:\Users\Joker\license.dat
2009-06-05 14:08 - 2009-06-05 14:08 - 000066215 _____ () C:\Program Files (x86)\FeedProcessor.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000001484 _____ () C:\Program Files (x86)\jsconsole-clhandler.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000008580 _____ () C:\Program Files (x86)\NetworkGeolocationProvider.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000011711 _____ () C:\Program Files (x86)\nsAddonRepository.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000003104 _____ () C:\Program Files (x86)\nsBadCertHandler.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000037245 _____ () C:\Program Files (x86)\nsBlocklistService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000005005 _____ () C:\Program Files (x86)\nsContentDispatchChooser.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000030890 _____ () C:\Program Files (x86)\nsContentPrefService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000006332 _____ () C:\Program Files (x86)\nsDefaultCLH.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000005737 _____ () C:\Program Files (x86)\nsDownloadManagerUI.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000343410 _____ () C:\Program Files (x86)\nsExtensionManager.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000053725 _____ () C:\Program Files (x86)\nsHandlerService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000042463 _____ () C:\Program Files (x86)\nsHelperAppDlg.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000036261 _____ () C:\Program Files (x86)\nsLivemarkService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000004920 _____ () C:\Program Files (x86)\nsLoginInfo.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000046129 _____ () C:\Program Files (x86)\nsLoginManager.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000044596 _____ () C:\Program Files (x86)\nsLoginManagerPrompter.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000012139 _____ () C:\Program Files (x86)\nsPlacesDBFlush.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000021420 _____ () C:\Program Files (x86)\nsPostUpdateWin.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000037314 _____ () C:\Program Files (x86)\nsProgressDialog.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000013682 _____ () C:\Program Files (x86)\nsProxyAutoConfig.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000122711 _____ () C:\Program Files (x86)\nsSearchService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000024228 _____ () C:\Program Files (x86)\nsSearchSuggestions.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000018635 _____ () C:\Program Files (x86)\nsTaggingService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000003268 _____ () C:\Program Files (x86)\nsTryToClose.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000105761 _____ () C:\Program Files (x86)\nsUpdateService.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000003094 _____ () C:\Program Files (x86)\nsURLFormatter.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000006920 _____ () C:\Program Files (x86)\nsWebHandlerApp.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000052873 _____ () C:\Program Files (x86)\storage-Legacy.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000055985 _____ () C:\Program Files (x86)\storage-mozStorage.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000006667 _____ () C:\Program Files (x86)\txEXSLTRegExFunctions.js
2009-06-05 14:08 - 2009-06-05 14:08 - 000353586 _____ () C:\Program Files (x86)\xulrunner.xpt
2012-11-09 11:52 - 2016-02-13 17:03 - 021405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-02-26 12:57 - 2016-02-26 12:57 - 000017733 _____ () C:\Users\Joker\AppData\Roaming\books.pcl
2018-02-01 12:01 - 2018-02-01 12:01 - 000102436 _____ () C:\Users\Joker\AppData\Roaming\Debut.dmp
2016-02-26 12:57 - 2016-02-26 12:57 - 000874319 _____ () C:\Users\Joker\AppData\Roaming\imgs.zip
2014-09-20 12:36 - 2014-09-20 12:36 - 000000005 _____ () C:\Users\Joker\AppData\Roaming\mbam.context.scan
2015-04-30 11:06 - 2015-12-12 10:57 - 000000098 _____ () C:\Users\Joker\AppData\Roaming\nuvotonISP.lua
2018-03-31 21:53 - 2018-03-31 21:59 - 000000132 _____ () C:\Users\Joker\AppData\Roaming\Prefs. de filtro IllExport de Adobe CS6
2015-05-28 16:21 - 2015-05-28 16:24 - 000000132 _____ () C:\Users\Joker\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2015-06-06 17:46 - 2017-06-23 12:53 - 000000132 _____ () C:\Users\Joker\AppData\Roaming\Prefs. de formato GIF de Adobe CS6
2012-12-24 18:13 - 2019-08-19 23:38 - 000000132 _____ () C:\Users\Joker\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-02-26 12:57 - 2016-02-26 12:57 - 000000060 _____ () C:\Users\Joker\AppData\Roaming\url.txt
2014-02-12 17:32 - 2019-08-15 18:27 - 000001456 _____ () C:\Users\Joker\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2012-11-17 10:54 - 2015-08-16 16:51 - 000000079 _____ () C:\Users\Joker\AppData\Local\CrystalDiskMark30.ini
2018-12-17 17:13 - 2019-01-28 18:15 - 000534528 _____ (Dirección General de la Policía) C:\Users\Joker\AppData\Local\DNIeService.exe
2015-02-10 10:33 - 2019-08-12 20:19 - 000000493 _____ () C:\Users\Joker\AppData\Local\Images.fl
2018-09-28 01:00 - 2018-09-28 01:00 - 000000000 _____ () C:\Users\Joker\AppData\Local\oobelibMkey.log
2018-03-31 23:31 - 2018-03-31 23:31 - 000000218 _____ () C:\Users\Joker\AppData\Local\recently-used.xbel
2012-11-16 10:59 - 2016-12-01 18:31 - 000007604 _____ () C:\Users\Joker\AppData\Local\resmon.resmoncfg
2013-09-20 20:06 - 2019-08-24 07:01 - 000011264 _____ () C:\Users\Joker\AppData\Local\SageThumbs.db3
2017-01-03 12:45 - 2017-10-16 07:19 - 000000553 _____ () C:\Users\Joker\AppData\Local\TroubleshooterConfig.json
2016-08-15 10:03 - 2016-08-15 10:03 - 000000000 _____ () C:\Users\Joker\AppData\Local\{D208B44B-3DFB-47AE-8958-7DA685A556A9}
2015-08-31 23:17 - 2015-08-31 23:17 - 000000000 _____ () C:\Users\Joker\AppData\Local\{D680A60F-5126-4628-9C5A-E33E6D50DF02}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-23 21:10
==================== End of FRST.txt ============================

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación :warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [NPSStartup] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4B562412-B309-4DDD-9019-B899B42C30D7} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1429871492-45722225-1832122274-1001 -> {BFAD8314-A960-41EA-81EA-B0DC17C60895} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1429871492-45722225-1832122274-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF Extension: (Emulator) - C:\Users\Joker\AppData\Roaming\TomTom\HOME\Profiles\duiawnw0.default\Extensions\[email protected] [2017-08-02] [Legacy] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2019-06-30] [Legacy] [not signed]
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-03-14] [not signed]
FF HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Joker\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-1429871492-45722225-1832122274-1001: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Joker\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (SaveFrom.net helper) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2019-08-23]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112cOLD
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D C:\kvwtuvjm
2019-08-08 16:09 - 2018-12-04 17:41 - 000000000 ____D C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112c
2016-08-15 10:03 - 2016-08-15 10:03 - 000000000 _____ () C:\Users\Joker\AppData\Local\{D208B44B-3DFB-47AE-8958-7DA685A556A9}
2015-08-31 23:17 - 2015-08-31 23:17 - 000000000 _____ () C:\Users\Joker\AppData\Local\{D680A60F-5126-4628-9C5A-E33E6D50DF02}
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
2019-08-24 08:27 - 2019-08-24 08:27 - 000113664 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ctypes.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000173568 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_elementtree.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001800192 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_hashlib.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000032256 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_multiprocessing.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000046080 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_psutil_windows.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000047616 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_socket.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 002230784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ssl.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000026112 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_yappi.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000080896 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\bz2.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 006277632 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\cello.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000014848 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\common.time34.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000007680 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\hashobjs_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000301568 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\PIL._imaging.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000169472 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pyexpat.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001084416 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pysqlite2._sqlite.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000548864 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pythoncom27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000137728 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pywintypes27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000010752 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\select.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020992 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\thumbnails_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000689664 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\unicodedata.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000118784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\usb_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000128512 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32api.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000438784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32com.shell.shell.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000011776 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32crypt.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000023040 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32event.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000149504 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32file.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000223232 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32gui.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000048128 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32inet.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000029696 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pdh.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000027648 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pipe.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000044032 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32process.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020480 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32profile.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000136192 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32security.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000026624 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32ts.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000034304 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.conditional.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000038400 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.connectivity.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000073216 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.device_monitor.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000110592 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.volumes.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020480 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.winwrap.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001325056 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._controls_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001489408 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._core_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001007104 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._gdi_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000103424 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._html2.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000916992 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._misc_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001039872 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._windows_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\python27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_net_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_adv_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_core_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_html_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_webview_vc90_x64.dll
AlternateDataStreams: C:\Users\Joker\Configuración local:ZsXli6ibGf5XPbD1cTWgbL [2404]
AlternateDataStreams: C:\Users\Joker\AppData\Local:ZsXli6ibGf5XPbD1cTWgbL [2404]
AlternateDataStreams: C:\Users\Joker\AppData\Local\Datos de programa:ZsXli6ibGf5XPbD1cTWgbL [2404]
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
FirewallRules: [TCP Query User{89AC34C9-DBE4-4C95-A8B6-9CE43C5F459E}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe] => (Allow) C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe No File
FirewallRules: [UDP Query User{38870C94-8D51-4A61-B142-4E7ECDF9D323}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe] => (Allow) C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Hola.

El programa ya ha desaparecido entre los que se inician con Windows y no noto un comportamiento anómalo en general.

Lo único que la infección me estaba creando una entrada en el inicio que apunta a:

"[Object]
Type=11
Caption=53a22453
Path=C:\ProgramData\Intel\Wireless\0c1e705\hfdbifi.exe C:\ProgramData\Intel\Wireless\0c1e705\7663403.au3
Category=\All\Registry\Current user\Run
AType=51
UndoType=0
Id=1018246107
Enabled=False
HotKey=0
ShowCmd=0
WorkDir=
Description=
RealFile=False
BufSize=0
Order=0
AutoDelDate=31/12/1899
Date=23/08/2019 22:59:53
ServiceName=
StartType=0
Priority=32
IsDelay=False
Delay=60

Y ese programa y la carpeta que lo contienen siguen presentes.


Fix result of Farbar Recovery Scan Tool (x64) Version: 22-08-2019
Ran by Joker (25-08-2019 01:20:39) Run:1
Running from C:\Users\Joker\Desktop
Loaded Profiles: Joker &  (Available Profiles: Joker & Administrador)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [NPSStartup] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4B562412-B309-4DDD-9019-B899B42C30D7} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1429871492-45722225-1832122274-1001 -> {BFAD8314-A960-41EA-81EA-B0DC17C60895} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-13] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1429871492-45722225-1832122274-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF Extension: (Emulator) - C:\Users\Joker\AppData\Roaming\TomTom\HOME\Profiles\duiawnw0.default\Extensions\[email protected] [2017-08-02] [Legacy] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2019-06-30] [Legacy] [not signed]
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-03-14] [not signed]
FF HKU\S-1-5-21-1429871492-45722225-1832122274-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Joker\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-1429871492-45722225-1832122274-1001: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Joker\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (SaveFrom.net helper) - C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2019-08-23]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112cOLD
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D C:\kvwtuvjm
2019-08-08 16:09 - 2018-12-04 17:41 - 000000000 ____D C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112c
2016-08-15 10:03 - 2016-08-15 10:03 - 000000000 _____ () C:\Users\Joker\AppData\Local\{D208B44B-3DFB-47AE-8958-7DA685A556A9}
2015-08-31 23:17 - 2015-08-31 23:17 - 000000000 _____ () C:\Users\Joker\AppData\Local\{D680A60F-5126-4628-9C5A-E33E6D50DF02}
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
2019-08-24 08:27 - 2019-08-24 08:27 - 000113664 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ctypes.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000173568 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_elementtree.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001800192 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_hashlib.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000032256 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_multiprocessing.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000046080 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_psutil_windows.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000047616 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_socket.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 002230784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ssl.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000026112 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\_yappi.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000080896 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\bz2.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 006277632 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\cello.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000014848 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\common.time34.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000007680 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\hashobjs_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000301568 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\PIL._imaging.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000169472 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pyexpat.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001084416 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pysqlite2._sqlite.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000548864 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pythoncom27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000137728 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\pywintypes27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000010752 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\select.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020992 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\thumbnails_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000689664 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\unicodedata.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000118784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\usb_ext.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000128512 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32api.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000438784 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32com.shell.shell.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000011776 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32crypt.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000023040 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32event.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000149504 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32file.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000223232 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32gui.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000048128 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32inet.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000029696 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pdh.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000027648 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pipe.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000044032 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32process.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020480 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32profile.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000136192 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32security.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000026624 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32ts.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000034304 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.conditional.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000038400 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.connectivity.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000073216 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.device_monitor.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000110592 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.volumes.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000020480 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.winwrap.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001325056 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._controls_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001489408 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._core_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001007104 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._gdi_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000103424 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._html2.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 000916992 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._misc_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 001039872 _____ () [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._windows_.pyd
2019-08-24 08:27 - 2019-08-24 08:27 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\python27.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_net_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_adv_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_core_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_html_vc90_x64.dll
2019-08-24 08:27 - 2019-08-24 08:27 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_webview_vc90_x64.dll
AlternateDataStreams: C:\Users\Joker\Configuraci�n local:ZsXli6ibGf5XPbD1cTWgbL [2404]
AlternateDataStreams: C:\Users\Joker\AppData\Local:ZsXli6ibGf5XPbD1cTWgbL [2404]
AlternateDataStreams: C:\Users\Joker\AppData\Local\Datos de programa:ZsXli6ibGf5XPbD1cTWgbL [2404]
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
FirewallRules: [TCP Query User{89AC34C9-DBE4-4C95-A8B6-9CE43C5F459E}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe] => (Allow) C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe No File
FirewallRules: [UDP Query User{38870C94-8D51-4A61-B142-4E7ECDF9D323}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe] => (Allow) C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B562412-B309-4DDD-9019-B899B42C30D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B562412-B309-4DDD-9019-B899B42C30D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFAD8314-A960-41EA-81EA-B0DC17C60895} => removed successfully
HKLM\Software\Classes\CLSID\{BFAD8314-A960-41EA-81EA-B0DC17C60895} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}" => removed successfully
HKLM\Software\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome => removed successfully
C:\Users\Joker\AppData\Roaming\TomTom\HOME\Profiles\duiawnw0.default\Extensions\[email protected] => moved successfully
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => moved successfully
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] => path removed successfully
C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => moved successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.16 => removed successfully
"C:\Users\Joker\AppData\Roaming\ACEStream\player\npace_plugin.dll" => not found
HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully
C:\Users\Joker\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak => moved successfully
HKLM\System\CurrentControlSet\Services\ArcCtrl => removed successfully
ArcCtrl => service removed successfully
C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112cOLD => moved successfully
C:\kvwtuvjm => moved successfully
C:\Users\Joker\AppData\Roaming\624d30d8e58bba676afa0484aa90112c => moved successfully
C:\Users\Joker\AppData\Local\{D208B44B-3DFB-47AE-8958-7DA685A556A9} => moved successfully
C:\Users\Joker\AppData\Local\{D680A60F-5126-4628-9C5A-E33E6D50DF02} => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ctypes.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_elementtree.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_hashlib.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_multiprocessing.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_psutil_windows.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_socket.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_ssl.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\_yappi.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\bz2.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\cello.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\common.time34.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\hashobjs_ext.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\PIL._imaging.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\pyexpat.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\pysqlite2._sqlite.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\pythoncom27.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\pywintypes27.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\select.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\thumbnails_ext.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\unicodedata.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\usb_ext.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32api.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32com.shell.shell.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32crypt.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32event.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32file.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32gui.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32inet.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pdh.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32pipe.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32process.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32profile.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32security.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\win32ts.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.conditional.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.connectivity.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.device_monitor.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.volumes.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\windows.winwrap.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._controls_.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._core_.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._gdi_.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._html2.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._misc_.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wx._windows_.pyd" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\python27.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_net_vc90_x64.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxbase30u_vc90_x64.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_adv_vc90_x64.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_core_vc90_x64.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_html_vc90_x64.dll" => not found
"C:\Users\Joker\AppData\Local\Temp\_MEI69042\wxmsw30u_webview_vc90_x64.dll" => not found
"C:\Users\Joker\Configuraci�n local" => ":ZsXli6ibGf5XPbD1cTWgbL" ADS not found.
C:\Users\Joker\AppData\Local => ":ZsXli6ibGf5XPbD1cTWgbL" ADS removed successfully
"C:\Users\Joker\AppData\Local\Datos de programa" => ":ZsXli6ibGf5XPbD1cTWgbL" ADS not found.
HKLM\Software\Classes\.scr\\Default => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{89AC34C9-DBE4-4C95-A8B6-9CE43C5F459E}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38870C94-8D51-4A61-B142-4E7ECDF9D323}C:\users\joker\downloads\programas extras\tp link powerlineutility\powerline scan.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201600002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201600002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201600564\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201600564\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201601328\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201601328\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201600377\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201600377\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201601125\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201601125\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201601999\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1429871492-45722225-1832122274-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08242019201601999\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

Error en la operaci¢n. No hay ning£n adaptador permitido para 
esta operaci¢n.

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{3275F41F-7031-4782-A2DB-817EC076FF94} canceled.
{93B30327-FC9C-4A0D-BF7D-3A36043A0F9D} canceled.
{D5EB3394-8D89-4D6B-B3BC-45227011ADD4} canceled.
{4F57531B-6D0E-4344-81EC-E4FAD343B59C} canceled.
{6503D458-5547-478A-8818-0139BDB647E2} canceled.
5 out of 5 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 203706529 B
Java, Flash, Steam htmlcache => 1175 B
Windows/system/drivers => 2158899 B
Edge => 0 B
Chrome => 373877436 B
Firefox => 1491848823 B
Opera => 60130387 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 541552 B
systemprofile32 => 128 B
LocalService => 4122 B
NetworkService => 297104 B
Joker => 115932473 B
Administrador => 13042 B

RecycleBin => 987059 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:23:02 ====

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación :warning: con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
Start:
Folder: C:\ProgramData\Intel
C:\ProgramData\Intel\Wireless\0c1e705
End:

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Buenos días.

Parece que todo funciona con normalidad y ya no encuentro restos de la infección.

Un saludo.

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-08-2019
Ran by Joker (26-08-2019 07:18:48) Run:2
Running from C:\Users\Joker\Desktop
Loaded Profiles: Joker &  (Available Profiles: Joker & Administrador)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
Folder: C:\ProgramData\Intel
C:\ProgramData\Intel\Wireless\0c1e705
End:
*****************


========================= Folder: C:\ProgramData\Intel ========================

2015-11-22 13:42 - 2015-11-22 13:42 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Intel\SharedData
2015-11-22 13:42 - 2019-06-01 07:34 - 000000352 ____A [724C5FCA3A29BE9A76CB37AC0EC7B91B] () C:\ProgramData\Intel\SharedData\SDID
2019-08-08 16:09 - 2019-08-08 16:09 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Intel\Wireless
2019-08-08 16:09 - 2019-08-24 20:16 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Intel\Wireless\0c1e705
2019-08-24 20:16 - 2019-08-24 20:16 - 000452928 ____A [804516B0C44A2417385B57DAE73A28F6] () C:\ProgramData\Intel\Wireless\0c1e705\7663403.au3
2019-08-24 20:16 - 2019-08-24 20:16 - 000893608 ____A [C56B5F0201A3B3DE53E561FE76912BFD] (AutoIt Team) C:\ProgramData\Intel\Wireless\0c1e705\hfdbifi.exe
2019-08-24 20:16 - 2019-08-24 20:16 - 000765821 ____A [EB79EE825EDFEFD21F55DC8CA99A0F9B] () C:\ProgramData\Intel\Wireless\0c1e705\pe.bin
2019-08-08 16:09 - 2019-08-24 07:04 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055
2019-08-08 16:09 - 2019-08-08 22:09 - 000009091 ____A [E0320728B15930170FB1B8CF21430C6B] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\08-08-2019.log
2019-08-09 06:43 - 2019-08-09 23:15 - 000024855 ____A [0B7523203BDF8D1CF24757A029809CE5] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\09-08-2019.log
2019-08-10 06:58 - 2019-08-11 01:16 - 000028815 ____A [876B97E9AFCE720419C6A782B148673D] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\10-08-2019.log
2019-08-11 07:41 - 2019-08-12 01:02 - 000019160 ____A [8DAD17EC61A714E864D2DD34C02F4EC9] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\11-08-2019.log
2019-08-12 07:05 - 2019-08-13 00:46 - 000033626 ____A [10B34CD34799E256B5AD427C30B7C19E] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\12-08-2019.log
2019-08-13 06:32 - 2019-08-14 00:34 - 000017351 ____A [3F711682FF5C2C389E921D1732E2EA8F] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\13-08-2019.log
2019-08-14 07:31 - 2019-08-15 01:20 - 000030735 ____A [D88AAA834700AE88702F420BDBEE6138] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\14-08-2019.log
2019-08-15 06:53 - 2019-08-16 01:07 - 000074378 ____A [FDEC959B12451749FDB307144E019743] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\15-08-2019.log
2019-08-16 08:11 - 2019-08-16 23:52 - 000003863 ____A [09C4E3182D91166E48D4716A59BD914D] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\16-08-2019.log
2019-08-17 07:54 - 2019-08-17 21:45 - 000015478 ____A [6BE3CDEF545A4442844ABBD1227DE3C1] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\17-08-2019.log
2019-08-18 07:49 - 2019-08-18 23:24 - 000006286 ____A [D4F3C906F4E435E5D98400A7973CDA54] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\18-08-2019.log
2019-08-19 07:16 - 2019-08-19 23:36 - 000013879 ____A [17CA210E08A09280D1EF462C2B6B18C0] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\19-08-2019.log
2019-08-20 07:29 - 2019-08-21 00:42 - 000016902 ____A [5E5DC651BE90B7D9FAA584059ACCC27A] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\20-08-2019.log
2019-08-21 08:05 - 2019-08-21 23:31 - 000010225 ____A [4BE27358A69F9721B14B287AAC4683B6] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\21-08-2019.log
2019-08-22 07:28 - 2019-08-23 00:36 - 000008126 ____A [44ED71B4954DC24F2012C43705925DC1] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\22-08-2019.log
2019-08-23 08:23 - 2019-08-24 02:36 - 000005622 ____A [121CAACB1613EEFCC8557336EC8553E5] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\23-08-2019.log
2019-08-24 07:04 - 2019-08-25 01:20 - 000015586 ____A [69E8920E077BAA8D27A01393AC25021B] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\24-08-2019.log
2019-08-08 16:09 - 2019-08-25 01:16 - 000000728 ____A [D1B50EFBB2374588F98F3F6DC8F44374] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\39447f2
2019-08-08 16:09 - 2019-08-08 16:09 - 005493457 ____A [EB1E8936B1ED3F474F0971FB79170BC6] () C:\ProgramData\Intel\Wireless\0c1e705\7e1d055\5b6b795

====== End of Folder: ======

C:\ProgramData\Intel\Wireless\0c1e705 => moved successfully

==== End of Fixlog 07:18:49 ====

Hola

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Confirma si sigue todo bien.

Un saludo

Buenos días.

Ya está todo solucionado y funcionando a la perfección.

Muchísimas gracias por la ayuda.

Un saludo.

Buenos días @edu24x

Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :handshake:

Nos alegramos que se te haya resuelto :Bien: Damos el tema por solucionado.

Solucionado

Un saludo