Autoscript V3

Eliminar Malwares
1

Buenas noches,

Ya me ocurrió antes y he tratado de eliminarlo pero se quedan algunos residuos y no me fío.

A dia de hoy descargúe un archivo de torrent que bueno tenía un .vbe creo que era, desde entonces me he dado cuenta que mi CPU se pone a 100% hasta que abro administrador de tareas que automaticamente este proceso de autoscript se cierra. He visto a través de varios casos y he probado, que tengo un keylogger (tengo el registro en appdata) pero la propia carpeta de APPData siempre vuelve a aparecer, entonces pues… ¿me ayudáis con este problema?

Gracias, un saludo

2

¡Hola, @eph28!

Suena a que tienes un proceso que está minando con la CPU :face_with_raised_eyebrow: .

Sigue estos dos manuales a pie de letra y después comentas cómo sigue tu equipo:

Eliminar ADS

Eliminar Malware

Quedo a la espera de tu respuesta.

Saludos, :upside_down_face:

3

Vale, de acuerdo.

La cosa es que estas cosas ya las he probado y aunque parecía que se solucionaba y ya no me sale en administrador de tareas, en %appdata% cada vez que reinicio me sale una carpeta con nombre de numeros y letras aleatoria, que tiene otra a su vez dentro que pone Miner y un log donde me registra lo que hago en el ordenador…

En breves os digo algo de todo los dos manuales

4

Hola @eph28

Realiza lo que te han indicado y pega los logs de Malwarebytes y Adwcleaner y luego vemos

1 me gusta
5

Buenas,

Alla voy

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 24/3/19
Hora del análisis: 22:26
Archivo de registro: 7467a984-4e7b-11e9-936b-309c23856848.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.9826
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17763.379)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-QIK8S5K\Rub\u00c3\u00a9n

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 278779
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 0 min, 47 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Y por el otro lado

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-03-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-24-2019
# Duration: 00:00:08
# OS:       Windows 10 Home
# Scanned:  31923
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2605 octets] - [24/03/2019 21:39:08]
AdwCleaner[C00].txt - [2681 octets] - [24/03/2019 21:39:31]
AdwCleaner[S01].txt - [1372 octets] - [24/03/2019 21:54:00]
AdwCleaner[S02].txt - [1433 octets] - [24/03/2019 22:20:22]
AdwCleaner[C02].txt - [1619 octets] - [24/03/2019 22:20:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Ademas, os añado dos capturas de la carpeta que digo concretamente porque creo que os ayudará a entender más el problema.

Tengo que aclarar que adwcleaner lo pasé más veces antes, porque estuive probando por mi cuenta, pero ahora sale así el log.

f81cb7051844ed9105bec015c5f262ad
f81cb7051844ed9105bec015c5f262ad.png828×885 44.2 KB
f566779821b286695e821fdebdb03e0d

6

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

7

Aquí estoy de nuevo:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Rubén (administrator) on DESKTOP-QIK8S5K (24-03-2019 23:12:18)
Running from C:\Users\ruben\Desktop
Loaded Profiles: Rubén (Available Profiles: Rubén)
Platform: Windows 10 Home Version 1809 17763.379 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20594.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19011.19410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [817232 2018-11-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [CORSAIR iCUE Software] => E:\Archivos de programa\Corsair\CORSAIR iCUE Software\iCUE.exe [37221424 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\RunOnce: [9e914d90] => C:\ProgramData\9e914d90\9e914d90.exe C:\ProgramData\9e914d90\9e914d90test.au3
HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\RunOnce: [9e914d902] => C:\ProgramData\ohJdqx\9e914d90.exe [937776 2019-03-24] (AutoIt Consulting Ltd -> AutoIt Team)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-22] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-11-22]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-03-16]
ShortcutTarget: Twitch.lnk -> C:\Users\ruben\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9af0faff-4016-4010-af8d-5cbddbb98d05}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.4 -> E:\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.es/"
CHR Profile: C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default [2019-03-24]
CHR Extension: (Presentaciones) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-09]
CHR Extension: (Documentos) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-09]
CHR Extension: (Google Drive) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-09]
CHR Extension: (YouTube) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-09]
CHR Extension: (uBlock Origin) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-03-21]
CHR Extension: (Hojas de cálculo) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-09]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-09]
CHR Extension: (Gmail) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 CorsairService; E:\Archivos de programa\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [46640 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-02-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-22] (GOG Sp. z o.o. -> GOG.com)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
S4 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [505856 2018-05-02] (Intel Corporation) [File not signed]
S4 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-10-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-03-06] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-03-06] (Electronic Arts, Inc. -> Electronic Arts)
S4 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [817232 2018-11-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [46944 2018-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [23392 2018-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094792 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51216 2016-05-12] (Razer USA Ltd. -> Razer Inc)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48320 2018-08-20] (SteelSeries ApS -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-24 23:12 - 2019-03-24 23:12 - 000013099 _____ C:\Users\ruben\Desktop\FRST.txt
2019-03-24 23:12 - 2019-03-24 23:12 - 000000000 ____D C:\FRST
2019-03-24 23:08 - 2019-03-24 23:08 - 002434048 _____ (Farbar) C:\Users\ruben\Desktop\FRST64.exe
2019-03-24 22:46 - 2019-03-24 22:46 - 000000000 ____D C:\ProgramData\ohJdqx
2019-03-24 22:31 - 2019-03-24 22:31 - 000000000 ____D C:\ProgramData\hzzAFXWm
2019-03-24 22:29 - 2019-03-24 22:29 - 000000000 ____D C:\ProgramData\HaNegjdQ
2019-03-24 22:27 - 2019-03-24 22:27 - 000001559 _____ C:\Users\ruben\Desktop\malwarebytes.txt
2019-03-24 22:25 - 2019-03-24 22:25 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-24 22:25 - 2019-03-24 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-24 22:25 - 2019-03-24 22:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-24 22:25 - 2019-03-24 22:25 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-24 22:25 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-24 22:25 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-24 22:24 - 2019-03-24 22:24 - 062402408 _____ (Malwarebytes ) C:\Users\ruben\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9800.exe
2019-03-24 22:20 - 2019-03-24 22:20 - 000000000 ____D C:\ProgramData\ViDmuzRv
2019-03-24 22:19 - 2019-03-24 22:19 - 007316688 _____ (Malwarebytes) C:\Users\ruben\Desktop\adwcleaner_7.2.7.0.exe
2019-03-24 22:05 - 2019-03-24 22:05 - 000000000 ____D C:\Users\ruben\AppData\Local\ESET
2019-03-24 22:04 - 2019-03-24 22:04 - 007665272 _____ (ESET spol. s r.o.) C:\Users\ruben\Downloads\esetonlinescanner_esn.exe
2019-03-24 21:56 - 2019-03-24 21:56 - 000000000 ____D C:\ProgramData\MaUvFtAaR
2019-03-24 21:39 - 2019-03-24 21:39 - 000000000 ____D C:\ProgramData\TuVLsUqCk
2019-03-24 21:38 - 2019-03-24 21:39 - 000000000 ____D C:\AdwCleaner
2019-03-24 21:23 - 2019-03-24 21:23 - 000000000 ____D C:\Users\ruben\AppData\Local\mbam
2019-03-24 21:22 - 2019-03-24 21:22 - 000000000 ____D C:\Users\ruben\AppData\Local\mbamtray
2019-03-23 09:19 - 2019-03-23 09:19 - 000137537 _____ C:\Users\ruben\Desktop\Informe de Vida Laboral.pdf
2019-03-23 08:53 - 2019-03-23 08:53 - 000000647 _____ C:\Users\Public\Desktop\Dark Souls 3.lnk
2019-03-22 22:55 - 2019-03-22 22:55 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Steam
2019-03-22 22:55 - 2019-03-22 22:55 - 000000000 ____D C:\Users\ruben\AppData\Roaming\DarkSoulsII
2019-03-22 22:54 - 2019-03-22 22:54 - 000001426 _____ C:\Users\ruben\Desktop\DarkSoulsII - Acceso directo.lnk
2019-03-22 22:51 - 2019-03-22 22:51 - 000000000 ____D C:\Users\ruben\Documents\NBGI
2019-03-22 22:51 - 2019-03-22 22:51 - 000000000 ____D C:\Users\ruben\AppData\Local\FromSoftware
2019-03-22 20:36 - 2019-03-22 20:36 - 000000643 _____ C:\Users\Public\Desktop\Dark Souls Remastered.lnk
2019-03-14 22:48 - 2019-03-14 23:14 - 000000000 ____D C:\Users\ruben\AppData\Roaming\.minecraft
2019-03-14 22:48 - 2019-03-14 22:49 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2019-03-14 22:48 - 2019-03-14 22:48 - 000001103 _____ C:\Users\Public\Desktop\Minecraft Launcher.lnk
2019-03-14 22:48 - 2019-03-14 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2019-03-14 21:19 - 2019-03-14 21:19 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2019-03-12 19:41 - 2019-03-12 19:41 - 026810368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 023440896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 019023872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 015224320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 012857856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 012151296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 009683256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 009670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 008875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007897088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007882240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007688088 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007647256 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007556392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 007251456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 006548168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 006069760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 005915936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 005436184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 004920832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 004689408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 004588744 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 003983360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003761664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003729808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 003660288 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003652656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003566080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003551408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003504128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003427840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 003378488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 003108864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002926904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 002871312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 002842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002776712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002766648 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002752360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002720768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 002700792 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002689536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002637312 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 002630656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002626360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002447360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002275680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002073240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002044416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002013696 _____ C:\WINDOWS\system32\rdpnano.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 002001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001969464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 001931264 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001893888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001844448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001782272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001742104 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001711616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001701376 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001697744 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 19:41 - 2019-03-12 19:41 - 001672704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001644048 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001604096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001572176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001563336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001496064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001481488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001479480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001468440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 001457544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001360696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 001341880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 19:41 - 2019-03-12 19:41 - 001332224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001296576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001294856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001272552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdrecordcpu.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 001258808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-03-12 19:41 - 2019-03-12 19:41 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001221944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001199104 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001191512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001180248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001179168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 001176064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001098128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001078072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001077912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001072720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001056272 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001047040 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001043256 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 001022616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2019-03-12 19:41 - 2019-03-12 19:41 - 000981816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2019-03-12 19:41 - 2019-03-12 19:41 - 000902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000895048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000888120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000871792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000866152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000865568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 19:41 - 2019-03-12 19:41 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000836096 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000833064 _____ C:\WINDOWS\system32\InputHost.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000808464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000790328 _____ (Microsoft Corporation) C:\WINDOWS\system32\upshared.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000772408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000735760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000726416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000655160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000652824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000649272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000646632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000619832 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000591832 _____ C:\WINDOWS\SysWOW64\InputHost.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 19:41 - 2019-03-12 19:41 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000484976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-03-12 19:41 - 2019-03-12 19:41 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000460304 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 19:41 - 2019-03-12 19:41 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000421688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000419128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 19:41 - 2019-03-12 19:41 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000386872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000355360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 19:41 - 2019-03-12 19:41 - 000336744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000330464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000322576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 19:41 - 2019-03-12 19:41 - 000293376 _____ (Microsoft Corporation)
8 
C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000279376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000272648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdwriter.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000262456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000246584 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\smbwmiv2.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpprov.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureTimeAggregator.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngctasks.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000147256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000138960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000115152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000071184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-03-12 19:41 - 2019-03-12 19:41 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureBioSysprep.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
    2019-03-12 19:41 - 2019-03-12 19:41 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2019-03-12 19:41 - 2019-03-12 19:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    2019-03-10 20:22 - 2019-03-10 20:22 - 000000000 ____D C:\Users\ruben\AppData\Local\Pacify
    2019-03-10 16:43 - 2019-03-10 16:43 - 000000000 ____D C:\Users\ruben\AppData\LocalLow\Midgar Studio
    2019-03-06 07:54 - 2019-03-06 07:54 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
    2019-03-06 07:54 - 2019-03-06 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2019-03-06 07:49 - 2019-03-06 22:53 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Origin
    2019-03-06 07:49 - 2019-03-06 07:54 - 000000000 ____D C:\Users\ruben\AppData\Local\Origin
    2019-03-02 16:29 - 2019-03-02 16:29 - 000000221 _____ C:\Users\ruben\Desktop\Fallout 3 - Game of the Year Edition.url
    2019-02-26 14:34 - 2019-02-26 14:34 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-02-26 14:34 - 2019-02-26 14:34 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-02-26 14:34 - 2019-02-26 14:34 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-02-26 14:34 - 2019-02-26 14:34 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-02-26 14:34 - 2019-02-26 14:34 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2019-02-26 14:34 - 2019-01-30 21:13 - 002741640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2019-02-26 14:34 - 2019-01-30 21:13 - 002124680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2019-02-26 14:34 - 2019-01-30 21:13 - 001323400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2019-02-26 14:34 - 2018-12-19 11:03 - 000203576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2019-02-26 14:34 - 2018-12-19 11:03 - 000179512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2019-02-26 14:34 - 2018-11-21 06:16 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
    2019-02-26 14:33 - 2018-10-03 20:28 - 000066792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
    2019-02-26 14:33 - 2018-10-01 19:47 - 000070024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2019-02-26 14:23 - 2019-02-26 21:08 - 005456831 _____ C:\Users\ruben\Desktop\LoL Logs.zip
    2019-02-25 22:53 - 2019-02-25 22:53 - 000003794 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2019-02-25 22:53 - 2018-11-28 18:18 - 005533736 _____ (Realtek Semiconductor Corp.)
9 
C:\WINDOWS\system32\RltkAPOU64.dll
        2019-02-25 22:53 - 2018-11-28 18:18 - 001127176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll
        2019-02-25 22:53 - 2018-11-28 18:18 - 000817232 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkAudUService64.exe
        2019-02-25 22:53 - 2018-11-28 18:18 - 000809440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll
        2019-02-25 22:53 - 2018-11-28 18:18 - 000482096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
        2019-02-25 22:53 - 2018-11-28 18:18 - 000215272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
        2019-02-25 22:53 - 2018-11-28 18:05 - 006486400 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
        2019-02-25 22:53 - 2018-11-28 17:56 - 024335604 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
        2019-02-25 22:52 - 2018-01-15 07:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
        2019-02-25 22:51 - 2019-02-25 22:53 - 000000000 ___HD C:\Program Files (x86)\Temp
        2019-02-25 22:51 - 2019-02-25 22:51 - 000000000 ____D C:\Program Files (x86)\Realtek
        2019-02-25 22:50 - 2019-02-25 22:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
        2019-02-25 22:50 - 2019-02-25 22:50 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Intel Corporation
        2019-02-25 22:50 - 2019-02-25 22:50 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation
        2019-02-25 22:50 - 2019-02-25 22:50 - 000000000 ____D C:\Program Files\Common Files\Intel
        2019-02-25 22:48 - 2019-02-25 22:48 - 000000000 ____D C:\ProgramData\Intel
        2019-02-23 23:10 - 2019-02-23 23:10 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Macromedia
        2019-02-23 22:57 - 2019-02-20 12:27 - 000133616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
        2019-02-23 22:55 - 2019-02-21 11:18 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
        2019-02-23 22:55 - 2019-02-21 11:18 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
        2019-02-23 22:55 - 2019-02-21 11:18 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
        2019-02-23 22:55 - 2019-02-21 11:18 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
        2019-02-23 22:55 - 2019-02-21 11:18 - 000552224 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
        2019-02-23 22:55 - 2019-02-21 11:18 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
        2019-02-23 22:55 - 2019-02-21 11:18 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
        2019-02-23 22:55 - 2019-02-21 11:18 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
        2019-02-23 22:55 - 2019-02-21 11:18 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
        2019-02-23 22:55 - 2019-02-21 11:18 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
        2019-02-23 22:55 - 2019-02-21 11:17 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
        2019-02-23 22:55 - 2019-02-21 11:17 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 040234592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 035139840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 010319504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 005274560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 004624832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 002031872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 001734240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441917.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 001535232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 001468184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441917.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 001464256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 001129920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 000752064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 000611720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
        2019-02-23 22:55 - 2019-02-21 11:16 - 000521824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 008784920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 001471608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 001462208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 001169120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 001151984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 001145536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 000914912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 000822576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 000794448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
        2019-02-23 22:55 - 2019-02-21 11:15 - 000638176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
        2019-02-23 22:55 - 2019-02-21 11:14 - 020103080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
        2019-02-23 22:55 - 2019-02-21 11:14 - 017429864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
        2019-02-23 22:55 - 2019-02-20 14:19 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
        2019-02-23 21:30 - 2019-02-25 22:53 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2019-02-23 21:30 - 2019-02-23 21:30 - 000001337 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
        2019-02-23 21:30 - 2019-02-23 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
        2019-02-23 13:58 - 2019-02-23 13:58 - 000000000 ____D C:\Users\ruben\AppData\Roaming\EasyAntiCheat
        2019-02-22 19:57 - 2019-02-23 13:58 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
        2019-02-22 19:57 - 2019-02-22 19:57 - 000000000 ____D C:\ProgramData\Electronic Arts
        2019-02-22 14:41 - 2019-03-06 07:54 - 000000000 ____D C:\Program Files (x86)\Origin
        2019-02-22 07:51 - 2019-03-08 14:56 - 000000000 ____D C:\ProgramData\Origin
        2019-02-22 07:51 - 2019-02-22 07:51 - 000000000 ____D C:\Users\ruben\.QtWebEngineProcess
        2019-02-22 07:51 - 2019-02-22 07:51 - 000000000 ____D C:\Users\ruben\.Origin

        ==================== One month (modified) ========

        (If an entry is included in the fixlist, the file/folder will be moved.)

        2019-03-24 23:05 - 2018-11-09 21:18 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Telegram Desktop
        2019-03-24 22:41 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        2019-03-24 22:38 - 2018-12-23 14:56 - 001776784 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2019-03-24 22:38 - 2018-09-15 17:36 - 000789446 _____ C:\WINDOWS\system32\perfh00A.dat
        2019-03-24 22:38 - 2018-09-15 17:36 - 000156234 _____ C:\WINDOWS\system32\perfc00A.dat
        2019-03-24 22:38 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
        2019-03-24 22:34 - 2018-11-09 20:55 - 000000000 ____D C:\ProgramData\NVIDIA
        2019-03-24 22:32 - 2018-12-23 14:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2019-03-24 22:31 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
        2019-03-24 22:25 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
        2019-03-24 22:19 - 2019-01-13 16:00 - 000000000 ____D C:\Users\ruben\AppData\Roaming\TS3Client
        2019-03-24 22:19 - 2018-11-09 23:00 - 000000000 ____D C:\Program Files (x86)\Steam
        2019-03-24 22:18 - 2018-12-23 11:45 - 000000000 ___DC C:\WINDOWS\Panther
        2019-03-24 22:18 - 2018-11-10 20:40 - 000000000 ____D C:\Users\ruben\AppData\Local\CrashDumps
        2019-03-24 22:18 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
        2019-03-24 21:37 - 2018-11-10 08:16 - 000000000 ____D C:\Users\ruben\AppData\Roaming\discord
        2019-03-24 20:14 - 2018-11-11 16:44 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Factorio
        2019-03-24 18:59 - 2018-12-23 14:49 - 000000000 ____D C:\Users\ruben
        2019-03-24 18:59 - 2018-12-23 14:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2019-03-24 18:37 - 2018-12-23 14:51 - 000004220 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5A3E87B3-89F5-4987-B0B7-FE24606E79F7}
        2019-03-24 16:29 - 2018-11-11 05:33 - 000000000 ____D C:\Users\ruben\Documents\The Witcher 3
        2019-03-24 14:27 - 2018-11-10 08:21 - 000000000 ____D C:\Users\ruben\AppData\Roaming\vlc
        2019-03-24 11:35 - 2018-11-09 19:50 - 000000000 ____D C:\Users\ruben\AppData\Local\PlaceholderTileLogoFolder
        2019-03-24 00:04 - 2018-11-09 23:09 - 000000000 ____D C:\Users\ruben\AppData\Roaming\qBittorrent
        2019-03-23 22:14 - 2018-11-09 19:51 - 000000000 ____D C:\Users\ruben\AppData\Local\D3DSCache
        2019-03-23 09:15 - 2019-01-12 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
        2019-03-23 03:23 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
        2019-03-23 03:18 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
        2019-03-22 20:29 - 2018-11-09 21:05 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2019-03-22 20:29 - 2018-11-09 21:05 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2019-03-21 21:42 - 2018-11-09 21:56 - 000000000 ____D C:\Users\ruben\AppData\Local\Battle.net
        2019-03-21 21:15 - 2018-11-09 22:00 - 000000000 ____D C:\Program Files (x86)\Overwatch
        2019-03-21 20:59 - 2018-11-09 21:52 - 000000000 ____D C:\Program Files (x86)\Battle.net
        2019-03-21 19:48 - 2018-12-22 23:37 - 000000000 ____D C:\ProgramData\Epic
        2019-03-19 19:26 - 2018-12-20 22:10 - 000000000 ____D C:\Users\ruben\AppData\Roaming\Twitch
        2019-03-16 09:01 - 2019-01-13 20:24 - 000000000 ____D C:\Users\ruben\AppData\Local\BANDAI NAMCO Entertainment
        2019-03-14 22:56 - 2018-11-09 21:23 - 000000000 ____D C:\Users\ruben\AppData\Local\NVIDIA
        2019-03-14 21:21 - 2018-11-10 02:34 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
        2019-03-14 19:17 - 2018-12-23 14:47 - 000277056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2019-03-14 19:17 - 2018-11-09 19:48 - 000000000 __RHD C:\Users\Public\AccountPictures
        2019-03-14 19:17 - 2018-11-09 19:48 - 000000000 ___RD C:\Users\ruben\3D Objects
        2019-03-13 23:21 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender
        2019-03-13 23:21 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\TextInput
        2019-03-13 23:21 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\oobe
        2019-03-13 23:21 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
        2019-03-13 23:21 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2019-03-13 23:21 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
        2019-03-12 19:43 - 2018-11-10 08:16 - 000002237 _____ C:\Users\ruben\Desktop\Discord.lnk
        2019-03-12 19:43 - 2018-11-10 08:16 - 000000000 ____D
10 
C:\Users\ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
            2019-03-12 19:43 - 2018-11-10 08:16 - 000000000 ____D C:\Users\ruben\AppData\Local\Discord
            2019-03-12 19:42 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
            2019-03-12 19:41 - 2018-12-23 14:49 - 002865152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
            2019-03-12 19:40 - 2018-11-09 22:40 - 000000000 ____D C:\WINDOWS\system32\MRT
            2019-03-12 19:38 - 2018-11-09 22:40 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
            2019-03-10 20:22 - 2018-12-22 23:37 - 000000000 ____D C:\Users\ruben\AppData\Local\UnrealEngine
            2019-03-10 19:42 - 2018-12-27 17:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\MEGA
            2019-03-10 16:50 - 2018-11-12 19:02 - 000000000 ____D C:\Users\ruben\Documents\My Games
            2019-03-09 18:03 - 2018-11-10 14:13 - 000000000 ____D C:\Users\ruben\Documents\League of Legends
            2019-03-05 19:10 - 2018-11-09 21:23 - 000000000 ____D C:\Users\ruben\AppData\Local\NVIDIA Corporation
            2019-03-03 22:20 - 2018-11-24 12:34 - 000000000 ____D C:\Users\ruben\AppData\Roaming\NOW TV Player
            2019-03-03 01:45 - 2018-09-15 08:36 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
            2019-03-03 01:45 - 2018-09-15 08:36 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
            2019-02-28 23:03 - 2018-11-09 22:48 - 000000000 ____D C:\Users\ruben\AppData\Local\Razer
            2019-02-28 23:03 - 2018-11-09 20:44 - 000000000 ____D C:\ProgramData\Razer
            2019-02-28 23:03 - 2018-11-09 20:44 - 000000000 ____D C:\Program Files (x86)\Razer
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-12-23 14:51 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
            2019-02-26 14:34 - 2018-11-09 20:55 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
            2019-02-26 14:34 - 2018-11-09 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
            2019-02-26 14:34 - 2018-11-09 20:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation
            2019-02-26 14:34 - 2018-11-09 20:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
            2019-02-26 14:33 - 2018-11-09 19:48 - 000000000 ____D C:\Users\ruben\AppData\Local\Packages
            2019-02-25 22:50 - 2018-11-12 22:24 - 000000000 ____D C:\Program Files\Intel
            2019-02-25 22:48 - 2018-11-12 22:49 - 000000000 ____D C:\Program Files (x86)\Intel
            2019-02-25 22:48 - 2018-11-09 21:23 - 000000000 ____D C:\ProgramData\Package Cache
            2019-02-23 22:57 - 2018-11-09 19:48 - 000000000 ____D C:\Users\ruben\AppData\Local\VirtualStore
            2019-02-23 21:55 - 2018-11-10 08:31 - 000000000 ____D C:\Users\ruben\AppData\Roaming\steelseries-engine-3-client
            2019-02-23 21:51 - 2019-02-21 21:16 - 011071438 _____ C:\Users\ruben\Desktop\Registros de LoL.zip
            2019-02-23 14:30 - 2018-11-20 22:25 - 000000000 ____D C:\Users\ruben\AppData\Local\ElevatedDiagnostics
            2019-02-22 21:37 - 2018-11-09 21:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

            ==================== Files in the root of some directories =======

            2018-11-18 17:08 - 2018-11-18 17:24 - 000003584 _____ () C:\Users\ruben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
            2018-11-28 22:50 - 2018-11-28 22:50 - 000007661 _____ () C:\Users\ruben\AppData\Local\Resmon.ResmonCfg

            Some files in TEMP:
            ====================
            2019-03-23 22:12 - 2019-03-24 22:32 - 001060864 _____ (AutoIt Team) C:\Users\ruben\AppData\Local\Temp\systeminfo.exe

            ==================== Bamital & volsnap ======================

            (There is no automatic fix for files that do not pass verification.)

            C:\WINDOWS\system32\winlogon.exe => File is digitally signed
            C:\WINDOWS\system32\wininit.exe => File is digitally signed
            C:\WINDOWS\explorer.exe => File is digitally signed
            C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
            C:\WINDOWS\system32\svchost.exe => File is digitally signed
            C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
            C:\WINDOWS\system32\services.exe => File is digitally signed
            C:\WINDOWS\system32\User32.dll => File is digitally signed
            C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
            C:\WINDOWS\system32\userinit.exe => File is digitally signed
            C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
            C:\WINDOWS\system32\rpcss.dll => File is digitally signed
            C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
            C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
            C:\WINDOWS\system32\dllhost.exe => File is digitally signed
            C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
            C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

            ==================== End of FRST.txt ============================
        Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
        Ran by Rubén (24-03-2019 23:12:52)
        Running from C:\Users\ruben\Desktop
        Windows 10 Home Version 1809 17763.379 (X64) (2018-12-23 13:51:55)
        Boot Mode: Normal
        ==========================================================


        ==================== Accounts: =============================

        Administrador (S-1-5-21-2650186511-3232997970-1302551596-500 - Administrator - Disabled)
        argos (S-1-5-21-2650186511-3232997970-1302551596-1002 - Limited - Disabled)
        DefaultAccount (S-1-5-21-2650186511-3232997970-1302551596-503 - Limited - Disabled)
        Invitado (S-1-5-21-2650186511-3232997970-1302551596-501 - Limited - Disabled)
        Rubén (S-1-5-21-2650186511-3232997970-1302551596-1001 - Administrator - Enabled) => C:\Users\ruben
        WDAGUtilityAccount (S-1-5-21-2650186511-3232997970-1302551596-504 - Limited - Disabled)

        ==================== Security Center ========================

        (If an entry is included in the fixlist, it will be removed.)

        AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
        AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
        AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

        ==================== Installed Programs ======================

        (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

        Actualización de NVIDIA 35.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 35.0.0.0 - NVIDIA Corporation) Hidden
        Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
        APOInstallerMSISetup (HKLM\...\{58E35BE5-673C-4248-B50A-BC32F46B79F1}) (Version: 1.2.501 - Steelseries) Hidden
        AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A9393AD2-FCA1-4759-8687-9DB03AE962C6}) (Version: 1.2.501 - Steelseries) Hidden
        Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
        CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
        CORSAIR iCUE Software (HKLM-x32\...\{3DDA8C8B-7623-42DE-81C3-9E41CAD4F14A}) (Version: 3.9.93 - Corsair)
        CPUID HWMonitor 1.39 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.39 - CPUID, Inc.)
        Dark Souls 2: Scholar of the First Sin (HKLM-x32\...\Dark Souls 2: Scholar of the First Sin_is1) (Version:  - )
        Dark Souls 3 (HKLM-x32\...\Dark Souls 3_is1) (Version:  - )
        Dark Souls Remastered (HKLM-x32\...\Dark Souls Remastered_is1) (Version:  - )
        Discord (HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
        DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.17 - NVIDIA Corporation) Hidden
        Epic Games Launcher (HKLM-x32\...\{9B504F12-DA3B-4CEC-A6FD-B07D6C1FEA26}) (Version: 1.1.167.0 - Epic Games, Inc.)
        Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
        FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
        GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
        Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
        Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
        Gyazo 3.5.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
        Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.165 - Riot Games, Inc.)
        Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1842.12.0.1168 - Intel Corporation)
        Intel(R) Network Connections 23.2.0.1006 (HKLM\...\PROSetDX) (Version: 23.2.0.1006 - Intel)
        Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation)
        Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
        Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
        Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
        League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
        Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
        MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
        Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
        Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
        Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
        Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
        Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
        Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
        Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
        Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
        Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
        Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
        Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
        Ni no Kuni II: Revenant Kingdom (HKLM-x32\...\Ni no Kuni II: Revenant Kingdom_is1) (Version:  - )
        NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
        NVIDIA Controlador de 3D Vision 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.17 - NVIDIA Corporation)
        NVIDIA Controlador de audio HD 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
        NVIDIA Controlador de gráficos 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.17 - NVIDIA Corporation)
        NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
        NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
        NVIDIA Software del sistema PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
        Origin (HKLM-x32\...\Origin) (Version: 10.5.35.22222 - Electronic Arts, Inc.)
        Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
        Panel de control de NVIDIA 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.17 - NVIDIA Corporation) Hidden
        ProductDaemonSetup (HKLM\...\{D524EF51-0C03-4142-B743-A29F8FB0054A}) (Version: 1.2.501 - Steelseries) Hidden
        qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
        Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
        Sky Player 6.6.0.0 (HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\com.bskyb.skyplayer_is1) (Version: 6.6.0.0 - Sky)
        Software para dispositivos de chipset Intel® (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel(R) Corporation) Hidden
        Spotify (HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
        SSAudio (HKLM-x32\...\{02c38707-43ae-4214-9173-1d8c3213d71b}) (Version: 1.2.501 - Steelseries)
        SSAudioDaemonMSISetup (HKLM\...\{634AF6DD-4DE1-48C3-BFB1-ADD40D21CBE2}) (Version: 1.2.501 - Steelseries) Hidden
        Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
        SteelSeries Engine 3.13.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.13.3 - SteelSeries ApS)
        TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
        Telegram Desktop version 1.6.2 (HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.6.2 - Telegram Messenger LLP)
        The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
        Twitch (HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
        Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
        Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
        VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
        WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

        ==================== Custom CLSID (Whitelisted): ==========================

        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
        ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
        ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
        ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
        ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
        ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
        ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
        ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
        ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
        ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
        ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
        ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
        ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
        ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
        ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
        ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
        ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
        ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
        ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
        ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
        ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
        ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
        ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
        ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
        ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
        ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

        ==================== Scheduled Tasks (Whitelisted) =============

        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        Task: {130759EA-5CBB-407E-86EE-716B6D9E41F4} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (Nota Inc. -> Nota Inc.)
        Task: {177756DD-11C3-443B-ACAD-79F72EA80A06} - System32\Tasks\SSAudioSvc64Run => C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe () [File not signed]
        Task: {3CD5813D-F504-4D03-8FA3-A0CC5CD79F4C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
        Task: {41D48BF4-C2BF-4DEE-9463-F14B9EA538AF} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {4815C83B-35BD-424D-AAA6-E9AE446D6905} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {52C21626-3738-4960-8401-06E9CB31C0E7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {6E980544-BC7A-42F5-B764-DC553CE743AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
        Task: {7E8F1FD6-CB41-4B2B-8A48-77A04220395F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
        Task: {802B3721-6B86-4A59-BD25-C95D546932B5} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (Nota Inc. -> Nota Inc.)
        Task: {83611518-96EB-4C14-8502-13349B2E61DB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {83B2BB62-6A93-42C2-B021-01E3E2CE1EA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
        Task: {875810C4-26A3-469E-9B2A-0EF1A0FF49D6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {9AD66FBF-CB25-40CD-BD97-779A493592E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
        Task: {A80637EA-EFE9-4913-B349-6DA6BCFC581E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {B151DC83-9F76-415B-BF25-B9AD7BCD95F7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
        Task: {B1552604-6C80-4CE0-A914-6DD8D8F07C8E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {C2ADFD2B-C33B-4B10-9929-F6CB8F8B3B8A} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {C90FD5D5-3F65-4639-AF82-5889C3517A4F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {DB303CAD-99A7-4676-BE77-DE5D5B6BAA27} - System32\Tasks\SSAudioSvc32Run => C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe () [File not signed]
        Task: {E92440D2-B32C-472B-A045-23D867C938B0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
        Task: {EC4058CB-F08A-48E5-B87C-A0884A5A7889} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)

        (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


        ==================== Shortcuts & WMI ========================

        (The entries could be listed to be restored or removed.)


        ==================== Loaded Modules (Whitelisted) ==============


        ==================== Alternate Data Streams (Whitelisted) =========

        (If an entry is included in the fixlist, only the ADS will be removed.)


        ==================== Safe Mode (Whitelisted) ===================

        (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

        ==================== Association (Whitelisted) ===============

        (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


        ==================== Internet Explorer trusted/restricted ===============

        (If an entry is included in the fixlist, it will be removed from the registry.)


        ==================== Hosts content: ===============================

        (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

        2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


        ==================== Other Areas ============================

        (Currently there is no automatic fix for this section.)

        HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ruben\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\16937.jpg
        DNS Servers: 192.168.1.1
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
        Windows Firewall is enabled.

        ==================== MSCONFIG/TASK MANAGER disabled items ==

        If an entry is included in the fixlist, it will be removed.

        MSCONFIG\Services: AdobeARMservice => 2
        MSCONFIG\Services: CorsairService => 2
        MSCONFIG\Services: EasyAntiCheat => 3
        MSCONFIG\Services: GalaxyClientService => 3
        MSCONFIG\Services: GalaxyCommunication => 3
        MSCONFIG\Services: GoogleChromeElevationService => 3
        MSCONFIG\Services: gupdate => 2
        MSCONFIG\Services: gupdatem => 3
        MSCONFIG\Services: IAStorDataMgrSvc => 2
        MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
        MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2
        MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
        MSCONFIG\Services: jhi_service => 2
        MSCONFIG\Services: LMS => 2
        MSCONFIG\Services: NvContainerLocalSystem => 2
        MSCONFIG\Services: NvContainerNetworkService => 3
        MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
        MSCONFIG\Services: NvTelemetryContainer => 2
        MSCONFIG\Services: Origin Client Service => 3
        MSCONFIG\Services: Origin Web Helper Service => 2
        MSCONFIG\Services: RtkAudioUniversalService => 2
        HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
        HKLM\...\StartupApproved\Run: => "SecurityHealth"
        HKLM\...\StartupApproved\Run: => "MouseDriver"
        HKLM\...\StartupApproved\Run: => "IAStorIcon"
        HKLM\...\StartupApproved\Run: => "RtkAudUService"
        HKLM\...\StartupApproved\Run32: => "CORSAIR iCUE Software"
        HKLM\...\StartupApproved\Run32: => "Razer Synapse"
        HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
        HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\StartupApproved\Run: => "OneDrive"
        HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\StartupApproved\Run: => "EADM"
        HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

        ==================== FirewallRules (Whitelisted) ===============

        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        FirewallRules: [{4CBCE442-5589-4D3D-83E6-6277AA1FC799}] => (Allow) E:\Juegos Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe () [File not signed]
        FirewallRules: [{7E5BA6EC-372A-4C1A-B82A-0C5B9405DA21}] => (Allow) E:\Juegos Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe () [File not signed]
        FirewallRules: [{B856D255-C2B3-44E6-9057-6D763EB2165A}] => (Allow) E:\Juegos Steam\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
        FirewallRules: [{7825BAFD-9B3E-469A-BED4-DF7993ABCB05}] => (Allow) E:\Juegos Steam\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
        FirewallRules: [{8DFD7F9A-3414-4A4C-A075-F0ED7D8024F6}] => (Allow) E:\Juegos Steam\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe (SQUARE ENIX CO., LTD.) [File not signed]
        FirewallRules: [{EB42290B-D693-4798-8BFD-16DCBC66716A}] => (Allow) E:\Juegos Steam\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe (SQUARE ENIX CO., LTD.) [File not signed]
        FirewallRules: [{2F3EF95B-2CF3-429D-AE8A-28C3CBE1AF92}] => (Allow) E:\Juegos Steam\steamapps\common\Danganronpa V3 Killing Harmony\V3Launcher.exe (株式会社スパイク・チュンソフト) [File not signed]
        FirewallRules: [{06991359-EB5C-4421-90F9-893765CB57ED}] => (Allow) E:\Juegos Steam\steamapps\common\Danganronpa V3 Killing Harmony\V3Launcher.exe (株式会社スパイク・チュンソフト) [File not signed]
        FirewallRules: [{326FF821-665F-4FEC-A71C-291B722ED719}] => (Allow) E:\Juegos Steam\steamapps\common\Danganronpa V3 Killing Harmony\Dangan3Win.exe (Spike Chunsoft Co., Ltd.) [File not signed]
        FirewallRules: [{002E5EB5-3CF1-42DB-9AFE-C1475A143959}] => (Allow) E:\Juegos Steam\steamapps\common\Danganronpa V3 Killing Harmony\Dangan3Win.exe (Spike Chunsoft Co., Ltd.) [File not signed]
        FirewallRules: [{DFA6B8B8-3C57-4CB0-90DB-7FEDCB8C3E24}] => (Allow) E:\Juegos Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe (UBISOFT ENTERTAINMENT INC. -> )
        FirewallRules: [{FE2AF317-834D-4C10-A76C-113F1B13C8D1}] => (Allow) E:\Juegos Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe (UBISOFT ENTERTAINMENT INC. -> )
        FirewallRules: [{5CBA6AA1-593E-449D-A361-2D5E89833D81}] => (Allow) E:\Juegos Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (WARNER BROS. ENTERTAINMENT INC. -> Rocksteady Studios Ltd.) [File not signed]
        FirewallRules: [{EA4910D9-07F3-4280-A0BC-89AC2F454BB0}] => (Allow) E:\Juegos Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (WARNER BROS. ENTERTAINMENT INC. -> Rocksteady Studios Ltd.) [File not signed]
        FirewallRules: [{A6F0D8C3-9398-43CD-A43F-5ABF54CBF2A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
        FirewallRules: [{B53746E7-3F1F-453C-958E-829CB20F6A51}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
        FirewallRules: [{673C3328-0078-4650-A4B5-6BAD379251F9}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
        FirewallRules: [{E137697A-F08E-4AAA-8DE5-4CE71CC6501D}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{BFB0E0FC-094E-44F6-952B-B5A4AAB20E10}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{3AA1A55E-29A6-467D-9693-AC00A8E36D58}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{F284AD21-8293-45D2-9FC1-A4394315A76B}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{871B7443-BCF7-4FB2-A588-5B20FE47D59B}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{112E1CD7-C759-4B0F-94BA-B9B92A8662E0}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
        FirewallRules: [{0A93B975-007F-41B6-AB33-AAE606BDC0D5}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{635651FD-DFFE-43FD-BE6A-4C2BE08D47EA}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{3CB5585A-4F5A-414A-A386-FAE3525BFB2A}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{604932AC-1D57-407C-9790-A92C4761A52C}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{6011D427-312C-4C58-B704-CC46734AF688}] => (Allow) E:\Juegos Steam\steamapps\common\Warframe\Warframe.exe (Digital Extremes Ltd. -> Digital Extremes)
        FirewallRules: [{4AE4208F-D41D-4E78-8489-63597C7B695B}] => (Allow) E:\Juegos Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
        FirewallRules: [{D5A63A8D-C3AE-47DF-BEFF-2C3B3CC70D8A}] => (Allow) E:\Juegos Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
        FirewallRules: [{C7E9C751-F2F2-4217-AAAA-DC9AE3E876AA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
        FirewallRules: [{7FC20751-40D9-4BA3-B4FE-AF92EEB45F3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
        FirewallRules: [{CF3B4C8C-2479-412D-9BDF-E88BBEDB5520}] => (Allow) E:\Archivos de programa\qBittorrent\qbittorrent.exe () [File not signed]
        FirewallRules: [{330EBE5E-F819-42C3-8942-2D6A6D559A58}] => (Allow) E:\Archivos de programa\qBittorrent\qbittorrent.exe () [File not signed]
        FirewallRules: [{3DCA49D5-0127-4A3A-B26C-FA565AE0EBFD}] => (Allow) E:\Juegos Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
        FirewallRules: [{48189565-73B1-46B5-85CD-5CD9D5707F2F}] => (Allow) E:\Juegos Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
        FirewallRules: [{448DFCB3-AFF4-4FBB-BBE6-097C59C0C016}] => (Allow) E:\Juegos Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
        FirewallRules: [{E1ECCBC1-ACD8-404E-ACAA-D320D44A2988}] => (Allow) E:\Juegos Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
        FirewallRules: [{25609750-E337-4A1F-BB5E-CB2C820FFA63}] => (Allow) E:\Archivos de programa\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
        FirewallRules: [{4C9869CF-E74A-413A-9FA2-E61569A9925E}] => (Allow) E:\Archivos de programa\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
        FirewallRules: [{52B83F2D-2A56-4837-A237-FDEB301051A6}] => (Allow) E:\Archivos de programa\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
        FirewallRules: [{BE8ED706-CAFB-48C3-91A0-D808DDF949F0}] => (Allow) E:\Archivos de programa\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
        FirewallRules: [{003EEA6C-F208-42FB-A0B7-8AEC526F4D0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        FirewallRules: [{42656E5F-BB80-4897-AACA-0F98A4C69A5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        FirewallRules: [{F1E066B7-4C1D-4555-A12A-F84F83409576}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        FirewallRules: [{0EB31C3B-D991-4929-9950-8FD77A4509CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        FirewallRules: [{0A4052B3-ED99-478A-8B99-06F08D825806}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        FirewallRules: [{A2064A27-6436-4C65-AB94-61E84AA90C4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
        FirewallRules: [{C62B17DD-A4DD-45E8-9527-4553852B16C8}] => (Allow) E:\Archivos de programa\League of Legends\LeagueClient.exe (Riot Games, Inc. -> )
        FirewallRules: [{DB9E4CEF-0B98-4190-9257-62A1AC4C00C6}] => (Allow) E:\Archivos de programa\League of Legends\LeagueClient.exe (Riot Games, Inc. -> )
        FirewallRules: [{D8DBB505-C4B3-4CFB-B3FE-BE33D36A3298}] => (Allow) E:\Juegos Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe (Bethesda Softworks) [File not signed]
        FirewallRules: [{0940F749-3425-4883-AECB-D58B72241151}] => (Allow) E:\Juegos Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe (Bethesda Softworks) [File not signed]
        FirewallRules: [{E6998E15-4812-4C87-9C0A-0617D4322059}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
        FirewallRules: [{E56B3614-9C86-4D2F-A9C5-BE23DB352112}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
        FirewallRules: [{A5C92E1E-D1C0-4C7A-9796-BE376D6B95A8}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
        FirewallRules: [{16BCC6DD-B173-466E-B630-44188826311A}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
        FirewallRules: [{8DF9A50A-AED5-4020-93EF-7FAB34BB6107}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
        FirewallRules: [{4BF75E02-CC88-40EA-B01C-B1659A2369F8}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
        FirewallRules: [{30C8656D-C002-45CA-8624-1EDE95066E9F}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
        FirewallRules: [{739A2E52-A036-4E26-ABC4-8AD11A49D97D}] => (Allow) E:\Juegos Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
        FirewallRules: [{FCE1411D-EA21-467B-AA86-F4F250A4071E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
        FirewallRules: [{6FAC6382-81D6-4D4C-AB12-8D55CF6A55DD}] => (Allow) E:\Juegos Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
        FirewallRules: [{B99D0B4E-6E67-4E85-80B2-1D75CCB52F49}] => (Allow) E:\Juegos Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]

        ==================== Restore Points =========================

        06-03-2019 19:58:58 Se ha instalado DirectX
        09-03-2019 09:19:10 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
        12-03-2019 19:38:39 Windows Update
        14-03-2019 22:48:48 Installed Minecraft Launcher
        22-03-2019 03:17:55 Punto de control programado

        ==================== Faulty Device Manager Devices =============


        ==================== Event log errors: =========================

        Application errors:
        ==================
        Error: (03/24/2019 10:18:09 PM) (Source: ESENT) (EventID: 489) (User: )
        Description: CCleaner64 (10744,G,0) Al intentar abrir el archivo "C:\Users\ruben\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

        Error: (03/23/2019 09:16:01 AM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Nombre de la aplicación con errores: setup.tmp, versión: 51.1052.0.0, marca de tiempo: 0x506a75b5
        Nombre del módulo con errores: botva2.dll_unloaded, versión: 0.9.7.151, marca de tiempo: 0x2a425e19
        Código de excepción: 0xc000041d
        Desplazamiento de errores: 0x00005514
        Identificador del proceso con errores: 0x103c
        Hora de inicio de la aplicación con errores: 0x01d4e14d76447b4b
        Ruta de acceso de la aplicación con errores: C:\Users\ruben\AppData\Local\Temp\is-J34O9.tmp\setup.tmp
        Ruta de acceso del módulo con errores: botva2.dll
        Identificador del informe: 4dbadcb4-07a5-44ef-8d5b-669a2dfbabd3
        Nombre completo del paquete con errores: 
        Identificador de aplicación relativa del paquete con errores:

        Error: (03/23/2019 09:16:00 AM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Nombre de la aplicación con errores: setup.tmp, versión: 51.1052.0.0, marca de tiempo: 0x506a75b5
        Nombre del módulo con errores: botva2.dll_unloaded, versión: 0.9.7.151, marca de tiempo: 0x2a425e19
        Código de excepción: 0xc0000005
        Desplazamiento de errores: 0x00005514
        Identificador del proceso con errores: 0x103c
        Hora de inicio de la aplicación con errores: 0x01d4e14d76447b4b
        Ruta de acceso de la aplicación con errores: C:\Users\ruben\AppData\Local\Temp\is-J34O9.tmp\setup.tmp
        Ruta de acceso del módulo con errores: botva2.dll
        Identificador del informe: 48916f74-67b6-4eeb-afd8-941ff78858d0
        Nombre completo del paquete con errores: 
        Identificador de aplicación relativa del paquete con errores:

        Error: (03/22/2019 08:42:35 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Nombre de la aplicación con errores: setup.tmp, versión: 51.1052.0.0, marca de tiempo: 0x506a75b5
        Nombre del módulo con errores: botva2.dll_unloaded, versión: 0.9.7.151, marca de tiempo: 0x2a425e19
        Código de excepción: 0xc000041d
        Desplazamiento de errores: 0x00005514
        Identificador del proceso con errores: 0x2f20
        Hora de inicio de la aplicación con errores: 0x01d4e0e676ec1ed8
        Ruta de acceso de la aplicación con errores: C:\Users\ruben\AppData\Local\Temp\is-1AI20.tmp\setup.tmp
        Ruta de acceso del módulo con errores: botva2.dll
        Identificador del informe: 6f8b330c-2b65-4641-b1a1-0f33ce376acd
        Nombre completo del paquete con errores: 
        Identificador de aplicación relativa del paquete con errores:

        Error: (03/22/2019 08:42:33 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Nombre de la aplicación con errores: setup.tmp, versión: 51.1052.0.0, marca de tiempo: 0x506a75b5
        Nombre del módulo con errores: botva2.dll_unloaded, versión: 0.9.7.151, marca de tiempo: 0x2a425e19
        Código de excepción: 0xc0000005
        Desplazamiento de errores: 0x00005514
        Identificador del proceso con errores: 0x2f20
        Hora de inicio de la aplicación con errores: 0x01d4e0e676ec1ed8
        Ruta de acceso de la aplicación con errores: C:\Users\ruben\AppData\Local\Temp\is-1AI20.tmp\setup.tmp
        Ruta de acceso del módulo con errores: botva2.dll
        Identificador del informe: 2587e83a-28d1-4efd-8d57-ace0baf14fda
        Nombre completo del paquete con errores: 
        Identificador de aplicación relativa del paquete con errores:

        Error: (03/10/2019 07:29:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
        Description: El programa chrome.exe (versión 72.0.3626.121) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

        Id. de proceso: 57c

        Hora de Inicio: 01d4d76bb36f472f

        Hora de finalización: 3

        Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

        Id. de informe: e862a183-55a2-46d2-8a11-eabf1fcd7692

        Nombre completo del paquete con errores: 

        Id. de la aplicación relativa al paquete con errores: 

        Tipo de bloqueo: Unknown

        Error: (03/09/2019 01:17:11 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Nombre de la aplicación con errores: GlimpseGame.exe, versión: 4.13.1.0, marca de tiempo: 0x5b6ae9a9
        Nombre del módulo con errores: ucrtbase.dll, versión: 10.0.17763.1, marca de tiempo: 0x309241e0
        Código de excepción: 0xc0000409
        Desplazamiento de errores: 0x000000000006f08e
        Identificador del proceso con errores: 0x1d44
        Hora de inicio de la aplicación con errores: 0x01d4d66b72b0e4f6
        Ruta de acceso de la aplicación con errores: E:\Games\We Happy Few\GlimpseGame\Binaries\Win64\GlimpseGame.exe
        Ruta de acceso del módulo con errores: C:\WINDOWS\System32\ucrtbase.dll
        Identificador del informe: a65125ec-3eab-49bd-9563-636dc5d2c58b
        Nombre completo del paquete con errores: 
        Identificador de aplicación relativa del paquete con errores:

        Error: (03/09/2019 09:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Nombre de la aplicación con errores: setup.tmp, versión: 51.1052.0.0, marca de tiempo: 0x506a75b5
        Nombre del módulo con errores: botva2.dll_unloaded, versión: 0.9.7.151, marca de tiempo: 0x2a425e19
        Código de excepción: 0xc000041d
        Desplazamiento de errores: 0x00005514
        Identificador del proceso con errores: 0x2fc8
        Hora de inicio de la aplicación con errores: 0x01d4d608e4b834db
        Ruta de acceso de la aplicación con errores: C:\Users\ruben\AppData\Local\Temp\is-A7LAP.tmp\setup.tmp
        Ruta de acceso del módulo con errores: botva2.dll
        Identificador del informe: ce61f757-c38d-4889-afc4-a86db4acc76d
        Nombre completo del paquete con errores: 
        Identificador de aplicación relativa del paquete con errores:


        System errors:
        =============
        Error: (03/24/2019 10:34:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
        Windows.SecurityCenter.WscDataProtection
         y APPID 
        No disponible
         al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

        Error: (03/24/2019 10:33:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QIK8S5K)
        Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
        {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
         y APPID 
        {15C20B67-12E7-4BB6-92BB-7AFF07997402}
         al usuario DESKTOP-QIK8S5K\Rubén con SID (S-1-5-21-2650186511-3232997970-1302551596-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

        Error: (03/24/2019 10:28:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QIK8S5K)
        Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
        {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
         y APPID 
        {15C20B67-12E7-4BB6-92BB-7AFF07997402}
         al usuario DESKTOP-QIK8S5K\Rubén con SID (S-1-5-21-2650186511-3232997970-1302551596-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

        Error: (03/24/2019 10:28:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QIK8S5K)
        Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
        {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
         y APPID 
        {15C20B67-12E7-4BB6-92BB-7AFF07997402}
         al usuario DESKTOP-QIK8S5K\Rubén con SID (S-1-5-21-2650186511-3232997970-1302551596-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

        Error: (03/24/2019 10:23:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
        Windows.SecurityCenter.WscDataProtection
         y APPID 
        No disponible
         al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

        Error: (03/24/2019 10:21:41 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QIK8S5K)
        Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
        {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
         y APPID 
        {15C20B67-12E7-4BB6-92BB-7AFF07997402}
         al usuario DESKTOP-QIK8S5K\Rubén con SID (S-1-5-21-2650186511-3232997970-1302551596-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

        Error: (03/24/2019 10:18:10 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QIK8S5K)
        Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
        "0"
        al iniciar este comando:
        C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

        Error: (03/24/2019 10:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
        Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
        Se ha bloqueado la descarga de este controlador


        Windows Defender:
        ===================================
        Date: 2019-03-24 21:44:20.477
        Description: 
        Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
        Para obtener más información consulte lo siguiente:
        https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
        Nombre: HackTool:Win32/AutoKMS
        Id.: 2147685180
        Gravedad: Alta
        Categoría: Herramienta
        Ruta de acceso: file:_C:\Program Files\KMSpico\scripts\INSTAL~1.CMD; file:_C:\Program Files\KMSpico\scripts\INSTAL~2.CMD; file:_C:\Program Files\KMSpico\scripts\UNINST~1.CMD
        Origen de detección: Equipo local
        Tipo de detección: Concreto
        Fuente de detección: Protección en tiempo real
        Usuario: DESKTOP-QIK8S5K\Rubén
        Nombre de proceso: C:\Program Files\RogueKiller\RogueKiller64.exe
        Versión de firma: AV: 1.291.246.0, AS: 1.291.246.0, NIS: 1.291.246.0
        Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1

        Date: 2019-03-24 21:44:20.464
        Description: 
        Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
        Para obtener más información consulte lo siguiente:
        https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
        Nombre: HackTool:Win32/AutoKMS
        Id.: 2147685180
        Gravedad: Alta
        Categoría: Herramienta
        Ruta de acceso: file:_C:\Program Files\KMSpico\scripts\INSTAL~1.CMD; file:_C:\Program Files\KMSpico\scripts\INSTAL~2.CMD
        Origen de detección: Equipo local
        Tipo de detección: Concreto
        Fuente de detección: Protección en tiempo real
        Usuario: DESKTOP-QIK8S5K\Rubén
        Nombre de proceso: C:\Program Files\RogueKiller\RogueKiller64.exe
        Versión de firma: AV: 1.291.246.0, AS: 1.291.246.0, NIS: 1.291.246.0
        Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1
        Date: 2019-03-24 21:44:20.452
        Description: 
        Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
        Para obtener más información consulte lo siguiente:
        https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
        Nombre: HackTool:Win32/AutoKMS
        Id.: 2147685180
        Gravedad: Alta
        Categoría: Herramienta
        Ruta de acceso: file:_C:\Program Files\KMSpico\scripts\INSTAL~1.CMD
        Origen de detección: Equipo local
        Tipo de detección: Concreto
        Fuente de detección: Protección en tiempo real
        Usuario: DESKTOP-QIK8S5K\Rubén
        Nombre de proceso: C:\Program Files\RogueKiller\RogueKiller64.exe
        Versión de firma: AV: 1.291.246.0, AS: 1.291.246.0, NIS: 1.291.246.0
        Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1

        Date: 2019-03-14 19:29:51.587
        Description: 
        El examen de Antivirus de Windows Defender se detuvo antes de completarse.
        Id. de examen: {3FE662BB-9578-481D-B253-E203A0695000}
        Tipo de examen: Antimalware
        Parámetros de examen: Examen rápido
        Usuario: NT AUTHORITY\SYSTEM

        Date: 2019-02-18 14:52:41.955
        Description: 
        Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
        Nueva versión de firma: 
        Versión de firma anterior: 1.287.223.0
        Origen de actualización: Servidor de Microsoft Update
        Tipo de firma: AntiVirus
        Tipo de actualización: Completa
        Usuario: NT AUTHORITY\SYSTEM
        Versión de motor actual: 
        Versión de motor anterior: 1.1.15700.8
        Código de error: 0x80240438
        Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

        Date: 2019-02-15 11:10:24.438
        Description: 
        Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
        Nueva versión de firma: 
        Versión de firma anterior: 1.285.845.0
        Origen de actualización: Centro de protección contra malware de Microsoft
        Tipo de firma: AntiVirus
        Tipo de actualización: Completa
        Usuario: NT AUTHORITY\Servicio de red
        Versión de motor actual: 
        Versión de motor anterior: 1.1.15600.4
        Código de error: 0x80072ee7
        Descripción del error: No se pudo resolver el nombre de servidor o su dirección 
        Date: 2019-02-15 11:10:24.438
        Description: 
        Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
        Nueva versión de firma: 
        Versión de firma anterior: 1.285.845.0
        Origen de actualización: Centro de protección contra malware de Microsoft
        Tipo de firma: AntiSpyware
        Tipo de actualización: Completa
        Usuario: NT AUTHORITY\Servicio de red
        Versión de motor actual: 
        Versión de motor anterior: 1.1.15600.4
        Código de error: 0x80072ee7
        Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

        Date: 2019-02-15 11:10:24.437
        Description: 
        Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
        Nueva versión de firma: 
        Versión de firma anterior: 1.285.845.0
        Origen de actualización: Centro de protección contra malware de Microsoft
        Tipo de firma: AntiVirus
        Tipo de actualización: Completa
        Usuario: NT AUTHORITY\Servicio de red
        Versión de motor actual: 
        Versión de motor anterior: 1.1.15600.4
        Código de error: 0x80072ee7
        Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

        Date: 2019-02-15 11:10:24.434
        Description: 
        Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
        Nueva versión de firma: 
        Versión de firma anterior: 1.285.845.0
        Origen de actualización: Centro de protección contra malware de Microsoft
        Tipo de firma: AntiVirus
        Tipo de actualización: Completa
        Usuario: NT AUTHORITY\Servicio de red
        Versión de motor actual: 
        Versión de motor anterior: 1.1.15600.4
        Código de error: 0x80072ee7
        Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

        ==================== Memory info =========================== 

        Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
        Percentage of memory in use: 19%
        Total physical RAM: 16326.26 MB
        Available physical RAM: 13177.12 MB
        Total Virtual: 18758.26 MB
        Available Virtual: 14128.14 MB

        ==================== Drives ================================

        Drive c: () (Fixed) (Total:465.22 GB) (Free:396.7 GB) NTFS
        Drive e: (HDD 2 TB) (Fixed) (Total:1863.01 GB) (Free:1384.11 GB) NTFS

        \\?\Volume{13d21f10-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.54 GB) (Free:0.11 GB) NTFS
11 
   ==================== MBR & Partition Table ==================

            ========================================================
            Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 13D21F10)
            Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
            Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

            ========================================================
            Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: CEFC4E49)
            Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

            ==================== End of Addition.txt ============================

HONESTAMENTE, no sé si me he equivocado al ponerlo porque eran muchas respuestas, disculpas. Además, aclarar que en breves iré a dormir dado que hay que madrugar para trabajar, jeje

12

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\RunOnce: [9e914d90] => C:\ProgramData\9e914d90\9e914d90.exe C:\ProgramData\9e914d90\9e914d90test.au3
HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\RunOnce: [9e914d902] => C:\ProgramData\ohJdqx\9e914d90.exe [937776 2019-03-24] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\9e914d90
C:\ProgramData\ohJdqx
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
2019-03-24 22:46 - 2019-03-24 22:46 - 000000000 ____D C:\ProgramData\ohJdqx
2019-03-24 22:31 - 2019-03-24 22:31 - 000000000 ____D C:\ProgramData\hzzAFXWm
2019-03-24 22:29 - 2019-03-24 22:29 - 000000000 ____D C:\ProgramData\HaNegjdQ
2019-03-24 22:20 - 2019-03-24 22:20 - 000000000 ____D C:\ProgramData\ViDmuzRv
2019-03-24 21:56 - 2019-03-24 21:56 - 000000000 ____D C:\ProgramData\MaUvFtAaR
2019-03-24 21:39 - 2019-03-24 21:39 - 000000000 ____D C:\ProgramData\TuVLsUqCk
2019-02-25 22:51 - 2019-02-25 22:53 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-03-23 22:12 - 2019-03-24 22:32 - 001060864 _____ (AutoIt Team) C:\Users\ruben\AppData\Local\Temp\systeminfo.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
      


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema, y eliminas esa carpeta que me pusiste en la imagen

13

A primera vista la carpeta ha aparecido cuando he reiniciado, pero esta vez me ha dejado borrarla sin decirme que habia algo que la tenía abierta. Ya me dices cosas.

**Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by Rubén (24-03-2019 23:51:15) Run:1 Running from C:\Users\ruben\Desktop Loaded Profiles: Rubén (Available Profiles: Rubén) Boot Mode: Safe Mode (minimal) ==============================================

fixlist content:
*****************

Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\RunOnce: [9e914d90] => C:\ProgramData\9e914d90\9e914d90.exe C:\ProgramData\9e914d90\9e914d90test.au3
HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\...\RunOnce: [9e914d902] => C:\ProgramData\ohJdqx\9e914d90.exe [937776 2019-03-24] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\9e914d90
C:\ProgramData\ohJdqx
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
2019-03-24 22:46 - 2019-03-24 22:46 - 000000000 ____D C:\ProgramData\ohJdqx
2019-03-24 22:31 - 2019-03-24 22:31 - 000000000 ____D C:\ProgramData\hzzAFXWm
2019-03-24 22:29 - 2019-03-24 22:29 - 000000000 ____D C:\ProgramData\HaNegjdQ
2019-03-24 22:20 - 2019-03-24 22:20 - 000000000 ____D C:\ProgramData\ViDmuzRv
2019-03-24 21:56 - 2019-03-24 21:56 - 000000000 ____D C:\ProgramData\MaUvFtAaR
2019-03-24 21:39 - 2019-03-24 21:39 - 000000000 ____D C:\ProgramData\TuVLsUqCk
2019-02-25 22:51 - 2019-02-25 22:53 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-03-23 22:12 - 2019-03-24 22:32 - 001060864 _____ (AutoIt Team) C:\Users\ruben\AppData\Local\Temp\systeminfo.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
      


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\9e914d90" => removed successfully
"HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\9e914d902" => not found
C:\ProgramData\9e914d90 => moved successfully
C:\ProgramData\ohJdqx => moved successfully
HKLM\System\CurrentControlSet\Services\cpuz147 => removed successfully
cpuz147 => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
"C:\ProgramData\ohJdqx" => not found
C:\ProgramData\hzzAFXWm => moved successfully
C:\ProgramData\HaNegjdQ => moved successfully
C:\ProgramData\ViDmuzRv => moved successfully
C:\ProgramData\MaUvFtAaR => moved successfully
C:\ProgramData\TuVLsUqCk => moved successfully
C:\Program Files (x86)\Temp => moved successfully
C:\Users\ruben\AppData\Local\Temp\systeminfo.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2650186511-3232997970-1302551596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62908268 B
Java, Flash, Steam htmlcache => 13964333 B
Windows/system/drivers => 1288166 B
Edge => 3597 B
Chrome => 106512757 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1768 B
LocalService => 0 B
NetworkService => 3234 B
NetworkService => 0 B
ruben => 71520103 B

RecycleBin => 0 B
EmptyTemp: => 251.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:52:11 ====**
14

Vuelve a reiniciar el PC y comprueba cómo va y si vuelve a aparecer esa carpeta. Si aparece de nuevo me comentas y si no, luego pruébalo 24 horas y me dices cómo va el problema planteado

15

Efectivamente he reiniciado y no ha aparecido. Cualquier cosa me paso por aquí y os digo!

Gracias a todos!

16

De acuerdo pruébalo entonces 24 horas bien el pc y me comentas cómo va todo,debería estar solucionado

17

No he llegado todavía a 24h pero por ahora he estado jugando con 0 problemas, sin carpetas raras ni keyloggers ni nada por el estilo. Cualquier cosa volveré por aquí. Gracias a todos.

18

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO

19

Buenas,

Decir que me ha salido un proceso de inicio de arranque (msconfig) quie tenia nombre raro y acababa en test.au3 y lo borre con ccleaner pero no sé si volverá a salir. Espermos que no pase nada :S

20

No te preocupes, eso es un remanente del inicio que se cargaba de esos programas que hemos eliminado. Son restos que quedan en el registro que se muestran en MS config Si lo has eliminado con CC cleaner ya no queda nada que hacer más