Ayuda como activar win defender


#1

saludos raza! necesito me ayuden, he descargado un programa y a partir de esto mi pc anda mas lenta , el win defender no se activa de ninguna forma. necesito ayuda por favor!!


#2

Buenas @Marcos_exe.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#3

hola aqui te envio lo solicitado


#4
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/1/19
Hora del análisis: 15:58
Archivo de registro: 6d223aef-1ce5-11e9-a3d4-d8cb8a1e9895.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.519
Versión del paquete de actualización: 1.0.8862
Licencia: Gratis

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: Gomezito\Beco

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 232612
Amenazas detectadas: 65
Amenazas en cuarentena: 65
Tiempo transcurrido: 1 min, 16 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 10
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gndoicapfdaldiokbcdnllfhnapokcbk, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ikpcpgklmefncbfgbdifkaphbaapgafh, Se eliminará al reiniciar, [311], [590559],1.0.8862
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3F00841-D274-46D0-B4E8-9A07F8EA96B3}, Se eliminará al reiniciar, [5992], [580173],1.0.8862
PUP.Optional.MailRu.Generic, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mdhpacfhljhcombkalcmkahkhodpkbim, Se eliminará al reiniciar, [4622], [443088],1.0.8862
Adware.PBot.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinBoxes, Se eliminará al reiniciar, [6832], [604283],1.0.8862
Adware.PBot.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7734712F-E5E3-4A41-B9C0-4461E2FC9EB8}, Se eliminará al reiniciar, [6832], [604283],1.0.8862
Adware.PBot.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{7734712F-E5E3-4A41-B9C0-4461E2FC9EB8}, Se eliminará al reiniciar, [6832], [604283],1.0.8862
Adware.PBot.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinBoxes_upd, Se eliminará al reiniciar, [6832], [604283],1.0.8862
Adware.PBot.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36D5A29A-F4A2-4E42-8334-535810A32BBB}, Se eliminará al reiniciar, [6832], [604283],1.0.8862
Adware.PBot.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{36D5A29A-F4A2-4E42-8334-535810A32BBB}, Se eliminará al reiniciar, [6832], [604283],1.0.8862

Valor del registro: 3
PUP.Optional.RussAd, HKU\S-1-5-21-4030787469-4158419016-935844530-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|GNDOICAPFDALDIOKBCDNLLFHNAPOKCBK, Se eliminará al reiniciar, [311], [605290],1.0.8862
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3F00841-D274-46D0-B4E8-9A07F8EA96B3}|PATH, Se eliminará al reiniciar, [5992], [580173],1.0.8862
PUP.Optional.MailRu.Generic, HKU\S-1-5-21-4030787469-4158419016-935844530-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mdhpacfhljhcombkalcmkahkhodpkbim, Se eliminará al reiniciar, [4622], [443088],1.0.8862

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 9
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\_metadata, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\icons, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\GNDOICAPFDALDIOKBCDNLLFHNAPOKCBK, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\IKPCPGKLMEFNCBFGBDIFKAPHBAAPGAFH, Se eliminará al reiniciar, [311], [590559],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\_metadata, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\icons, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MDHPACFHLJHCOMBKALCMKAHKHODPKBIM, Se eliminará al reiniciar, [4622], [443088],1.0.8862

Archivo: 43
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\icons\128.png, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\icons\16.png, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\icons\32.png, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\icons\48.png, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\_metadata\computed_hashes.json, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\_metadata\verified_contents.json, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\background.js, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndoicapfdaldiokbcdnllfhnapokcbk\15.1.12.2_0\manifest.json, Se eliminará al reiniciar, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [311], [605290],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikpcpgklmefncbfgbdifkaphbaapgafh\000003.log, Se eliminará al reiniciar, [311], [590559],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikpcpgklmefncbfgbdifkaphbaapgafh\CURRENT, Se eliminará al reiniciar, [311], [590559],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikpcpgklmefncbfgbdifkaphbaapgafh\LOCK, Se eliminará al reiniciar, [311], [590559],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikpcpgklmefncbfgbdifkaphbaapgafh\LOG, Se eliminará al reiniciar, [311], [590559],1.0.8862
PUP.Optional.RussAd, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikpcpgklmefncbfgbdifkaphbaapgafh\MANIFEST-000001, Se eliminará al reiniciar, [311], [590559],1.0.8862
PUP.Optional.RussAd, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [311], [590559],1.0.8862
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Se eliminará al reiniciar, [5992], [-1],0.0.0
PUP.Optional.MailRu.Generic, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MDHPACFHLJHCOMBKALCMKAHKHODPKBIM\15.1.13.1_0\MANIFEST.JSON, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\icons\128.png, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\icons\16.png, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\icons\32.png, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\icons\48.png, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\_metadata\computed_hashes.json, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\_metadata\verified_contents.json, Se eliminará al reiniciar, [4622], [443088],1.0.8862
PUP.Optional.MailRu.Generic, C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhpacfhljhcombkalcmkahkhodpkbim\15.1.13.1_0\background.js, Se eliminará al reiniciar, [4622], [443088],1.0.8862
Adware.PBot.Generic, C:\WINDOWS\SYSTEM32\TASKS\WinBoxes, Se eliminará al reiniciar, [6832], [604283],1.0.8862
Adware.PBot.Generic, C:\WINDOWS\SYSTEM32\TASKS\WinBoxes_upd, Se eliminará al reiniciar, [6832], [604283],1.0.8862
PUP.Optional.MailRu, C:\USERS\BECO\APPDATA\LOCAL\TEMP\ETYNYRSBBTY11NKL\93A0D1640231208AD49F8471C7048135.EXE, Se eliminará al reiniciar, [249], [609065],1.0.8862
Adware.ICLoader, C:\USERS\BECO\DOWNLOADS\EZDRUMMER_2_KEYGEN_R2R.EXE (1).RENAME, Se eliminará al reiniciar, [445], [451667],1.0.8862
PUP.Optional.MailRu, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [249], [454830],1.0.8862
Adware.MailRu.BatBitRst, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [322], [481467],1.0.8862
Adware.MailRu.BatBitRst, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [322], [481467],1.0.8862
PUP.Optional.MailRu, C:\USERS\BECO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [249], [454830],1.0.8862

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

ELIMINADA repuesta siguiente por ser repetido el log…fijarse


#6

me suspendieron temporal la cuenta espor eso que repeti la resupuesta… vuelvo a enviar la misma respuesto junto a las demas?? dime que hacer


#7

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-20-2019
# Duration: 00:00:00
# OS:       Windows 8.1 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4166 octets] - [20/01/2019 13:51:18]
AdwCleaner[C00].txt - [3726 octets] - [20/01/2019 13:52:13]
AdwCleaner[S01].txt - [1372 octets] - [20/01/2019 16:08:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

#8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Pro x64 
Ran by Beco (Administrator) on 20/01/2019 at 16:12:30,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/01/2019 at 16:13:49,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Beco (20-01-2019 16:17:11)
Running from C:\Users\Beco\Downloads
Windows 8.1 Pro (Update) (X64) (2019-01-04 10:11:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4030787469-4158419016-935844530-500 - Administrator - Disabled)
Beco (S-1-5-21-4030787469-4158419016-935844530-1001 - Administrator - Enabled) => C:\Users\Beco
Invitado (S-1-5-21-4030787469-4158419016-935844530-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
BandLab Assistant 5.0.1 (HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 5.0.1 - BandLab)
Battlefield 4 versión 1.0 u12 (HKLM-x32\...\{0D72C964-80FF-45F2-B568-4CA689881557}_is1) (Version: 1.0 u12 - Dice)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 24.11.0.31 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Catalyst Control Center Next Localization BR (HKLM\...\{200958DE-7DE4-7C5C-F749-C703BF9CC54D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{1F456B73-D1B1-E600-1D20-E7CCF07DBC00}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{4FA5C3AC-AA7B-7D6D-149F-0873D86F7F40}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C09F6556-6199-9BFD-3CF1-EAC62FE47097}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{AE806E34-1C08-A21E-BB3F-6DA258D8A5F4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D46082C3-5C7B-A38D-582D-107E77DA4BCA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7AF61327-137A-CC4B-D22B-39C65BFCBB81}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{840DA72B-99D8-EB76-D716-26F0ED002826}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{87FBD952-5A73-271D-806B-BB218FD2B494}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{7E4AC93A-2A53-9441-8768-128545E6C13C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E7781245-9CA1-D4C0-8E3E-BF449C6A8DBC}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B29AA91E-3365-60E2-E09F-BE5ED92F361F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{26E35782-B44C-5487-CE59-56B6E1D8F2AB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{C1E3CD45-EC20-19F9-7CD0-CDBBFCE5C97E}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{EDFE5677-C7B3-AE33-1EE0-6455FAEA308C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{A00F2821-AE93-C0AC-D766-CD2C428A79E7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{5D91F3D5-FA78-2938-85BC-44ACBB15274D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{768EB2CD-ABC1-6843-C89F-D2BB47D6BD5F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{6CF72992-9AB2-62BB-436F-DD5DA423F16A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A74A2B5D-1751-21B6-DB14-E4AE6D9419BB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{E77558B2-22D4-4ECF-57A6-36356C3311F9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.1.1 - Toontrack)
FIFA 18 MULTi18 - ElAmigos versión 1.0 (HKLM-x32\...\{F8DEE27B-0ABA-4B36-A615-317B4E2193D5}_is1) (Version: 1.0 - EA Games)
Free Mp3 Wma Converter V 1.8.0 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.62.119.2018 - Realtek)
teVirtualMIDI64 (HKLM\...\{300D1BB9-FA9E-40EA-ADD8-934D5066F6D5}) (Version: 1.2.11.41 - Tobias Erichsen)
Universal Control (HKLM\...\Universal Control) (Version: 2.9.2.49805 - PreSonus Audio Electronics, Inc)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3934F12E-091D-11E4-A0AD-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinBoxes (HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\WinBoxes) (Version:  - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12A5D328-D766-438C-B0A6-CBCB5BA3D502} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software)
Task: {2B695045-728F-4973-A4EC-EAB250E62E5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-01-04] (Google Inc.)
Task: {50A12BD1-51F7-491D-B487-0867649F3036} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {A6712AAD-5A4D-4BC6-A1A6-3D9EAF39C470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-01-04] (Google Inc.)
Task: {B9DAA26C-EE3A-432E-A79A-CAAFB11CA651} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {F239A712-FC5C-4A70-AD5B-8355D24FDC14} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {FB93C877-B586-45BA-8FCF-7E7EA7F08B25} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-18 18:51 - 2017-10-18 18:51 - 000598528 _____ () C:\Users\Beco\AppData\Local\MEGAsync\ShellExtX64.dll
2019-01-20 15:58 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-11 13:28 - 2018-10-11 13:28 - 000244976 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\AudioBox\x86\paeusbaudioapi.dll
2018-10-19 09:07 - 2018-10-19 09:07 - 003226624 _____ () C:\Program Files\PreSonus\Universal Control\ipp.dll
2018-10-11 13:03 - 2018-10-11 13:03 - 001160192 _____ () C:\Program Files\PreSonus\Universal Control\vectorlib.dll
2018-10-11 13:28 - 2018-10-11 13:28 - 000244976 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioLiveClassic\x86\paeslclassicusbapi.dll
2018-10-11 13:28 - 2018-10-11 13:28 - 000244976 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\Studio192\x86\PaeStudio192api.dll
2018-10-11 13:28 - 2018-10-11 13:28 - 000244976 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioLive3\x86\paestudiolive3api.dll
2018-10-11 13:28 - 2018-10-11 13:28 - 000244976 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioLiveAR\x86\paestudiolivearapi.dll
2018-10-11 13:28 - 2018-10-11 13:28 - 000244976 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioUSB\x86\paestudiousbapi.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4030787469-4158419016-935844530-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Beco\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E901E9C5-03D9-4F49-B5AB-CF87196558D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{35EDB39F-843D-47E3-B05E-26AFB73C8B9B}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (Cakewalk, Inc.)
FirewallRules: [{B5E4F1E0-27F7-4229-817E-F779B2C65E4F}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (Cakewalk, Inc.)
FirewallRules: [{AD545FDD-254E-4248-A923-D6C24C3B2A4A}] => (Allow) C:\Program Files\PreSonus\Universal Control\Universal Control.exe (PreSonus)
FirewallRules: [{6D96A9C7-D1B3-4D58-B370-28F51C43B84B}] => (Allow) C No File
FirewallRules: [{B42EF769-7A58-484C-BCDB-2D0DE6F1BED3}] => (Allow) C:\Users\Beco\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{AC2438AF-5B69-4895-A076-565B425E56B3}] => (Allow) C:\Users\Beco\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{19DA2E96-27A9-46DD-8E7E-9A44BE774AED}C:\games\fifa 18\fifa18.exe] => (Block) C:\games\fifa 18\fifa18.exe (Electronic Arts)
FirewallRules: [UDP Query User{BFB38685-EA01-44E4-844F-1CBCB9FA765E}C:\games\fifa 18\fifa18.exe] => (Block) C:\games\fifa 18\fifa18.exe (Electronic Arts)
FirewallRules: [TCP Query User{02406F2E-0669-4A09-8068-FCD8C2C75173}C:\program files (x86)\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\battlefield 4\bf4.exe (EA Digital Illusions CE AB)
FirewallRules: [UDP Query User{BA486058-9B15-4D7E-8DB0-0C13D52E2303}C:\program files (x86)\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\battlefield 4\bf4.exe (EA Digital Illusions CE AB)
FirewallRules: [{B20DE5BA-3F10-4014-8307-769673DBBC2F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{F5708812-D6C5-45A5-9A0B-6DE9237D5227}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

20-01-2019 16:12:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2019 04:12:56 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/20/2019 10:41:35 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: El Administrador de ventanas de escritorio detectó un error irrecuperable (0x8898008d)

Error: (01/16/2019 09:08:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/16/2019 03:59:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/16/2019 03:58:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/16/2019 03:58:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (01/16/2019 08:45:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/16/2019 08:45:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (01/20/2019 04:08:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio PreSonus Hardware Access Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

Error: (01/20/2019 04:08:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Disc Soft Lite Bus Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/20/2019 04:08:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/20/2019 01:52:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Disc Soft Lite Bus Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/20/2019 01:52:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio PreSonus Hardware Access Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

Error: (01/20/2019 01:52:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Updater.Mail.Ru terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (01/20/2019 01:52:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Mail.Ru Update Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (01/20/2019 01:52:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2019-01-16 21:06:00.587
Description: 
Windows Defender ha detectado malware u otro software potencialmente no deseado.
Para obtener más información, consulte:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta: file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\AutoPico.exe
Origen de detección: Equipo local
Tipo de detección: Concreta
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre del proceso: C:\Windows\System32\SearchProtocolHost.exe
Versión de firma: AV: 1.283.3009.0, AS: 1.283.3009.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.15500.2, NIS: 2.1.14600.4

Date: 2019-01-16 21:05:39.061
Description: 
Windows Defender ha detectado malware u otro software potencialmente no deseado.
Para obtener más información, consulte:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta: file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\AutoPico.exe;file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\KMSELDI.exe
Origen de detección: Equipo local
Tipo de detección: Concreta
Fuente de detección: Protección en tiempo real
Usuario: Gomezito\Beco
Nombre del proceso: C:\Windows\System32\SearchProtocolHost.exe
Versión de firma: AV: 1.283.3009.0, AS: 1.283.3009.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.15500.2, NIS: 2.1.14600.4

Date: 2019-01-16 21:05:30.023
Description: 
Windows Defender ha detectado malware u otro software potencialmente no deseado.
Para obtener más información, consulte:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta: file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\AutoPico.exe;file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\KMSELDI.exe
Origen de detección: Equipo local
Tipo de detección: Concreta
Fuente de detección: Protección en tiempo real
Usuario: Gomezito\Beco
Nombre del proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.283.3009.0, AS: 1.283.3009.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.15500.2, NIS: 2.1.14600.4

Date: 2019-01-16 21:05:24.596
Description: 
Windows Defender ha detectado malware u otro software potencialmente no deseado.
Para obtener más información, consulte:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta: file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\AutoPico.exe;file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\KMSELDI.exe
Origen de detección: Equipo local
Tipo de detección: Concreta
Fuente de detección: Protección en tiempo real
Usuario: Gomezito\Beco
Nombre del proceso: C:\Program Files\WinRAR\WinRAR.exe
Versión de firma: AV: 1.283.3009.0, AS: 1.283.3009.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.15500.2, NIS: 2.1.14600.4

Date: 2019-01-16 21:05:19.519
Description: 
Windows Defender ha detectado malware u otro software potencialmente no deseado.
Para obtener más información, consulte:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta: file:_C:\Users\Beco\Downloads\KMSpico 10.2.0 FINAL\KMSpico Portable\AutoPico.exe
Origen de detección: Equipo local
Tipo de detección: Concreta
Fuente de detección: Protección en tiempo real
Usuario: Gomezito\Beco
Nombre del proceso: C:\Program Files\WinRAR\WinRAR.exe
Versión de firma: AV: 1.283.3009.0, AS: 1.283.3009.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.15500.2, NIS: 2.1.14600.4

Date: 2019-01-06 17:54:01.144
Description: 
La característica Protección en tiempo real de Windows Defender ha encontrado un error y se ha interrumpido.
Característica: Sistema de inspección de la red
Código del error: 0x80070002
Descripción del error: El sistema no puede encontrar el archivo especificado. 
Razón: La protección de antimalware ha dejado de funcionar por una razón desconocida. En algunos casos, puede que el problema se solucione reiniciando el servicio.

Date: 2019-01-06 17:51:21.032
Description: 
Windows Defender ha encontrado un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.155.266.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: Antivirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.9700.0
Código de error: 0x80070643
Descripción del error: Error irrecuperable durante la instalación. 

Date: 2019-01-06 17:51:20.892
Description: 
Windows Defender ha encontrado un error al intentar actualizar el motor.
Nueva versión del motor: 1.1.15500.2
Versión anterior del motor: 1.1.9700.0
Usuario: NT AUTHORITY\SYSTEM
Código de error: 0x8050800c
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-01-06 17:36:27.204
Description: 
La característica Protección en tiempo real de Windows Defender ha encontrado un error y se ha interrumpido.
Característica: Sistema de inspección de la red
Código del error: 0x80070002
Descripción del error: El sistema no puede encontrar el archivo especificado. 
Razón: El sistema no encuentra actualizaciones que son necesarias para ejecutar el Sistema de inspección de la red. Instale las actualizaciones necesarias y reinicie el equipo.

Date: 2019-01-05 14:58:02.335
Description: 
La característica Protección en tiempo real de Windows Defender ha encontrado un error y se ha interrumpido.
Característica: Sistema de inspección de la red
Código del error: 0x80070002
Descripción del error: El sistema no puede encontrar el archivo especificado. 
Razón: La protección de antimalware ha dejado de funcionar por una razón desconocida. En algunos casos, puede que el problema se solucione reiniciando el servicio.

==================== Memory info =========================== 

Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 12%
Total physical RAM: 8134.77 MB
Available physical RAM: 7151.66 MB
Total Virtual: 9734.77 MB
Available Virtual: 8798.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:644.3 GB) NTFS
Drive d: () (Fixed) (Total:68.36 GB) (Free:52.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:80.69 GB) (Free:47.01 GB) NTFS

\\?\Volume{901a6fb8-1008-11e9-824e-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 28502850)
Partition 1: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8FE0B69F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#9
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Beco (administrator) on GOMEZITO (20-01-2019 16:16:37)
Running from C:\Users\Beco\Downloads
Loaded Profiles: Beco (Available Profiles: Beco)
Platform: Windows 8.1 Pro (Update) (X64) Language: Español (España, internacional)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(PreSonus) C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [14767616 2018-10-19] (PreSonus)
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [uTorrent] => C:\Users\Beco\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-15] (BitTorrent Inc.)
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd)
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes_upd] => C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes] => C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-04] (Google Inc.)
Startup: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-18]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Beco\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{18FA6242-4F68-42A2-B15A-6252354162DD}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4030787469-4158419016-935844530-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-04] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/","hxxps://www.google.com/"
CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default [2019-01-20]
CHR Extension: (Presentaciones) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-04]
CHR Extension: (The Flash Video Downloader) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2019-01-04]
CHR Extension: (Documentos) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-04]
CHR Extension: (Google Drive) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-04]
CHR Extension: (WOT: Web of Trust, valoraciones de reputación de sitios web) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-01-04]
CHR Extension: (YouTube) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-04]
CHR Extension: (Space & Patterns) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmjaboldkklmcomdamidplnfpnmmmd [2019-01-19]
CHR Extension: (Hojas de cálculo) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-04]
CHR Extension: (AdBlock) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-01-16]
CHR Extension: (Avast Online Security) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-04]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-04]
CHR Extension: (Gmail) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 PreSonus Hardware Access Service; C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe [373760 2018-10-19] (PreSonus) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2019-01-06] (Disc Soft Ltd)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-20] (Malwarebytes)
R3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio.sys [355568 2018-10-11] ()
R3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks.sys [53488 2018-10-11] ()
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-20 16:16 - 2019-01-20 16:16 - 000009331 _____ C:\Users\Beco\Downloads\FRST.txt
2019-01-20 16:15 - 2019-01-20 16:16 - 000000000 ____D C:\FRST
2019-01-20 16:13 - 2019-01-20 16:13 - 000000546 _____ C:\Users\Beco\Desktop\JRT.txt
2019-01-20 16:09 - 2019-01-20 16:09 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-20 15:58 - 2019-01-20 15:58 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-20 15:58 - 2019-01-20 15:58 - 000000000 ____D C:\Users\Beco\AppData\Local\mbamtray
2019-01-20 15:58 - 2019-01-20 15:58 - 000000000 ____D C:\Users\Beco\AppData\Local\mbam
2019-01-20 15:58 - 2019-01-20 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-20 15:58 - 2019-01-20 15:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-20 15:58 - 2019-01-20 15:58 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-20 15:58 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-20 15:51 - 2019-01-20 15:51 - 000023742 _____ C:\Users\Beco\Documents\cc_20190120_155149.reg
2019-01-20 14:56 - 2019-01-20 14:56 - 002428416 _____ (Farbar) C:\Users\Beco\Downloads\FRST64.exe
2019-01-20 14:54 - 2019-01-20 14:54 - 001790024 _____ (Malwarebytes) C:\Users\Beco\Downloads\JRT.exe
2019-01-20 14:52 - 2019-01-20 15:13 - 082438192 _____ (Malwarebytes ) C:\Users\Beco\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8862.exe
2019-01-20 13:51 - 2019-01-20 13:52 - 000000000 ____D C:\AdwCleaner
2019-01-20 13:50 - 2019-01-20 13:50 - 007320272 _____ (Malwarebytes) C:\Users\Beco\Downloads\adwcleaner_7.2.6.0.exe
2019-01-20 13:49 - 2019-01-20 13:52 - 050595412 _____ (Malwarebytes ) C:\Users\Beco\Downloads\Sin confirmar 456649.crdownload
2019-01-20 13:47 - 2019-01-20 15:52 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2019-01-20 13:46 - 2019-01-20 13:46 - 001996144 _____ (Malwarebytes ) C:\Users\Beco\Downloads\mbae-setup-1.12.1.147.exe
2019-01-20 13:39 - 2019-01-20 13:43 - 000000000 ____D C:\Users\Beco\AppData\Roaming\WinBoxes_upd
2019-01-20 13:39 - 2019-01-20 13:43 - 000000000 ____D C:\Users\Beco\AppData\Roaming\WinBoxes
2019-01-20 13:38 - 2019-01-20 13:38 - 005888000 _____ C:\Users\Beco\Downloads\ezdrummer-2-keygen-download-crack_b9f91c9-1133.iso
2019-01-20 13:23 - 2019-01-20 13:28 - 000000000 ____D C:\Clicks
2019-01-20 13:21 - 2019-01-20 13:21 - 000000000 ____D C:\Program Files (x86)\Steinberg
2019-01-20 13:19 - 2019-01-20 13:19 - 000000000 ____D C:\ProgramData\Toontrack
2019-01-20 13:17 - 2019-01-20 13:19 - 000002001 _____ C:\Users\Public\Desktop\EZdrummer-64.lnk
2019-01-20 13:17 - 2019-01-20 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2019-01-20 13:16 - 2019-01-20 13:16 - 000000000 ____D C:\Program Files\Toontrack
2019-01-20 01:48 - 2019-01-20 01:48 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Publish Providers
2019-01-19 22:01 - 2019-01-19 22:01 - 000006785 _____ C:\Users\Beco\Downloads\f.txt
2019-01-18 17:49 - 2019-01-20 13:43 - 000000000 ____D C:\Program Files\Google
2019-01-18 17:49 - 2019-01-18 17:49 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-18 17:49 - 2019-01-18 17:49 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-18 17:49 - 2019-01-18 17:49 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-18 17:49 - 2019-01-18 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-01-18 17:49 - 2019-01-18 17:49 - 000000000 ____D C:\Program Files\CCleaner
2019-01-18 17:46 - 2019-01-18 17:46 - 019341880 _____ (Piriform Software Ltd) C:\Users\Beco\Downloads\ccsetup552.exe
2019-01-18 17:43 - 2019-01-20 13:54 - 000000000 ____D C:\Users\Beco\AppData\Local\ElevatedDiagnostics
2019-01-18 17:23 - 2019-01-18 17:23 - 000000000 ____D C:\Users\Beco\Documents\Toontrack
2019-01-18 17:21 - 2019-01-18 17:23 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Toontrack
2019-01-18 16:01 - 2019-01-20 01:26 - 000000000 ____D C:\Users\Beco\Documents\MEGAsync Downloads
2019-01-18 15:59 - 2019-01-19 19:34 - 000000000 ___RD C:\Users\Beco\Documents\MEGA
2019-01-18 15:58 - 2019-01-18 15:58 - 000000000 ____D C:\Users\Beco\AppData\Local\Mega Limited
2019-01-18 15:04 - 2019-01-18 15:04 - 000001057 _____ C:\Users\Beco\Desktop\MEGAsync.lnk
2019-01-18 15:04 - 2019-01-18 15:04 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-01-18 15:04 - 2019-01-18 15:04 - 000000000 ____D C:\Users\Beco\AppData\Local\MEGAsync
2019-01-18 11:17 - 2019-01-18 11:17 - 000401508 _____ C:\Users\Beco\Downloads\+LFidYpGbogsaVv5sxxQshz6Q7hUfQ+qPkvF+AxIN5FwQqXkn5H2ekM04PhGe7KPcvw3_cpMu8YnfanJTzKDv4iqsrrMtTFJTG8+EhQPl5CABJQyRrFp0l+UwISaYZGDFvQh24Mfo4mE5QQndKJzO4cNkvhQItoCYU3T1Ir2+vmYUMdoFaChjwv7r4lfTpkq.pdf
2019-01-18 10:55 - 2019-01-18 11:06 - 000000000 ____D C:\Users\Beco\Downloads\EZDrummer 2+updates
2019-01-17 18:02 - 2019-01-17 18:02 - 000306865 _____ C:\Users\Beco\Downloads\ST01.pdf
2019-01-16 21:08 - 2019-01-20 16:09 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\uTorrent
2019-01-16 21:07 - 2019-01-16 21:07 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2019-01-16 21:07 - 2019-01-16 21:07 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2019-01-10 17:47 - 2019-01-10 17:47 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-01-08 13:51 - 2019-01-08 13:52 - 000000000 ____D C:\Users\Beco\Documents\Battlefield 4
2019-01-08 13:49 - 2019-01-08 13:49 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\Temp
2019-01-08 13:47 - 2019-01-08 13:47 - 000001265 _____ C:\Users\Beco\Desktop\Free CD Ripper.lnk
2019-01-08 13:47 - 2019-01-08 13:47 - 000001263 _____ C:\Users\Beco\Desktop\Free Mp3 Wma Converter.lnk
2019-01-08 13:47 - 2019-01-08 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2019-01-08 13:47 - 2019-01-08 13:47 - 000000000 ____D C:\Program Files (x86)\Free Audio Pack
2019-01-08 13:47 - 2008-09-24 20:33 - 000484352 _____ C:\Windows\SysWOW64\lame_enc.dll
2019-01-08 13:47 - 2005-03-11 17:37 - 001986560 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudFile.dll
2019-01-08 13:47 - 2005-03-10 16:00 - 000454656 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioRecord.dll
2019-01-08 13:47 - 2005-02-24 15:21 - 000458752 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudPlayer.dll
2019-01-08 13:47 - 2005-02-24 12:11 - 001212416 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioInfos.dll
2019-01-08 13:47 - 2005-02-24 12:11 - 000479232 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioVisu.dll
2019-01-08 13:47 - 2005-02-24 12:10 - 002084864 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDesign.dll
2019-01-08 13:47 - 2005-02-24 12:10 - 000417792 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDisplay.dll
2019-01-08 13:47 - 2005-01-10 12:54 - 000116296 _____ C:\Windows\SysWOW64\NCTWMAProfiles.prx
2019-01-08 13:47 - 2004-03-08 23:00 - 001081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2019-01-08 13:47 - 2004-03-08 23:00 - 000662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2019-01-08 13:47 - 2004-03-08 23:00 - 000224016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2019-01-08 13:47 - 2004-03-08 23:00 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2019-01-08 13:47 - 2003-03-18 21:20 - 001060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2019-01-08 13:47 - 2000-10-01 19:00 - 000119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2019-01-08 13:47 - 2000-05-22 15:58 - 000115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX
2019-01-08 13:47 - 1999-03-25 19:00 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2019-01-08 13:47 - 1998-07-12 23:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2019-01-08 13:47 - 1998-07-12 23:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscc2fr.dll
2019-01-08 13:47 - 1998-07-12 23:00 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTFR.DLL
2019-01-08 13:47 - 1998-07-12 23:00 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL
2019-01-08 13:47 - 1998-07-12 19:00 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2019-01-08 13:47 - 1998-06-24 00:00 - 000164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2019-01-08 13:47 - 1998-06-16 23:00 - 000516173 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP60D.DLL
2019-01-08 13:47 - 1998-06-16 23:00 - 000385100 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2019-01-08 13:40 - 2019-01-08 13:40 - 000001054 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2019-01-08 13:40 - 2019-01-08 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2019-01-08 13:39 - 2019-01-20 01:48 - 000000000 ____D C:\Users\Beco\AppData\Local\Sony
2019-01-08 13:39 - 2019-01-08 13:39 - 000000000 ____D C:\ProgramData\Sony
2019-01-08 13:39 - 2019-01-08 13:39 - 000000000 ____D C:\Program Files\Sony
2019-01-08 13:39 - 2019-01-08 13:39 - 000000000 ____D C:\Program Files (x86)\Sony
2019-01-08 13:38 - 2019-01-20 01:48 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Sony
2019-01-08 13:34 - 2019-01-08 13:34 - 000001131 _____ C:\Users\Public\Desktop\Battlefield 4 32bit.lnk
2019-01-08 13:34 - 2019-01-08 13:34 - 000001107 _____ C:\Users\Public\Desktop\Battlefield 4 64bit.lnk
2019-01-08 13:34 - 2019-01-08 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2019-01-08 13:20 - 2019-01-08 23:45 - 000000000 ____D C:\Program Files (x86)\Battlefield 4
2019-01-06 17:50 - 2018-12-10 19:04 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-06 16:01 - 2019-01-06 16:28 - 000000000 ____D C:\Users\Beco\Downloads\MEXICO
2019-01-06 16:00 - 2019-01-06 16:24 - 000000000 ____D C:\Users\Beco\Downloads\F18-UP2-MULTI18
2019-01-06 13:35 - 2019-01-06 14:01 - 000000000 ____D C:\Users\Beco\Documents\FIFA 18
2019-01-06 13:30 - 2019-01-06 13:30 - 000000705 _____ C:\Users\Public\Desktop\FIFA 18.lnk
2019-01-06 13:30 - 2019-01-06 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 18
2019-01-06 13:13 - 2019-01-06 13:13 - 000000000 ____D C:\Games
2019-01-06 13:08 - 2019-01-20 15:51 - 000000000 ____D C:\Users\Beco\AppData\Roaming\DAEMON Tools Lite
2019-01-06 13:08 - 2019-01-06 13:09 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-01-06 13:08 - 2019-01-06 13:08 - 000030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-01-06 13:08 - 2019-01-06 13:08 - 000001755 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-01-06 13:08 - 2019-01-06 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2019-01-06 13:07 - 2019-01-06 13:08 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-01-06 13:04 - 2019-01-06 13:05 - 013146016 _____ (Disc Soft Ltd) C:\Users\Beco\Downloads\daemon-tools-5-0-1-multi-win.exe
2019-01-05 10:16 - 2019-01-05 10:16 - 051074517 _____ C:\Users\Beco\Downloads\MTK.v2.5.3.rar
2019-01-04 18:46 - 2019-01-05 18:31 - 498139136 _____ C:\Users\Beco\Downloads\Battlefield 4 MULTi12-ElAmigos.iso
2019-01-04 18:45 - 2019-01-04 18:45 - 000420978 _____ C:\Users\Beco\Downloads\Battle4-www.gamesfull.org.torrent
2019-01-04 18:26 - 2019-01-04 18:26 - 000000000 ____D C:\Users\Beco\Downloads\FIFA 18
2019-01-04 18:25 - 2019-01-04 18:25 - 000356407 _____ C:\Users\Beco\Downloads\F18-www.gamesfull.org.torrent
2019-01-04 18:05 - 2019-01-04 18:05 - 000000000 ____D C:\Users\Beco\AppData\Local\CEF
2019-01-04 17:55 - 2019-01-04 17:55 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-04 17:54 - 2019-01-04 17:54 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-04 17:52 - 2019-01-20 16:11 - 000000000 ____D C:\Users\Beco\AppData\Roaming\uTorrent
2019-01-04 17:52 - 2019-01-04 19:30 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-04 17:52 - 2019-01-04 17:52 - 000000858 _____ C:\Users\Beco\Desktop\µTorrent.lnk
2019-01-04 17:52 - 2019-01-04 17:52 - 000000838 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-01-04 17:51 - 2019-01-04 17:51 - 002982880 _____ (BitTorrent Inc.) C:\Users\Beco\Downloads\uTorrent.exe
2019-01-04 17:46 - 2019-01-04 17:46 - 000000000 ____D C:\Users\Beco\AppData\Roaming\WinRAR
2019-01-04 17:45 - 2019-01-04 17:45 - 003253552 _____ (Alexander Roshal) C:\Users\Beco\Downloads\winrar-x64-561es.exe
2019-01-04 17:45 - 2019-01-04 17:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-04 17:45 - 2019-01-04 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-04 17:45 - 2019-01-04 17:45 - 000000000 ____D C:\Program Files\WinRAR
2019-01-04 16:29 - 2019-01-04 16:29 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Google
2019-01-04 16:18 - 2019-01-04 16:18 - 000001075 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universal Control.lnk
2019-01-04 16:18 - 2019-01-04 16:18 - 000001045 _____ C:\Users\Beco\Desktop\Universal Control.lnk
2019-01-04 16:18 - 2019-01-04 16:18 - 000000000 ____D C:\ProgramData\PreSonus
2019-01-04 16:18 - 2019-01-04 16:18 - 000000000 ____D C:\Program Files\Tobias Erichsen
2019-01-04 16:18 - 2019-01-04 16:18 - 000000000 ____D C:\Program Files\PreSonus
2019-01-04 16:10 - 2019-01-04 16:12 - 129303512 _____ (PreSonus) C:\Users\Beco\Downloads\PreSonus_UniversalControl-v49805.exe
2019-01-04 16:09 - 2019-01-04 16:09 - 000002259 _____ C:\Windows\epplauncher.mif
2019-01-04 16:08 - 2019-01-04 16:09 - 015083200 _____ (Microsoft Corporation) C:\Users\Beco\Downloads\MSEInstall.exe
2019-01-04 13:09 - 2019-01-04 13:09 - 000000785 _____ C:\Users\Beco\Desktop\sc3.tmp
2019-01-04 13:08 - 2019-01-04 13:08 - 000000000 ____D C:\Users\Beco\Documents\Native Instruments
2019-01-04 13:08 - 2019-01-04 13:08 - 000000000 ____D C:\Users\Beco\AppData\Local\Native Instruments
2019-01-04 13:02 - 2019-01-04 17:47 - 000000000 ____D C:\Users\Beco\Documents\pes 19
2019-01-04 13:02 - 2019-01-04 13:04 - 000000047 _____ C:\Users\Beco\Documents\Nuevo documento de texto.txt
2019-01-04 12:58 - 2019-01-04 12:58 - 000002076 _____ C:\Users\Beco\Desktop\JDownloader 2.lnk
2019-01-04 12:58 - 2019-01-04 12:58 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2019-01-04 12:57 - 2019-01-18 17:40 - 000000000 ____D C:\Users\Beco\AppData\Local\JDownloader 2.0
2019-01-04 12:54 - 2019-01-04 12:54 - 000076504 _____ (AppWork GmbH) C:\Users\Beco\Downloads\JDownloader2_Clean_Installer.exe
2019-01-04 12:49 - 2019-01-04 12:49 - 000001030 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2019-01-04 12:49 - 2019-01-04 12:49 - 000000000 __HDC C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}
2019-01-04 12:48 - 2019-01-04 12:48 - 000000000 ____D C:\ProgramData\Native Instruments
2019-01-04 12:48 - 2019-01-04 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-01-04 12:48 - 2019-01-04 12:48 - 000000000 ____D C:\Program Files\Native Instruments
2019-01-04 12:48 - 2019-01-04 12:48 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2019-01-04 12:46 - 2019-01-04 12:46 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Overloud
2019-01-04 12:46 - 2019-01-04 12:46 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Celemony Software GmbH
2019-01-04 12:46 - 2019-01-04 12:46 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Cakewalk
2019-01-04 12:45 - 2019-01-04 12:45 - 000001300 _____ C:\Users\Beco\Desktop\Cakewalk Theme Editor.lnk
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Users\Public\Documents\Celemony
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\ProgramData\Celemony Software GmbH
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Program Files\Common Files\VST2
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Program Files\Common Files\Celemony
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Program Files\Common Files\Avid
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Program Files\Celemony
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Program Files (x86)\Celemony
2019-01-04 12:45 - 2019-01-04 12:45 - 000000000 ____D C:\Program Files (x86)\Cakewalk
2019-01-04 12:41 - 2019-01-20 13:19 - 000000000 ____D C:\Program Files\Common Files\VST3
2019-01-04 12:41 - 2019-01-16 20:33 - 000000000 ____D C:\Cakewalk Projects
2019-01-04 12:41 - 2019-01-04 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2019-01-04 12:41 - 2019-01-04 12:41 - 000001888 _____ C:\Users\Public\Desktop\Cakewalk by BandLab.lnk
2019-01-04 12:41 - 2019-01-04 12:41 - 000000000 ____D C:\Users\Public\Documents\Overloud
2019-01-04 12:41 - 2019-01-04 12:41 - 000000000 ____D C:\Users\Beco\Documents\Cakewalk
2019-01-04 12:41 - 2019-01-04 12:41 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2019-01-04 12:40 - 2019-01-04 12:46 - 000000000 ____D C:\Cakewalk Content
2019-01-04 12:40 - 2019-01-04 12:42 - 000000000 ____D C:\ProgramData\Cakewalk
2019-01-04 12:40 - 2019-01-04 12:42 - 000000000 ____D C:\Program Files\Cakewalk
2019-01-04 12:40 - 2019-01-04 12:41 - 000000000 ____D C:\ProgramData\Overloud
2019-01-04 12:40 - 2012-06-20 12:38 - 001060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2019-01-04 12:40 - 2012-06-20 12:38 - 001047552 _____ (Microsoft Corporation) C:\Windows\system32\mfc71u.dll
2019-01-04 12:40 - 2012-06-20 12:38 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2019-01-04 12:40 - 2012-06-20 12:38 - 000487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2019-01-04 12:40 - 2012-06-20 12:38 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2019-01-04 12:40 - 2012-06-20 12:38 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2019-01-04 12:15 - 2019-01-16 17:06 - 000000000 ____D C:\Users\Beco\AppData\Roaming\bandlab-assistant
2019-01-04 12:15 - 2019-01-04 12:15 - 000002448 _____ C:\Users\Beco\Desktop\BandLab Assistant.lnk
2019-01-04 12:15 - 2019-01-04 12:15 - 000000000 ____D C:\Users\Beco\Documents\BandLab
2019-01-04 12:15 - 2019-01-04 12:15 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandLab
2019-01-04 12:15 - 2019-01-04 12:15 - 000000000 ____D C:\Users\Beco\AppData\Roaming\BandLab Assistant
2019-01-04 12:11 - 2019-01-04 12:15 - 051510768 _____ (BandLab) C:\Users\Beco\Downloads\bandlab-assistant-windows-latest.exe
2019-01-04 12:10 - 2019-01-04 12:10 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\AMD
2019-01-04 12:08 - 2019-01-04 12:08 - 000000000 ____D C:\Users\Beco\Downloads\amd_chipset_drivers_CZ
2019-01-04 12:07 - 2019-01-04 12:07 - 000000000 ____D C:\Windows\LastGood.Tmp
2019-01-04 12:06 - 2019-01-04 12:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-04 12:06 - 2019-01-04 12:06 - 000992704 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2019-01-04 12:06 - 2019-01-04 12:06 - 000122816 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2019-01-04 12:06 - 2019-01-04 12:06 - 000000000 ____D C:\Users\Beco\Downloads\realtek_pcielan_8_mb
2019-01-04 12:06 - 2019-01-04 12:06 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-01-04 12:05 - 2019-01-04 12:05 - 000000000 ____D C:\Users\Beco\Downloads\AMD_Bolton_RAID_Driver
2019-01-04 11:56 - 2019-01-20 16:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-01-04 11:56 - 2019-01-04 16:06 - 000000000 ____D C:\Users\Beco\AppData\Local\AMD
2019-01-04 11:56 - 2019-01-04 11:56 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2019-01-04 11:56 - 2019-01-04 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asistente de informe de problemas de AMD
2019-01-04 11:56 - 2019-01-04 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2019-01-04 11:56 - 2019-01-04 11:56 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-01-04 11:56 - 2019-01-04 11:56 - 000000000 ____D C:\Program Files (x86)\AMD
2019-01-04 11:55 - 2019-01-06 13:35 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-04 11:55 - 2019-01-04 11:55 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-01-04 11:55 - 2017-01-27 19:05 - 000103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-01-04 11:55 - 2017-01-27 19:04 - 000326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-01-04 11:55 - 2017-01-27 19:02 - 000118272 _____ C:\Windows\system32\vulkaninfo.exe
2019-01-04 11:55 - 2017-01-27 19:01 - 000322560 _____ C:\Windows\system32\vulkan-1.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-01-04 11:55 - 2015-08-22 10:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-01-04 11:54 - 2019-01-04 11:56 - 000000000 ____D C:\Program Files\AMD
2019-01-04 11:53 - 2019-01-04 11:54 - 000000000 ____D C:\AMD
2019-01-04 11:32 - 2019-01-04 11:51 - 425373456 _____ (AMD Inc.) C:\Users\Beco\Downloads\non-whql-win8.1-64bit-radeon-software-crimson-relive-17.6.2-june13.exe
2019-01-04 11:26 - 2019-01-04 11:48 - 447359034 _____ C:\Users\Beco\Downloads\amd_chipset_drivers_CZ.zip
2019-01-04 11:26 - 2019-01-04 11:26 - 001902796 _____ C:\Users\Beco\Downloads\AMD_Bolton_RAID_Driver.zip
2019-01-04 11:25 - 2019-01-04 11:26 - 010605142 _____ C:\Users\Beco\Downloads\realtek_pcielan_8_mb.zip
2019-01-04 11:23 - 2019-01-04 11:23 - 000000000 ____D C:\Users\Beco\Downloads\DriversCloudx64_10_0_7_0
2019-01-04 11:20 - 2019-01-04 11:21 - 000000000 ____D C:\Users\Beco\Documents\program vst
2019-01-04 11:17 - 2019-01-20 16:13 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4030787469-4158419016-935844530-1001
2019-01-04 11:17 - 2019-01-04 11:21 - 010085861 _____ C:\Users\Beco\Downloads\DriversCloudx64_10_0_7_0.zip
2019-01-04 11:15 - 2019-01-04 11:15 - 000002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-04 11:15 - 2019-01-04 11:15 - 000002273 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-04 11:14 - 2019-01-20 13:43 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-04 11:14 - 2019-01-18 17:50 - 000000000 ____D C:\Users\Beco\AppData\Local\Google
2019-01-04 11:14 - 2019-01-04 11:14 - 001136176 _____ (Google Inc.) C:\Users\Beco\Downloads\ChromeSetup.exe
2019-01-04 11:14 - 2019-01-04 11:14 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-04 11:14 - 2019-01-04 11:14 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-04 11:13 - 2019-01-04 11:13 - 000000000 __SHD C:\Users\Beco\AppData\LocalLow\EmieUserList
2019-01-04 11:13 - 2019-01-04 11:13 - 000000000 __SHD C:\Users\Beco\AppData\LocalLow\EmieSiteList
2019-01-04 11:13 - 2019-01-04 11:13 - 000000000 __SHD C:\Users\Beco\AppData\LocalLow\EmieBrowserModeList
2019-01-04 11:13 - 2019-01-04 11:13 - 000000000 __SHD C:\Users\Beco\AppData\Local\EmieUserList
2019-01-04 11:13 - 2019-01-04 11:13 - 000000000 __SHD C:\Users\Beco\AppData\Local\EmieSiteList
2019-01-04 11:13 - 2019-01-04 11:13 - 000000000 __SHD C:\Users\Beco\AppData\Local\EmieBrowserModeList
2019-01-04 07:11 - 2019-01-06 20:23 - 000000000 ____D C:\Users\Beco
2019-01-04 07:11 - 2019-01-05 14:57 - 000000000 ____D C:\Users\Beco\AppData\Local\Packages
2019-01-04 07:11 - 2019-01-04 07:11 - 000001426 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-04 07:11 - 2019-01-04 07:11 - 000000020 ___SH C:\Users\Beco\ntuser.ini
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Reciente
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Plantillas
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Mis documentos
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Menú Inicio
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Impresoras
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Entorno de red
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Documents\Mis vídeos
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Documents\Mis imágenes
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Documents\Mi música
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Datos de programa
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\Configuración local
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\AppData\Local\Historial
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\AppData\Local\Datos de programa
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 _SHDL C:\Users\Beco\AppData\Local\Archivos temporales de Internet
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 ____D C:\Windows\CSC
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Adobe
2019-01-04 07:11 - 2019-01-04 07:11 - 000000000 ____D C:\Users\Beco\AppData\Local\VirtualStore
2019-01-04 07:11 - 2014-11-20 23:21 - 000000369 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-01-04 07:11 - 2014-11-20 23:21 - 000000369 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Public\Documents\Mi música
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Reciente
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Plantillas
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Mis documentos
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Menú Inicio
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Impresoras
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Entorno de red
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Documents\Mi música
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Datos de programa
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\Configuración local
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historial
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\Documents\Mi música
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\ProgramData\Plantillas
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\ProgramData\Menú Inicio
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\ProgramData\Escritorio
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\ProgramData\Documentos
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\ProgramData\Datos de programa
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Program Files\Archivos comunes
2019-01-04 07:09 - 2019-01-04 07:09 - 000000000 _SHDL C:\Archivos de programa
2019-01-04 07:08 - 2019-01-04 07:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-01-04 07:07 - 2019-01-20 15:51 - 000000000 ____D C:\Windows\Panther

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-20 16:15 - 2014-11-20 23:14 - 001740616 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-20 16:15 - 2014-11-20 22:24 - 000773842 _____ C:\Windows\system32\perfh00A.dat
2019-01-20 16:15 - 2014-11-20 22:24 - 000158928 _____ C:\Windows\system32\perfc00A.dat
2019-01-20 16:15 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2019-01-20 16:08 - 2013-08-22 11:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-20 14:16 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2019-01-20 13:41 - 2013-08-22 12:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-01-20 13:41 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-01-18 17:43 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\system32\NDF
2019-01-06 17:53 - 2013-08-22 10:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-01-05 15:05 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\AppReadiness
2019-01-05 10:34 - 2013-08-22 12:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-04 19:30 - 2013-08-22 10:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-01-04 16:05 - 2013-08-22 11:44 - 000338024 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-04 12:40 - 2013-08-22 12:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-04 11:44 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2019-01-04 07:11 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\rescache
2019-01-04 07:09 - 2013-08-22 12:36 - 000000000 ____D C:\Program Files\Windows NT
2019-01-04 07:07 - 2013-08-22 12:36 - 000262144 _____ C:\Windows\system32\config\BCD-Template

Files to move or delete:
====================
C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe
C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-15 11:59

==================== End of FRST.txt ============================

#10

ahi estan las respuestas


#11

alquien q me responda por favorrrrrr


#12

@SpyRoBot necesito me respondan el post


#13

¡Hola! Para averiguar qué puedo hacer, escribe @SpyRoBot mostrar ayuda.


#14

@SpyRoBot mostrar ayuda


#15

Hola @Marcos_exe

Lo primero te recuerdo las Políticas del Foro de InfoSpyware, en concreto esta :

Además de lo ya indicado, el que tu tema se atienda o no, puede ser debido a uno de estos problemas :

  • Recibimos más de 500 consultas diarias.
  • No tenemos todas las respuestas.
  • El punto fuerte del foro son los temas de Malwares.
  • No somos un servicio técnico.
  • No estamos las 24hrs en el foro.
  • No se entiende lo que estás preguntando.
  • Haces demasiadas consultas dentro del mismo post.
  • No tienes paciencia y te "auto-respondes" por lo que no se ve el post, y parece que ya te están atendiendo.
  • Cosas de la vida…
  • No tenemos todas las respuestas (repetido:rolleyes: )

Dicho esto, solo han pasado 24horas desde que pusiste los informes, danos tiempo para analizar los informes y darte nuevos pasos que deberás realizar.

Y te falto indicar como sigue el equipo en relación a tu problema.??


#16

vale… pido disculpas por la insistencia. mi problema era que dejo de funcionar el win defender, a raiz de que instale un crack de un programa, y me desactivo el antivirus y no lo puedo volver a activar. el problema sigue mas alla de hacer los pasos que me pidieron realizar. al ingresar al windows defender me arroja un cuadro diciendo " la directiva de grupo desactivo esta aplicacion". gracias


#17

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8 :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes_upd] => C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes] => C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-04]
C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe
C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe
2019-01-04 17:55 - 2019-01-04 17:55 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-04 17:54 - 2019-01-04 17:54 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-04 17:52 - 2019-01-04 19:30 - 000000000 ____D C:\ProgramData\AVAST Software
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#18

saludos y gracias por responder… le comento, realice los paso conforme lo solicito y ha dado buen resultado, ahora si pude activarlo al windows defender. gracias. ahora, si puede orientarme, que hago con los ejecutables y los informes q me arrojaron , los puedo borrar?

ahi le coloco el informe

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Beco (23-01-2019 09:31:35) Run:1
Running from C:\Users\Beco\Desktop
Loaded Profiles: Beco (Available Profiles: Beco)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes_upd] => C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes] => C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-04]
C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe
C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe
2019-01-04 17:55 - 2019-01-04 17:55 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-04 17:54 - 2019-01-04 17:54 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-04 17:52 - 2019-01-04 19:30 - 000000000 ____D C:\ProgramData\AVAST Software
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

gracias.


#19

Hola.

Por favor, revisa el informe que has puesto(compáralo con lo que tengas en el fichero FIXLOG.txt), NO veo por ningún sitio los resultados de la reparación que se supone se habrán producido. :thinking:


#20
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Beco (23-01-2019 09:31:35) Run:1
Running from C:\Users\Beco\Desktop
Loaded Profiles: Beco (Available Profiles: Beco)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes_upd] => C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Run: [WinBoxes] => C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-4030787469-4158419016-935844530-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-04]
C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe
C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe
2019-01-04 17:55 - 2019-01-04 17:55 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-04 17:54 - 2019-01-04 17:54 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-04 17:52 - 2019-01-04 19:30 - 000000000 ____D C:\ProgramData\AVAST Software
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-4030787469-4158419016-935844530-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinBoxes_upd" => removed successfully
"HKU\S-1-5-21-4030787469-4158419016-935844530-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinBoxes" => removed successfully
"HKU\S-1-5-21-4030787469-4158419016-935844530-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
CHR Extension: (Avast Online Security) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-04] => Error: No automatic fix found for this entry.
C:\Users\Beco\AppData\Roaming\WinBoxes_upd\python\pythonw.exe => moved successfully
C:\Users\Beco\AppData\Roaming\WinBoxes\python\pythonw.exe => moved successfully
C:\Windows\System32\Tasks\Avast Software => moved successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4030787469-4158419016-935844530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4030787469-4158419016-935844530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::f8f4:2a7b:bdc8:2080%3
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.103
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22201961 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 116672 B
Edge => 0 B
Chrome => 391779243 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Beco => 16063475 B

RecycleBin => 66155039 B
EmptyTemp: => 473.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:31:49 ====

#21

Hola.

Perfecto.:+1:

Tuviste, por lo que se ve en los informes, el antivirus de Avast instalado. :thinking:

Que pasos usaste para eliminarlo.??