Ayuda con AutoIt v3 Script Beta


#1

Hola, escribo a ver si alguien me puede echar una mano con este molesto problema que tengo últimamente en mi PC. Hace un tiempo ya tuve este molesto proceso Autoit v3 script, pero conseguí eliminarlo fácilmente con Malwarebytes, pero parece que ha vuelto a la carga.

El PC tiene windows 8.1 actualizado y utilizo AVG Internet Security (no ha detectado absolutamente nada). Desde hace unos días noto, a ratos, un uso anormal de la CPU, y al entrar al administrador de tareas, ahí está ese dichoso AutoIt v3 Script Beta (nótese lo de Beta, no sé será una versión nueva o qué) que me consume el 70, 80 y hasta más del 90% de la CPU, ralentizando el PC y provocando que los ventiladores se revolucionen, claro.

Primero probé con Malwarebytes, como la vez anterior, pero, aunque encontró algunas cosas por ahí, el problema éste persiste.

Entonces, decidí seguir uno por uno, los pasos que indicais en esta consulta:

Pero, aunque tanto Malwarebytes como Adwcleaner detectan infecciones, no acaban de eliminar el problema en cuestión. Comentar que Adwcleaner me ha detectado dos problemas que no consigue eliminar al reiniciar, aunque no sé si estarán relacionados con el AutoIt v3 Script. Pego aquí el informe:

AdwCleaner[C00].txt (2,0 KB)


#2

Hola @AntonioC

Realiza estos pasos :

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:)

:two: Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los dos informes en tu próxima respuesta.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Saludos, Javier.


#3

ok, aquí están: Primero el FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01
Ran by Antonio1 (administrator) on ANTONIO (04-03-2019 10:46:17)
Running from C:\Users\Antonio1\Desktop
Loaded Profiles: Antonio1 (Available Profiles: Antonio1)
Platform: Windows 8.1 (Update) (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(TechPowerUp Ltd -> uWebb Software) E:\documentos\RealTemp_370\RealTemp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [307632 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\RunOnce: [a8a8e154] => C:\ProgramData\a8a8e154\a8a8e154.exe C:\ProgramData\a8a8e154\a8a8e154test.au3
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\RunOnce: [a8a8e1542] => C:\ProgramData\TUMhdP\a8a8e154.exe [937776 2019-03-04] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] -33
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30872640 2018-11-28] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\WINDOWS\system32\l3codecp.acm [177152 2014-10-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [msacm.l3codecp] => C:\WINDOWS\SysWOW64\l3codecp.acm [186368 2014-10-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2013-01-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [151552 2011-12-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-12] (Microsoft Corporation) [File not signed]
Startup: C:\Users\Antonio1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2013-02-06]
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.89.28.19 212.89.0.77
Tcpip\..\Interfaces\{B4D0352E-184F-44D5-85A7-495EA7632D5F}: [DhcpNameServer] 212.89.28.19 212.89.0.77

Internet Explorer:
==================
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]

FireFox:
========
FF ProfilePath: C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default [2019-03-04]
FF user.js: detected! => C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\user.js [2013-02-08]
FF Homepage: Mozilla\Firefox\Profiles\diij7faq.default -> hxxp://www.google.es/
FF Extension: (Windscribe VPN) - C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\Extensions\@windscribeff.xpi [2018-10-14]
FF Extension: (MyJDownloader Browser Extension) - C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\Extensions\[email protected] [2018-08-02] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (KProxy Extension) - C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\Extensions\[email protected] [2018-05-07]
FF Extension: (NoScript) - C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-12-23]
FF Extension: (Video DownloadHelper) - C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Antonio1\AppData\Roaming\Mozilla\Firefox\Profiles\diij7faq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [357360 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [369312 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6807360 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel(R) pGFX -> Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-10-19] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybr64; C:\WINDOWS\system32\DRIVERS\3xHybr64.sys [1425920 2010-12-01] (Microsoft Windows Hardware Compatibility Publisher -> NXP Semiconductors Germany GmbH)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205656 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [226448 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [196848 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblog.sys [320960 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [58008 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [167560 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\System32\drivers\avgNetSec.sys [519920 2019-02-13] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112568 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88208 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1034184 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [474712 2019-02-15] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [217040 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380208 2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 DSDrv4AMD64; C:\Program Files (x86)\DScaler\DSDrv4amd64.sys [22488 2009-08-28] (John Adcock -> )
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
S3 jakndis; C:\WINDOWS\system32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
R3 jakndisMP; C:\WINDOWS\system32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 Rockusb; C:\WINDOWS\System32\drivers\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co., Ltd. -> Fuzhou Rockchip Electronics Co,Ltd.)
R3 RTL8168; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Sokno S.R.L. -> Almico Software)
S3 TRIDCap; C:\WINDOWS\system32\DRIVERS\AVerTM62_x64.sys [1057792 2012-10-17] (AVerMedia TECHNOLOGIES, Inc. ) [File not signed]
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WinRing0_1_2_0; E:\documentos\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 10:46 - 2019-03-04 10:46 - 000016127 _____ C:\Users\Antonio1\Desktop\FRST.txt
2019-03-04 10:46 - 2019-03-04 10:46 - 000000000 ____D C:\ProgramData\ekgSjj
2019-03-04 10:46 - 2019-03-04 10:46 - 000000000 ____D C:\FRST
2019-03-04 10:43 - 2019-03-04 10:43 - 002434560 _____ (Farbar) C:\Users\Antonio1\Desktop\FRST64.exe
2019-03-04 09:56 - 2019-03-04 09:56 - 000000000 ____D C:\ProgramData\BhRAkV
2019-03-04 09:54 - 2019-03-04 09:54 - 000000000 ____D C:\ProgramData\LJtmpJ
2019-03-04 09:53 - 2019-03-04 09:54 - 000000000 ____D C:\AdwCleaner
2019-03-03 20:51 - 2019-03-03 20:51 - 000000000 ____D C:\ugixstencq__
2019-02-24 14:10 - 2019-02-24 14:10 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut, capturador de vídeo.lnk
2019-02-20 16:09 - 2019-02-20 16:09 - 000001775 _____ C:\Users\Antonio1\Desktop\scummvm - Acceso directo.lnk
2019-02-19 23:16 - 2019-02-19 23:16 - 000000957 _____ C:\Users\Antonio1\Desktop\Autow0rk - Acceso directo.lnk
2019-02-19 22:00 - 2019-02-19 22:49 - 000000000 ____D C:\RPGAMES
2019-02-13 12:54 - 2019-02-13 12:54 - 000519920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys
2019-02-13 12:42 - 2019-02-06 03:07 - 003323392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 12:42 - 2019-02-06 02:43 - 003616768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 12:42 - 2019-02-06 01:53 - 002780160 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2019-02-13 12:42 - 2019-02-06 01:44 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2019-02-13 12:42 - 2019-01-26 02:02 - 025736192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 12:42 - 2019-01-26 01:38 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 12:42 - 2019-01-26 01:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-02-13 12:42 - 2019-01-26 01:32 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 12:42 - 2019-01-26 01:27 - 020279808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 12:42 - 2019-01-26 01:24 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-02-13 12:42 - 2019-01-26 01:06 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-02-13 12:42 - 2019-01-26 01:03 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 12:42 - 2019-01-26 00:57 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-02-13 12:42 - 2019-01-26 00:56 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2019-02-13 12:42 - 2019-01-26 00:48 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-02-13 12:42 - 2019-01-26 00:46 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 12:42 - 2019-01-26 00:36 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2019-02-13 12:42 - 2019-01-26 00:34 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 12:42 - 2019-01-26 00:34 - 004494336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 12:42 - 2019-01-26 00:31 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-02-13 12:42 - 2019-01-26 00:29 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 12:42 - 2019-01-26 00:22 - 001556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-02-13 12:42 - 2019-01-26 00:12 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-02-13 12:42 - 2019-01-26 00:11 - 004386304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 12:42 - 2019-01-26 00:08 - 001331200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-02-13 12:42 - 2019-01-26 00:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-02-13 12:42 - 2019-01-12 02:36 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 12:42 - 2019-01-12 02:35 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 12:42 - 2019-01-12 02:18 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 12:42 - 2019-01-09 07:36 - 001901688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 12:42 - 2019-01-09 07:27 - 002533920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 12:42 - 2019-01-09 07:24 - 007371512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 12:42 - 2019-01-09 04:34 - 001755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 12:42 - 2019-01-09 04:34 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 12:42 - 2019-01-09 04:21 - 001493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 12:42 - 2019-01-09 04:21 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 12:42 - 2019-01-08 05:54 - 000032896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-02-13 12:42 - 2019-01-08 05:54 - 000032896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 12:42 - 2019-01-08 02:22 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 12:42 - 2019-01-08 02:22 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 12:42 - 2019-01-05 18:48 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-02-13 12:42 - 2019-01-05 18:47 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 12:42 - 2019-01-05 18:46 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 12:42 - 2018-12-27 18:57 - 000805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 12:42 - 2018-12-27 17:30 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 12:42 - 2018-12-08 17:01 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 12:42 - 2018-12-08 17:01 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 12:42 - 2018-12-02 11:08 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 12:42 - 2018-12-01 17:44 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 12:42 - 2018-10-12 14:19 - 000998480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-02-12 13:27 - 2019-02-15 14:33 - 000474712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 001034184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000380208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-02-12 13:27 - 2019-02-12 13:27 - 000320960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblog.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000226448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000217040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000196848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000167560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-02-12 13:27 - 2019-02-12 13:27 - 000003904 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-02-12 13:27 - 2019-02-12 13:27 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\AVG
2019-02-12 13:27 - 2019-02-12 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2019-02-12 13:26 - 2019-02-12 13:26 - 000000000 ____D C:\Program Files\AVG
2019-02-12 13:14 - 2019-02-12 13:24 - 000000000 ____D C:\AVG_Remover

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 10:44 - 2016-11-20 10:19 - 000000000 ____D C:\Users\Antonio1\AppData\LocalLow\Mozilla
2019-03-04 10:43 - 2015-03-31 21:24 - 000000000 ____D C:\Program Files\JDownloader
2019-03-04 10:02 - 2013-11-14 08:27 - 001740418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-04 10:02 - 2013-11-14 08:12 - 000772870 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-04 10:02 - 2013-11-14 08:12 - 000151708 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-04 10:02 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-03-04 10:01 - 2013-03-18 20:44 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\uTorrent
2019-03-04 10:01 - 2013-02-06 21:57 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\Media Player Classic
2019-03-04 09:57 - 2014-06-06 16:29 - 000000000 __SHD C:\Users\Antonio1\IntelGraphicsProfiles
2019-03-04 09:57 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-04 09:53 - 2019-01-20 22:35 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\9d5bea8b64a11090a0b46ed648cad278
2019-03-04 04:39 - 2013-02-05 20:11 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2999475868-1411259359-3238297896-1001
2019-03-04 03:19 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2019-03-04 03:18 - 2013-03-18 20:44 - 000000000 ____D C:\Program Files (x86)\utorrent
2019-03-04 02:12 - 2013-02-09 13:59 - 000007598 _____ C:\Users\Antonio1\AppData\Local\resmon.resmoncfg
2019-03-03 21:00 - 2018-02-25 19:19 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\vlc
2019-03-01 21:58 - 2013-03-08 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-01 21:58 - 2013-02-06 23:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-01 14:06 - 2013-02-05 20:49 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-27 16:18 - 2013-02-06 23:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-24 14:26 - 2013-02-06 23:41 - 000000000 ____D C:\Users\Antonio1\Desktop\programas
2019-02-24 14:10 - 2013-02-06 23:09 - 000000000 ____D C:\ProgramData\NCH Software
2019-02-24 14:10 - 2013-02-06 23:09 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-02-24 14:10 - 2013-02-06 23:08 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\NCH Software
2019-02-23 20:55 - 2013-02-06 22:55 - 000000000 ____D C:\Users\Antonio1\Desktop\docs
2019-02-22 00:46 - 2017-01-11 16:21 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 01:03 - 2013-02-07 00:08 - 000000000 ____D C:\Users\Antonio1\AppData\Roaming\Jaksta Streaming Media Recorder
2019-02-20 13:14 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-18 20:25 - 2013-02-06 23:05 - 000000000 ____D C:\Users\Antonio1\Desktop\emuladores
2019-02-13 15:24 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2019-02-13 12:46 - 2018-05-12 11:15 - 000468064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 12:44 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 12:43 - 2013-07-10 09:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 12:42 - 2017-01-21 13:30 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 19:34 - 2017-01-11 16:21 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-12 19:31 - 2018-03-14 04:00 - 000004496 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-12 19:31 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 19:31 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-12 19:31 - 2013-02-06 23:30 - 000004296 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-02-12 14:43 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-12 14:25 - 2013-03-27 13:22 - 000000000 ____D C:\Users\Antonio1\AppData\Local\CrashDumps
2019-02-12 13:26 - 2016-07-05 12:20 - 000000000 ____D C:\ProgramData\Avg
2019-02-12 13:22 - 2014-11-19 10:34 - 000000000 ____D C:\Users\Antonio1\AppData\Local\Avg
2019-02-12 13:22 - 2013-02-06 18:13 - 000000000 ____D C:\Program Files (x86)\AVG
2019-02-05 19:41 - 2013-02-06 23:07 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-05 12:14 - 2013-02-08 13:40 - 000000000 ____D C:\Program Files\CCleaner
2019-02-02 21:07 - 2013-08-22 16:38 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 21:07 - 2013-08-22 16:38 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-24 12:47 - 2018-11-11 12:30 - 000361022 _____ () C:\Users\Antonio1\AppData\Roaming\VideoPad.dmp
2018-04-25 00:24 - 2018-04-25 00:24 - 000000000 _____ () C:\Users\Antonio1\AppData\Local\D26A82.tmp
2013-04-25 16:51 - 2013-04-25 21:06 - 000005120 _____ () C:\Users\Antonio1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-09 13:59 - 2019-03-04 02:12 - 000007598 _____ () C:\Users\Antonio1\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2019-03-03 20:51 - 2019-03-04 09:57 - 001060864 _____ (AutoIt Team) C:\Users\Antonio1\AppData\Local\Temp\systeminfo.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-03 04:07

==================== End of FRST.txt ============================

#4

y Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019 01
Ran by Antonio1 (04-03-2019 10:46:46)
Running from C:\Users\Antonio1\Desktop
Windows 8.1 (Update) (X64) (2013-12-31 10:37:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2999475868-1411259359-3238297896-500 - Administrator - Disabled)
Antonio1 (S-1-5-21-2999475868-1411259359-3238297896-1001 - Administrator - Enabled) => C:\Users\Antonio1
Invitado (S-1-5-21-2999475868-1411259359-3238297896-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Disabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{15DDA7AF-3E5C-49CC-B57C-8926F09405A6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATMA V 5.05 (HKLM-x32\...\ATMA V) (Version: 5.05 - Yougen Kaisha)
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 19.2.3079 - AVG Technologies)
Baldur's Gate (HKLM-x32\...\Baldur's Gate) (Version:  - )
Baldur's Gate(MR) II - Throne of Bhaal (MR) (HKLM-x32\...\{68F40945-449D-11D5-96E9-0050BA84F5F7}) (Version:  - )
Blade: The Edge of Darkness (HKLM-x32\...\{FD881863-F311-48B5-A8C2-12EECA736D5A}) (Version: 1.0.0 - Rebel Act Studios)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Debut, capturador de vídeo (HKLM-x32\...\Debut) (Version: 5.37 - NCH Software)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
DiscJuggler (HKLM-x32\...\DiscJuggler) (Version: 6.0.0.1400 - Padus Incorporated)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DScaler 4 Test Version (HKLM-x32\...\DScaler 4 Test Version_is1) (Version:  - )
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Elevated Installer (HKLM-x32\...\{68D32366-4505-43D2-A1F5-EF4B645207D6}) (Version: 6.10.0.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX525WD Series Printer Uninstall (HKLM\...\EPSON SX525WD Series) (Version:  - SEIKO EPSON Corporation)
Garmin Express (HKLM-x32\...\{21a6db39-b3c0-447d-85d7-39dcf1703e3e}) (Version: 6.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{73CA3D46-6F24-43AA-ABE9-15341B96FF53}) (Version: 6.10.0.0 - Garmin Ltd or its subsidiaries) Hidden
Glary Utilities 2.53.0.1726 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.53.0.1726 - Glarysoft Ltd)
Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA + HD_is1) (Version: 1.5.3 - HotA Crew)
Icewind Dale - Heart of Winter (HKLM-x32\...\{433BF933-81D6-4646-A318-3DE5DB6108F2}) (Version:  - )
Icewind Dale (HKLM-x32\...\Icewind Dale) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jaksta Streaming Media Recorder (4.4.3) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.3 - Jaksta Technologies)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 9.7.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.5 - )
K-Lite Mega Codec Pack 9.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
Macrium Reflect Free Edition (HKLM\...\{82EAF766-45D4-429A-A74C-74D7DEB91115}) (Version: 6.3.1855 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 65.0.2 (x64 es-ES)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.2.6995 - Mozilla)
Nero BurningROM 12 (HKLM-x32\...\{C0CA68BF-2963-4139-8207-1E83038F86F8}) (Version: 12.0.00800 - Nero AG)
nGlide 0.97 (HKLM-x32\...\nGlide) (Version: .97 - Zeus Software)
Nox (HKLM-x32\...\GOGPACKNOX_is1) (Version: 2.0.0.20 - GOG.com)
Paquete de controladores de Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Paquete de controladores de Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Pillars of Eternity (HKLM-x32\...\Pillars of Eternity_is1) (Version:  - )
Planescape - Torment (HKLM-x32\...\Planescape - Torment) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Longest Journey (HKLM-x32\...\The Longest Journey) (Version:  - )
Tomb Raider 4 + 5 (HKLM-x32\...\Tomb Raider 4 + 5_is1) (Version:  - GOG.com)
Traducción Heroes 3 Complete 0.5 Beta Español (HKLM-x32\...\Traducción Heroes 3 Complete 0.5 Beta Español_pfu1) (Version:  - )
Unreal Anthology (HKLM-x32\...\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}) (Version: 1.00.0000 - Epic)
UScreenCapture (x64) - 2.0.15 (HKLM\...\{B0D3F20F-0E18-49D6-82C1-B4685FEC74D4}) (Version: 2.0.15 - UnrealStreaming)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 5.05 - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WinRAR 5.60 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.3 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Glary Utilities] -> [CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} =>  -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers1: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-21] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-21] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> [CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} =>  -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers2: [TeraCopyS64] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers4: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2018-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed]
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-02-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed]
ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-21] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-21] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B6907E-1BCF-4652-A4FF-4D1173E868DF} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe (NCH Software -> NCH Software)
Task: {103BBE7E-005B-4048-9561-D9B6C353AFAD} - System32\Tasks\{7EBBAD60-553F-4B7D-99D1-4F44E34968D9} => C:\WINDOWS\system32\pcalua.exe -a E:\documentos\World_Rally_Mame\mame.exe -d E:\documentos\World_Rally_Mame
Task: {16A8FCA9-78E5-4912-9AE5-7FD4A990928E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2FC4020B-A4D4-4FCD-A9EE-C40504486250} - System32\Tasks\{4C1F4DB4-FD06-48F6-8811-5A58CD0F8DB5} => C:\WINDOWS\system32\pcalua.exe -a "E:\Juegos\Need For Speed HP 2 En español por supergamertrol\Need For Speed Hot Pursuit 2.exe" -d "E:\Juegos\Need For Speed HP 2 En español por supergamertrol"
Task: {4299D736-01BE-413B-A4D8-2C271FE9F5B5} - System32\Tasks\{4119BAF2-45E7-4417-A964-32F3B8245100} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\disco d 2\emuladores\mame\Mame32b 0.118\Mame32.exe" -d "E:\Nueva carpeta\disco d 2\emuladores\mame\Mame32b 0.118"
Task: {44362F45-DA1C-4DD1-9605-7B7C86A957D0} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {52B59324-8886-4BD2-B703-2E2FF74089D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {56F99DE0-1CA9-4427-92D2-0FBF6CAD5C99} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {79D0CEEE-7194-4DAC-B43E-E103B104C31F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8ED6C4B1-828A-489F-B8AD-9219EB6F637A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A397F7B8-65BF-4ECE-99C9-CE6DC19727EE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AB69B243-C3C8-4082-849E-0450AC5383BB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {C24EEDCC-1930-431D-ADA2-75A0CEB3A27B} - System32\Tasks\{CF38CFFB-7979-4DC8-8AAB-5E0E278299E8} => C:\WINDOWS\system32\pcalua.exe -a D:\STARTUP.EXE -d D:\
Task: {C930AEBD-9421-459C-BA61-DED1D8426922} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CDC0ECB1-726B-4875-A2CF-811C5FB1F32B} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe (Glarysoft Ltd -> Glarysoft Ltd)
Task: {CE7C440B-F245-48C3-8059-7F75F6DD24C5} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {DDF16D0E-F2AF-44E7-98D0-1E801061557D} - System32\Tasks\{00320FE9-BA61-4E51-8DF5-664460234D5A} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\util\VideoPad Video Editor + Registration Code By Gamezpc.webs.com\NCH Software\VideoPad\videopad.exe" -d "E:\Nueva carpeta\util\VideoPad Video Editor + Registration Code By Gamezpc.webs.com\NCH Software\VideoPad"
Task: {FBB8DE79-49F6-4807-B6FD-85256C96F58A} - System32\Tasks\{57B29071-2F94-4BC3-BB56-2AD24693FDC3} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\disco d 2\emuladores\PC engine\Magic Engine v1.0.0 PR10 Full+key+all bios\pce.exe" -d "E:\Nueva carpeta\disco d 2\emuladores\PC engine\Magic Engine v1.0.0 PR10 Full+key+all bios"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-07-21 22:48 - 2009-05-24 10:34 - 000065536 _____ (OpenLibSys.org) [File not signed] E:\documentos\RealTemp_370\WinRing0.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk [1452]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\fnmt.es -> hxxp://fnmt.es
IE trusted site: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\fnmt.gob.es -> hxxps://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\fnmt.gob.es -> hxxp://fnmt.gob.es

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2018-12-03 20:17 - 000002540 _____ C:\WINDOWS\system32\drivers\etc\hosts

217.77.219.101                   firststart.nero.com
127.0.0.1                   www.nero.com
127.0.0.1                   www.nero.com/rus/index.html
127.0.0.1                   www.nero.com/rus/support.html
127.0.0.1                   www.nero.com/rus/support-customer-service-product-registration.html
127.0.0.1                   www.nero.com/rus/store-upgrade-center.html
127.0.0.1                   www.nero.com/rus/store-volume-licensing.html
127.0.0.1                   www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1                   www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1                   www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1                   www.nero.com/eng/index.html
127.0.0.1                   www.nero.com/enu/support-nero8.html
127.0.0.1                   my.nero.com
127.0.0.1                   secure.nero.com/us/secure.asp
127.0.0.1                   [email protected]
127.0.0.1                   registernero.com
127.0.0.1                   www.registernero.com
127.0.0.1                   www.nero.com/eng/privacy.html
127.0.0.1                   [email protected]
127.0.0.1                   support.nero.com
127.0.0.1                   www.nero.com/esp/index.php?NeroSID=7ee32e8e3d960d64fc51355faf35093e
127.0.0.1                   www.nero.com/esl/index.php?NeroSID=7ee32e8e3d960d64fc51355faf35093e
127.0.0.1                   www.nero.com/esp/support.html?NeroSID=7ee32e8e3d960d64fc51355faf35093e
127.0.0.1                   www.nero.com/esl/support.html?NeroSID=7ee32e8e3d960d64fc51355faf35093e

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\Control Panel\Desktop\\Wallpaper -> E:\Nueva carpeta\disco d 2\fotos nube\SDC13300.JPG
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: WPCSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Remote Control.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AVerQuick.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AVer HID Receiver.lnk"
HKLM\...\StartupApproved\Run32: => "PVR Agent"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\StartupApproved\StartupFolder: => "Samsung SSD Magician.lnk"
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB0ED865-7B0F-43E9-88D1-BD3D71CCB723}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2B867EA4-2979-4A6F-9CE1-1D3B8EB8A605}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{DC25E83E-31DD-4756-AB28-4F2FB9E1BFA9}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe No File
FirewallRules: [UDP Query User{BB736B0A-D7B5-42E2-89AA-84B71B87EBAC}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe No File
FirewallRules: [{C1BD8267-645F-4E2A-8D36-BB925BC3A194}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{896F3859-F40C-4DA8-8E0F-58A632FE1DD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{08C8952F-B172-44A2-98C3-A4F5DCE1B751}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{70414EE6-4B7D-49C8-8D65-AA11F63A3FCB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{54137381-0E28-4B70-BB6D-AC5ECA77BFF0}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe No File
FirewallRules: [UDP Query User{A8616759-B25D-46A6-829D-E34BAEAF01CA}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe No File
FirewallRules: [{5983BA3C-E440-4B42-A133-8DF5B4612277}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{6D71C471-0419-4D55-B88E-869D8B933786}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{8A075B05-A51E-416C-BBE8-0CB69ADB4FD7}E:\juegos\blade edge of darkness\bin\blade.exe] => (Block) E:\juegos\blade edge of darkness\bin\blade.exe (Rebel Act Studios) [File not signed]
FirewallRules: [UDP Query User{55A88D4F-7385-4BE1-AFD4-233DC7D1B455}E:\juegos\blade edge of darkness\bin\blade.exe] => (Block) E:\juegos\blade edge of darkness\bin\blade.exe (Rebel Act Studios) [File not signed]
FirewallRules: [{A02247FC-7D74-4F5F-9D67-3FB7F2FEB699}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{A61AA568-13FD-4971-A656-DEAB6BD3B821}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

13-02-2019 12:42:34 Windows Update
20-02-2019 14:25:12 Punto de control programado
27-02-2019 15:07:49 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.

Error: (03/04/2019 03:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Datos no válidos.
.


System errors:
=============
Error: (03/04/2019 09:56:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (03/04/2019 09:56:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (03/04/2019 09:56:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Macrium Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (03/04/2019 09:56:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio EPSON V3 Service4(04) se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/04/2019 09:56:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/04/2019 09:56:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio EPSON V5 Service4(04) se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/04/2019 09:56:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) HD Graphics Control Panel Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/04/2019 09:54:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.


Windows Defender:
===================================
Date: 2013-02-06 12:13:33.910
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Unix/Rootkit.C&threatid=2147542430
Nombre: Trojan:Unix/Rootkit.C
Id.: 2147542430
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_F:\Nueva carpeta\downloads\Hotfile Megashare, Brazzer Uploading.com, Adult Premium Account\1000 Hacking Tutorial\Erasing_Your_Presence_From_System_Logs.txt
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Antonio\Antonio1
Nombre de proceso: E:\Program Files\TeraCopy\TeraCopy.exe
Versión de firma: AV: 1.129.21.0, AS: 1.129.21.0
Versión de motor: AM: 1.1.8502.0

Date: 2019-02-12 13:22:11.879
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará revertirlas a un conjunto de firmas conocidas.
Firmas intentadas: Actual
Código de error: 0x80073aba
Descripción del error: El recurso es demasiado antiguo para ser compatible. 
Versión de firma: 1.129.21.0;1.129.21.0
Versión de motor: 1.1.8502.0

CodeIntegrity:
===================================

Date: 2017-06-02 02:15:27.622
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:50.511
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:50.154
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:49.798
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:49.441
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:49.084
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:48.699
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 02:00:48.326
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 8008.39 MB
Available physical RAM: 6497.48 MB
Total Virtual: 9288.39 MB
Available Virtual: 7613.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:429 GB) NTFS
Drive e: (Nuevo vol) (Fixed) (Total:2794.39 GB) (Free:174.01 GB) NTFS
Drive f: (Nuevo vol) (Fixed) (Total:3725.9 GB) (Free:1845.7 GB) NTFS

\\?\Volume{28b5e508-6ffd-11e2-be65-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C04CE539)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#5

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> [CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} => -> No File
ContextMenuHandlers1: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers1: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> [CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} => -> No File
ContextMenuHandlers2: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers2: [TeraCopyS64] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers4: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers4: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {103BBE7E-005B-4048-9561-D9B6C353AFAD} - System32\Tasks\{7EBBAD60-553F-4B7D-99D1-4F44E34968D9} => C:\WINDOWS\system32\pcalua.exe -a E:\documentos\World_Rally_Mame\mame.exe -d E:\documentos\World_Rally_Mame
Task: {2FC4020B-A4D4-4FCD-A9EE-C40504486250} - System32\Tasks\{4C1F4DB4-FD06-48F6-8811-5A58CD0F8DB5} => C:\WINDOWS\system32\pcalua.exe -a "E:\Juegos\Need For Speed HP 2 En español por supergamertrol\Need For Speed Hot Pursuit 2.exe" -d "E:\Juegos\Need For Speed HP 2 En español por supergamertrol"
Task: {4299D736-01BE-413B-A4D8-2C271FE9F5B5} - System32\Tasks\{4119BAF2-45E7-4417-A964-32F3B8245100} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\disco d 2\emuladores\mame\Mame32b 0.118\Mame32.exe" -d "E:\Nueva carpeta\disco d 2\emuladores\mame\Mame32b 0.118"
Task: {C24EEDCC-1930-431D-ADA2-75A0CEB3A27B} - System32\Tasks\{CF38CFFB-7979-4DC8-8AAB-5E0E278299E8} => C:\WINDOWS\system32\pcalua.exe -a D:\STARTUP.EXE -d D:\
Task: {DDF16D0E-F2AF-44E7-98D0-1E801061557D} - System32\Tasks\{00320FE9-BA61-4E51-8DF5-664460234D5A} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\util\VideoPad Video Editor + Registration Code By Gamezpc.webs.com\NCH Software\VideoPad\videopad.exe" -d "E:\Nueva carpeta\util\VideoPad Video Editor + Registration Code By Gamezpc.webs.com\NCH Software\VideoPad"
Task: {FBB8DE79-49F6-4807-B6FD-85256C96F58A} - System32\Tasks\{57B29071-2F94-4BC3-BB56-2AD24693FDC3} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\disco d 2\emuladores\PC engine\Magic Engine v1.0.0 PR10 Full+key+all bios\pce.exe" -d "E:\Nueva carpeta\disco d 2\emuladores\PC engine\Magic Engine v1.0.0 PR10 Full+key+all bios"
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\RunOnce: [a8a8e154] => C:\ProgramData\a8a8e154\a8a8e154.exe C:\ProgramData\a8a8e154\a8a8e154test.au3
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\RunOnce: [a8a8e1542] => C:\ProgramData\TUMhdP\a8a8e154.exe [937776 2019-03-04] (AutoIt Consulting Ltd -> AutoIt Team)
2013-03-24 12:47 - 2018-11-11 12:30 - 000361022 _____ () C:\Users\Antonio1\AppData\Roaming\VideoPad.dmp
2018-04-25 00:24 - 2018-04-25 00:24 - 000000000 _____ () C:\Users\Antonio1\AppData\Local\D26A82.tmp
2013-04-25 16:51 - 2013-04-25 21:06 - 000005120 _____ () C:\Users\Antonio1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-09 13:59 - 2019-03-04 02:12 - 000007598 _____ () C:\Users\Antonio1\AppData\Local\resmon.resmoncfg
2019-03-03 20:51 - 2019-03-04 09:57 - 001060864 _____ (AutoIt Team) C:\Users\Antonio1\AppData\Local\Temp\systeminfo.exe
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#6

Bueno, pues ya he realizado los pasos, he cometido un pequeño (espero) error y he ejecutado FRST.exe sin darle a clic derecho “como administrador”, de momento no veo el dichoso proceso AutoIt, a ver… si no, supongo que volveré a realizar los pasos

Aquí está el informe

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019 01
Ran by Antonio1 (04-03-2019 12:44:21) Run:1
Running from C:\Users\Antonio1\Desktop
Loaded Profiles: Antonio1 (Available Profiles: Antonio1)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> [CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} => -> No File
ContextMenuHandlers1: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers1: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> [CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} => -> No File
ContextMenuHandlers2: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers2: [TeraCopyS64] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [TeraCopy] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers4: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => -> No File
ContextMenuHandlers4: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {103BBE7E-005B-4048-9561-D9B6C353AFAD} - System32\Tasks\{7EBBAD60-553F-4B7D-99D1-4F44E34968D9} => C:\WINDOWS\system32\pcalua.exe -a E:\documentos\World_Rally_Mame\mame.exe -d E:\documentos\World_Rally_Mame
Task: {2FC4020B-A4D4-4FCD-A9EE-C40504486250} - System32\Tasks\{4C1F4DB4-FD06-48F6-8811-5A58CD0F8DB5} => C:\WINDOWS\system32\pcalua.exe -a "E:\Juegos\Need For Speed HP 2 En espa�ol por supergamertrol\Need For Speed Hot Pursuit 2.exe" -d "E:\Juegos\Need For Speed HP 2 En espa�ol por supergamertrol"
Task: {4299D736-01BE-413B-A4D8-2C271FE9F5B5} - System32\Tasks\{4119BAF2-45E7-4417-A964-32F3B8245100} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\disco d 2\emuladores\mame\Mame32b 0.118\Mame32.exe" -d "E:\Nueva carpeta\disco d 2\emuladores\mame\Mame32b 0.118"
Task: {C24EEDCC-1930-431D-ADA2-75A0CEB3A27B} - System32\Tasks\{CF38CFFB-7979-4DC8-8AAB-5E0E278299E8} => C:\WINDOWS\system32\pcalua.exe -a D:\STARTUP.EXE -d D:\
Task: {DDF16D0E-F2AF-44E7-98D0-1E801061557D} - System32\Tasks\{00320FE9-BA61-4E51-8DF5-664460234D5A} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\util\VideoPad Video Editor + Registration Code By Gamezpc.webs.com\NCH Software\VideoPad\videopad.exe" -d "E:\Nueva carpeta\util\VideoPad Video Editor + Registration Code By Gamezpc.webs.com\NCH Software\VideoPad"
Task: {FBB8DE79-49F6-4807-B6FD-85256C96F58A} - System32\Tasks\{57B29071-2F94-4BC3-BB56-2AD24693FDC3} => C:\WINDOWS\system32\pcalua.exe -a "E:\Nueva carpeta\disco d 2\emuladores\PC engine\Magic Engine v1.0.0 PR10 Full+key+all bios\pce.exe" -d "E:\Nueva carpeta\disco d 2\emuladores\PC engine\Magic Engine v1.0.0 PR10 Full+key+all bios"
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\RunOnce: [a8a8e154] => C:\ProgramData\a8a8e154\a8a8e154.exe C:\ProgramData\a8a8e154\a8a8e154test.au3
HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\...\RunOnce: [a8a8e1542] => C:\ProgramData\TUMhdP\a8a8e154.exe [937776 2019-03-04] (AutoIt Consulting Ltd -> AutoIt Team)
2013-03-24 12:47 - 2018-11-11 12:30 - 000361022 _____ () C:\Users\Antonio1\AppData\Roaming\VideoPad.dmp
2018-04-25 00:24 - 2018-04-25 00:24 - 000000000 _____ () C:\Users\Antonio1\AppData\Local\D26A82.tmp
2013-04-25 16:51 - 2013-04-25 21:06 - 000005120 _____ () C:\Users\Antonio1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-09 13:59 - 2019-03-04 02:12 - 000007598 _____ () C:\Users\Antonio1\AppData\Local\resmon.resmoncfg
2019-03-03 20:51 - 2019-03-04 09:57 - 001060864 _____ (AutoIt Team) C:\Users\Antonio1\AppData\Local\Temp\systeminfo.exe
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\Software\Classes\CLSID\[CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TeraCopyS64 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{72923739-5A47-40A3-9895-25AF0DFBB9E4} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\Software\Classes\CLSID\[CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\TeraCopyS64 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\Software\Classes\CLSID\[CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\TeraCopyS64 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{103BBE7E-005B-4048-9561-D9B6C353AFAD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{103BBE7E-005B-4048-9561-D9B6C353AFAD}" => removed successfully
C:\WINDOWS\System32\Tasks\{7EBBAD60-553F-4B7D-99D1-4F44E34968D9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EBBAD60-553F-4B7D-99D1-4F44E34968D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FC4020B-A4D4-4FCD-A9EE-C40504486250}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FC4020B-A4D4-4FCD-A9EE-C40504486250}" => removed successfully
C:\WINDOWS\System32\Tasks\{4C1F4DB4-FD06-48F6-8811-5A58CD0F8DB5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C1F4DB4-FD06-48F6-8811-5A58CD0F8DB5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4299D736-01BE-413B-A4D8-2C271FE9F5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4299D736-01BE-413B-A4D8-2C271FE9F5B5}" => removed successfully
C:\WINDOWS\System32\Tasks\{4119BAF2-45E7-4417-A964-32F3B8245100} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4119BAF2-45E7-4417-A964-32F3B8245100}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C24EEDCC-1930-431D-ADA2-75A0CEB3A27B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C24EEDCC-1930-431D-ADA2-75A0CEB3A27B}" => removed successfully
C:\WINDOWS\System32\Tasks\{CF38CFFB-7979-4DC8-8AAB-5E0E278299E8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF38CFFB-7979-4DC8-8AAB-5E0E278299E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDF16D0E-F2AF-44E7-98D0-1E801061557D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDF16D0E-F2AF-44E7-98D0-1E801061557D}" => removed successfully
C:\WINDOWS\System32\Tasks\{00320FE9-BA61-4E51-8DF5-664460234D5A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{00320FE9-BA61-4E51-8DF5-664460234D5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBB8DE79-49F6-4807-B6FD-85256C96F58A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBB8DE79-49F6-4807-B6FD-85256C96F58A}" => removed successfully
C:\WINDOWS\System32\Tasks\{57B29071-2F94-4BC3-BB56-2AD24693FDC3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57B29071-2F94-4BC3-BB56-2AD24693FDC3}" => removed successfully
"HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\a8a8e154" => removed successfully
"HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\a8a8e1542" => not found
C:\Users\Antonio1\AppData\Roaming\VideoPad.dmp => moved successfully
C:\Users\Antonio1\AppData\Local\D26A82.tmp => moved successfully
C:\Users\Antonio1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Antonio1\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Antonio1\AppData\Local\Temp\systeminfo.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2999475868-1411259359-3238297896-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18136898 B
Java, Flash, Steam htmlcache => 1299 B
Windows/system/drivers => 357 B
Edge => 0 B
Chrome => 0 B
Firefox => 209271279 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 2492 B
NetworkService => 0 B
Antonio1 => 163333809 B

RecycleBin => 0 B
EmptyTemp: => 372.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:44:43 ====

#7

Hola.

Perfecto…NO te preocupes por NO haberlo ejecutado de esa manera.:wink:

Ahora prueba a APAGAR totalmente tu equipo y ENCENDERLO de nuevo al menos tres veces.

Y nos comentas si el problema se ha resuelto. :thinking:

Saludos.


#8

Bueno, pues ya está. De momento no me ha vuelto a aparecer el dichoso AutoIt… ni se me pone la CPU a tope sin motivo. Toco madera a ver si es definitivo. Gracias.


#9

Perfecto :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


cerrado #10