Ayuda, Creo que estoy infectado con un virus

#1

Buenas tardes, necesito vuestra ayuda, desde ayer. Hoy por la mañana abro Internet Explorer, y al teclear cualquier búsqueda me aparece una pantalla con un código reCAPTCHA, en el que me indica esto: Nuestros sistemas han detectado tráfico inusual procedente de tu red de ordenadores. En esta página se comprueba si eres tú quien envía las solicitudes en lugar de un robot. [¿A qué se debe esto?]

Esta página aparece cuando Google detecta automáticamente solicitudes procedentes de tu red de ordenadores que parecen infringir las Condiciones del servicio. El bloqueo caducará poco después de que se detengan esas solicitudes. Mientras tanto, si solucionas la prueba CAPTCHA de arriba, podrás seguir utilizando nuestros servicios.

Es posible que este tráfico proceda de software malintencionado, de un complemento del navegador o de una secuencia de comandos que envíe solicitudes automáticas. Si compartes tu conexión de red, pídele ayuda a tu administrador: puede que otro ordenador que utilice la misma dirección IP esté causando la incidencia. Más información

En ocasiones, es posible que tengas que solucionar la prueba CAPTCHA si utilizas términos avanzados que emplean los robots o si envías solicitudes con gran rapidez.

Ayer después de instalar una aplicación, me apareció en el escritorio una ventana de YouTube y windows defender me detecto un SoftwareBlunder:win32/Prepscram. Baje la versión de prueba de malwarebytes y me detecto 750 que están en cuarentena. y hoy al abrir IExplorer me sucedió lo arriba citado.

Perdón por tanto texto. Gracias y un saludo.

#2

Hola

Realiza en orden y me pegas los logs:

#3

Comentarte que ya tomé algunas acciones siguiendo el tutorial que Guia eliminación de malwares paso a paso: Descargue y ejecuté Rkill by Grinler, no me encontró nada. Descargue y ejecute desde el escritorio Malwarebytes, no me detectó nada. Ya había eliminado los 750 que estaban en cuarentena. Escanee con Eset Online QuickScan, me detecto 31 que ya eliminé. Cuando abro el foro y veo tu mensaje, voy a descargar lo que me dices. Gracias.

#4

-------------------------------

# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-25.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-26-2019
# Duration: 00:00:12
# OS:       Windows 10 Pro
# Scanned:  31744
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Trojan.Agent                    C:\Program Files (x86)\LetsSee!

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.OnlineIO                 HKLM\Software\Wow6432Node\Microleaves
PUP.Adware.Heuristic            HKCU\SOFTWARE\438cc988168406b74a9cc20adf1fa0b7f234afd3dc38df9a8a638b9c5c538efb
PUP.Optional.Microleaves        HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves        HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves        HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
#5
~ Type : Reparar
~ Report : C:\Users\Pepe\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Pepe\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (90)
MOVIDO carpeta: C:\Windows\Prefetch\KMSAUTO NET.EXE-A249D5A2.pf    =>HackTool.WinActivator
MOVIDO carpeta: C:\Windows\Prefetch\KMSAUTO++.EXE-301061FC.pf    =>HackTool.WinActivator
MOVIDO carpeta: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-49839E68.pf    =>HackTool.KMSpico
MOVIDO carpeta: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-7E3423DD.pf    =>HackTool.KMSpico
MOVIDO carpeta: C:\Windows\Installer\wix{0A596141-97D5-45FA-9281-98DFAF48D579}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{31A0B634-BCF4-4D3F-8336-87FEACFEE142}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{64695C4A-C68F-46B5-A734-50EBF124A68E}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{77F8C879-88CD-4145-945A-541C35285285}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{9E005AAA-81A3-478E-8944-532D350952EE}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C29B636B-9015-4ED1-A12F-6375A337F23B}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{D4D86CB2-2370-4691-8272-3869EDED6C64}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\13be66b.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\14f6b948.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\1a2031b3.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\1c0c3f.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\1c0c52.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\1d8eb4bb.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\247626e3.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\24c724f.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\2c7eedcc.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\2dcffc2a.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\33f182d0.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\45f8db7.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\49a9468.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\4a23e5a.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\4ea7a4b8.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\6abde85.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\6b116c5.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\74b834c.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\758b78ee.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\95b418c.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\c08de01.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\c7bc9.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\d54ee8c.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-10112.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-10132.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-10624.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-10680.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-10988.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-11440.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-11712.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-1472.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-2240.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-2864.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-3356.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-3480.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-3920.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-5436.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-568.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-576.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-580.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-6756.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-6896.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-7528.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-8408.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-8952.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-9040.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-9580.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-9864.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-9892.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\aria-debug-9912.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\CVR576F.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\CVREC8.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\Spyder3Utility    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\wct98.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Pepe\AppData\Local\Temp\wctDD61.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVIDO archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\WINDOWS\AutoKMS  =>HackTool.AutoKMS
MOVIDO archivo: C:\Users\Pepe\AppData\Local\MSfree Inc  =>HackTool.WinActivator
MOVIDO archivo: C:\Program Files (x86)\Microsoft Toolkit Final  =>HackTool.WinActivator
MOVIDO archivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime
MOVIDO archivo: C:\Users\Pepe\AppData\Local\AdvinstAnalytics  =>.SUP.Various
MOVIDO archivo: C:\Users\Pepe\AppData\Local\Microsoft Toolkit  =>HackTool.AutoKMS
MOVIDO archivo: C:\WINDOWS\Installer\MSI56A0.tmp-  =>.SUP.Empty


---\\  Registro ( Claves, Valores, Datos) (11)
BORRADOS dados: [X64] HKLM\SOFTWARE\Classes\Documents.htmlfiles\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files (x86)\MobiSystems\OfficeSuite\Documents.exe" "%1"]  =>Broken.OpenCommand
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector [Protector Class]  =>Adware.BProtector
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [Protector Class]  =>Adware.BProtector
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [ProtectorLib Class]  =>Adware.BProtector
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [ProtectorLib Class]  =>Adware.BProtector
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EPSON SX525WD Series [0x030000002A3C5A8A5249D101]  =>PUP.Optional.Generic
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Epson Stylus SX525WD(Red) [0x030000004ABAC7865249D101]  =>PUP.Optional.Generic
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EPSON6712F0 (Epson Stylus SX525WD) [0x03000000EFC7B5815249D101]  =>PUP.Optional.Generic
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Microleaves\Online Application\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Microleaves\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ [No Folder]  =>.SUP.Obsolete.NoFolder


---\\  Resumen de elementos en su estación de trabajo (14)
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Various
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Broken.OpenCommand
https://nicolascoolman.eu/2017/04/12/adware-bprotector/  =>Adware.BProtector
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.NoFolder


---\\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Google Chrome)
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 669
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 28682170


~ End of clean in 00h01mn34s

---\\  Reporte (2)
ZHPCleaner-[S]-26012019-22_36_16.txt
ZHPCleaner-[R]-26012019-22_39_27.txt
#6

Comentarte que durante el escaneo de ZHPCleaner me salió el siguiente mensaje: ¿Has instalado a este server 213.60.205.175 y pinche en no.

#7

En cuanto al ADWCleaner y por error me cargue los que me detecto. disculpas.

#8

En la pantalla Tools, no tengo nada.

#9

Tenias alguna infección,falta el log de Eset online

#10
11:57:36 # product=EOS
    # version=8
    # ESETOnlineScanner_ESL.exe=3.0.17.0
    # country="Spain"
    # lang=13322
    12:09:48 Updating
    12:09:48 Update Init
    12:09:50 Update Download
    12:11:10 esets_scanner_reload returned 0
    12:11:10 g_uiModuleBuild: 40189
    12:11:10 Update Finalize
    12:11:10 Call m_esets_charon_send
    12:11:10 Call m_esets_charon_destroy
    12:11:10 Updated modules version: 40189
    12:11:21 Call m_esets_charon_setup_create
    12:11:21 Call m_esets_charon_create
    12:11:21 m_esets_charon_create OK
    12:11:21 Call m_esets_charon_start_send_thread
    12:11:21 Call m_esets_charon_setup_set
    12:11:21 m_esets_charon_setup_set OK
    12:11:21 Scanner engine: 40189
    19:05:07 # product=EOS
    # version=8
    # flags=0
    # av=0
    # fw=7
    # admin=1
    # ESETOnlineScanner_ESL.exe=3.0.17.0
    # EOSSerial=30563edf888aff4d8a181513078d659a
    # engine=40189
    # end=finished
    # bannerClicked=0
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # sfx_checked=true
    # utc_time=2019-01-27 18:05:06
    # local_time=2019-01-27 19:05:06 (+0100, Hora estándar romance)
    # country="Spain"
    # lang=13322
    # osver=10.0.17763 NT 
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 88 72213 11615800 0 0
    # scanned=367803
    # found=37
    # cleaned=37
    # scan_time=23600
    # flow=2019-01-27 11:57:35|scr|intro|2019-01-27 11:57:53|scr|eula|2019-01-27 11:57:55|scr|welcome|2019-01-27 11:57:57|promo|eis|2019-01-27 11:58:24|scr|consents|2019-01-27 11:59:05|scr|scan_type|2019-01-27 11:59:18|scr|custom_target|2019-01-27 12:00:08|scr|pua|2019-01-27 12:00:59|scr|adv_settings|2019-01-27 12:01:38|scr|pua|2019-01-27 12:09:48|scr|updating|2019-01-27 12:11:10|scr|scanning|2019-01-27 15:37:11|click|minimize|2019-01-27 18:44:32|scr|all_cleaned|2019-01-27 18:49:42|click|save_report|2019-01-27 18:51:49|click|save_report|2019-01-27 18:52:47|click|save_report|2019-01-27 18:54:11|click|save_report|2019-01-27 18:54:57|click|save_report|2019-01-27 18:57:04|scr|report_cleaned|2019-01-27 18:57:04|click|resolved_detections|2019-01-27 19:00:13|scr|periodic_offer|2019-01-27 19:00:23|scr|upsell|2019-01-27 19:04:02|scr|thanks
    # periodic=0,0
    # stats_enabled=0
    # scan_type=3
    sh=CAB1D85A3FFB4F255E7847C892587D160831B86F ft=1 fh=0000000001272238 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Pepe\Downloads\ccsetup552.exe"
    sh=83FF0785C59D760966229F2B74507F927D7D1292 ft=0 fh=000000000029c4c0 vn="una variante de Win32/Keygen.CX aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Fotografía\Programas Retoque fotográfico\Plug-ins\NoisewareProfessional.PlugIn.v4.2\NoisewareProfessional.PlugIn.v4.2.rar"
    sh=6920FBD42BF54ED5BA91F9F6CD82BA1A69DA295A ft=0 fh=00000000002b2ae7 vn="una variante de MSIL/HackKMS.A aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Utilidades\Activadores\Activar Office\Activar Office.rar"
    sh=7A58F05B32E6477DABE1228A12C0898DC26940E7 ft=0 fh=00000000000171b0 vn="una variante de Win32/Keygen.RM aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Utilidades\Antimalware\Malwarebytes.Anti-Malware.v1.75.0.1300.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\MalwareBytes.Anti-Malware.1.50.READNFO_KEYGEN-FFF.zip"
    sh=FFC148DAD665C6C179807DF3A6E55E8006475AB7 ft=0 fh=0000000000017d36 vn="Win32/Keygen.ADJ aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Utilidades\Antimalware\Malwarebytes.Anti-Malware.v1.75.0.1300.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes.Anti-Malware.v1.3.x.Keygen-CORE.rar"
    sh=69CFFA0F9FAF0CEFB0BCED692CB456D129783F49 ft=0 fh=000000000004f67a vn="una variante de Win32/Keygen.ADI aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Utilidades\Antimalware\Malwarebytes.Anti-Malware.v1.75.0.1300.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes.Anti-Malware.v1.50.Keymaker-CORE.rar"
    sh=9B60ECC7B32DEA0A26FE3764F11A26E4FD7A6F98 ft=0 fh=00000000001065f5 vn="Win32/Keygen.ADK aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Utilidades\Antimalware\Malwarebytes.Anti-Malware.v1.75.0.1300.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes.Anti-Malware.v1.50b.Keygen-RED.zip"
    sh=D7BB0F8578F3B1890585D8E38FD758557F17FCB6 ft=0 fh=00000000000708be vn="una variante de Win32/Keygen.CI aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Copia del disco E que falla\Utilidades\Antimalware\Malwarebytes.Anti-Malware.v1.75.0.1300.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes_.Anti-Malware.v1.46.Keygenerator-iNF.zip"
    sh=7A58F05B32E6477DABE1228A12C0898DC26940E7 ft=0 fh=00000000000171b0 vn="una variante de Win32/Keygen.RM aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\MalwareBytes.Anti-Malware.1.50.READNFO_KEYGEN-FFF.zip"
    sh=FFC148DAD665C6C179807DF3A6E55E8006475AB7 ft=0 fh=0000000000017d36 vn="Win32/Keygen.ADJ aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes.Anti-Malware.v1.3.x.Keygen-CORE.rar"
    sh=69CFFA0F9FAF0CEFB0BCED692CB456D129783F49 ft=0 fh=000000000004f67a vn="una variante de Win32/Keygen.ADI aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes.Anti-Malware.v1.50.Keymaker-CORE.rar"
    sh=9B60ECC7B32DEA0A26FE3764F11A26E4FD7A6F98 ft=0 fh=00000000001065f5 vn="Win32/Keygen.ADK aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes.Anti-Malware.v1.50b.Keygen-RED.zip"
    sh=D7BB0F8578F3B1890585D8E38FD758557F17FCB6 ft=0 fh=00000000000708be vn="una variante de Win32/Keygen.CI aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Malwarebytes.Anti-Malware.Premium.v2.0.1.1004.Multilingual.Final.Incl.Keymaker-FFF\Keygen' s\Malwarebytes_.Anti-Malware.v1.46.Keygenerator-iNF.zip"
    sh=D2780D2E145C9929500BAE41EDE0CB54405026EC ft=0 fh=00000000004803e2 vn="una variante de Win32/Systweak.U aplicación potencialmente no deseada,una variante de Win32/PerfectRegistry.A aplicación potencialmente no deseada (eliminado)" ac=C fn="J:\Descargas\PerfectReg\PerfectReg.rar"
    sh=907A32ECCEB53D9DE1FA607E3C39027FA2CF829E ft=0 fh=0000000038c2f19a vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura,OSX/Keygen.AA aplicación potencialmente no segura,BAT/HostsChanger.A aplicación potencialmente no segura,una variante de Win32/Keygen.HA aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Photoshop\22.06.Adobe Bridge CC 6.1.0.116.rar"
    sh=A7A6A45A2F1EAD1C64D2FD6B2A52D23059E0AE31 ft=0 fh=000000005b6b8bdd vn="BAT/HostsChanger.A aplicación potencialmente no segura,una variante de Win32/Keygen.HA aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Photoshop\22.06.Adobe Photoshop CC 2014 v15.0.0.58.rar"
    sh=08265CB50E4DBE4F4148EA07189359C685C87AFD ft=0 fh=000000000003223d vn="una variante de Win32/Keygen.AU aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Programas bajados del blog de Toño\Fotografía\acdsee-pro-6.1-64bit\ACDSee.Pro.v6.0.Keymaker-CORE.rar"
    sh=ECFD43AFDC7D3B4B87E94FDB6F950B79CEDC5454 ft=0 fh=000000000004047a vn="una variante de Win32/Keygen.OM aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Programas bajados del blog de Toño\Fotografía\Eye Candy\FIX\xfaskg.zip"
    sh=D10224868AA482965E36E7EF73950C81D2FA80E2 ft=0 fh=0000000000b1817c vn="una variante de MSIL/HackKMS.G aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Descargas\Programas bajados del blog de Toño\Activador office2010.rar"
    sh=D47ECFCE6BDDE76691B453A2333093DB750202E1 ft=0 fh=00000000000fa227 vn="una variante de Win32/Toolbar.Babylon.E aplicación potencialmente no deseada (eliminado)" ac=C fn="J:\Descargas\Programas bajados del blog de Toño\Unlocker1.9.2.rar"
    sh=AFA58733C337A738A8FBD437F9360C5B8E17D8A7 ft=0 fh=000000000003f53f vn="una variante de Win32/Keygen.PT aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Programas\AIDA64 Extreme Edition 4.00.2700\Otros Keygen\Keygen ZWT.rar"
    sh=C11A44ABED68976CE10B311363FA987D27672F52 ft=0 fh=0000000000011a8c vn="Win32/Keygen.LE aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Programas\AIDA64 Extreme Edition 4.00.2700\Otros Keygen\Keygen-CHiLi.rar"
    sh=D2780D2E145C9929500BAE41EDE0CB54405026EC ft=0 fh=00000000004803e2 vn="una variante de Win32/Systweak.U aplicación potencialmente no deseada,una variante de Win32/PerfectRegistry.A aplicación potencialmente no deseada (eliminado)" ac=C fn="J:\Programas formateo 14-05-2014\Downloads\PerfectReg\PerfectReg.rar"
    sh=5B97B0F689019D69F8F25D40C678D770C3A73BC3 ft=0 fh=000000000180bb40 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura (eliminado)" ac=C fn="J:\Telegram\NETGATE_Spy_Emergency_15.0.505.0.rar"
    sh=2E2F2D6BD3CF8A3277788F18E739491115B0F7AA ft=0 fh=00000000003c1697 vn="varias amenazas,Win32/Adware.HiRu.G aplicación,Win32/Adware.HiRu.C aplicación (eliminado)" ac=C fn="J:\Telegram\Speccy.rar"
    sh=416042C08F5A4F601737A7F5BD8892A902800DB5 ft=0 fh=0000000000de3d20 vn="una variante de Win32/Systweak.M aplicación potencialmente no deseada,una variante de Win32/HackTool.Patcher.A aplicación potencialmente no segura,una variante de MSIL/AdvancedSystemProtector.F aplicación potencialmente no deseada (eliminado)" ac=C fn="J:\Telegram\WinZip.SUS.2.7.1100.16429.rar"
    sh=ECFD43AFDC7D3B4B87E94FDB6F950B79CEDC5454 ft=0 fh=000000000004047a vn="una variante de Win32/Keygen.OM aplicación potencialmente no segura (eliminado)" ac=C fn="K:\Copia de seguridad 13-12-2013\Downloads\Programas bajados del blog de Toño\Fotografía\Eye Candy\FIX\xfaskg.zip"
    sh=D47ECFCE6BDDE76691B453A2333093DB750202E1 ft=0 fh=00000000000fa227 vn="una variante de Win32/Toolbar.Babylon.E aplicación potencialmente no deseada (eliminado)" ac=C fn="K:\Copia de seguridad 13-12-2013\Downloads\Programas bajados del blog de Toño\Unlocker1.9.2.rar"
    sh=69C85556BDE4071F97CF1DE45FB8E43E78EA9758 ft=0 fh=0000000000011ac4 vn="OSX/Keygen.AA aplicación potencialmente no segura (eliminado)" ac=C fn="K:\Programas\Adobe Photoshop cc 2015\Adobe.Photoshop.CC.2015.v16.0.WIN64.Multilingual.Incl.Keygen-XFORCE\Crack\Keygen\Adobe CC 2014-X-FORCE\Crack-OSX\xf-accm2014.dmg"
    sh=E709660116301B231D8E13747AAB5970E80FE42A ft=0 fh=000000003d908d82 vn="varias amenazas,OSX/Keygen.AA aplicación potencialmente no segura,BAT/HostsChanger.A aplicación potencialmente no segura,BAT/Qhost.NOV troyano,una variante de Win32/Keygen.HA aplicación potencialmente no segura,una variante de Win32/HackTool.Patcher.CH aplicación potencialmente no segura (eliminado)" ac=C fn="K:\Programas\Adobe Photoshop cc 2015\APCC2015.rar"
    sh=4F950C4C4BC25F0FEBD0AB3176DD3EA4B7221C29 ft=0 fh=0000000000a33479 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura (eliminado)" ac=C fn="K:\Programas\Utilidades\Revo Uninstaller Pro V.3.0.8.rar"
    sh=1A5BAA27725A15A8A5BBE862E2F51CDD0C25CBB0 ft=0 fh=0000000000ddac32 vn="una variante de Win32/Keygen.FT aplicación potencialmente no segura (eliminado)" ac=C fn="M:\Copia de seguridad 13-12-2013\Downloads\BurnAware Professional 6.8\BurnAware Professional 6.8.rar"
    sh=08265CB50E4DBE4F4148EA07189359C685C87AFD ft=0 fh=000000000003223d vn="una variante de Win32/Keygen.AU aplicación potencialmente no segura (eliminado)" ac=C fn="M:\Copia de seguridad 13-12-2013\Downloads\Programas bajados del blog de Toño\Fotografía\acdsee-pro-6.1-64bit\ACDSee.Pro.v6.0.Keymaker-CORE.rar"
    sh=ECFD43AFDC7D3B4B87E94FDB6F950B79CEDC5454 ft=0 fh=000000000004047a vn="una variante de Win32/Keygen.OM aplicación potencialmente no segura (eliminado)" ac=C fn="M:\Copia de seguridad 13-12-2013\Downloads\Programas bajados del blog de Toño\Fotografía\Eye Candy\FIX\xfaskg.zip"
    sh=D47ECFCE6BDDE76691B453A2333093DB750202E1 ft=0 fh=00000000000fa227 vn="una variante de Win32/Toolbar.Babylon.E aplicación potencialmente no deseada (eliminado)" ac=C fn="M:\Copia de seguridad 13-12-2013\Downloads\Programas bajados del blog de Toño\Unlocker1.9.2.rar"
    sh=80236D3F8DFFFE7543A97D85B18F4689C348BC76 ft=0 fh=0000000001a03f64 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura (eliminado)" ac=C fn="M:\Copia de seguridad 13-12-2013\Downloads\womobilegofand..4.0.0.245\womobilegofand..4.0.0.245.rar"
    sh=032F9474FABBB00AF4E6677F5EE500868CA91F0F ft=0 fh=0000000000012485 vn="una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura (eliminado)" ac=C fn="M:\Copia de seguridad 13-12-2013\Downloads\womobilegofand..4.0.0.245\wondershare.mobilego.for.android.4.0.0.245-patch.zip"
    19:05:08 Call m_esets_charon_send
    19:05:08 Call m_esets_charon_destroy
    19:07:01 # product=EOS
    # version=8
    # ESETOnlineScanner_ESL.exe=3.0.17.0
    # country="Spain"
    # lang=13322
#11

27/01/2019 18:49:41 Archivos explorados: 367803 Archivos infectados: 37 Amenazas eliminadas: 37 Tiempo total de exploración 06:33:20 Estado de la exploración: Finalizado

#12

Espero que te sirva. me perdí un poco con el Eset Online Scanner.

#13

Lo que tienes que evitar es descargar y usar Keygens o similares, pues las infecciones vienen por ahi, y tienes unos cuantos, a si que si sigues usándolos, de nada sirven los antivirus.

Pra verificar que no quede nada, realizas:


  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

#14
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
Ran by Pepe (administrator) on PEPE-PC (27-01-2019 20:53:55)
Running from C:\Users\Pepe\Desktop
Loaded Profiles: Pepe (Available Profiles: Pepe & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.292 (X64) Language: Español (España, internacional)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
((c)2016 Datacolor) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MobiSystems Inc.) C:\Program Files (x86)\MobiSystems\OfficeSuite\OfficeSuite.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle Corporation)
HKLM-x32\...\Run: [OfficeSuite] => C:\Program Files (x86)\MobiSystems\OfficeSuite\OfficeSuite.exe [390704 2019-01-08] (MobiSystems Inc.)
HKU\S-1-5-21-3347187512-3475484731-655712606-1001\...\Run: [EPSON6712F0 (Epson Stylus SX525WD)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3347187512-3475484731-655712606-1001\...\Run: [EPSON SX525WD Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3347187512-3475484731-655712606-1001\...\Run: [Epson Stylus SX525WD(Red)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3347187512-3475484731-655712606-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2017-04-08]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor)
Startup: C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-02-13]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.60.205.175
Tcpip\..\Interfaces\{67d88bea-88d8-4eaa-9fda-846c33984da3}: [DhcpNameServer] 213.60.205.175

Internet Explorer:
==================
HKU\S-1-5-21-3347187512-3475484731-655712606-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-29] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-08-29] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-08-29] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-08] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2018-12-27] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-25] (Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cxbu0x64; C:\WINDOWS\system32\DRIVERS\cxbu0x64.sys [157848 2015-09-08] (HID Global Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-11] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-25] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-27 20:53 - 2019-01-27 20:54 - 000013674 _____ C:\Users\Pepe\Desktop\FRST.txt
2019-01-27 20:53 - 2019-01-27 20:53 - 000000000 ____D C:\FRST
2019-01-27 20:46 - 2019-01-27 20:46 - 002428416 _____ (Farbar) C:\Users\Pepe\Desktop\FRST64.exe
2019-01-27 18:51 - 2019-01-27 18:51 - 000000352 _____ C:\Users\Pepe\Documents\Resultado Eset Online Scanner.txt
2019-01-27 11:51 - 2019-01-27 11:51 - 007666296 _____ (ESET spol. s r.o.) C:\Users\Pepe\Desktop\ESETOnlineScanner_ESL.exe
2019-01-26 22:36 - 2019-01-26 23:22 - 000012657 _____ C:\Users\Pepe\Desktop\ZHPCleaner.txt
2019-01-26 22:26 - 2019-01-26 23:34 - 000000000 ____D C:\Users\Pepe\AppData\Roaming\ZHP
2019-01-26 22:26 - 2019-01-26 22:26 - 000000911 _____ C:\Users\Pepe\Desktop\ZHPCleaner.lnk
2019-01-26 22:26 - 2019-01-26 22:26 - 000000000 ____D C:\Users\Pepe\AppData\Local\ZHP
2019-01-26 21:43 - 2019-01-26 21:43 - 000002032 _____ C:\Users\Pepe\Desktop\AdwCleaner[S00].txt
2019-01-26 21:42 - 2019-01-26 21:45 - 000000000 ____D C:\AdwCleaner
2019-01-26 21:26 - 2019-01-26 21:26 - 003304320 _____ C:\Users\Pepe\Desktop\ZHPCleaner.exe
2019-01-26 21:22 - 2019-01-26 21:22 - 007320272 _____ (Malwarebytes) C:\Users\Pepe\Downloads\adwcleaner_7.2.6.0.exe
2019-01-26 20:31 - 2019-01-26 20:31 - 000000268 _____ C:\Users\Pepe\Documents\Escaneo.txt
2019-01-26 17:04 - 2019-01-27 11:57 - 000000000 ____D C:\Users\Pepe\AppData\Local\ESET
2019-01-26 16:41 - 2019-01-26 16:41 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-26 16:41 - 2019-01-26 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-26 16:41 - 2019-01-26 16:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-26 16:41 - 2019-01-26 16:41 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-26 16:41 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-26 16:39 - 2019-01-26 16:39 - 000001870 _____ C:\Users\Pepe\Desktop\Rkill.txt
2019-01-26 16:36 - 2019-01-26 16:36 - 072967448 _____ (Malwarebytes ) C:\Users\Pepe\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.527-1.0.8962.exe
2019-01-26 16:09 - 2019-01-26 16:09 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Pepe\Downloads\iExplore.exe
2019-01-26 12:59 - 2019-01-26 12:59 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2019-01-25 18:25 - 2019-01-25 18:25 - 000000000 ____D C:\Users\Pepe\AppData\Local\mbam
2019-01-25 18:24 - 2019-01-25 18:24 - 000000000 ____D C:\Users\Pepe\AppData\Local\mbamtray
2019-01-25 18:22 - 2019-01-25 18:22 - 080022264 _____ (Malwarebytes ) C:\Users\Pepe\Downloads\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe
2019-01-25 18:17 - 2019-01-25 18:17 - 000003118 _____ C:\Users\Pepe\Documents\cc_20190125_181745.reg
2019-01-25 16:39 - 2019-01-26 23:49 - 103809024 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-01-25 15:33 - 2019-01-25 16:39 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2019-01-25 14:27 - 2019-01-25 14:27 - 000001306 _____ C:\Users\Pepe\Documents\cc_20190125_142705.reg
2019-01-25 13:33 - 2019-01-25 13:33 - 000000000 ____D C:\ProgramData\DDDD
2019-01-25 13:32 - 2019-01-25 18:55 - 000000000 ____D C:\ProgramData\Blogger
2019-01-25 13:32 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2019-01-25 13:27 - 2019-01-26 13:38 - 000000000 ____D C:\ProgramData\DCCD
2019-01-25 13:27 - 2019-01-25 13:27 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-01-25 13:27 - 2019-01-25 13:27 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-01-25 13:27 - 2019-01-25 13:27 - 000000000 ____D C:\ProgramData\HXZFOKLB24IZFW8LN92K
2019-01-23 20:47 - 2019-01-23 20:47 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 005440008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 002323904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 002278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 001282640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 001259024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-23 20:47 - 2019-01-23 20:47 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 000762272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2019-01-23 20:47 - 2019-01-23 20:47 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 023439360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 022111856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 020811776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 015224832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 009684000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 008875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 007897088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 006549232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 006057984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 005584864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 005565952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 005561856 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 005527552 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 005205464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 005088256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 004991096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 004702704 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 004630016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 004526080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 004298752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 004019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 003556352 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 003386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002992640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002927112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 002776920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 002702528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002626568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 002618880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 002466304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002187264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002149368 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002072728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001969704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001720936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001700880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001696936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-01-23 20:46 - 2019-01-23 20:46 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001671864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001604096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001533440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001467384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001341584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-01-23 20:46 - 2019-01-23 20:46 - 001331744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001309184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001271608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 001255944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 001209360 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001178344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 001168384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 001051152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000970256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000864056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000850968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000822448 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000806560 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-01-23 20:46 - 2019-01-23 20:46 - 000806560 _____ C:\WINDOWS\system32\locale.nls
2019-01-23 20:46 - 2019-01-23 20:46 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000752136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000726208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000652320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000651304 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000649272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000629576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000612368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000604552 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000588304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000535048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000522312 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-01-23 20:46 - 2019-01-23 20:46 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000408800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000353488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000277536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000276488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTF.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000262672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000203280 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MTF.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000148480 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000132104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000121872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000114856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlahc.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PktMon.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\nslookup.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nslookup.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2019-01-23 20:46 - 2019-01-23 20:46 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo-overrides.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-01-23 20:46 - 2019-01-23 20:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-01-23 15:20 - 2019-01-23 15:20 - 000000000 ____D C:\WINDOWS\Panther
2019-01-23 15:16 - 2019-01-23 15:16 - 000010158 _____ C:\Users\Pepe\Documents\cc_20190123_151600.reg
2019-01-23 15:09 - 2019-01-23 15:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-01-22 17:22 - 2019-01-22 17:22 - 000000000 ____D C:\Users\Pepe\AppData\Roaming\OfficeSuite Mail
2019-01-22 17:19 - 2019-01-22 17:23 - 000000000 ____D C:\Users\Pepe\AppData\Roaming\MobiSystems Inc
2019-01-22 17:19 - 2019-01-22 17:19 - 000000000 ____D C:\Users\Pepe\AppData\Local\Mobisystems
2019-01-22 17:19 - 2019-01-22 17:19 - 000000000 ____D C:\Users\Pepe\AppData\Local\CrashRpt
2019-01-22 17:14 - 2019-01-22 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite
2019-01-22 17:14 - 2019-01-22 17:14 - 000000000 ____D C:\Program Files (x86)\MobiSystems
2019-01-18 23:48 - 2019-01-18 23:48 - 000000076 _____ C:\Users\Pepe\Desktop\teclados.txt
2019-01-15 16:07 - 2019-01-15 16:07 - 000000190 _____ C:\Users\Pepe\Desktop\sillas de escritorio.txt
2019-01-08 22:16 - 2019-01-08 22:16 - 000000000 ____D C:\WINDOWS\PCHEALTH
2019-01-08 22:13 - 2019-01-08 22:13 - 012858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 012151808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 003952952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 003338328 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 002986352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 002437552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 001022464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000870400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000662528 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Pipeline.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000387384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000178696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 22:13 - 2019-01-08 22:13 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000140808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 22:13 - 2019-01-08 22:13 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowService.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000098816 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Broker.dll
2019-01-08 22:13 - 2019-01-08 22:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 22:13 - 2019-01-08 22:13 - 000047112 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-28 00:00 - 2018-12-28 00:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-27 20:53 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-27 18:45 - 2018-12-27 23:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-27 16:18 - 2015-10-19 19:34 - 000000000 ____D C:\Users\Pepe\Documents\Archivos de Outlook
2019-01-27 16:05 - 2017-11-19 16:08 - 000000000 ____D C:\Users\Pepe\AppData\Local\Packages
2019-01-27 11:35 - 2017-07-16 20:49 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-26 23:58 - 2018-12-27 23:59 - 002012042 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-26 23:58 - 2018-09-15 17:37 - 000864082 _____ C:\WINDOWS\system32\perfh00A.dat
2019-01-26 23:58 - 2018-09-15 17:37 - 000186264 _____ C:\WINDOWS\system32\perfc00A.dat
2019-01-26 23:58 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2019-01-26 23:58 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-26 23:51 - 2018-12-27 23:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-26 23:49 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-26 16:42 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-26 16:28 - 2015-10-18 12:16 - 000001230 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2019-01-26 14:21 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-26 14:21 - 2018-07-10 22:19 - 000000000 ____D C:\ProgramData\Packages
2019-01-26 13:41 - 2018-12-27 23:58 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3347187512-3475484731-655712606-1001
2019-01-26 13:41 - 2018-12-27 23:49 - 000002431 _____ C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-26 13:41 - 2015-10-23 13:01 - 000000000 ___RD C:\Users\Pepe\OneDrive
2019-01-26 13:38 - 2015-10-20 09:58 - 000000000 ____D C:\Users\Pepe\AppData\Roaming\Raxco
2019-01-26 13:38 - 2015-10-20 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco
2019-01-26 13:38 - 2015-10-20 09:58 - 000000000 ____D C:\Program Files (x86)\Raxco
2019-01-26 12:59 - 2018-12-27 23:49 - 000000000 ____D C:\Users\DefaultAppPool
2019-01-25 14:24 - 2016-08-26 20:58 - 000000000 ____D C:\Users\Pepe\AppData\Local\CrashDumps
2019-01-25 14:16 - 2018-06-23 15:45 - 000000000 ____D C:\Users\Pepe\AppData\Local\D3DSCache
2019-01-25 14:05 - 2018-02-27 17:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-23 21:08 - 2018-12-27 23:42 - 000442008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-23 21:08 - 2015-10-23 23:39 - 000000000 ___RD C:\Users\Pepe\3D Objects
2019-01-23 21:08 - 2015-09-10 06:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-01-23 21:06 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-23 21:06 - 2018-09-15 07:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-01-23 20:47 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-23 20:46 - 2015-10-17 22:00 - 000408346 __RSH C:\bootmgr
2019-01-23 15:20 - 2016-04-14 23:16 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-23 15:09 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-23 13:50 - 2015-10-23 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-22 22:33 - 2018-12-27 23:49 - 000000000 ____D C:\Users\Pepe
2019-01-21 17:00 - 2015-10-19 18:53 - 000000000 ____D C:\Users\Pepe\AppData\Roaming\Telegram Desktop
2019-01-20 01:25 - 2017-04-01 15:16 - 000000000 ____D C:\Users\Pepe\Documents\Euro Truck Simulator 2
2019-01-19 17:36 - 2015-11-14 23:12 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-01-19 17:36 - 2015-11-14 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-19 17:36 - 2015-11-14 23:12 - 000000000 ____D C:\Program Files (x86)\Java
2019-01-17 19:57 - 2015-10-18 11:42 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-17 19:57 - 2015-10-18 11:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-16 13:53 - 2015-10-18 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-12 23:29 - 2018-09-15 07:09 - 000000000 ____D C:\WINDOWS\servicing
2019-01-09 12:41 - 2015-10-17 21:48 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-09 01:06 - 2018-09-15 17:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-01-09 01:06 - 2018-09-15 17:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-01-09 01:06 - 2018-09-15 17:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-01-08 22:19 - 2018-09-15 08:36 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-08 22:19 - 2018-09-15 08:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-08 22:19 - 2015-10-18 00:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 22:18 - 2015-10-18 00:48 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-08 22:16 - 2009-07-14 03:34 - 000000478 _____ C:\WINDOWS\win.ini
2019-01-05 14:18 - 2015-10-17 22:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-03 20:32 - 2018-11-29 00:49 - 000000130 _____ C:\Users\Pepe\Desktop\Videos de ioniq.txt
2018-12-28 15:36 - 2017-12-01 21:47 - 000000000 ____D C:\Users\Pepe\AppData\Local\PlaceholderTileLogoFolder
2018-12-28 11:40 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2019-01-25 13:27 - 2019-01-25 13:27 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-01-25 13:27 - 2019-01-25 13:27 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2015-10-23 12:23 - 2016-06-22 19:35 - 000000067 _____ () C:\Users\Pepe\AppData\Roaming\burnaware.ini
2016-02-11 21:59 - 2017-03-06 22:29 - 000007668 _____ () C:\Users\Pepe\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
#15
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by Pepe (27-01-2019 20:54:37)
Running from C:\Users\Pepe\Desktop
Windows 10 Pro Version 1809 17763.292 (X64) (2018-12-27 22:58:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3347187512-3475484731-655712606-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3347187512-3475484731-655712606-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3347187512-3475484731-655712606-1002 - Limited - Enabled)
Invitado (S-1-5-21-3347187512-3475484731-655712606-501 - Limited - Disabled)
Pepe (S-1-5-21-3347187512-3475484731-655712606-1001 - Administrator - Enabled) => C:\Users\Pepe
WDAGUtilityAccount (S-1-5-21-3347187512-3475484731-655712606-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Actualización de NVIDIA 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Professional 6.8 (HKLM-x32\...\BurnAware Professional_is1) (Version:  - Burnaware)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX525WD Series Manual (HKLM-x32\...\EPSON SX525WD Series Manual) (Version:  - )
EPSON SX525WD Series Printer Uninstall (HKLM\...\EPSON SX525WD Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
iTunes (HKLM\...\{62D46C28-6A95-4201-9E81-D59912BA6004}) (Version: 12.9.2.6 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manual de red de EPSON SX525WD Series (HKLM-x32\...\EPSON SX525WD Series Network Guide) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3347187512-3475484731-655712606-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OfficeSuite (HKLM-x32\...\{7FC14CD2-E82C-4AB8-B9C3-0D2AB4D5FC8A}) (Version: 2.95.18960.0 - MobiSystems)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam  (06/21/2007 2.2.0.0) (HKLM\...\1F83630F1D96893C47BCF19B627F1BBA13E0DAF7) (Version: 06/21/2007 2.2.0.0 - OLYMPUS IMAGING CORP.)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
Telegram Desktop version 1.5.4 (HKU\S-1-5-21-3347187512-3475484731-655712606-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.4 - Telegram Messenger LLP)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0028DDED-C889-4D00-AF7C-784E2739B551} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {009D83D8-19EB-4947-82AD-4B1F80179328} - System32\Tasks\S-1-5-21-3347187512-3475484731-655712606-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-09-15] (Microsoft Corporation)
Task: {07EF4DBD-7F92-4D7D-B6A0-FC4F0FE7A22C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {1340E371-F3E9-4728-93B5-C16C3F3DF229} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18152C97-73C6-4192-A5D1-333879E04445} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {19B6FEFE-3EE0-490F-8817-418CF8C0E489} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {23448904-1F3A-40B0-88C4-133ED602BC59} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {23B3DB6D-DB21-446B-AEEF-770EBC894FE8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {24E92BE0-C383-4987-A80D-857C0050C567} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-25] (Microsoft Corporation)
Task: {2C6535EB-095E-452E-ACA0-D19178320633} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2E0B0C42-BC48-4F9C-B7A6-53262BF76B02} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35A01345-B131-4FCB-A39B-31AE157595DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {36868A85-0C33-47C3-B770-314E672C6D7E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2019-01-08] (Microsoft Corporation)
Task: {38A30F21-159E-4807-84C1-D78221957999} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {477D2722-E6DE-434E-B7DB-EE0D0A9AEE05} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4DCFAFC2-8921-4F0B-A47C-6C7E7BECE681} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {53FC991C-D6ED-4034-A45C-E9C946E64CBD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56A3582A-4667-456D-920E-74AE47B62C31} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {573E5D94-F50A-4411-894D-8638BC4C7A18} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {594075A1-FB79-49C5-87BE-17A6930E6C22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {59D8C665-29F2-41BA-8543-85BFDF9EE594} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {5AE1E1B9-790E-46E4-AE91-30898A3BB9F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-25] (Microsoft Corporation)
Task: {5AFE77C8-8283-4A37-9A2C-EF18A035FF54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6806263C-36BC-4DCE-A2D7-D978A58B9AE6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {6874AA14-F382-4431-A9FE-EB273F625439} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {814F580E-0444-4F5B-BC15-15A4944A1F97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84BEEA45-AC30-4875-9533-4691FEBB5A0A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {853509B9-7719-4ECF-BF18-01E30FC64FFD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D25976C-7927-421F-B92D-D53BA2AD024B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {8F2D3641-D41E-4852-8992-005B9D6FA81D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9502EE8F-1E2E-4516-9CD6-FB1937F40F13} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-11] (NVIDIA Corporation)
Task: {99FB379F-4E4D-491A-B0B7-033EB0A6818B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B317599-9CF3-41FE-97FF-488464526D7B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B5A43F4-ED8E-46DD-8141-E31A13FDDF19} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC5A4BE0-1A8D-4210-9AD4-58AABCEEAFC4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B1F7D548-33AB-495E-84E6-3BFC45864BC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B327F9E2-FB45-4FF7-92BE-70C5E023BCCC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B829BF26-992A-44D4-A121-80793D2FF8A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BDDA3D5F-1908-46EA-8893-8C02AD734639} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C6954CD9-7A3D-4339-BD1B-C54721AFA771} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2555650-B141-4E07-B070-6888BB1AD5B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D41F1D16-8398-4BE6-88B2-11A93083A2B5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5E4AD02-E401-4299-82D2-2194B259D6F2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D72CE5DE-5DED-4C1D-AE3E-5F29D48AD441} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-25] (Microsoft Corporation)
Task: {D9D937BB-10DE-4CC7-A9C7-A37250FF576C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E22D089B-80B5-47F8-B340-767476A415B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E244DDB4-2C6C-4521-9EF5-A9F0CBC25CAE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E372A6F9-3F7C-4F2F-852C-1A68F50171F2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
Task: {E911EE61-5F9A-409B-B1F5-306EC4D46736} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E98915D0-C134-4591-97BB-FE3B0F9A6E71} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA Corporation)
Task: {E9ABDBEA-80DE-41B6-9210-F9A80A2C682C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {EA7E48FD-6F82-4610-897F-B3EBC0158DBF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB28BF18-9F85-4BB2-8C6B-AABED3DF8133} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {ECCF19E7-780F-4B71-9BD3-109A90BB3758} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-23] (AVAST Software)
Task: {ED551520-691F-4E2F-8899-607B9E5E4600} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-25] (Microsoft Corporation)
Task: {F8B040D7-F83C-4B52-A631-4186A90CCBD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {FC601F9D-AB93-4C80-9E38-03DCC168DFBD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD3B0E92-E3AC-4257-B6A6-BF2B4957C8D7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-29 13:29 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-16 20:49 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2019-01-23 20:46 - 2019-01-23 20:46 - 001740800 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-23 21:23 - 2019-01-23 21:23 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-24 11:17 - 2018-10-24 11:17 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-23 21:23 - 2019-01-23 21:23 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-10 15:09 - 2019-01-10 15:09 - 005172224 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.exe
2019-01-10 15:09 - 2019-01-10 15:09 - 002172928 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll
2019-01-10 15:09 - 2019-01-10 15:09 - 001795584 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\PhoneContentDataStore.dll
2018-10-30 21:31 - 2018-10-30 21:31 - 001004032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-01-10 15:09 - 2019-01-10 15:09 - 002907136 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll
2018-11-29 13:41 - 2018-11-29 13:41 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-11-29 13:40 - 2018-11-29 13:40 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2019-01-23 21:23 - 2019-01-23 21:23 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-01-23 21:23 - 2019-01-23 21:23 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 21:51 - 2017-12-01 21:51 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 00:08 - 2018-11-29 00:08 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-23 21:23 - 2019-01-23 21:23 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-01-23 21:23 - 2019-01-23 21:23 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-19 19:05 - 2018-10-19 19:05 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2016-10-29 13:29 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-02-10 08:21 - 2016-02-09 07:15 - 001865216 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBGUIFramework.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 000096256 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2016-02-10 08:21 - 2016-02-09 07:15 - 000013824 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Internet Encodings.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 000090112 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 005340672 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 000031744 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 000293376 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 000274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2016-02-10 07:19 - 2016-02-09 07:15 - 000110592 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
2018-10-08 15:06 - 2018-10-08 15:06 - 000165936 _____ () C:\Program Files (x86)\MobiSystems\OfficeSuite\CrashRpt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3347187512-3475484731-655712606-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 213.60.205.175
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "EvtMgr6"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [{F2C7A70E-0F67-4A9C-83AC-CE08E80A2FBD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
FirewallRules: [{47A30F4C-026C-4FAA-95C7-55FE994D2CFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{745FF7AB-CCFA-42C6-83B4-A052AF70F1C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{CC861C72-D4B2-4D35-9452-F4EFC73F80DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{3056707C-E9DF-4683-B223-2C15B0F9F964}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{0945BB7E-FC9E-44CC-A64B-D26AF1CF58A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [UDP Query User{6ADDC29A-300B-4E60-B82E-DF9D7A8CFD43}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{E7031313-E964-4F5A-86FC-583D837D046F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [{C3E6F008-37BB-4BA7-9A76-660846442FAF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{3B5BA26C-586B-45FB-B64C-17A048DACB6B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{1C3B93D3-2459-4975-9F69-07645B289B17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{6745083A-6503-4434-9A87-DFC3DB3D1BF8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{51EB83DA-74C0-4CB6-BD26-E636D11D484D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{1CD7DC73-EA08-4778-ACE0-9C6E6CC22B35}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{386C9CFE-799F-4447-B30F-65ED42FF989F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{BF890764-DC2F-48CD-945C-76D1D7604541}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION)
FirewallRules: [{7A7DB098-7E3E-4041-8A25-AAA372F7C898}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe (SEIKO EPSON CORPORATION)
FirewallRules: [{9C85FD43-7B69-4916-9E5F-43F6859CFD63}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe (SEIKO EPSON CORPORATION)
FirewallRules: [{12F29D81-7748-4BF8-99F6-A5BBB3B1FE25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{A13A47ED-3944-4370-80BB-D72541AC563B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{8A99E911-AF7F-4C2F-849F-4EF7115404BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{1A253F2F-7F62-4BFC-901C-9CE81130CE3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [UDP Query User{865C584B-789A-43D4-811B-B80E906BBFFA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{DC2AAE51-A8E8-41D5-A6C4-B3E7862B2857}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [{0735BC4A-4964-421E-AC24-A20CFE7314B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{06B13BEC-146E-4C9E-9D42-F790827DBB9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{1AC0393D-7B3D-4A88-94BC-E1CCE137C2E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{463D56B6-6F3A-421E-AB0F-624A74011D97}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{150659A1-7C99-4F7A-9440-784AE50F1203}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation)
FirewallRules: [{003709D6-520E-487D-9158-7F994B54F533}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation)
FirewallRules: [{289F32DA-03BA-464C-99E1-29946EBD9CB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{EB8220C9-038F-4D69-BD51-0D847D41BC84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{9B7B1C01-11FC-4C75-9F8C-B28923EA3558}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2019 12:55:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (01/27/2019 12:55:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (01/27/2019 12:55:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2019 03:51:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Microsoft Ultimate Word Games.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 12d8

Hora de Inicio: 01d4b5868ef22d41

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.5.3272.0_x64__8wekyb3d8bbwe\Microsoft Ultimate Word Games.exe

Id. de informe: bd725a30-6db1-45cd-8075-03c6a0303dce

Nombre completo del paquete con errores: Microsoft.Studios.Wordament_3.5.3272.0_x64__8wekyb3d8bbwe

Id. de la aplicación relativa al paquete con errores: App

Tipo de bloqueo: Quiesce

Error: (01/26/2019 01:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: SelfProtectionSdk.dll, versión: 3.0.0.360, marca de tiempo: 0x5b995ba2
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000014e2a9
Identificador del proceso con errores: 0xd98
Hora de inicio de la aplicación con errores: 0x01d4b573258f75e4
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Identificador del informe: 099aa780-573b-4776-8f93-eb37b8a1366c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (01/25/2019 01:27:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DCCD.exe, versión: 1.0.0.0, marca de tiempo: 0x2a425e19
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17763.292, marca de tiempo: 0xf3450dbf
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x000e0e23
Identificador del proceso con errores: 0xb74
Hora de inicio de la aplicación con errores: 0x01d4b4a964a03d7d
Ruta de acceso de la aplicación con errores: C:\ProgramData\DCCD\DCCD.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: c1a1a1bd-d0ff-46aa-8eaf-a2afbd5f7197
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (01/23/2019 06:22:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15516

Error: (01/23/2019 06:22:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15516


System errors:
=============
Error: (01/27/2019 12:11:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/27/2019 12:11:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Pepe\AppData\Local\Temp\ehdrv.sys

Error: (01/27/2019 12:11:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/27/2019 12:11:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Pepe\AppData\Local\Temp\ehdrv.sys

Error: (01/27/2019 12:11:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/27/2019 12:11:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Pepe\AppData\Local\Temp\ehdrv.sys

Error: (01/27/2019 12:11:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/27/2019 12:11:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Pepe\AppData\Local\Temp\ehdrv.sys


Windows Defender:
===================================
Date: 2019-01-26 19:30:45.824
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_K:\Programas\Utilidades\Microsoft Toolkit\Microsoft Toolkit.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Pepe-PC\Pepe
Nombre de proceso: C:\Users\Pepe\AppData\Local\Microsoft\Windows\INetCache\IE\NGK42BRY\esetonlinescanner_enu.exe
Versión de firma: AV: 1.285.211.0, AS: 1.285.211.0, NIS: 1.285.211.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-26 19:26:19.687
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!rfn&threatid=2147694182&enterprise=0
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_K:\Programas\Adobe Photoshop cc 2015\Adobe.Photoshop.CC.2015.v16.0.WIN64.Multilingual.Incl.Keygen-XFORCE\Crack\Keygen\Adobe CC 2014-X-FORCE\Crack-Windows\xf-adobecc2014.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Pepe-PC\Pepe
Nombre de proceso: C:\Users\Pepe\AppData\Local\Microsoft\Windows\INetCache\IE\NGK42BRY\esetonlinescanner_enu.exe
Versión de firma: AV: 1.285.211.0, AS: 1.285.211.0, NIS: 1.285.211.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-26 19:18:58.200
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_K:\Descargas\Telegram Desktop\Microsoft Toolkit.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Pepe-PC\Pepe
Nombre de proceso: C:\Users\Pepe\AppData\Local\Microsoft\Windows\INetCache\IE\NGK42BRY\esetonlinescanner_enu.exe
Versión de firma: AV: 1.285.211.0, AS: 1.285.211.0, NIS: 1.285.211.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-26 17:11:54.934
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Pepe-PC\Pepe
Nombre de proceso: C:\Users\Pepe\AppData\Local\Microsoft\Windows\INetCache\IE\NGK42BRY\esetonlinescanner_enu.exe
Versión de firma: AV: 1.285.211.0, AS: 1.285.211.0, NIS: 1.285.211.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-26 17:11:39.687
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Pepe-PC\Pepe
Nombre de proceso: C:\Users\Pepe\AppData\Local\Microsoft\Windows\INetCache\IE\NGK42BRY\esetonlinescanner_enu.exe
Versión de firma: AV: 1.285.211.0, AS: 1.285.211.0, NIS: 1.285.211.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

CodeIntegrity:
===================================

Date: 2019-01-26 16:11:38.677
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 16:06:20.392
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 16:06:11.072
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 16:05:13.563
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 16:05:05.178
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 15:56:25.204
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 15:48:57.194
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-01-26 15:31:36.821
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 30%
Total physical RAM: 8187.48 MB
Available physical RAM: 5676.99 MB
Total Virtual: 16379.48 MB
Available Virtual: 13966.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.35 GB) (Free:16.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive j: (Varios) (Fixed) (Total:465.76 GB) (Free:205.2 GB) NTFS
Drive k: (Nuevo vol) (Fixed) (Total:931.51 GB) (Free:480.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive m: (Video, Musica, Manuales) (Fixed) (Total:596.17 GB) (Free:220.47 GB) NTFS

\\?\Volume{3bd63164-0000-0000-0000-60d61b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4F9C2379)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 3BD63164)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3DC81E11)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 4CB36D51)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
#16

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> No File
U3 idsvc; no ImagePath
2019-01-25 13:27 - 2019-01-25 13:27 - 000000000 ____D C:\ProgramData\HXZFOKLB24IZFW8LN92K
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-29] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-08-29] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-08-29] (Google Inc.)
019-01-23 15:20 - 2016-04-14 23:16 - 000000000 ____D C:\ProgramData\AVAST Software
019-01-23 15:09 - 2019-01-23 15:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Task: {23448904-1F3A-40B0-88C4-133ED602BC59} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {477D2722-E6DE-434E-B7DB-EE0D0A9AEE05} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {594075A1-FB79-49C5-87BE-17A6930E6C22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {814F580E-0444-4F5B-BC15-15A4944A1F97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84BEEA45-AC30-4875-9533-4691FEBB5A0A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {853509B9-7719-4ECF-BF18-01E30FC64FFD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B327F9E2-FB45-4FF7-92BE-70C5E023BCCC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BDDA3D5F-1908-46EA-8893-8C02AD734639} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D2555650-B141-4E07-B070-6888BB1AD5B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D5E4AD02-E401-4299-82D2-2194B259D6F2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E244DDB4-2C6C-4521-9EF5-A9F0CBC25CAE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E911EE61-5F9A-409B-B1F5-306EC4D46736} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ECCF19E7-780F-4B71-9BD3-109A90BB3758} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-23] (AVAST Software)
C:\Program Files\Common Files\AVAST Software
Task: {FD3B0E92-E3AC-4257-B6A6-BF2B4957C8D7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema

#19

Esto es lo que me sale cuando se esta ejecutando Delfix.

#22

Hola

Recuerda que esto no es un servicio 24 Horas, por lo que las respuestas no son inmediatas

Pulsa Si, y sigue el proceso

#23

Perdón, no lo digo con esa intención, bastante hacéis.

#24

Tranqui ,solo es un recordatorio porque a la hora de recibir respuesta mucha gente se impacienta esperando una respuesta rápida