Calculadora se abre sola, se escriben letras solas, etc


#1

Hola qué tal. Hace mucho que no entro por aquí e iba a retomar un tema que me arreglaron, pero veo que la página ha cambiado por completo y no permanece nada de lo anterior, e incluso el usuario anterior ya no sirve, así que vuelvo a contar el problema.

Después de muuucho tiempo el viejo amigo ha vuelto a aparecer de buenas a primeras. Se abre la calculadora sola una y otra vez, se escriben letras por sí mismas y se pone el ordenador en modo bloqueo cada varios minutos.

He repetido los mismos pasos que me indicaste la última vez: Ccleaner, Malwarebtys, Adwcleaner, Jungware Removal Tool y Farbar Recovery Sacan Tool, todo sin conexión a internet y ejecutándolo en modo administrador, y no se ha arreglado el problema, al revés, va a más. Incluso cuando estaba haciendo los pasos surgía el problema.

Te paso los informes y cuando puedas me dicen, que menuda rabia después de tantos meses que me libre de lo que quiera que fuera. Lo hago en dos partes ya que es muy largo.

  1. Malwarebytes
-Log Details-

Scan Date: 11/30/18

Scan Time: 6:29 PM

Log File: 71dd1740-f4c5-11e8-9d9a-002522f779c9.json

Administrator: Yes

-Software Information-

Version: 3.3.1.2183

Components Version: 1.0.262

Update Package Version: 1.0.7993

License: Free

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: GUERRERO\victor

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 250474

Threats Detected: 2

Threats Quarantined: 2

Time Elapsed: 5 min, 36 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 2

RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE|DEBUGGER, Quarantined, [6458], [249254],1.0.7993

RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE|DEBUGGER, Quarantined, [6458], [249254],1.0.7993

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

(end)
  1. Malwarebytes AdwCleaner 7.2.5.0

    # Build: 11-26-2018

    # Database: 2018-11-26.1 (Cloud)

    # Support: https://www.malwarebytes.com/support

    #

    # -------------------------------

    # Mode: Scan

    # -------------------------------

    # Start: 11-29-2018

    # Duration: 00:00:18

    # OS: Windows 7 Ultimate

    # Scanned: 32232

    # Detected: 3

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe

    PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ProductUpdater

    PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
  1. Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)

    Operating System: Windows 7 Ultimate x64

    Ran by victor (Administrator) on 30/11/2018 at 18:42:53,41

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    File System: 8

    Successfully deleted: C:\Users\victor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZIAK6HY (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\victor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5R3R5QS (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\victor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU8LUK9A (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\victor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWML06DN (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZIAK6HY (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5R3R5QS (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU8LUK9A (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWML06DN (Temporary Internet Files Folder)

    Registry: 0

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 30/11/2018 at 19:10:29,47

    End of JRT log
  1. FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018

Ran by victor (administrator) on GUERRERO (30-11-2018 19:11:40)

Running from C:\Users\victor\Desktop

Loaded Profiles: victor (Available Profiles: victor)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)

Internet Explorer Version 11 (Default browser not detected!)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)

HKLM-x32\...\Run: [WinZip UN] => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2268624 2018-04-22] (Corel Corporation)

HKLM-x32\...\Run: [WinZip PreLoader] => C:\Program Files (x86)\WinZip\WzPreloader.exe [124032 2018-04-22] (WinZip Computing)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)

HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)

HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)

HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-10-09] (Adobe Systems Incorporated)

IFEO\calc.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:calculator

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250

Tcpip\..\Interfaces\{4876ADD6-ACC9-4776-ADB0-CCCA4DE40942}: [DhcpNameServer] 80.58.61.254 80.58.61.250

Tcpip\..\Interfaces\{FEAF3AD1-94DC-4F13-8DD1-66239BC93032}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-795496770-4252586827-2317966144-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-795496770-4252586827-2317966144-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-08] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-08] (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:

========

FF DefaultProfile: 5vkiolxb.default

FF ProfilePath: C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default [2018-11-30]

FF Homepage: Mozilla\Firefox\Profiles\5vkiolxb.default -> hxxps://www.google.es/

FF Extension: (MyJDownloader Browser Extension) - C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default\Extensions\[email protected] [2018-01-15]

FF Extension: (Avast Online Security) - C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default\Extensions\[email protected] [2017-11-18]

FF Extension: (Adblock Plus) - C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-31]

FF ProfilePath: C:\ProgramData [2018-08-28]

FF Extension: (Muter) - C:\ProgramData\Extensions\[email protected] [2013-09-13] [Legacy] [not signed]

FF Extension: (iMacros for Firefox) - C:\ProgramData\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-09-09] [Legacy] [not signed]

FF Extension: (User Agent Switcher) - C:\ProgramData\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-09-13] [Legacy] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-07] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-07] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://google.es/

CHR Profile: C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default [2018-11-30]

CHR Extension: (Presentaciones) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-25]

CHR Extension: (Documentos) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25]

CHR Extension: (Google Drive) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-25]

CHR Extension: (YouTube) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-25]

CHR Extension: (MyJDownloader Browser Extension) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-11-07]

CHR Extension: (Hojas de cálculo) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-25]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]

CHR Extension: (AdBlock) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-13]

CHR Extension: (History Eliminator) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lofbiemelonnlhhkjgccjfjaniipinbd [2018-01-25]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]

CHR Extension: (Gmail) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-25]

CHR Extension: (Chrome Media Router) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]

CHR Profile: C:\Users\victor\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-30]

CHR Profile: C:\Users\victor\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-05-20] (Malwarebytes)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-20] (Duplex Secure Ltd.)

S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies)

U3 atpd18s4; C:\Windows\System32\Drivers\atpd18s4.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 19:11 - 2018-11-30 19:13 - 000011260 _____ C:\Users\victor\Desktop\FRST.txt

2018-11-30 19:10 - 2018-11-30 19:10 - 000001867 _____ C:\Users\victor\Desktop\JRT.txt

2018-11-30 18:27 - 2018-11-30 18:28 - 000000980 _____ C:\Users\victor\Desktop\cc_20181130_182753.reg

2018-11-30 15:08 - 2018-11-30 15:44 - 840993438 _____ C:\Users\victor\Downloads\g0th416hd.rar

2018-11-30 15:03 - 2018-11-30 15:03 - 000002097 _____ C:\Users\victor\Desktop\AppLocker.lnk

2018-11-30 15:03 - 2018-11-30 15:03 - 000000000 ____D C:\Users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart-X

2018-11-30 15:03 - 2018-11-30 15:03 - 000000000 ____D C:\Program Files (x86)\Smart-X

2018-11-30 15:01 - 2010-01-31 10:30 - 000821248 _____ C:\Users\victor\Desktop\AppLocker.Setup.msi

2018-11-30 15:00 - 2018-11-30 15:00 - 000728884 _____ C:\Users\victor\Downloads\applocker.zip

2018-11-29 15:30 - 2018-11-29 15:31 - 002417152 _____ (Farbar) C:\Users\victor\Downloads\FRST64.exe

2018-11-29 15:29 - 2018-11-29 15:29 - 007321808 _____ (Malwarebytes) C:\Users\victor\Downloads\adwcleaner_7.2.5.0.exe

2018-11-29 15:22 - 2018-11-29 15:22 - 007321808 _____ (Malwarebytes) C:\Users\victor\Downloads\adwcleaner_7.2.5.0 (1).exe

2018-11-29 15:22 - 2018-11-29 15:22 - 007321808 _____ (Malwarebytes) C:\Users\victor\Desktop\adwcleaner_7.2.5.0.exe

2018-11-26 15:48 - 2018-11-26 15:48 - 008447599 _____ C:\Users\victor\Desktop\500 kilos.mp4

2018-11-25 16:58 - 2018-11-25 16:58 - 002252389 _____ C:\Users\victor\Desktop\capitan b.jpeg

2018-11-21 13:17 - 2018-11-21 13:17 - 000000000 ____D C:\Users\victor\Desktop\Gantz

2018-11-14 13:22 - 2018-11-11 02:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2018-11-14 13:22 - 2018-11-11 02:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2018-11-14 13:22 - 2018-11-11 02:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2018-11-14 13:22 - 2018-11-11 02:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2018-11-14 13:22 - 2018-11-11 02:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2018-11-14 13:22 - 2018-11-11 02:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2018-11-14 13:22 - 2018-11-11 02:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2018-11-14 13:22 - 2018-11-11 02:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2018-11-14 13:22 - 2018-11-11 02:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2018-11-14 13:22 - 2018-11-11 02:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2018-11-14 13:22 - 2018-11-11 02:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2018-11-14 13:22 - 2018-11-11 02:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2018-11-14 13:22 - 2018-11-11 02:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll

2018-11-14 13:22 - 2018-11-11 02:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2018-11-14 13:22 - 2018-11-11 02:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2018-11-14 13:22 - 2018-11-11 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2018-11-14 13:22 - 2018-11-11 02:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2018-11-14 13:22 - 2018-11-11 02:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2018-11-14 13:22 - 2018-11-11 02:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2018-11-14 13:22 - 2018-11-11 02:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2018-11-14 13:22 - 2018-11-11 02:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2018-11-14 13:22 - 2018-11-11 02:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2018-11-14 13:22 - 2018-11-11 01:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2018-11-14 13:22 - 2018-11-11 01:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2018-11-14 13:22 - 2018-11-11 01:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2018-11-14 13:22 - 2018-11-11 01:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2018-11-14 13:22 - 2018-10-27 04:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll

2018-11-14 13:22 - 2018-10-27 04:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2018-11-14 13:22 - 2018-10-27 04:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2018-11-14 13:22 - 2018-10-27 04:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll

2018-11-14 13:22 - 2018-10-27 04:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll

2018-11-14 13:22 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll

2018-11-14 13:22 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2018-11-14 13:22 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2018-11-14 13:22 - 2018-10-27 04:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2018-11-14 13:22 - 2018-10-27 04:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2018-11-14 13:22 - 2018-10-27 04:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2018-11-14 13:22 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2018-11-14 13:22 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2018-11-14 13:22 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll

2018-11-14 13:22 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll

2018-11-14 13:22 - 2018-10-18 20:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2018-11-14 13:22 - 2018-10-18 19:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2018-11-14 13:22 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2018-11-14 13:22 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2018-11-14 13:22 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2018-11-14 13:22 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2018-11-14 13:22 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2018-11-14 13:22 - 2018-10-12 20:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2018-11-14 13:22 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2018-11-14 13:22 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2018-11-14 13:22 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2018-11-14 13:22 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2018-11-14 13:22 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2018-11-14 13:22 - 2018-10-12 02:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2018-11-14 13:22 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2018-11-14 13:22 - 2018-10-12 02:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2018-11-14 13:22 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2018-11-14 13:22 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2018-11-14 13:22 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2018-11-14 13:22 - 2018-10-06 17:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys

2018-11-14 13:22 - 2018-10-06 14:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2018-11-14 13:22 - 2018-10-06 14:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2018-11-14 13:22 - 2018-09-23 03:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2018-11-14 13:22 - 2018-09-23 03:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2018-11-14 13:22 - 2018-09-23 03:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2018-11-14 13:22 - 2018-09-23 03:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2018-11-14 13:22 - 2018-09-23 03:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2018-11-14 13:22 - 2018-09-23 03:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2018-11-14 13:22 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2018-11-14 13:22 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2018-11-14 13:22 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2018-11-14 13:22 - 2018-09-23 03:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2018-11-14 13:22 - 2018-09-23 03:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2018-11-14 13:22 - 2018-09-23 03:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2018-11-14 13:22 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2018-11-14 13:22 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2018-11-14 13:22 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2018-11-14 13:22 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls

2018-11-14 13:22 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\system32\locale.nls

2018-11-14 13:21 - 2018-11-11 02:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2018-11-14 13:21 - 2018-11-11 02:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll

2018-11-14 13:21 - 2018-11-11 02:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2018-11-14 13:21 - 2018-11-11 02:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2018-11-14 13:21 - 2018-11-11 02:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 01:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2018-11-14 13:21 - 2018-11-11 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2018-11-14 13:21 - 2018-11-11 01:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2018-11-14 13:21 - 2018-11-11 01:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2018-11-14 13:21 - 2018-11-11 01:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys

2018-11-14 13:21 - 2018-11-11 01:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll

2018-11-14 13:21 - 2018-11-11 01:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2018-11-14 13:21 - 2018-11-11 01:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2018-11-14 13:21 - 2018-11-11 01:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2018-11-14 13:21 - 2018-11-11 01:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys

2018-11-14 13:21 - 2018-11-11 01:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys

2018-11-14 13:21 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys

2018-11-14 13:21 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys

2018-11-14 13:21 - 2018-11-11 01:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2018-11-14 13:21 - 2018-11-11 01:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2018-11-14 13:21 - 2018-11-11 01:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2018-11-14 13:21 - 2018-11-11 01:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2018-11-14 13:21 - 2018-11-11 01:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2018-11-14 13:21 - 2018-11-11 01:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2018-11-14 13:21 - 2018-11-11 01:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 01:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 01:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2018-11-14 13:21 - 2018-11-11 01:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2018-11-14 13:21 - 2018-10-12 21:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2018-11-14 13:21 - 2018-10-12 21:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2018-11-14 13:21 - 2018-10-12 21:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2018-11-14 13:21 - 2018-10-12 21:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2018-11-14 13:21 - 2018-10-12 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2018-11-14 13:21 - 2018-10-12 21:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2018-11-14 13:21 - 2018-10-12 21:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2018-11-14 13:21 - 2018-10-12 21:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2018-11-14 13:21 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2018-11-14 13:21 - 2018-10-12 21:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2018-11-14 13:21 - 2018-10-12 21:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2018-11-14 13:21 - 2018-10-12 21:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2018-11-14 13:21 - 2018-10-12 21:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2018-11-14 13:21 - 2018-10-12 21:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2018-11-14 13:21 - 2018-10-12 21:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2018-11-14 13:21 - 2018-10-12 21:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2018-11-14 13:21 - 2018-10-12 21:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2018-11-14 13:21 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2018-11-14 13:21 - 2018-10-12 21:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2018-11-14 13:21 - 2018-10-12 21:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2018-11-14 13:21 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2018-11-14 13:21 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2018-11-14 13:21 - 2018-10-12 20:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2018-11-14 13:21 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2018-11-14 13:21 - 2018-10-12 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2018-11-14 13:21 - 2018-10-12 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2018-11-14 13:21 - 2018-10-12 03:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2018-11-14 13:21 - 2018-10-12 03:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2018-11-14 13:21 - 2018-10-12 03:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2018-11-14 13:21 - 2018-10-12 03:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2018-11-14 13:21 - 2018-10-12 03:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2018-11-14 13:21 - 2018-10-12 03:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2018-11-14 13:21 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2018-11-14 13:21 - 2018-10-12 03:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2018-11-14 13:21 - 2018-10-12 03:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2018-11-14 13:21 - 2018-10-12 02:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2018-11-14 13:21 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2018-11-14 13:21 - 2018-10-12 02:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2018-11-14 13:21 - 2018-10-12 02:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2018-11-14 13:21 - 2018-10-12 02:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2018-11-14 13:21 - 2018-10-12 02:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2018-11-14 13:21 - 2018-10-12 02:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2018-11-14 13:21 - 2018-10-12 02:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2018-11-14 13:21 - 2018-10-12 02:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2018-11-14 13:21 - 2018-10-12 02:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2018-11-14 13:21 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2018-11-14 13:21 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2018-11-14 13:21 - 2018-10-12 02:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2018-11-14 13:21 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2018-11-14 13:21 - 2018-09-23 03:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll

2018-11-14 13:21 - 2018-09-23 03:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2018-11-14 13:21 - 2018-09-23 03:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

2018-11-14 13:21 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2018-11-14 13:21 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll

2018-11-14 13:21 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll

2018-11-14 13:21 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

2018-11-14 13:21 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll

2018-11-14 13:21 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll

2018-11-12 12:01 - 2018-11-12 12:02 - 000734837 _____ C:\Users\victor\Downloads\Guía Correas para Levantamiento de Pesas.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 19:11 - 2017-11-16 14:54 - 000000000 ____D C:\FRST

2018-11-30 18:48 - 2017-10-31 10:43 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update

2018-11-30 18:47 - 2009-07-14 05:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2018-11-30 18:47 - 2009-07-14 05:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2018-11-30 18:39 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-11-30 18:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2018-11-30 14:56 - 2017-05-15 18:48 - 000000000 ____D C:\Users\victor\Desktop\Doc y otros a mirar

2018-11-30 14:13 - 2012-12-25 12:35 - 000000000 ____D C:\Users\victor\Desktop\Trabajo diario-Seguridad

2018-11-30 12:56 - 2009-07-14 10:31 - 000747720 _____ C:\Windows\system32\perfh00A.dat

2018-11-30 12:56 - 2009-07-14 10:31 - 000159192 _____ C:\Windows\system32\perfc00A.dat

2018-11-30 12:56 - 2009-07-14 06:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI

2018-11-29 23:22 - 2012-12-14 16:01 - 000000000 ____D C:\Users\victor\AppData\Roaming\vlc

2018-11-29 15:23 - 2017-12-31 13:23 - 000000000 ____D C:\AdwCleaner

2018-11-29 13:39 - 2014-04-19 12:24 - 000000000 ____D C:\Users\victor\AppData\Local\JDownloader v2.0

2018-11-28 20:02 - 2018-06-23 17:54 - 000000000 ____D C:\Users\victor\Desktop\Fotos próximos artículos

2018-11-28 12:38 - 2018-01-25 19:42 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-11-28 12:38 - 2018-01-25 19:42 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-11-28 12:38 - 2018-01-25 19:42 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2018-11-26 12:17 - 2009-07-14 06:08 - 000032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2018-11-23 18:39 - 2013-01-14 19:12 - 000008495 _____ C:\Windows\lviewpro.ini

2018-11-22 23:13 - 2009-07-14 05:57 - 000001547 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2018-11-17 21:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache

2018-11-15 15:48 - 2017-12-30 16:05 - 000000000 ___HD C:\Users\victor\Desktop\Nueva carpeta

2018-11-14 19:18 - 2009-07-14 05:45 - 000299536 _____ C:\Windows\system32\FNTCACHE.DAT

2018-11-14 17:16 - 2013-08-15 00:11 - 000000000 ____D C:\Windows\system32\MRT

2018-11-14 17:13 - 2012-10-08 12:54 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2018-11-13 16:08 - 2018-01-11 21:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

#2

Falta más, os lo envío cuando me aprobéis este. Gracias.


#3

Hola @jesscity7788

Pon el resto del informe de FRST y el complementario de Addition.

Saludos.


#4

Hola de nuevo. Ahí va el resto:

==================== Files in the root of some directories =======

2013-01-01 16:05 - 2013-01-01 16:05 - 000013103 _____ () C:\Users\victor\AppData\Roaming\UserTile.png

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-24 15:35

==================== End of FRST.txt ============================

5) ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018

Ran by victor (30-11-2018 19:13:38)

Running from C:\Users\victor\Desktop

Windows 7 Ultimate Service Pack 1 (X64) (2012-10-08 09:45:22)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-795496770-4252586827-2317966144-500 - Administrator - Disabled)

HomeGroupUser$ (S-1-5-21-795496770-4252586827-2317966144-2825 - Limited - Enabled)

Invitado (S-1-5-21-795496770-4252586827-2317966144-501 - Limited - Enabled)

victor (S-1-5-21-795496770-4252586827-2317966144-1000 - Administrator - Enabled) => C:\Users\victor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)

Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )

Epson Stylus SX510W_TX550W Manual (HKLM-x32\...\Epson Stylus SX510W_TX550W Manual de usuario) (Version: - )

EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)

Estudio para la mejora del producto HP ENVY 4520 series (HKLM\...\{0B5A9E46-E089-42B3-A69F-D7687C65A0BB}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)

Free MP3 Cutter Joiner 10.6 (HKLM-x32\...\{02509E6E-B951-45A8-BF42-ACFAF0D6B4DA}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)

Freemake Video Converter versión 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)

GonVisor 2.20.06 (HKLM-x32\...\GonVisor_is1) (Version: - G.A.A.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

GoPro App (HKLM-x32\...\{FA856359-2B03-4ABC-AC82-E69AF9F405CE}) (Version: 5.6.509 - GoPro, Inc.) Hidden

GoPro Studio 2.5.6 (HKLM-x32\...\{8850d4d9-a0fc-453f-ba03-ec084375d0c2}) (Version: 2.5.6.509 - GoPro, Inc.)

HP Dropbox Plugin (HKLM-x32\...\{D1C1B048-C9E8-4DF9-BAE8-45F2BA467426}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)

HP ENVY 4520 series Ayuda (HKLM-x32\...\{FB8E2FCE-C637-4CE9-B735-8647A91B0368}) (Version: 36.0.0 - Hewlett Packard)

HP ENVY 4520 series Software básico del dispositivo (HKLM\...\{1A67878A-0096-4AA9-A803-06FE96A329B4}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)

HP Google Drive Plugin (HKLM-x32\...\{6651A86A-07EA-43E0-B4EC-4E1D809AC99E}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)

Smart-X AppLocker (HKLM-x32\...\{93F33DD2-5013-493F-95A7-8C3B0245A95A}) (Version: 1.3 - Smart-X)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VFW_Codec32 (HKLM-x32\...\{AFEF72F3-EDEC-4B70-BB25-4CEA1FCBF425}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden

VFW_Codec64 (HKLM\...\{4C110871-BAC2-43D8-A892-C30FD0F58D83}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

WinZip 22.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411A}) (Version: 22.5.13114 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-795496770-4252586827-2317966144-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.WinZipExpressForOffice.dll ()

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2018-04-22] (WinZip Computing)

ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)

ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-03-25] (Alcohol Soft Development Team)

ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2018-04-22] (WinZip Computing)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)

ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2018-04-22] (WinZip Computing)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11E87B5C-33A7-46B1-8016-1B390E22CE09} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)

Task: {20CA3E8C-0C8A-4201-9140-D26DB93B49CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-25] (Google Inc.)

Task: {36B43AF6-F21D-4ED4-B42C-56C9FE64F554} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)

Task: {393D2F35-5F0A-4BC4-A68A-C3CD3EC726B6} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2018-04-22] (Corel Corporation)

Task: {397E1837-55C2-43D6-A06E-8BBCB5BB7B00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)

Task: {3E04CCCC-ECA5-4F1C-8E96-A2C841E4FB8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)

Task: {92DE3EF5-C49A-4879-810A-4D80D7907950} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2018-04-22] (Corel Corporation)

Task: {9B36A97D-470E-4175-ABE6-4D05E6203D8E} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2018-04-22] (Corel Corporation)

Task: {A23E0E33-0F6E-44A2-8E0F-7A9EDD743241} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-25] (Google Inc.)

Task: {C47FE396-9F4E-4B65-B77C-0D7BCEB9FB14} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-27] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-01-10 14:31 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

2017-12-13 19:04 - 2018-09-10 11:53 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll

2017-07-17 18:30 - 2017-07-17 18:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-05-07 15:21 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-795496770-4252586827-2317966144-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\victor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: AxAutoMntSrv => 2

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

MSCONFIG\startupreg: Epson Stylus SX510W(Red) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SB8A0.tmp" /EF "HKCU"

MSCONFIG\startupreg: EPSON SX510W Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S86A0.tmp" /EF "HKCU"

MSCONFIG\startupreg: GoPro Studio Importer => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe

MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A5276766-D06F-4631-A0A7-D61C13759D81}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe

FirewallRules: [UDP Query User{47E8B6ED-9F1B-491A-8774-1C0B1328957F}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe

FirewallRules: [TCP Query User{932E67DC-DBB4-4D6D-91F3-37EFB0687E35}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe

FirewallRules: [UDP Query User{8A4FB310-A2D9-44AE-A2B7-79069EE59D7F}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe

FirewallRules: [{2263CA24-0FB4-475E-9E40-497C340B3346}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

FirewallRules: [{55076400-229F-4B8A-87F8-CE99B480C020}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

FirewallRules: [{BACD8AD9-ECE4-4AC0-925E-83EFE8132B9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-11-2018 14:50:00 JRT Pre-Junkware Removal

30-11-2018 15:01:59 Installed Smart-X AppLocker

30-11-2018 18:42:55 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface

Description: Adaptador de tunelización Teredo de Microsoft

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (11/30/2018 06:39:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: No se puede inicializar el índice.

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/30/2018 06:39:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/30/2018 06:39:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/30/2018 06:39:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

No se ha encontrado el elemento. (HRESULT : 0x80070490) (0x80070490)

Error: (11/30/2018 06:39:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/30/2018 06:39:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/30/2018 06:39:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/30/2018 06:39:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )

Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4700}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/30/2018 06:39:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )

Description: El servicio Windows Search no puede abrir el almacén de propiedades de Jet.

Detalles:

0x%08x (0xc0041800 - La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800))

Error: (11/30/2018 06:39:47 PM) (Source: ESENT) (EventID: 455) (User: )

Description: Windows (3108) Windows: Error -1811 al abrir un archivo de registro C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00375.log.

System errors:

=============

Error: (11/30/2018 06:39:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (11/30/2018 06:39:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (11/30/2018 06:37:59 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: El servidor {82F34521-10BA-11E4-A865-D4BED9D4D463} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 11:54:36 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 11:54:10 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: El servidor {82F34521-10BA-11E4-A865-D4BED9D4D463} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 04:27:24 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 03:24:36 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 03:24:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (11/29/2018 03:24:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (11/29/2018 03:24:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio StarWind AE Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

CodeIntegrity:

===================================

Date: 2017-11-09 15:36:26.107

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 15:36:25.982

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 15:36:25.857

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 15:36:25.732

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 14:37:37.435

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 14:37:37.310

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 14:37:37.169

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-09 14:37:37.044

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-08 20:29:03.954

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-11-08 20:29:03.813

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz

Percentage of memory in use: 60%

Total physical RAM: 1719.05 MB

Available physical RAM: 675.66 MB

Total Virtual: 3438.11 MB

Available Virtual: 2365.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:39.07 GB) NTFS

Drive d: () (Fixed) (Total:270.44 GB) (Free:33.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AAC2AAC2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ===========

Un saludo y gracias.


#5

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
IFEO\calc.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:calculator
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)
U3 atpd18s4; C:\Windows\System32\Drivers\atpd18s4.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#6

Hola de nuevo. Voy por partes: 1)Antes de leer tu respuesta, instalé una aplicación llamada AppLocker que permitía bloquear la calculadora. Desde que lo hice, la calculadora no volvía a abrirse, pero el resto de problemas seguían dándose: ponerse en modo bloque, escribir letras solas e incluso pasar emails que tenía abierto ponerse solos en “correo no deseado”. 2)Hoy he hecho lo que me has pedido y al reiniciar el ordenador tras usar el FRST todo fue perfecto durante la hora que lo estuve usando. Pensaba que ya se había arreglado. 3)Esta noche he vuelto a encenderlo y se ha repetido todo al instante (palabras solas, etc), incluso la calculadora, que he visto al entrar en la aplicación applocker que ya no tenía la opción activida de bloquearla. 4)Te mando el informe:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by victor (01-12-2018 19:43:42) Run:2
Running from C:\Users\victor\Desktop
Loaded Profiles: victor (Available Profiles: victor)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
IFEO\calc.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:calculator
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)
U3 atpd18s4; C:\Windows\System32\Drivers\atpd18s4.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File => key not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File => key not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File => key not found
HKLM\Software\Classes\CLSID\ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File => key not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File => key not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File => key not found
HKLM\Software\Classes\CLSID\ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File => key not found
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)" => not found
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\calc.exe" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)" => not found
"FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)" => not found
"FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)" => not found
atpd18s4 => service not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::b929:30bb:313:ea49%10
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.33
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40391421 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 6460 B
Edge => 0 B
Chrome => 389552718 B
Firefox => 22365589 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
victor => 6884704 B

RecycleBin => 0 B
EmptyTemp: => 437.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:44:13 ====

Venga, ya me dirás. Gracias de nuevo.


#7

¿ Las palabras se repiten al abrir por ejemplo una consola u ocurre solo con la calculadora ? , ¿ Has probado a desconectar el teclado ?

( Al estar “limpio” a todos nos ha pasado que a veces es menos esperado ). Saludos!


#8

Sucede al escribir sea donde sea, en word, en internet, en notepad, en cualquier sitio y lugar, incluso aquí. Y no, no es el teclado. Hace un año más o menos tuve exactamente el mismo problema y me resolvieron en este foro tras varios pasos que me indicaron.


#9

Hola. :+1:

Veamos… antes de nada :

:warning: Por Favor, mientras estemos desinfectando/arreglando tu maquina :

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…)

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo/arreglarlo siguiendo nuestras indicaciones.

Desinstala ese programa “AppLocker” y luego REINICIAS el equipo y vuelves a generar con FRST los informes para ponerlos nuevamente.

Únicamente FRST.txt y Addition.txt

Saludos.


#10

Hola de nuevo. Te paso los informes:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by victor (administrator) on GUERRERO (03-12-2018 23:11:50)
Running from C:\Users\victor\Desktop
Loaded Profiles: victor (Available Profiles: victor)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WinZip Computing) C:\Program Files (x86)\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [WinZip UN] => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2268624 2018-04-22] (Corel Corporation)
HKLM-x32\...\Run: [WinZip PreLoader] => C:\Program Files (x86)\WinZip\WzPreloader.exe [124032 2018-04-22] (WinZip Computing)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-10-09] (Adobe Systems Incorporated)
IFEO\calc.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:calculator
IFEO\iexplore.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:Internet Explorer

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{4876ADD6-ACC9-4776-ADB0-CCCA4DE40942}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{FEAF3AD1-94DC-4F13-8DD1-66239BC93032}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-795496770-4252586827-2317966144-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-08] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: 5vkiolxb.default
FF ProfilePath: C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default [2018-12-01]
FF Homepage: Mozilla\Firefox\Profiles\5vkiolxb.default -> hxxps://www.google.es/
FF Extension: (MyJDownloader Browser Extension) - C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default\Extensions\[email protected] [2018-01-15]
FF Extension: (Avast Online Security) - C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default\Extensions\[email protected] [2017-11-18]
FF Extension: (Adblock Plus) - C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\5vkiolxb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-31]
FF ProfilePath: C:\ProgramData [2018-08-28]
FF Extension: (Muter) - C:\ProgramData\Extensions\[email protected] [2013-09-13] [Legacy] [not signed]
FF Extension: (iMacros for Firefox) - C:\ProgramData\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-09-09] [Legacy] [not signed]
FF Extension: (User Agent Switcher) - C:\ProgramData\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-09-13] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.es/
CHR Profile: C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default [2018-12-03]
CHR Extension: (Presentaciones) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-25]
CHR Extension: (Documentos) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25]
CHR Extension: (Google Drive) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-25]
CHR Extension: (YouTube) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-25]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-11-07]
CHR Extension: (Hojas de cálculo) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (AdBlock) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-13]
CHR Extension: (History Eliminator) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lofbiemelonnlhhkjgccjfjaniipinbd [2018-01-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR Profile: C:\Users\victor\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-01]
CHR Profile: C:\Users\victor\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-12-03] (Malwarebytes)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-20] (Duplex Secure Ltd.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies)
U3 a1zknbrc; C:\Windows\System32\Drivers\a1zknbrc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-03 23:11 - 2018-12-03 23:13 - 000011918 _____ C:\Users\victor\Desktop\FRST.txt
2018-12-03 15:43 - 2018-12-03 15:43 - 000140135 _____ C:\Users\victor\Downloads\CURRICULUM (1).pdf
2018-12-03 13:20 - 2018-12-03 14:09 - 1116721546 _____ C:\Users\victor\Downloads\g0th422hd.rar
2018-12-01 19:43 - 2018-12-01 19:44 - 000008570 _____ C:\Users\victor\Desktop\Fixlog.txt
2018-12-01 19:40 - 2018-12-01 19:40 - 000075408 _____ C:\Windows\ntbtlog.txt
2018-12-01 19:36 - 2018-12-01 19:36 - 000000258 _____ C:\DelFix.txt
2018-12-01 19:26 - 2018-12-01 19:26 - 000797760 _____ C:\Users\victor\Desktop\delfix.exe
2018-11-30 20:15 - 2018-12-01 19:37 - 000000000 ____D C:\Users\victor\Desktop\Informes viernes
2018-11-30 15:01 - 2010-01-31 10:30 - 000821248 _____ C:\Users\victor\Desktop\AppLocker.Setup.msi
2018-11-30 15:00 - 2018-11-30 15:00 - 000728884 _____ C:\Users\victor\Downloads\applocker.zip
2018-11-29 15:30 - 2018-11-29 15:31 - 002417152 _____ (Farbar) C:\Users\victor\Downloads\FRST64.exe
2018-11-29 15:29 - 2018-11-29 15:29 - 007321808 _____ (Malwarebytes) C:\Users\victor\Downloads\adwcleaner_7.2.5.0.exe
2018-11-29 15:22 - 2018-11-29 15:22 - 007321808 _____ (Malwarebytes) C:\Users\victor\Downloads\adwcleaner_7.2.5.0 (1).exe
2018-11-29 15:22 - 2018-11-29 15:22 - 007321808 _____ (Malwarebytes) C:\Users\victor\Desktop\adwcleaner_7.2.5.0.exe
2018-11-25 16:58 - 2018-11-25 16:58 - 002252389 _____ C:\Users\victor\Desktop\capitan b.jpeg
2018-11-21 13:17 - 2018-11-21 13:17 - 000000000 ____D C:\Users\victor\Desktop\Gantz
2018-11-14 13:22 - 2018-11-11 02:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 13:22 - 2018-11-11 02:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-14 13:22 - 2018-11-11 02:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-14 13:22 - 2018-11-11 02:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-14 13:22 - 2018-11-11 02:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-14 13:22 - 2018-11-11 02:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-14 13:22 - 2018-11-11 02:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-14 13:22 - 2018-11-11 02:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 13:22 - 2018-11-11 02:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 13:22 - 2018-11-11 02:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 13:22 - 2018-11-11 02:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-14 13:22 - 2018-11-11 02:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-14 13:22 - 2018-11-11 02:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 13:22 - 2018-11-11 02:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 13:22 - 2018-11-11 02:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-14 13:22 - 2018-11-11 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 13:22 - 2018-11-11 02:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-14 13:22 - 2018-11-11 02:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-14 13:22 - 2018-11-11 02:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-11-14 13:22 - 2018-11-11 02:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 13:22 - 2018-11-11 02:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 13:22 - 2018-11-11 02:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-14 13:22 - 2018-11-11 01:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-14 13:22 - 2018-11-11 01:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-14 13:22 - 2018-11-11 01:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-14 13:22 - 2018-11-11 01:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-14 13:22 - 2018-10-27 04:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 13:22 - 2018-10-27 04:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 13:22 - 2018-10-27 04:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 13:22 - 2018-10-27 04:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-14 13:22 - 2018-10-27 04:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 13:22 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 13:22 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 13:22 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 13:22 - 2018-10-27 04:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 13:22 - 2018-10-27 04:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 13:22 - 2018-10-27 04:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 13:22 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 13:22 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 13:22 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-11-14 13:22 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2018-11-14 13:22 - 2018-10-18 20:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-14 13:22 - 2018-10-18 19:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-11-14 13:22 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 13:22 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 13:22 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 13:22 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 13:22 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 13:22 - 2018-10-12 20:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-14 13:22 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 13:22 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 13:22 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 13:22 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 13:22 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 13:22 - 2018-10-12 02:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-14 13:22 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 13:22 - 2018-10-12 02:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-14 13:22 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 13:22 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 13:22 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 13:22 - 2018-10-06 17:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 13:22 - 2018-10-06 14:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 13:22 - 2018-10-06 14:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 13:22 - 2018-09-23 03:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 13:22 - 2018-09-23 03:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 13:22 - 2018-09-23 03:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 13:22 - 2018-09-23 03:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 13:22 - 2018-09-23 03:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 13:22 - 2018-09-23 03:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 13:22 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 13:22 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 13:22 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 13:22 - 2018-09-23 03:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 13:22 - 2018-09-23 03:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 13:22 - 2018-09-23 03:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 13:22 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 13:22 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 13:22 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 13:22 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 13:22 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-14 13:21 - 2018-11-11 02:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-14 13:21 - 2018-11-11 02:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-14 13:21 - 2018-11-11 02:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-11-14 13:21 - 2018-11-11 02:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-11-14 13:21 - 2018-11-11 02:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 01:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-14 13:21 - 2018-11-11 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-14 13:21 - 2018-11-11 01:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-14 13:21 - 2018-11-11 01:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-14 13:21 - 2018-11-11 01:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-14 13:21 - 2018-11-11 01:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-11-14 13:21 - 2018-11-11 01:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-11-14 13:21 - 2018-11-11 01:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-14 13:21 - 2018-11-11 01:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-14 13:21 - 2018-11-11 01:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-14 13:21 - 2018-11-11 01:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-14 13:21 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-14 13:21 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-14 13:21 - 2018-11-11 01:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-14 13:21 - 2018-11-11 01:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-11-14 13:21 - 2018-11-11 01:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-11-14 13:21 - 2018-11-11 01:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-11-14 13:21 - 2018-11-11 01:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-11-14 13:21 - 2018-11-11 01:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-11-14 13:21 - 2018-11-11 01:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 01:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 01:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 13:21 - 2018-11-11 01:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-14 13:21 - 2018-10-12 21:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-11-14 13:21 - 2018-10-12 21:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-11-14 13:21 - 2018-10-12 21:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-11-14 13:21 - 2018-10-12 21:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-14 13:21 - 2018-10-12 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-14 13:21 - 2018-10-12 21:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-11-14 13:21 - 2018-10-12 21:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-11-14 13:21 - 2018-10-12 21:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-11-14 13:21 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 13:21 - 2018-10-12 21:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-11-14 13:21 - 2018-10-12 21:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-11-14 13:21 - 2018-10-12 21:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-11-14 13:21 - 2018-10-12 21:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-11-14 13:21 - 2018-10-12 21:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-11-14 13:21 - 2018-10-12 21:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-14 13:21 - 2018-10-12 21:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-11-14 13:21 - 2018-10-12 21:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-11-14 13:21 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 13:21 - 2018-10-12 21:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-11-14 13:21 - 2018-10-12 21:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-11-14 13:21 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 13:21 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 13:21 - 2018-10-12 20:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-11-14 13:21 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 13:21 - 2018-10-12 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-14 13:21 - 2018-10-12 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-14 13:21 - 2018-10-12 03:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-14 13:21 - 2018-10-12 03:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-14 13:21 - 2018-10-12 03:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-14 13:21 - 2018-10-12 03:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-14 13:21 - 2018-10-12 03:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-14 13:21 - 2018-10-12 03:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-14 13:21 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 13:21 - 2018-10-12 03:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-14 13:21 - 2018-10-12 03:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-14 13:21 - 2018-10-12 02:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-14 13:21 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 13:21 - 2018-10-12 02:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-14 13:21 - 2018-10-12 02:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-14 13:21 - 2018-10-12 02:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-14 13:21 - 2018-10-12 02:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-14 13:21 - 2018-10-12 02:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-14 13:21 - 2018-10-12 02:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-14 13:21 - 2018-10-12 02:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-14 13:21 - 2018-10-12 02:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-14 13:21 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 13:21 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 13:21 - 2018-10-12 02:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-14 13:21 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 13:21 - 2018-09-23 03:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-14 13:21 - 2018-09-23 03:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-14 13:21 - 2018-09-23 03:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-14 13:21 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 13:21 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-11-14 13:21 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-11-14 13:21 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-11-14 13:21 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-11-14 13:21 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-11-12 12:01 - 2018-11-12 12:02 - 000734837 _____ C:\Users\victor\Downloads\Guía Correas para Levantamiento de Pesas.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-03 23:11 - 2018-05-19 21:38 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-03 23:11 - 2017-11-16 14:54 - 000000000 ____D C:\FRST
2018-12-03 23:11 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-03 22:41 - 2012-12-14 16:01 - 000000000 ____D C:\Users\victor\AppData\Roaming\vlc
2018-12-03 21:20 - 2012-12-25 12:35 - 000000000 ____D C:\Users\victor\Desktop\Trabajo diario-Seguridad
2018-12-03 21:19 - 2017-05-15 18:48 - 000000000 ____D C:\Users\victor\Desktop\Doc y otros a mirar
2018-12-03 19:27 - 2014-04-19 12:24 - 000000000 ____D C:\Users\victor\AppData\Local\JDownloader v2.0
2018-12-03 18:21 - 2009-07-14 05:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-03 18:21 - 2009-07-14 05:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-03 12:45 - 2013-01-14 19:12 - 000008495 _____ C:\Windows\lviewpro.ini
2018-12-03 12:45 - 2009-07-14 10:31 - 000747720 _____ C:\Windows\system32\perfh00A.dat
2018-12-03 12:45 - 2009-07-14 10:31 - 000159192 _____ C:\Windows\system32\perfc00A.dat
2018-12-03 12:45 - 2009-07-14 06:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-03 12:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-01 16:11 - 2018-06-23 17:54 - 000000000 ____D C:\Users\victor\Desktop\Fotos próximos artículos
2018-11-30 18:48 - 2017-10-31 10:43 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-29 15:23 - 2017-12-31 13:23 - 000000000 ____D C:\AdwCleaner
2018-11-28 12:38 - 2018-01-25 19:42 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-28 12:38 - 2018-01-25 19:42 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-28 12:38 - 2018-01-25 19:42 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-11-26 12:17 - 2009-07-14 06:08 - 000032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-11-22 23:13 - 2009-07-14 05:57 - 000001547 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-11-17 21:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-11-15 15:48 - 2017-12-30 16:05 - 000000000 ___HD C:\Users\victor\Desktop\Nueva carpeta
2018-11-14 19:18 - 2009-07-14 05:45 - 000299536 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-14 17:16 - 2013-08-15 00:11 - 000000000 ____D C:\Windows\system32\MRT
2018-11-14 17:13 - 2012-10-08 12:54 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-13 16:08 - 2018-01-11 21:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2013-01-01 16:05 - 2013-01-01 16:05 - 000013103 _____ () C:\Users\victor\AppData\Roaming\UserTile.png

Some files in TEMP:
====================
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole5922037583573581504.dll
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole6880173476976600114.dll
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole7785786069217695578.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-24 15:35

==================== End of FRST.txt ============================

#11

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by victor (03-12-2018 23:14:28)
Running from C:\Users\victor\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-10-08 09:45:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-795496770-4252586827-2317966144-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-795496770-4252586827-2317966144-2825 - Limited - Enabled)
Invitado (S-1-5-21-795496770-4252586827-2317966144-501 - Limited - Enabled)
victor (S-1-5-21-795496770-4252586827-2317966144-1000 - Administrator - Enabled) => C:\Users\victor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX510W_TX550W Manual (HKLM-x32\...\Epson Stylus SX510W_TX550W Manual de usuario) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Estudio para la mejora del producto HP ENVY 4520 series (HKLM\...\{0B5A9E46-E089-42B3-A69F-D7687C65A0BB}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
Free MP3 Cutter Joiner 10.6 (HKLM-x32\...\{02509E6E-B951-45A8-BF42-ACFAF0D6B4DA}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)
Freemake Video Converter versión 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
GonVisor 2.20.06 (HKLM-x32\...\GonVisor_is1) (Version:  - G.A.A.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro App (HKLM-x32\...\{FA856359-2B03-4ABC-AC82-E69AF9F405CE}) (Version: 5.6.509 - GoPro, Inc.) Hidden
GoPro Studio 2.5.6 (HKLM-x32\...\{8850d4d9-a0fc-453f-ba03-ec084375d0c2}) (Version: 2.5.6.509 - GoPro, Inc.)
HP Dropbox Plugin (HKLM-x32\...\{D1C1B048-C9E8-4DF9-BAE8-45F2BA467426}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Ayuda (HKLM-x32\...\{FB8E2FCE-C637-4CE9-B735-8647A91B0368}) (Version: 36.0.0 - Hewlett Packard)
HP ENVY 4520 series Software básico del dispositivo (HKLM\...\{1A67878A-0096-4AA9-A803-06FE96A329B4}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{6651A86A-07EA-43E0-B4EC-4E1D809AC99E}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VFW_Codec32 (HKLM-x32\...\{AFEF72F3-EDEC-4B70-BB25-4CEA1FCBF425}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{4C110871-BAC2-43D8-A892-C30FD0F58D83}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinZip 22.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411A}) (Version: 22.5.13114 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-795496770-4252586827-2317966144-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2018-04-22] (WinZip Computing)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2018-04-22] (WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2018-04-22] (WinZip Computing)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11E87B5C-33A7-46B1-8016-1B390E22CE09} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {20CA3E8C-0C8A-4201-9140-D26DB93B49CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-25] (Google Inc.)
Task: {36B43AF6-F21D-4ED4-B42C-56C9FE64F554} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {393D2F35-5F0A-4BC4-A68A-C3CD3EC726B6} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2018-04-22] (Corel Corporation)
Task: {397E1837-55C2-43D6-A06E-8BBCB5BB7B00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {3E04CCCC-ECA5-4F1C-8E96-A2C841E4FB8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {92DE3EF5-C49A-4879-810A-4D80D7907950} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2018-04-22] (Corel Corporation)
Task: {9B36A97D-470E-4175-ABE6-4D05E6203D8E} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2018-04-22] (Corel Corporation)
Task: {A23E0E33-0F6E-44A2-8E0F-7A9EDD743241} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-25] (Google Inc.)
Task: {C47FE396-9F4E-4B65-B77C-0D7BCEB9FB14} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-27] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-10 14:31 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-13 19:04 - 2018-09-10 11:53 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2017-07-17 18:30 - 2017-07-17 18:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-12-01 19:43 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-795496770-4252586827-2317966144-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\victor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: Epson Stylus SX510W(Red) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SB8A0.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON SX510W Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S86A0.tmp" /EF "HKCU"
MSCONFIG\startupreg: GoPro Studio Importer => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9FE507C0-1096-4CE3-A275-256D1635F3D8}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{BAF6016B-9260-4DCA-97EF-D70B631D6CDD}C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4520 series\bin\hpnetworkcommunicatorcom.exe

==================== Restore Points =========================

30-11-2018 15:01:59 Installed Smart-X AppLocker
30-11-2018 18:42:55 JRT Pre-Junkware Removal
03-12-2018 23:07:03 Removed Smart-X AppLocker

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Controladora de host USB estándar)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2018 11:11:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/03/2018 06:12:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/03/2018 12:36:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/02/2018 05:57:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/02/2018 01:44:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/01/2018 10:42:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/01/2018 07:46:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/01/2018 06:53:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (12/01/2018 01:06:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (11/30/2018 07:15:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Users\victor\AppData\Local\chromium\Application\chrome.exe".
No se encontró el ensamblado dependiente 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0".
Use sxstrace.exe para obtener un diagnóstico detallado.


System errors:
=============
Error: (12/03/2018 04:27:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/03/2018 12:41:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR1.

Error: (12/03/2018 12:16:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/03/2018 12:16:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {82F34521-10BA-11E4-A865-D4BED9D4D463} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/02/2018 12:07:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {82F34521-10BA-11E4-A865-D4BED9D4D463} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/01/2018 08:40:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {82F34521-10BA-11E4-A865-D4BED9D4D463} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/01/2018 07:43:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/01/2018 07:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/01/2018 07:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/01/2018 07:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.


CodeIntegrity:
===================================
  Date: 2017-11-09 15:36:26.107
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 15:36:25.982
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 15:36:25.857
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 15:36:25.732
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 14:37:37.435
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 14:37:37.310
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 14:37:37.169
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-09 14:37:37.044
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-08 20:29:03.954
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2017-11-08 20:29:03.813
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 1719.05 MB
Available physical RAM: 736.38 MB
Total Virtual: 3438.11 MB
Available Virtual: 2393.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:38.05 GB) NTFS
Drive d: () (Fixed) (Total:270.44 GB) (Free:26.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AAC2AAC2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

#12

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
IFEO\calc.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:calculator
IFEO\iexplore.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:Internet Explorer
FF Extension: (Muter) - C:\ProgramData\Extensions\[email protected] [2013-09-13] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)
U3 a1zknbrc; C:\Windows\System32\Drivers\a1zknbrc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole5922037583573581504.dll
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole6880173476976600114.dll
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole7785786069217695578.dll
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#13

Hola. No he contestado antes esperando a ver la respuesta del ordenador por un margen de 2-3 días después de hacer el último paso que me dijiste, para ver si fallaba o ya no. Lo único raro que he visto hasta ahora era que alguna página web, al estar navegando en ella, se iba directamente al final de la misma automáticamente. Por ahora, no se ha vuelto a poner en modo bloqueo, pero hace 5 minutos se ha comenzado a abrir de nuevo la calculadora por 5 ó 6 veces y se vuelven a escribir letras solas, así que algo tiene que haber todavía mal. Ahí te paso el informe


Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by victor (04-12-2018 13:28:34) Run:3
Running from C:\Users\victor\Desktop
Loaded Profiles: victor (Available Profiles: victor)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
HKU\S-1-5-21-795496770-4252586827-2317966144-1000\...\Run: [Chromium] => c:\users\victor\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
IFEO\calc.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:calculator
IFEO\iexplore.exe: [Debugger] "C:\Program Files (x86)\Smart-X\AppLocker\AppLocker.exe" /locked:Internet Explorer
FF Extension: (Muter) - C:\ProgramData\Extensions\[email protected] [2013-09-13] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-08] (Oracle Corporation)
U3 a1zknbrc; C:\Windows\System32\Drivers\a1zknbrc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole5922037583573581504.dll
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole6880173476976600114.dll
2018-12-03 16:05 - 2018-12-03 16:05 - 000040448 ____N () C:\Users\victor\AppData\Local\Temp\proxy_vole7785786069217695578.dll
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\calc.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iexplore.exe" => removed successfully
C:\ProgramData\Extensions\[email protected] => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.151.2" => removed successfully
C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2" => removed successfully
C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll => moved successfully
a1zknbrc => service not found.
C:\Users\victor\AppData\Local\Temp\proxy_vole5922037583573581504.dll => moved successfully
C:\Users\victor\AppData\Local\Temp\proxy_vole6880173476976600114.dll => moved successfully
C:\Users\victor\AppData\Local\Temp\proxy_vole7785786069217695578.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-795496770-4252586827-2317966144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::b929:30bb:313:ea49%10
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.33
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11289820 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6460 B
Edge => 0 B
Chrome => 438886038 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
victor => 159503 B

RecycleBin => 0 B
EmptyTemp: => 429.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:29:46 ====

Saludos.


#14

pd. rectifico: el ordenador ha vuelto a ponerse en modo bloqueo.


#15

Bien… y ahora vas a ejecutar un análisis con :arrow_forward: ESET Online y cuando te salga esta pantalla :


Debes seguir estos pasos :

  • 1.- Marcas :ballot_box_with_check: todas esas opciones.
  • 2.- Pulsar sobre " Cambiar……" y seleccionas todas las unidades de disco y/o usb que tengas.
  • 3.- Pulsar en “Iniciar” y comenzara el análisis.

Con esto realizaras un análisis completo de todo el equipo, cuando termines todo el proceso, guardas el informe, que veras la opción para exportar/guardar en TXT y lo dejas guardado en tu escritorio para ponerlo en tu próxima respuesta.

Finalizas el proceso desinfectando los elementos encontrados y Reinicia tu PC, y nos pones el informe en tu próxima respuesta.

Y coméntanos como funciona tu equipo.

Saludos.


#16

Ya lo he hecho, y todo sigue igual, y la calculadora ya se abre una y otra vez, bastante agobiante, decenas de veces, y lo mismo con el resto de problemas. Aquí te paso el informe:


|C:\Users\victor\Downloads\dfsetup221.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa||
|---|---|---|
|C:\Users\victor\Downloads\gu5setup.exe|Win32/UwS.GlaryUtilities.A aplicación||
|C:\Users\victor\Downloads\Install JDownloader.rar|una variante de Win32/Appwork.A aplicación potencialmente indeseable||
|C:\Documents and Settings\victor\Downloads\dfsetup221.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|C:\Documents and Settings\victor\Downloads\gu5setup.exe|Win32/UwS.GlaryUtilities.A aplicación|no se ha podido desinfectar - archivo eliminado|
|C:\Documents and Settings\victor\Downloads\Install JDownloader.rar|una variante de Win32/Appwork.A aplicación potencialmente indeseable|eliminado|

#17

Pues se complica el tema. :thinking:

Y ahora sigue estos pasos :

:white_check_mark: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Descarga la herramienta :arrow_right: ComboFix y guárdala en el escritorio. :arrow_left: Muy Importante.

:o: Nota :o: Antes de ejecutar ComboFix asegurarse de :

:white_check_mark: Cerrar TODOS los programas y/o ventanas abiertas. :negative_squared_cross_mark:

:white_check_mark: Si está utilizando Windows Vista o Windows 7/8. Haga click derecho sobre el archivo ComboFix.exe y seleccionar Ejecutar como Administrador. :negative_squared_cross_mark:

PASO 1:

  • Ejecutar el archivo ComboFix.exe
  • Aceptar los términos de licencia.
  • Si ComboFix avisa que hay una versión nueva del programa deberás descargala.
  • Si ComboFix pide instalar la Consola de Recuperación (Recovery Console) hay que instalarla.

PASO 2:

  • Copiar y pegar el reporte que ComboFix generó. Si no aparece lo encontraras en C:\ComboFix.txt
  • Comentar cómo sigue su sistema, en relación al problema planteado.

Importante :

  • Mientras esté trabajando ComboFix no ejecutar ningún software hasta que termine.
  • No reiniciar su PC, ComboFix lo hará de ser necesario.
  • Mientras ComboFix esté trabajando, no mover el mouse ya que pararía su proceso.

Saludos.


#18

Buenas. Te cuento: esta mañana encendí el ordenador y no ha aparecido nada raro, ni calculadora ni letras que se escribían solas ni bloqueos ni nada raro. Todo un misterio. Así durante las 6 horas que lo he estado usando para trabajar en word. Después de eso he pasado el combofix y acaba de terminar y por ahora bien. Eso sí, no he vuelto a hacer nada de lo que me dijiste que no hiciera, como bajarme cosas de internet (ue lo hago siempre con el programa jdownloader que ni lo he vuelto a abrir) ni he conectado discos duros externos ni usb. Y no haré nada de esto hasta que tú me digas y se confirme que el problema está solucionado porque viendo que aparece cuando le da la gana ya no sabe uno qué pensar. Te paso el informe de combofix

ComboFix 18-08-08.01 - victor 07/12/2018  16:33:17.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.1719.1028 [GMT 1:00]
Running from: c:\users\victor\Desktop\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\victor\AppData\Local\assembly\tmp
c:\users\victor\AppData\Local\assembly\tmp\E9JL9MRT\__AssemblyInfo__.ini
c:\users\victor\AppData\Local\assembly\tmp\E9JL9MRT\office.DLL
c:\users\victor\AppData\Local\assembly\tmp\LVR8L2HO\__AssemblyInfo__.ini
c:\users\victor\AppData\Local\assembly\tmp\LVR8L2HO\Microsoft.Office.Interop.Excel.DLL
c:\users\victor\AppData\Local\assembly\tmp\NQ4AXYDK\__AssemblyInfo__.ini
c:\users\victor\AppData\Local\assembly\tmp\NQ4AXYDK\AddinExpress.MSO.2005.DLL
c:\users\victor\AppData\Local\assembly\tmp\NWL2BJ03\Microsoft.Office.Interop.Word.DLL
c:\users\victor\AppData\Local\assembly\tmp\VZOJ913Q\__AssemblyInfo__.ini
c:\users\victor\AppData\Local\assembly\tmp\VZOJ913Q\WinZipExpressForOffice.DLL
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2018-11-07 to 2018-12-07  )))))))))))))))))))))))))))))))
.
.
2018-12-07 17:23 . 2018-12-07 17:23	--------	d-----w-	c:\users\Public\AppData\Local\temp
2018-12-07 17:23 . 2018-12-07 17:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2018-12-06 12:23 . 2018-12-06 12:23	--------	d-----w-	c:\program files (x86)\ESET
2018-11-14 12:21 . 2018-11-11 01:26	215552	----a-w-	c:\windows\system32\winsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-07 11:16 . 2018-05-19 20:38	253880	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2018-11-14 16:13 . 2012-10-08 11:54	137810048	-c--a-w-	c:\windows\system32\MRT.exe
2018-11-11 01:09 . 2018-11-14 12:21	44544	----a-w-	c:\windows\apppatch\acwow64.dll
2018-09-19 08:08 . 2018-10-10 10:08	343552	----a-w-	c:\windows\SysWow64\msrd3x40.dll
2018-09-09 01:02 . 2018-10-10 10:08	986824	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2018-09-09 01:02 . 2018-10-10 10:08	1680072	----a-w-	c:\windows\system32\drivers\ntfs.sys
2018-09-09 01:02 . 2018-10-10 10:08	265416	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2018-09-09 00:59 . 2018-10-10 10:08	2851840	----a-w-	c:\windows\system32\themeui.dll
2018-09-09 00:59 . 2018-10-10 10:08	2009600	----a-w-	c:\windows\system32\msxml6.dll
2018-09-09 00:59 . 2018-10-10 10:08	2048	----a-w-	c:\windows\system32\msxml6r.dll
2018-09-09 00:58 . 2018-10-10 10:08	405504	----a-w-	c:\windows\system32\gdi32.dll
2018-09-09 00:57 . 2018-10-10 10:08	144384	----a-w-	c:\windows\system32\cdd.dll
2018-09-09 00:44 . 2018-10-10 10:08	313344	----a-w-	c:\windows\SysWow64\gdi32.dll
2018-09-09 00:44 . 2018-10-10 10:08	2755584	----a-w-	c:\windows\SysWow64\themeui.dll
2018-09-09 00:43 . 2018-10-10 10:08	1391104	----a-w-	c:\windows\SysWow64\msxml6.dll
2018-09-09 00:43 . 2018-10-10 10:08	2048	----a-w-	c:\windows\SysWow64\msxml6r.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP ENVY 4520 series (NET)"="c:\program files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" [2015-03-09 3651080]
"CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner64.exe" [2018-09-10 18630056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
"WinZip UN"="c:\program files (x86)\WinZip\WZUpdateNotifier.exe" [2018-04-22 2268624]
"WinZip PreLoader"="c:\program files (x86)\WinZip\WzPreloader.exe" [2018-04-22 124032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe" [2013-10-09 829832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\epmntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EuGdiDrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64_prewin8.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64_prewin8.sys [x]
R4 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
TCP: DhcpNameServer = 80.58.61.254 80.58.61.250
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-795496770-4252586827-2317966144-1000\@*r*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-795496770-4252586827-2317966144-1000\@*Dr*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-795496770-4252586827-2317966144-1000\@*yr*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-795496770-4252586827-2317966144-1000\4˜o*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2018-12-07  18:28:15
ComboFix-quarantined-files.txt  2018-12-07 17:28
.
Pre-Run: 40.639.340.544 bytes libres
Post-Run: 39.056.916.480 bytes libres
.
- - End Of File - - 0CB64B8DB7F9B515A3B3F63047791CDE
A36C5E4F47E84449FF07ED3517B43A31

Venga, ya me dices lo que sea. Saludos.


#19

Hola.

Vas a comprobar y actualizar tu versión de Java(tienes la versión 8 Update 151 y vamos ya por la 191), debes hacerlo desde el navegador de Internet Explorer que es el unico que acepta hoy en dia Java :arrow_right: Comprobar Java y desinstalar versiones anticuadas.

Después REINICIAS el equipo y re-compruebas(con el mismo enlace) la versión que te ha quedado instalada y nos dices cual es. :thinking:


#20

ok, mañana lo haré, que después de más de diez horas con el ordenador encendido y después de dos horas viendo una película en el reproductor vlcplayer de mi ordenador (y a falta de cinco minutos) la dichosa calculadora ha vuelto a abrirse compulsivamente, desperándome nuevamente. En cuanto lo haga te vuelvo a escribir.