Check Log Hijackthis

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x32 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time:      23.03.2019 - 17:08 (UTC-05:00)
Language:  OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0x200A)
Elevated:  Yes
Ran by:    viagraz0r	(group: Administrator) on VIAGRAZ0R-PO, FirstRun: no

Chrome:  72.0.3626.121
Firefox: 65.0.1.6981
Internet Explorer: 11.0.9600.17840
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
   1  C:\Program Files\AVAST Software\Avast\AvastUI.exe
   1  C:\Program Files\AVAST Software\Avast\aswidsagent.exe
   2  C:\Program Files\AnyDesk\AnyDesk.exe
  18  C:\Program Files\Google\Chrome\Application\chrome.exe
   3  C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
   1  C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
   1  C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
   1  C:\Program Files\TeamViewer\TeamViewer.exe
   1  C:\Program Files\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\TeamViewer\tv_w32.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\viagraz0r\AppData\Local\MEGAsync\MEGAsync.exe
   1  C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe
   2  C:\Users\viagraz0r\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe
   1  C:\Users\viagraz0r\Desktop\HiJackThis.exe
   1  C:\Windows\System32\AEADISRV.EXE
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\hpservice.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  12  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe

O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk    ->    C:\Program Files\AnyDesk\AnyDesk.exe --control
O4 - HKCU\..\Run: [Skype for Desktop] = C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [uTorrent] = C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
O4 - HKLM\..\Run: [AutoKMS] = C:\Windows\AutoKMS.exe
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [BCSSync] = C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4 - HKU\.DEFAULT\..\RunOnce: [SPReview] = C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
O4 - MSConfig\startupreg: SoundMAXPnP [command] = C:\Program Files\Analog Devices\Core\smax4pnp.exe (HKLM) (2019/03/11)
O4 - User Startup: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk    ->    C:\Users\viagraz0r\AppData\Local\MEGAsync\MEGAsync.exe
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3150CB58-524D-4F1E-8297-B71E1D5E6E4D}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3150CB58-524D-4F1E-8297-B71E1D5E6E4D}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O23 - Service R2: Andrea ADI Filters Service - (AEADIFilters) - C:\Windows\system32\AEADISRV.EXE
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files\AnyDesk\AnyDesk.exe --service
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: HP Service - (hpsrv) - C:\Windows\system32\Hpservice.exe
O23 - Service R2: NitroPDFDriverCreatorReadSpool9 - (NitroDriverReadSpool9) - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
O23 - Service R2: NitroUpdateService - C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
O23 - Service R2: TeamViewer 14 - (TeamViewer) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: ProductAgentService - C:\Program Files\Bitdefender Agent\ProductAgentService.exe  (file missing)
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\72.0.3626.121\elevation_service.exe
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe


--
End of file - Time spent: 20,5 sec. - 11938 bytes, CRC32: FFFFFFFF. Sign: 䅲篝

Hola @viagraz0r

No comentas porque ejecutaste Hijackthis?

Cual es tu problema?, ya que la herramienta ha quedado obsoleta para el malware actual.

Salu2.

Por lo que se ve en ese registro tienes Megasync incrustado en casi todo, incluso ha generado una entrada de bloatware para productos de viagra. Desinstalalo tan pronto como puedas.

Ese archivo AutoKMS y su entrada son parte de un malware que están usando el nombre de dicho activador, el activador KMSPico real se instala bajo el nombre KMSELDI en Archivos de Programa y se ejecuta como un servicio.

1 me gusta

Hola:

Pues en realidad el nombre del usuario y del pc son muy particulares. :face_with_monocle:

Salu2

1 me gusta

Bueno, estoy ejecutando Hijackthis porque me lo recomendo un amigo… realmente es primera vez que lo utilizo, y pues mi equipo es un laptop y esta casi recien formateado… y de vez en cuando siento que se relentiza.

Adicional a todo esto, pues intenté instalar un par de emuladores de android (BlueStacks, y LeapDroid), ambos deberian ejecutarse sin problemas en este equipo y no es asi… al ejecutar bluestacks me dice que el host ha dejado de funcionar y el otro ya mencionado tampoco me funciona.

Mi nickname es Viagraz0r, quizas no hayas mal interpretado, hasta mi portatil tiene como nombre de equipo igual.

Debo cambiar de activador?

Hola chicos:

@viagraz0r

Lo que te esta comentando @Herrante es que muy probablemente estes infectado.

No damos asesoramiento sobre activadores, ya que por nuestras políticas la piratería es un delito.


Se deseas desinfectar el equipo realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Completo.
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2


# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-23-2019
# Duration: 00:00:06
# OS:       Windows 7 Ultimate
# Cleaned:  5
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\viagraz0r\AppData\Roaming\DRPSu

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Conduit
Deleted       HKLM\Software\Conduit
Deleted       HKCU\Software\drpsu
Deleted       HKLM\Software\drpsu

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1476 octets] - [23/03/2019 20:29:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


~ ZHPCleaner v2019.3.22.36 by Nicolas Coolman (2019/03/22)
~ Run by viagraz0r (Administrator)  (23/03/2019 20:51:16)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\viagraz0r\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\viagraz0r\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)

---\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)

---\  Explorador ( Archivos, Carpetas ) (6)
MOVIDO carpeta: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk  [Bad : C:\Program Files\Webteh\BSPlayer\bsplayer.exe](.AB Team.)  =>.SUP.ABTeam
MOVIDO carpeta: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\viagraz0r\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
MOVIDO archivo: C:\Users\viagraz0r\AppData\Roaming\DRPNPS  =>.SUP.DriverPack
MOVIDO archivo: C:\Program Files\Webteh  =>.SUP.ABTeam
MOVIDO archivo: C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome

---\  Registro ( Claves, Valores, Datos) (2)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su []  =>.SUP.DriverPack

---\  Resumen de elementos en su estación de trabajo (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.ABTeam
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome

---\ Limpieza adicional. (2)
~ Clave de registro Tracing borrados (2)
~ Quitar los antiguos informes de ZHPCleaner. (0)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Opera Software)

---\ STATISTIQUES
~ Items escaneado : 884
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0
~ End of clean in 00h00mn27s

---\  Reporte (2)
ZHPCleaner-[S]-23032019-20_49_23.txt
ZHPCleaner-[R]-23032019-20_51_43.txt


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 23/3/19
Hora del análisis: 20:59
Archivo de registro: 8024de8e-4dd8-11e9-bbcb-00247e3c11a8.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.9820
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: viagraz0r-PO\viagraz0r

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 157942
Amenazas detectadas: 3
Amenazas en cuarentena: 3
Tiempo transcurrido: 4 min, 3 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
CrackTool.Agent.Keygen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AutoKMS, En cuarentena, [7806], [89405],1.0.9820

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
CrackTool.Agent.Keygen, C:\WINDOWS\AUTOKMS.EXE, En cuarentena, [7806], [89405],1.0.9820
PUP.Optional.DriverPack, C:\USERS\VIAGRAZ0R\DOWNLOADS\DRIVERPACK-17-ONLINE_821015221.1549390778.EXE, En cuarentena, [988], [542228],1.0.9820

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

@SanMar

ZHPcleanner me generó 2 registros, uno de escaneo y otro de reparacion…

** creo que escaneó 16 y solo reparó 12… **

Le pregunto, requiere usted ambos registros??

Hola @viagraz0r

Por lo general no, pero como mencionas que hay diferencias, si pegalo en tu próxima respuesta.

Ademas realiza lo siguiente:

1.- Desactiva temporalmente su antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abriran dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2.

@SanMar Aca le dejo el registro que le mencione…


~ ZHPCleaner v2019.3.22.36 by Nicolas Coolman (2019/03/22)
~ Run by viagraz0r (Administrator)  (23/03/2019 20:40:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\viagraz0r\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\viagraz0r\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (10)
ENCONTRADOS carpeta: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk  [Bad : C:\Program Files\Webteh\BSPlayer\bsplayer.exe](.AB Team.)  =>.SUP.ABTeam
ENCONTRADOS carpeta: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS archivo: C:\Users\viagraz0r\AppData\Roaming\DRPNPS  =>.SUP.DriverPack
ENCONTRADOS carpeta: C:\Program Files\Webteh\BSPlayer\bsplayer.exe [AB Team - BS.Player]  =>.SUP.ABTeam
ENCONTRADOS carpeta: C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\viagraz0r\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
ENCONTRADOS archivo: C:\Program Files\Webteh\BSPlayer  =>.SUP.ABTeam
ENCONTRADOS archivo: C:\Program Files\Webteh  =>.SUP.ABTeam
ENCONTRADOS archivo: C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome


---\\  Registro ( Claves, Valores, Datos) (2)
ENCONTRADOS clave: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
ENCONTRADOS clave: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su []  =>.SUP.DriverPack


---\\  Resumen de elementos en su estación de trabajo (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.ABTeam
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 51299
~ Items encontrado : 16
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h08mn41s

---\\  Reporte (0)
ZHPCleaner-[S]-23032019-20_49_23.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-03-2019
Ran by viagraz0r (administrator) on VIAGRAZ0R-PO (24-03-2019 00:50:19)
Running from C:\Users\viagraz0r\Desktop
Loaded Profiles: viagraz0r (Available Profiles: viagraz0r)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(philandro Software GmbH -> ) C:\Program Files\AnyDesk\AnyDesk.exe
(Mega Limited -> Mega Limited) C:\Users\viagraz0r\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(philandro Software GmbH -> ) C:\Program Files\AnyDesk\AnyDesk.exe
(Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nitro PDF Software -> ) C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\viagraz0r\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\viagraz0r\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [222088 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\...\Run: [uTorrent] => C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe [1998008 2019-03-19] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-07] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-03-14]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
Startup: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-03-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\viagraz0r\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3150CB58-524D-4F1E-8297-B71E1D5E6E4D}: [NameServer] 8.8.8.8,8.8.4.4
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kf00dfv3.default
FF ProfilePath: C:\Users\viagraz0r\AppData\Roaming\Mozilla\Firefox\Profiles\kf00dfv3.default [2019-03-24]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\viagraz0r\AppData\Roaming\Mozilla\Firefox\Profiles\kf00dfv3.default\Extensions\[email protected] [2019-02-17]
FF Extension: (Avast Online Security) - C:\Users\viagraz0r\AppData\Roaming\Mozilla\Firefox\Profiles\kf00dfv3.default\Extensions\[email protected] [2019-02-06]
FF Extension: (Matte Black) - C:\Users\viagraz0r\AppData\Roaming\Mozilla\Firefox\Profiles\kf00dfv3.default\Extensions\{c01b4916-eb9f-403d-9931-9d7cb152c729}.xpi [2019-02-17]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2014-08-01] (Nitro PDF Software -> Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-05] (Google Inc -> Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-05] (Google Inc -> Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.ve/
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://bitcoinwisdom.com/markets/bitstamp/btcusd"
CHR Profile: C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default [2019-03-24]
CHR Extension: (Presentaciones) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-05]
CHR Extension: (Documentos) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-05]
CHR Extension: (Google Drive) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-05]
CHR Extension: (YouTube) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-14]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-08]
CHR Extension: (Hojas de cálculo) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-05]
CHR Extension: (Escritorio remoto de Chrome) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-07]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-05]
CHR Extension: (AdBlock) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-03-23]
CHR Extension: (Avast Online Security) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-24]
CHR Extension: (AirDroid) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2019-02-05]
CHR Extension: (Ayudante de Tramites) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpbfgcgdhmhloabdbnjcbghceicelpb [2019-02-11]
CHR Extension: (Google Play) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2019-02-05]
CHR Extension: (Google Maps) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-02-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-05]
CHR Extension: (Late Night) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2019-02-05]
CHR Extension: (Gmail) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\viagraz0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-05]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [90112 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 AnyDesk; C:\Program Files\AnyDesk\AnyDesk.exe [2126120 2019-03-14] (philandro Software GmbH -> )
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5317920 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [311592 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-08-01] (Nitro PDF Software -> Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-08-01] (Nitro PDF Software -> )
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11791704 2019-03-18] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [37696 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [381440 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (Microsoft Windows -> LSI Corp)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34696 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [172208 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [219472 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [158096 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [255216 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [51128 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [189288 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [140376 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [785584 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [402656 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [165256 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [308608 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [15544 2011-07-26] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [27968 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-06-30] (Chicony Electronics Co., Ltd. -> )
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-24 00:50 - 2019-03-24 00:51 - 000016688 _____ C:\Users\viagraz0r\Desktop\FRST.txt
2019-03-24 00:50 - 2019-03-24 00:50 - 000000000 ____D C:\FRST
2019-03-24 00:48 - 2019-03-24 00:48 - 001793024 _____ (Farbar) C:\Users\viagraz0r\Desktop\FRST.exe
2019-03-23 20:58 - 2019-03-23 20:58 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\mbam
2019-03-23 20:57 - 2019-03-23 20:57 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-23 20:57 - 2019-03-23 20:57 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\mbamtray
2019-03-23 20:57 - 2019-03-23 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-23 20:57 - 2019-03-23 20:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-23 20:57 - 2019-03-23 20:57 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-23 20:57 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-03-23 20:51 - 2019-03-23 20:51 - 000003081 _____ C:\Users\viagraz0r\Desktop\ZHPCleaner (R).txt
2019-03-23 20:49 - 2019-03-23 20:49 - 000003381 _____ C:\Users\viagraz0r\Desktop\ZHPCleaner (S).txt
2019-03-23 20:40 - 2019-03-23 20:54 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\ZHP
2019-03-23 20:40 - 2019-03-23 20:40 - 000000838 _____ C:\Users\viagraz0r\Desktop\ZHPCleaner.lnk
2019-03-23 20:40 - 2019-03-23 20:40 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\ZHP
2019-03-23 20:29 - 2019-03-23 20:30 - 000000000 ____D C:\AdwCleaner
2019-03-23 20:23 - 2019-03-23 20:23 - 000000000 ____D C:\Users\viagraz0r\Documents\registros ccleaner
2019-03-23 20:18 - 2019-03-23 20:18 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-23 20:18 - 2019-03-23 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-23 20:18 - 2019-03-23 20:18 - 000000000 ____D C:\Program Files\CCleaner
2019-03-23 20:13 - 2019-03-23 20:14 - 003120000 _____ C:\Users\viagraz0r\Downloads\ZHPCleaner.exe
2019-03-23 20:12 - 2019-03-23 20:13 - 007316688 _____ (Malwarebytes) C:\Users\viagraz0r\Downloads\adwcleaner_7.2.7.0.exe
2019-03-23 20:11 - 2019-03-23 20:13 - 021205512 _____ (Piriform Software Ltd) C:\Users\viagraz0r\Downloads\ccsetup555.exe
2019-03-23 20:08 - 2019-03-23 20:09 - 062402408 _____ (Malwarebytes ) C:\Users\viagraz0r\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9800.exe
2019-03-23 17:53 - 2019-03-23 17:54 - 000000000 ____D C:\Users\viagraz0r\Desktop\HiJackThis
2019-03-20 10:53 - 2019-03-20 10:54 - 000000000 ____D C:\Users\viagraz0r\Downloads\VKGS-1.O3-Lat72Op[MegaDescargas]
2019-03-20 10:33 - 2019-03-20 10:34 - 000000000 ____D C:\Users\viagraz0r\Downloads\VKGS-1.O2-Lat72Op[MegaDescargas]
2019-03-20 10:32 - 2019-03-20 10:33 - 000000000 ____D C:\Users\viagraz0r\Downloads\VKGS-1.O1-Lat72Op[MegaDescargas]
2019-03-20 10:15 - 2019-03-20 10:15 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-03-20 10:15 - 2019-03-20 10:15 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\Mega Limited
2019-03-20 10:14 - 2019-03-20 10:15 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\MEGAsync
2019-03-20 10:05 - 2019-03-20 10:07 - 029150648 _____ (MEGA Limited) C:\Users\viagraz0r\Downloads\MEGAsyncSetup.exe
2019-03-19 23:43 - 2019-03-20 07:12 - 000000000 ____D C:\Users\viagraz0r\Downloads\House Of Cards S01 Complete Season 1 BluRay 720p x265 HEVC [nate_666]
2019-03-19 23:43 - 2019-03-19 23:57 - 000000000 ____D C:\Users\viagraz0r\Downloads\House.of.Cards.Season.3.720p.BluRay.x264.ShAaNiG
2019-03-19 23:43 - 2019-03-19 23:52 - 000000000 ____D C:\Users\viagraz0r\Downloads\House Of Cards S02 Complete Season 2 BluRay 720p x265 HEVC [nate_666]
2019-03-19 23:32 - 2019-03-23 20:33 - 000000000 ____D C:\Users\viagraz0r\AppData\LocalLow\uTorrent
2019-03-16 22:01 - 2019-03-16 22:24 - 1998494907 ____R C:\Users\viagraz0r\Downloads\Robin.hood.2018.1080p-dual-lat-cinecalidad.to.mp4
2019-03-16 08:44 - 2019-03-16 10:34 - 000342535 _____ C:\Users\viagraz0r\Downloads\Skype-20190316-084130.jpeg
2019-03-16 08:44 - 2019-03-16 10:34 - 000336277 _____ C:\Users\viagraz0r\Downloads\Skype-20190316-084143.jpeg
2019-03-16 08:44 - 2019-03-16 10:33 - 000336095 _____ C:\Users\viagraz0r\Downloads\Skype-20190316-084203.jpeg
2019-03-16 08:44 - 2019-03-16 10:33 - 000329416 _____ C:\Users\viagraz0r\Downloads\Skype-20190316-084235.jpeg
2019-03-16 08:44 - 2019-03-16 08:44 - 000345156 _____ C:\Users\viagraz0r\Downloads\Skype-20190316-084103.jpeg
2019-03-15 23:15 - 2019-03-16 00:05 - 2246087753 ____R C:\Users\viagraz0r\Downloads\Mary.poppins.returns.2018.1080p-dual-lat-cinecalidad.is.mp4
2019-03-15 19:47 - 2019-03-15 19:47 - 000424355 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-194737.jpeg
2019-03-15 19:44 - 2019-03-15 19:44 - 000484261 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-194359.jpeg
2019-03-15 19:43 - 2019-03-15 19:43 - 000476228 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-194252.jpeg
2019-03-15 16:25 - 2019-03-15 16:25 - 000268825 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-161556.jpeg
2019-03-15 16:25 - 2019-03-15 16:25 - 000267407 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-161545.jpeg
2019-03-15 16:25 - 2019-03-15 16:25 - 000266316 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-161542.jpeg
2019-03-15 16:25 - 2019-03-15 16:25 - 000260286 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-161514.jpeg
2019-03-15 16:24 - 2019-03-15 16:24 - 000325455 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-162257.jpeg
2019-03-15 16:24 - 2019-03-15 16:24 - 000269597 _____ C:\Users\viagraz0r\Downloads\Skype-20190315-161652.jpeg
2019-03-15 11:31 - 2019-03-16 00:44 - 2466322579 ____R C:\Users\viagraz0r\Downloads\Aquaman.2018.1080p-dual-lat-cinecalidad.is.mp4
2019-03-15 11:14 - 2019-03-15 11:14 - 188823519 _____ C:\Users\viagraz0r\Downloads\BRT - 94.mp4
2019-03-14 23:32 - 2019-03-14 23:31 - 000310664 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-03-14 11:01 - 2019-03-14 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2019-03-14 11:01 - 2019-03-14 11:01 - 000000000 ____D C:\ProgramData\AnyDesk
2019-03-14 11:01 - 2019-03-14 11:01 - 000000000 ____D C:\Program Files\AnyDesk
2019-03-14 11:00 - 2019-03-14 11:05 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\AnyDesk
2019-03-14 11:00 - 2019-03-14 11:00 - 002126120 _____ C:\Users\viagraz0r\Downloads\AnyDesk.exe
2019-03-13 22:37 - 2019-03-13 22:37 - 000152434 _____ C:\Users\viagraz0r\Downloads\Skype-20190313-223520.jpeg
2019-03-13 07:21 - 2019-03-13 07:21 - 000506848 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-083614.jpeg
2019-03-13 07:20 - 2019-03-13 07:20 - 000513887 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-083648.jpeg
2019-03-13 07:20 - 2019-03-13 07:20 - 000503870 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-083804.jpeg
2019-03-13 07:20 - 2019-03-13 07:20 - 000493355 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-084053.jpeg
2019-03-13 07:20 - 2019-03-13 07:20 - 000493186 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-084004.jpeg
2019-03-13 07:19 - 2019-03-13 07:19 - 000516412 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-085137.jpeg
2019-03-13 07:19 - 2019-03-13 07:19 - 000513418 _____ C:\Users\viagraz0r\Downloads\Skype-20190307-084242.jpeg
2019-03-12 19:16 - 2019-03-12 19:16 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-03-12 11:44 - 2019-03-12 11:44 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\yiwanzhushou
2019-03-12 11:40 - 2019-03-12 19:05 - 000000000 ____D C:\Program Files\Leapdroid
2019-03-12 11:35 - 2019-03-12 11:39 - 262535736 _____ (Leapdroid) C:\Users\viagraz0r\Downloads\leapdroid-11-0-0.exe
2019-03-12 11:29 - 2019-03-12 12:02 - 467100968 _____ (BlueStack Systems Inc.) C:\Users\viagraz0r\Downloads\BlueStacks-Installer_4.60.1.1002_x86_native_fa43cf83129fc6209cc00c5dfb96d195.exe
2019-03-06 13:27 - 2019-03-06 13:28 - 000039466 _____ C:\Users\viagraz0r\Downloads\Skype-20190306-142739.jpeg
2019-03-05 09:11 - 2019-03-20 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-05 09:11 - 2019-03-05 09:11 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\Skype
2019-03-05 09:09 - 2019-03-05 09:10 - 063736856 _____ (Skype Technologies S.A.) C:\Users\viagraz0r\Downloads\Skype-8.40.0.70.exe
2019-03-04 06:34 - 2019-03-04 06:34 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\TeamViewer
2019-03-04 06:31 - 2019-03-23 20:23 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\TeamViewer
2019-03-04 06:31 - 2019-03-19 22:34 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-03-04 06:30 - 2019-03-23 20:34 - 000000000 ____D C:\Program Files\TeamViewer
2019-03-04 06:29 - 2019-03-04 06:29 - 022666096 _____ (TeamViewer GmbH) C:\Users\viagraz0r\Downloads\TeamViewer_Setup.exe
2019-03-02 07:22 - 2019-03-23 20:33 - 000000000 ___SD C:\Users\viagraz0r\AppData\LocalLow\Temp
2019-03-02 07:21 - 2019-03-24 00:51 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\uTorrent
2019-03-02 07:21 - 2019-03-02 07:21 - 000000839 _____ C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-02-24 20:54 - 2019-02-24 20:54 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-02-22 08:32 - 2019-02-22 08:32 - 000192957 _____ C:\Users\viagraz0r\Documents\solicitud antecedentes rosa elena.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-23 20:41 - 2009-07-13 23:34 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-23 20:41 - 2009-07-13 23:34 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-23 20:39 - 2019-02-05 12:46 - 001530242 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-23 20:39 - 2009-07-14 03:48 - 000694386 _____ C:\Windows\system32\perfh00A.dat
2019-03-23 20:39 - 2009-07-14 03:48 - 000134448 _____ C:\Windows\system32\perfc00A.dat
2019-03-23 20:39 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2019-03-23 20:32 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-23 20:22 - 1979-12-31 19:42 - 000000000 ____D C:\Windows\Panther
2019-03-20 19:38 - 2019-02-05 15:14 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\vlc
2019-03-20 09:39 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
2019-03-14 23:32 - 2019-02-17 06:38 - 000189288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000402656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000308608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000165256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000140376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000100984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000072800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-03-14 23:32 - 2019-02-06 15:25 - 000040688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000785584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000255216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000219472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000172208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000158096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000051128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-03-14 23:31 - 2019-02-06 15:25 - 000034696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-03-12 12:30 - 2019-02-06 15:30 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\AVAST Software
2019-03-11 22:47 - 2019-02-11 04:33 - 000000000 ____D C:\Users\viagraz0r\AppData\Local\ElevatedDiagnostics
2019-03-09 21:57 - 2019-02-05 13:42 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\BSplayer
2019-03-06 13:59 - 2019-02-05 13:07 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 09:18 - 2019-02-06 12:47 - 000000000 ____D C:\Users\viagraz0r\AppData\LocalLow\Mozilla
2019-03-04 19:06 - 2009-07-13 23:33 - 000407864 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-04 06:38 - 2019-02-05 14:37 - 000108824 _____ C:\Users\viagraz0r\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-01 17:02 - 2019-02-05 12:57 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-01 17:02 - 2019-02-05 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-01 17:02 - 2019-02-05 12:57 - 000000000 ____D C:\Program Files\WinRAR
2019-02-22 08:32 - 2019-02-06 15:05 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\Nitro PDF
2019-02-22 07:53 - 2019-02-05 14:34 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-02-22 07:53 - 2019-02-05 14:34 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2019-02-05 14:15 - 2019-02-05 14:16 - 000007605 _____ () C:\Users\viagraz0r\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-04 01:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by viagraz0r (24-03-2019 00:52:03)
Running from C:\Users\viagraz0r\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2019-02-05 17:43:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1836382108-2036010633-3172023125-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1836382108-2036010633-3172023125-1002 - Limited - Enabled)
Invitado (S-1-5-21-1836382108-2036010633-3172023125-501 - Limited - Disabled)
viagraz0r (S-1-5-21-1836382108-2036010633-3172023125-1000 - Administrator - Enabled) => C:\Users\viagraz0r

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AnyDesk (HKLM\...\AnyDesk) (Version: ad 4.3.0 - philandro Software GmbH)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x86 es-ES) (HKLM\...\Mozilla Firefox 65.0.1 (x86 es-ES)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1.6981 - Mozilla)
Nitro Pro 9 (HKLM\...\{A9CFDFAF-7A17-4438-A191-084E581DE318}) (Version: 9.5.3.8 - Nitro)
Python 3.7.2 (32-bit) (HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\...\{0f40e78b-67e1-4e0c-a2fd-e9325d9dfc82}) (Version: 3.7.2150.0 - Python Software Foundation)
Python 3.7.2 Add to Path (32-bit) (HKLM\...\{A0253733-D4C4-4964-AB97-C5C80FCD580F}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 C Runtime Library (32-bit) (HKLM\...\{151F51CB-69A7-4634-AD01-E7312B781C80}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Core Interpreter (32-bit) (HKLM\...\{3A09B849-4D48-41AA-9461-112E6CEC405D}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Development Libraries (32-bit) (HKLM\...\{A14E7090-5888-460B-9003-1C3DA5AD3D35}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Documentation (32-bit) (HKLM\...\{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Executables (32-bit) (HKLM\...\{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 pip Bootstrap (32-bit) (HKLM\...\{0D2B3674-3B1E-4281-B5FD-37D700602129}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Standard Library (32-bit) (HKLM\...\{667226B8-23CA-47C1-A070-D3B85E8C9292}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Tcl/Tk Support (32-bit) (HKLM\...\{34AD493A-01AA-4D6A-9229-BF0406F22D14}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Test Suite (32-bit) (HKLM\...\{F0B6A6E9-C7E1-4730-A29D-71C02B800028}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Utility Scripts (32-bit) (HKLM\...\{06CE3F8B-A658-462C-AD3D-FA7142297E97}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Skype versión 8.41 (HKLM\...\Skype_is1) (Version: 8.41 - Skype Technologies S.A.)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 14 (HKLM\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers1: [NPShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-08-01] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\viagraz0r\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0405631F-F124-48F8-BD28-5B399DCDAC73} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {135B2621-F877-464A-A98E-CA7E670E4D65} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
Task: {17027CB0-4B67-4D9F-872B-FE617820BC0E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {17CF5C04-719D-4A4C-934B-8191E7FED853} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1836382108-2036010633-3172023125-1000 => C:\Users\viagraz0r\AppData\Local\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {18720189-9E9B-49CF-B0DB-ABE089C01D03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8EFF3DD6-5E95-4AD8-98F7-4B849589C200} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D21AF48E-2C4F-4709-87B5-1893E069499D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {FAF80FF4-9BA7-41B7-842B-4F9875D8778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio remoto de Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2019-03-05 09:11 - 2019-03-07 19:02 - 015257088 _____ () C:\Program Files\Microsoft\Skype for Desktop\node.dll
2016-02-17 10:16 - 2016-02-17 10:16 - 023927296 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\avcodec-57.dll
2016-02-17 10:16 - 2016-02-17 10:16 - 000599552 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\avutil-55.dll
2016-02-17 10:16 - 2016-02-17 10:16 - 000287232 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\swresample-2.dll
2016-02-17 10:16 - 2016-02-17 10:16 - 006306816 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\avformat-57.dll
2016-02-17 10:16 - 2016-02-17 10:16 - 000513024 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\swscale-4.dll
2018-04-02 00:21 - 2018-04-02 00:21 - 000275456 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\libcurl.dll
2019-01-02 19:43 - 2019-01-02 19:43 - 001374208 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\LIBEAY32.dll
2019-01-02 19:43 - 2019-01-02 19:43 - 000337920 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\SSLEAY32.dll
2017-09-10 02:08 - 2017-09-10 02:08 - 000061952 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\cares.dll
2017-09-10 03:51 - 2017-09-10 03:51 - 000798208 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\libsodium.dll
2017-09-14 01:35 - 2017-09-14 01:35 - 004433920 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\Qt5Widgets.dll
2017-09-14 01:32 - 2017-09-14 01:32 - 005016576 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\Qt5Gui.dll
2019-01-10 19:29 - 2019-01-10 19:29 - 004641792 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\Qt5Core.dll
2017-09-14 01:30 - 2017-09-14 01:30 - 000851968 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\Qt5Network.dll
2017-09-14 01:37 - 2017-09-14 01:37 - 001010688 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\platforms\qwindows.dll
2017-09-14 01:37 - 2017-09-14 01:37 - 000026112 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qgif.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000033280 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qicns.dll
2017-09-14 01:37 - 2017-09-14 01:37 - 000027648 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qico.dll
2017-09-14 01:37 - 2017-09-14 01:37 - 000245760 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qjpeg.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000021504 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qsvg.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000255488 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\Qt5Svg.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000020992 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qtga.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000316416 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qtiff.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000019968 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qwbmp.dll
2017-09-14 01:42 - 2017-09-14 01:42 - 000322560 _____ () C:\Users\viagraz0r\AppData\Local\MEGAsync\imageformats\qwebp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2019-02-06 14:17 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\viagraz0r\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4F95CFEA-5943-4D73-89E9-08ACE52F825F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{93C61EF6-CE63-480D-87E4-EC8480B7AB9C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B83CC2E-A610-4280-8FA4-5B990B061B84}] => (Allow) C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7E7DA97F-BBD8-4DF7-BEAB-0EA8D4C1ADFA}] => (Allow) C:\Users\viagraz0r\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B465493A-2F70-41A8-B0DA-F507F911EED4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{0A30CE35-A2B8-4C6B-B0AF-1F7764C58535}C:\program files\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{5F13B651-461E-46E0-B803-5B01E588AF44}C:\program files\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21917B29-DD26-48FB-BC9C-A608A360B965}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E789E98B-A721-4D11-BEDE-DD97E77EF6CD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F93ED684-D4E6-40B1-B3B8-C0310B26203E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8752C3DA-8508-4F6D-B6C3-F5A02CE66913}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7C904BF0-0669-4437-A3F3-BD62B808BB30}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A9BC11E-4418-4E63-BBF1-A1AB9FDA144F}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB1F2508-31A7-4568-B786-36BE76BAC773}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{F7DBBFDE-B139-468D-AC96-E301702BBDA1}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{DDA4F53A-EA3C-437F-BA0C-16D08818DCB3}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{EF68CD22-2BE3-4E94-9EE5-9072B7D36A9F}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{49157F15-F347-42CC-927A-EFFF60B715AE}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{BCA92D06-083B-4BDF-B27C-167EAA04642F}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )

==================== Restore Points =========================

21-03-2019 21:49:16 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2019 08:34:17 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/23/2019 08:34:17 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/23/2019 08:34:17 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/23/2019 08:34:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/23/2019 08:34:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/23/2019 08:34:16 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/23/2019 08:34:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/23/2019 08:34:16 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4700}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/23/2019 08:34:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (03/23/2019 08:34:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (03/23/2019 08:30:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio HP Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/23/2019 08:30:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio NitroUpdateService se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/23/2019 08:30:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Andrea ADI Filters Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/23/2019 08:30:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (03/23/2019 08:30:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio NitroPDFDriverCreatorReadSpool9 se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/23/2019 02:11:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: El explorador maestro recibió una notificación del equipo DELL-PC
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{3150CB58-524D-4F1E-8297-B71E1D5E6E.
El explorador maestro está detenido o se está forzando una elección.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 86%
Total physical RAM: 1977.27 MB
Available physical RAM: 257.77 MB
Total Virtual: 3954.53 MB
Available Virtual: 735.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:61.58 GB) NTFS
Drive d: () (Fixed) (Total:48.95 GB) (Free:48.8 GB) NTFS

\\?\Volume{09821ccf-53c3-11bd-a77d-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 80D2F3EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola @viagraz0r

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-03-12 11:44 - 2019-03-12 11:44 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\yiwanzhushou


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Esto lo haré con DelFix?

Lo he mantenido desactivado desde que comence con los analisis y todo lo que me ha hecho hacer…

Hola @viagraz0r

Efectivamente lo realiza Delfix.

Salu2.

@SanMar

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by viagraz0r (24-03-2019 09:56:39) Run:1
Running from C:\Users\viagraz0r\Desktop
Loaded Profiles: viagraz0r (Available Profiles: viagraz0r)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-03-12 11:44 - 2019-03-12 11:44 - 000000000 ____D C:\Users\viagraz0r\AppData\Roaming\yiwanzhushou


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully.
Synth3dVsc => service removed successfully.
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully.
tsusbhub => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully.
VGPU => service removed successfully.
C:\Users\viagraz0r\AppData\Roaming\yiwanzhushou => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{AC9EFDD8-A638-4A9F-B851-E76D13DA8A98} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1836382108-2036010633-3172023125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4962521 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 12561 B
Edge => 0 B
Chrome => 347229107 B
Firefox => 18721809 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83725 B
LocalService => 132244 B
NetworkService => 66228 B
viagraz0r => 9671873 B

RecycleBin => 0 B
EmptyTemp: => 371.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:57:32 ====

Hola @viagraz0r

Perfecto, solo restaría que comentes cómo va el sistema, así indicarte los pasos para desinstalar todo y dar por resuelto el tema.

Nos comentas.

Salu2.

saludos @SanMar

Bueno, primeramente intentare instalar nuevamente el emulador de android que queria y ver si funciona esta vez…

y en cuanto a como va el sistema, le estare comentando al pasar algunos dias.

muy amable su atencion, le mantendré informada…

Hola @SanMar

Adjunto aqui, lo que me está sucediendo con la ejecucion del BlueStacks.

Tendrá algo que ver con la infeccion que tenia mi equipo, o se debe a otra cosa?

Activa la compatibilidad con virtualización en la BIOS bajo la sección de opciones del procesador o en las opciones avanzadas de la BIOS.

Si tienes un Intel se llamará Intel Virtualizatión Technology.

Hola @viagraz0r

Perfecto, esperamos tus comentarios.

Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Sigue con @Herrante por el tema de BlueStacks.

Salu2