Chromium ? Como eliminarlo


#1

Buenas noches… ayer se me instaló en mi Pc Chromium. Cada vez que quiero abrir desde mi escritorio chrome, se me abre de forma paralela un icono similar pero se llama Chromium, y tiene en la barra de tareas a Yahoo… :frowning: He tratado de desinstalarlo, ya no aparece en la lista, pero sigue apareciendo cada vez que intento abrir chrome .

Agradecería vuestra guía para poder eliminarlo. Muchas Gracias


#2

Hola y [email protected] al nuevo Forospyware

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes , para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado, haciendo click en la sección “Analizar” y seguidamente haciendo click “Analisis personalizado” en y luego click en “Configurar análisis”, marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Si no encuentra nada, pulsamos “Omitir Reparación”
  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner. Aqui tienes manual para que sepas configurar y usarlo.

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo :

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA(programas/software/complementos/extensiones del navegador…)
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca el reporte pedido por el usuario que lo asiste como se muestra en la siguiente imagen:

Saludos


#3

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 3/1/19
Hora del análisis: 9:47
Archivo de registro: ab0971d0-0f55-11e9-a7a2-309c23b6b87d.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8605
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.472)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 267101
Amenazas detectadas: 4
Amenazas en cuarentena: 3
Tiempo transcurrido: 2 min, 56 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUP.Optional.SearchManager, HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, En cuarentena, [263], [501411],1.0.8605

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 3
PUP.Optional.SearchManager, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Error durante la eliminación, [263], [501411],1.0.8605
PUP.Optional.SearchManager, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [263], [501411],1.0.8605
PUP.Optional.SrchBar, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [260], [454807],1.0.8605

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#4
-------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-02-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.
-------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-02-2019
# Duration: 00:00:09
# OS:       Windows 10 Pro
# Scanned:  32243
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.SearchManager      Search Manager

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



-------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-03-2019
# Duration: 00:00:10
# OS:       Windows 10 Pro
# Scanned:  32243
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.SearchManager      Search Manager

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1259 octets] - [02/01/2019 09:46:38]
AdwCleaner[C00].txt - [1425 octets] - [02/01/2019 09:46:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


{
    "ContinueMBSetup": false,
    "MBInstallerPath": "",
    "ObjectsScanned": 32243,
    "ScanTime": "00:00:13",
    "ThreatsDetected": 1,
    "ThreatsRemoved": 0
}

#5

buenos días, en el tercer paso que me indicas lo del Ccleaner, hice la copia de seguridad como me indicas, pero no sé sí te lo envío y como hacerlo, gracias…


#6

Hola

Con permiso de los presentes …

Desactiva temporalmente tu antivirus y cualquier programa de seguridad que tengas en funciones.

Descarga Farbar Recovery Scan Tool en el escritorio de Tu PC. Selecciona la versión adecuada para la arquitectura (32 o 64bits) de tu equipo.

Como saber si Mi Windows es de 32 0 64 Bits`

  • Ejecuta FRST.exe
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

En Tu próxima respuesta, debes pegar los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.

Saludos


#7

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2019
Ran by user (administrator) on DESKTOP-GBKBQB4 (03-01-2019 11:28:49)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Pro Version 1803 17134.472 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\18.235.1125.0006\FileCoAuth.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-12-23] (Glarysoft Ltd)
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\MountPoints2: {b395eedf-e0e0-11e8-978f-309c23b6b87d} - "D:\HiSuiteDownLoader.exe" 
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.115.192.89 200.115.192.29 200.115.192.28
Tcpip\..\Interfaces\{38053572-846b-4434-ae61-f1f413534fa0}: [DhcpNameServer] 200.115.192.89 200.115.192.29 200.115.192.28

Internet Explorer:
==================
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-13] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-13] (Microsoft Corporation)
Handler: osf - No CLSID Value
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-13] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-29] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3372993036-2594060489-3044264507-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3372993036-2594060489-3044264507-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-01-03]
CHR Extension: (Presentaciones) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-22]
CHR Extension: (Documentos) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-22]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-22]
CHR Extension: (Hojas de cálculo) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-22]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-22]
CHR Extension: (Ad-Blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kacljcbejojnapnmiifgckbafkojcncf [2018-11-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-07]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619824 2018-12-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-01-01] (Glarysoft Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-03 11:28 - 2019-01-03 11:29 - 000011386 _____ C:\Users\user\Desktop\FRST.txt
2019-01-03 11:28 - 2019-01-03 11:28 - 000000000 ____D C:\FRST
2019-01-03 11:27 - 2019-01-03 11:27 - 000000000 ____D C:\Users\user\AppData\Local\OneDrive
2019-01-03 11:24 - 2019-01-03 11:24 - 002426368 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2019-01-03 10:27 - 2019-01-03 10:27 - 000007636 _____ C:\Users\user\Documents\cc_20190103_102733.reg
2019-01-03 10:12 - 2019-01-03 10:12 - 000003182 _____ C:\Windows\System32\Tasks\AdwCleaner_onReboot
2019-01-03 10:04 - 2019-01-03 10:04 - 007320272 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_7.2.6.0 (1).exe
2019-01-03 10:02 - 2019-01-03 10:02 - 000000000 ___HD C:\OneDriveTemp
2019-01-03 09:45 - 2019-01-03 09:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-03 09:45 - 2019-01-03 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-03 09:45 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-03 09:41 - 2019-01-03 09:42 - 081227760 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211 (1).exe
2019-01-02 23:05 - 2019-01-02 23:05 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-01-02 23:05 - 2019-01-02 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-01-02 09:49 - 2019-01-02 10:01 - 000000000 ____D C:\Users\user\AppData\Roaming\ZHP
2019-01-02 09:49 - 2019-01-02 09:53 - 000000874 _____ C:\Users\user\Desktop\ZHPCleaner.lnk
2019-01-02 09:46 - 2019-01-02 09:46 - 000000000 ____D C:\AdwCleaner
2019-01-02 09:29 - 2019-01-02 09:49 - 000000000 ____D C:\Users\user\AppData\Local\ZHP
2019-01-02 09:23 - 2019-01-02 09:23 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-02 09:23 - 2019-01-02 09:23 - 000000000 ____D C:\Windows\pss
2019-01-01 18:58 - 2019-01-01 22:33 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-01-01 18:58 - 2019-01-01 18:58 - 000028936 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2019-01-01 18:58 - 2019-01-01 18:58 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-01-01 18:58 - 2019-01-01 18:58 - 000001153 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2019-01-01 18:58 - 2019-01-01 18:58 - 000000000 ____D C:\Users\user\AppData\Roaming\GlarySoft
2019-01-01 18:58 - 2019-01-01 18:58 - 000000000 ____D C:\Users\user\AppData\Roaming\DiskDefrag
2019-01-01 18:58 - 2019-01-01 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2019-01-01 18:56 - 2019-01-01 18:56 - 017500064 _____ (Glarysoft Ltd) C:\Users\user\Downloads\gu5setup.exe
2019-01-01 18:08 - 2019-01-01 18:08 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2019-01-01 18:08 - 2019-01-01 18:08 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2019-01-01 18:07 - 2019-01-03 09:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-01 18:07 - 2019-01-01 18:07 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-01 18:06 - 2019-01-01 18:07 - 081227760 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-01 17:44 - 2019-01-03 08:34 - 000004218 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{75DCB478-9A65-47C0-B304-824FE7EE3787}
2019-01-01 17:29 - 2019-01-01 17:29 - 000000000 ____D C:\Users\user\AppData\Local\chromium
2019-01-01 17:28 - 2019-01-01 18:13 - 000000000 ____D C:\Windows\System32\Tasks\{32E76840-2C94-60B3-F4ED-56D899C5C771}
2019-01-01 17:28 - 2019-01-01 17:28 - 000000000 ____D C:\Users\user\AppData\Local\Tebedoda
2018-12-30 19:53 - 2018-09-04 19:36 - 001476904 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2018-12-28 07:51 - 2018-12-28 07:51 - 000074946 _____ C:\Users\user\Downloads\statements (1).pdf
2018-12-20 11:27 - 2018-12-14 09:24 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-12-20 11:27 - 2018-12-14 04:29 - 006567472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-20 11:27 - 2018-12-14 04:29 - 001130760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-12-20 11:27 - 2018-12-14 04:25 - 001035256 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-12-20 11:27 - 2018-12-14 04:23 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-12-20 11:27 - 2018-12-14 04:23 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-12-20 11:27 - 2018-12-14 04:23 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-12-20 11:27 - 2018-12-14 04:23 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-12-20 11:27 - 2018-12-14 04:23 - 000076088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2018-12-20 11:27 - 2018-12-14 04:22 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-20 11:27 - 2018-12-14 04:22 - 007520104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-12-20 11:27 - 2018-12-14 04:21 - 001457240 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-12-20 11:27 - 2018-12-14 04:21 - 001257672 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-12-20 11:27 - 2018-12-14 04:21 - 001140480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-12-20 11:27 - 2018-12-14 04:21 - 001098064 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-12-20 11:27 - 2018-12-14 04:21 - 000982912 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-12-20 11:27 - 2018-12-14 04:13 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-12-20 11:27 - 2018-12-14 04:12 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-12-20 11:27 - 2018-12-14 04:10 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-12-20 11:27 - 2018-12-14 04:07 - 000669696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-20 11:27 - 2018-12-14 03:55 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-12-20 11:27 - 2018-12-14 03:55 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-12-20 11:27 - 2018-12-14 03:54 - 006032384 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-12-20 11:27 - 2018-12-14 03:54 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-12-20 11:27 - 2018-12-14 03:54 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-12-20 11:27 - 2018-12-14 03:53 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-12-20 11:27 - 2018-12-14 03:52 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-12-20 11:27 - 2018-12-14 03:52 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2018-12-20 11:27 - 2018-12-14 03:51 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-12-20 11:27 - 2018-12-14 03:50 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-20 11:27 - 2018-12-14 02:34 - 000001312 _____ C:\Windows\system32\tcbres.wim
2018-12-19 00:31 - 2018-12-19 00:31 - 000000740 _____ C:\Users\user\Documents\Vídeos - Acceso directo.lnk
2018-12-17 10:31 - 2018-12-17 10:32 - 019299120 _____ (Piriform Software Ltd) C:\Users\user\Downloads\ccsetup551.exe
2018-12-12 11:32 - 2018-12-08 04:49 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-12-12 11:31 - 2018-12-08 09:48 - 000034104 _____ C:\Windows\system32\SyncAppvPublishingServer.exe
2018-12-12 11:31 - 2018-12-08 09:47 - 001786896 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 001627656 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 001422864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 001048712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 001038352 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000954384 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000830480 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000825352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000750096 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000670224 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000652296 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000645320 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000495632 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000399880 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000258064 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000231440 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2018-12-12 11:31 - 2018-12-08 09:47 - 000228368 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000201744 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2018-12-12 11:31 - 2018-12-08 09:47 - 000180752 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2018-12-12 11:31 - 2018-12-08 09:47 - 000173072 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2018-12-12 11:31 - 2018-12-08 09:46 - 000549760 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll
2018-12-12 11:31 - 2018-12-08 09:43 - 000304144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2018-12-12 11:31 - 2018-12-08 09:42 - 004527800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-12-12 11:31 - 2018-12-08 09:42 - 001634944 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-12-12 11:31 - 2018-12-08 09:42 - 001616824 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-12-12 11:31 - 2018-12-08 09:41 - 002394960 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-12-12 11:31 - 2018-12-08 09:41 - 000481880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-12-12 11:31 - 2018-12-08 09:40 - 001454648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-12-12 11:31 - 2018-12-08 09:39 - 000444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll
2018-12-12 11:31 - 2018-12-08 09:29 - 013572608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 11:31 - 2018-12-08 09:29 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-12-12 11:31 - 2018-12-08 09:28 - 012710400 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-12 11:31 - 2018-12-08 09:28 - 006586880 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2018-12-12 11:31 - 2018-12-08 09:28 - 004708864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2018-12-12 11:31 - 2018-12-08 09:27 - 005657600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-12-12 11:31 - 2018-12-08 09:27 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 11:31 - 2018-12-08 09:27 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2018-12-12 11:31 - 2018-12-08 09:27 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2018-12-12 11:31 - 2018-12-08 09:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2018-12-12 11:31 - 2018-12-08 09:25 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 11:31 - 2018-12-08 09:25 - 011902976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-12 11:31 - 2018-12-08 09:23 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-12-12 11:31 - 2018-12-08 09:23 - 002892288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-12-12 11:31 - 2018-12-08 09:23 - 001856512 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 11:31 - 2018-12-08 09:23 - 001661440 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-12 11:31 - 2018-12-08 09:23 - 000503296 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2018-12-12 11:31 - 2018-12-08 09:23 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-12-12 11:31 - 2018-12-08 09:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 11:31 - 2018-12-08 09:22 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-12 11:31 - 2018-12-08 09:22 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2018-12-12 11:31 - 2018-12-08 05:12 - 000272408 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-12-12 11:31 - 2018-12-08 05:12 - 000269336 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-12-12 11:31 - 2018-12-08 05:12 - 000092688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2018-12-12 11:31 - 2018-12-08 05:07 - 005625352 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-12-12 11:31 - 2018-12-08 05:07 - 001328632 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2018-12-12 11:31 - 2018-12-08 05:07 - 001063416 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-12-12 11:31 - 2018-12-08 05:06 - 001017168 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-12-12 11:31 - 2018-12-08 05:06 - 000777512 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-12-12 11:31 - 2018-12-08 05:06 - 000709936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-12-12 11:31 - 2018-12-08 05:06 - 000491416 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-12-12 11:31 - 2018-12-08 05:06 - 000433168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-12-12 11:31 - 2018-12-08 05:06 - 000249088 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 007436216 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 002822656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-12-12 11:31 - 2018-12-08 05:05 - 002463384 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 001935008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 001209888 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 001018880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2018-12-12 11:31 - 2018-12-08 05:05 - 000793592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-12-12 11:31 - 2018-12-08 05:05 - 000706040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-12-12 11:31 - 2018-12-08 05:05 - 000594224 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-12-12 11:31 - 2018-12-08 05:05 - 000421176 _____ (Microsoft Corporation) C:\Windows\system32\xbgmengine.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 000413920 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-12 11:31 - 2018-12-08 05:05 - 000130312 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2018-12-12 11:31 - 2018-12-08 05:05 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2018-12-12 11:31 - 2018-12-08 05:04 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 002590296 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2018-12-12 11:31 - 2018-12-08 05:04 - 002371296 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 001943328 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 001188512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 001150312 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000885760 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-12-12 11:31 - 2018-12-08 05:04 - 000527160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000416024 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000413176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-12-12 11:31 - 2018-12-08 05:04 - 000375608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 11:31 - 2018-12-08 05:04 - 000335672 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000268280 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000158624 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2018-12-12 11:31 - 2018-12-08 05:04 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-12 11:31 - 2018-12-08 05:04 - 000058168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iorate.sys
2018-12-12 11:31 - 2018-12-08 05:04 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2018-12-12 11:31 - 2018-12-08 04:47 - 000861744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-12-12 11:31 - 2018-12-08 04:47 - 000785760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 11:31 - 2018-12-08 04:46 - 002331480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-12-12 11:31 - 2018-12-08 04:46 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 11:31 - 2018-12-08 04:46 - 001397104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2018-12-12 11:31 - 2018-12-08 04:46 - 000665224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-12-12 11:31 - 2018-12-08 04:46 - 000457056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2018-12-12 11:31 - 2018-12-08 04:46 - 000101192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 004789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 002307240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2018-12-12 11:31 - 2018-12-08 04:45 - 001805656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 001620472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 001379816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 001011872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 000567256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 000356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-12-12 11:31 - 2018-12-08 04:45 - 000129296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-12-12 11:31 - 2018-12-08 04:42 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-12 11:31 - 2018-12-08 04:42 - 009084928 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2018-12-12 11:31 - 2018-12-08 04:41 - 007057408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2018-12-12 11:31 - 2018-12-08 04:40 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-12-12 11:31 - 2018-12-08 04:40 - 004384768 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-12-12 11:31 - 2018-12-08 04:39 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wpnsruprov.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 022016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 003392000 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 002739200 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\eeprov.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2018-12-12 11:31 - 2018-12-08 04:38 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2018-12-12 11:31 - 2018-12-08 04:38 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2018-12-12 11:31 - 2018-12-08 04:38 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 002825728 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000386048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\appsruprov.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2018-12-12 11:31 - 2018-12-08 04:37 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 003381248 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 003090432 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 001768448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2018-12-12 11:31 - 2018-12-08 04:36 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-12-12 11:31 - 2018-12-08 04:36 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2018-12-12 11:31 - 2018-12-08 04:36 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mmcss.sys
2018-12-12 11:31 - 2018-12-08 04:35 - 002126336 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2018-12-12 11:31 - 2018-12-08 04:35 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-12-12 11:31 - 2018-12-08 04:35 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-12-12 11:31 - 2018-12-08 04:35 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-12-12 11:31 - 2018-12-08 04:34 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-12 11:31 - 2018-12-08 04:34 - 001023488 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2018-12-12 11:31 - 2018-12-08 04:34 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2018-12-12 11:31 - 2018-12-08 04:34 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2018-12-12 11:31 - 2018-12-08 04:34 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-12-12 11:31 - 2018-12-08 04:34 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 002904064 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 001457152 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 001264640 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-12-12 11:31 - 2018-12-08 04:33 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 000823296 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2018-12-12 11:31 - 2018-12-08 04:33 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-12-12 11:31 - 2018-12-08 04:32 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-12-12 11:31 - 2018-12-08 04:32 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 11:31 - 2018-12-08 04:32 - 000796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-12-12 11:31 - 2018-12-08 04:32 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-12 11:31 - 2018-12-08 04:32 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-12-12 11:31 - 2018-12-08 04:30 - 006647296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2018-12-12 11:31 - 2018-12-08 04:30 - 002966528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-12-12 11:31 - 2018-12-08 04:30 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2018-12-12 11:31 - 2018-12-08 04:29 - 005883904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2018-12-12 11:31 - 2018-12-08 04:29 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-12-12 11:31 - 2018-12-08 04:29 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 11:31 - 2018-12-08 04:29 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2018-12-12 11:31 - 2018-12-08 04:28 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-12-12 11:31 - 2018-12-08 04:28 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-12-12 11:31 - 2018-12-08 04:28 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-12-12 11:31 - 2018-12-08 04:28 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 11:31 - 2018-12-08 04:27 - 002449408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2018-12-12 11:31 - 2018-12-08 04:27 - 001986560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2018-12-12 11:31 - 2018-12-08 04:27 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-12-12 11:31 - 2018-12-08 04:27 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-12-12 11:31 - 2018-12-08 04:27 - 000555008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 11:31 - 2018-12-08 04:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2018-12-12 11:31 - 2018-12-08 04:26 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2018-12-12 11:31 - 2018-12-08 04:26 - 000848384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2018-12-12 11:31 - 2018-12-08 04:25 - 000978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2018-12-12 11:31 - 2018-12-08 04:25 - 000856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-12-12 11:31 - 2018-12-08 04:25 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2018-12-12 11:31 - 2018-12-08 04:25 - 000702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2018-12-12 11:31 - 2018-12-08 04:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-12-12 11:31 - 2018-12-08 04:24 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 11:31 - 2018-12-08 04:24 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-12-12 11:31 - 2018-12-08 04:24 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-12 11:31 - 2018-12-08 04:24 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-12-12 11:31 - 2018-11-09 03:15 - 021388752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-12-12 11:31 - 2018-11-09 03:00 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 11:31 - 2018-11-09 02:59 - 008623616 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-12-12 11:31 - 2018-11-09 02:58 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-12-12 11:31 - 2018-11-09 02:57 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\sensrsvc.dll
2018-12-12 11:31 - 2018-11-09 02:56 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-12 11:31 - 2018-11-09 02:56 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2018-12-12 11:31 - 2018-11-09 02:56 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 11:31 - 2018-11-09 02:55 - 001254400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2018-12-12 11:31 - 2018-11-09 02:55 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-12-12 11:31 - 2018-11-09 02:54 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2018-12-12 11:31 - 2018-11-09 02:32 - 020383832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-12-12 11:31 - 2018-11-09 02:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 11:31 - 2018-11-09 02:20 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-12-12 11:31 - 2018-11-09 02:19 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-12-12 11:31 - 2018-11-09 02:18 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-12 11:31 - 2018-11-09 02:18 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2018-12-12 11:31 - 2018-11-09 02:17 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-12-12 11:31 - 2018-11-08 23:56 - 001213472 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2018-12-12 11:31 - 2018-11-08 23:49 - 000723416 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-12-12 11:31 - 2018-11-08 23:49 - 000565048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-12-12 11:31 - 2018-11-08 23:49 - 000368656 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2018-12-12 11:31 - 2018-11-08 23:48 - 003179760 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2018-12-12 11:31 - 2018-11-08 23:48 - 002719736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-12-12 11:31 - 2018-11-08 23:48 - 001613288 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2018-12-12 11:31 - 2018-11-08 23:48 - 000899920 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-12-12 11:31 - 2018-11-08 23:48 - 000766704 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-12-12 11:31 - 2018-11-08 23:48 - 000745472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-12-12 11:31 - 2018-11-08 23:48 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-12-12 11:31 - 2018-11-08 23:47 - 002765344 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-12 11:31 - 2018-11-08 23:47 - 002571128 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-12 11:31 - 2018-11-08 23:47 - 002062392 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2018-12-12 11:31 - 2018-11-08 23:47 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-12-12 11:31 - 2018-11-08 23:47 - 000930616 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2018-12-12 11:31 - 2018-11-08 23:47 - 000537912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-12-12 11:31 - 2018-11-08 23:22 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2018-12-12 11:31 - 2018-11-08 23:22 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\winhttpcom.dll
2018-12-12 11:31 - 2018-11-08 23:21 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-12 11:31 - 2018-11-08 23:21 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-12-12 11:31 - 2018-11-08 23:21 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-12-12 11:31 - 2018-11-08 23:21 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2018-12-12 11:31 - 2018-11-08 23:21 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 11:31 - 2018-11-08 23:20 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2018-12-12 11:31 - 2018-11-08 23:20 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\BthAvctpSvc.dll
2018-12-12 11:31 - 2018-11-08 23:20 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2018-12-12 11:31 - 2018-11-08 23:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2018-12-12 11:31 - 2018-11-08 23:19 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-12-12 11:31 - 2018-11-08 23:19 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-12 11:31 - 2018-11-08 23:19 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-12-12 11:31 - 2018-11-08 23:18 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-12-12 11:31 - 2018-11-08 23:18 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-12-12 11:31 - 2018-11-08 23:18 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2018-12-12 11:31 - 2018-11-08 23:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2018-12-12 11:31 - 2018-11-08 23:18 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-12-12 11:31 - 2018-11-08 23:17 - 002584576 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-12-12 11:31 - 2018-11-08 23:17 - 001069568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2018-12-12 11:31 - 2018-11-08 23:16 - 004939776 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-12 11:31 - 2018-11-08 23:16 - 002224640 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-12-12 11:31 - 2018-11-08 23:16 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2018-12-12 11:31 - 2018-11-08 23:16 - 001225216 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2018-12-12 11:31 - 2018-11-08 23:16 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 11:31 - 2018-11-08 23:15 - 000943616 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2018-12-12 11:31 - 2018-11-08 23:15 - 000933888 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-12-12 11:31 - 2018-11-08 23:15 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2018-12-12 11:31 - 2018-11-08 23:15 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-12-12 11:31 - 2018-11-08 23:07 - 002417976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-12-12 11:31 - 2018-11-08 23:07 - 001299704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2018-12-12 11:31 - 2018-11-08 22:48 - 000550728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-12-12 11:31 - 2018-11-08 22:47 - 000295224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2018-12-12 11:31 - 2018-11-08 22:46 - 002253184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-12 11:31 - 2018-11-08 22:46 - 002161008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2018-12-12 11:31 - 2018-11-08 22:46 - 001980776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-12 11:31 - 2018-11-08 22:46 - 000829960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-12-12 11:31 - 2018-11-08 22:46 - 000721024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-12-12 11:31 - 2018-11-08 22:46 - 000573504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-12-12 11:31 - 2018-11-08 22:31 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-12-12 11:31 - 2018-11-08 22:31 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-12-12 11:31 - 2018-11-08 22:30 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2018-12-12 11:31 - 2018-11-08 22:30 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttpcom.dll
2018-12-12 11:31 - 2018-11-08 22:29 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-12 11:31 - 2018-11-08 22:29 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-12 11:31 - 2018-11-08 22:29 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2018-12-12 11:31 - 2018-11-08 22:29 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-12-12 11:31 - 2018-11-08 22:28 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-12-12 11:31 - 2018-11-08 22:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2018-12-12 11:31 - 2018-11-08 22:26 - 004514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-12 11:31 - 2018-11-08 22:26 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-12-12 11:31 - 2018-11-08 22:26 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 11:31 - 2018-11-08 22:26 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-12-12 11:31 - 2018-11-08 22:25 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2018-12-12 11:31 - 2018-11-08 22:25 - 000705024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2018-12-04 08:03 - 2018-12-04 08:03 - 000062683 _____ C:\Users\user\Downloads\statements.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-03 11:22 - 2018-10-20 21:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-01-03 11:15 - 2018-10-29 12:54 - 000005332 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-GBKBQB4-user DESKTOP-GBKBQB4
2019-01-03 10:51 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-03 10:25 - 2018-04-11 20:36 - 000000000 ____D C:\Windows\INF
2019-01-03 10:19 - 2018-10-20 21:53 - 001679422 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-03 10:19 - 2018-04-12 13:19 - 000750432 _____ C:\Windows\system32\perfh00A.dat
2019-01-03 10:19 - 2018-04-12 13:19 - 000147354 _____ C:\Windows\system32\perfc00A.dat
2019-01-03 10:14 - 2018-10-20 16:15 - 000000000 ___RD C:\Users\user\OneDrive
2019-01-03 10:13 - 2018-10-24 00:02 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-01-03 10:13 - 2018-10-20 21:47 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-03 10:13 - 2018-04-11 18:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-01-02 23:04 - 2018-10-29 10:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-02 10:05 - 2018-04-11 20:38 - 000000000 ____D C:\Windows\system32\NDF
2019-01-02 10:01 - 2018-10-22 11:13 - 000000000 ____D C:\Users\user\AppData\Local\Google
2019-01-02 08:04 - 2018-04-11 20:30 - 000000000 ____D C:\Windows\CbsTemp
2019-01-01 23:04 - 2018-10-20 22:11 - 000000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform
2019-01-01 18:02 - 2018-10-20 22:11 - 000000000 ___RD C:\Users\user\3D Objects
2018-12-22 13:18 - 2018-04-11 20:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-12-20 15:15 - 2018-04-11 20:38 - 000000000 ____D C:\Windows\TextInput
2018-12-20 15:15 - 2018-04-11 20:38 - 000000000 ____D C:\Windows\bcastdvr
2018-12-20 12:23 - 2018-04-11 20:38 - 000000000 ____D C:\Windows\AppReadiness
2018-12-19 18:57 - 2018-10-22 11:13 - 000003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3372993036-2594060489-3044264507-1001UA
2018-12-19 18:57 - 2018-10-22 11:13 - 000003614 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3372993036-2594060489-3044264507-1001Core
2018-12-19 08:37 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-17 11:21 - 2018-10-20 22:11 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2018-12-17 11:21 - 2018-10-20 16:27 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2018-12-17 10:33 - 2018-11-03 19:32 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-12-17 10:33 - 2018-11-03 19:32 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-12 17:34 - 2018-10-20 22:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-12 17:33 - 2018-10-20 21:47 - 000416032 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 17:32 - 2018-04-11 20:38 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2018-12-12 17:32 - 2018-04-11 20:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-12-12 17:32 - 2018-04-11 20:38 - 000000000 ____D C:\Windows\ShellComponents
2018-12-12 17:16 - 2018-10-22 11:14 - 000002495 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 17:16 - 2018-10-22 11:14 - 000002458 _____ C:\Users\user\Desktop\Google Chrome.lnk
2018-12-12 11:37 - 2018-10-29 10:36 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 11:36 - 2018-10-29 10:36 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-11 17:16 - 2018-10-20 22:10 - 000002398 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-11 17:16 - 2018-10-20 16:18 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3372993036-2594060489-3044264507-1001
2018-12-11 09:27 - 2018-10-28 20:59 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-10 16:24 - 2018-10-20 21:47 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-12-07 08:54 - 2018-11-16 06:53 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories =======

2018-10-20 16:25 - 2018-10-20 16:25 - 000000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-20 21:47

==================== End of FRST.txt ============================

#8

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.01.2019
Ran by user (03-01-2019 11:29:36)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 1803 17134.472 (X64) (2018-10-21 00:49:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3372993036-2594060489-3044264507-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3372993036-2594060489-3044264507-503 - Limited - Disabled)
Invitado (S-1-5-21-3372993036-2594060489-3044264507-501 - Limited - Disabled)
user (S-1-5-21-3372993036-2594060489-3044264507-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-3372993036-2594060489-3044264507-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Glary Utilities 5.112 (HKLM-x32\...\Glary Utilities 5) (Version: 5.112.0.137 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 Home Premium Preview - es-es (HKLM\...\Microsoft Office Profesional 15 (Technical Preview) - es-es) (Version: 15.0.4128.1025 - Microsoft Corporation)
Microsoft Office Profesional 2016 - es-es (HKLM\...\ProfessionalRetail - es-es) (Version: 16.0.11126.20188 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.11126.20188 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\OneDriveSetup.exe) (Version: 18.235.1125.0006 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{20150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4128.1025 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{50150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4128.1022 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{20150000-008C-0C0A-0000-0000000FF1CE}) (Version: 15.0.4128.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Paint XP version 1.1 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3372993036-2594060489-3044264507-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\user\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DB1DBDF-7069-4FB1-91BF-42E0DE1FA84B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {162C7066-7D21-431B-9857-B71DDFC3483B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {1E5A53FE-46FD-4628-8A6C-E46963D9A311} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-02] (Microsoft Corporation)
Task: {2884701B-D7E1-462A-853C-A43AF42F3B5F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-02] (Microsoft Corporation)
Task: {2DEE8359-4D2E-48E0-AD86-2BA4F8A37A08} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-27] (Microsoft Corporation)
Task: {38501FAB-3D8A-4A4B-9E54-A3314AD69823} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-GBKBQB4-user DESKTOP-GBKBQB4 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2018-10-29] (Microsoft Corporation)
Task: {4C150EB9-9361-4F41-8B27-283D88B48DF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6D5814EC-5F40-4AA6-9ED4-6CD2A3F137CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {7AFD2B3E-2AD8-4BAB-89C7-283905A0F60D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-27] (Microsoft Corporation)
Task: {97881552-6856-45E2-8B26-315FB6098985} - System32\Tasks\Microsoft\Office\Actualizaciones automáticas de Office => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11] (Microsoft Corporation)
Task: {AECF6917-854B-44E4-8794-4235B7E58BEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {C4AD7342-7BE7-4899-A23E-742C83307A8F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-02] (Microsoft Corporation)
Task: {D93341C4-3867-41B7-A81B-681D4C963DF0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-02] (Microsoft Corporation)
Task: {E47BC6CE-CD83-4807-B685-8772B8CE13DD} - System32\Tasks\AdwCleaner_onReboot => C:\Users\user\Desktop\adwcleaner_7.2.6.0 (1).exe [2019-01-03] (Malwarebytes)
Task: {E510FC0F-CFF0-4323-8161-880D22AB4F14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3372993036-2594060489-3044264507-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {EB9B9210-C8DA-47CD-807A-F0AB7DD51C7E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {F7BA54BC-60FD-42A3-807D-518C5EBD1CA4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3372993036-2594060489-3044264507-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39fb14143e72e926\Chromium.lnk -> C:\Users\user\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 20:34 - 2018-04-11 20:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2018-10-29 12:28 - 2012-08-16 22:55 - 000268912 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2018-10-29 12:28 - 2012-08-16 22:57 - 000469616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2018-10-29 12:28 - 2012-09-11 18:13 - 000538224 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 11:31 - 2018-11-08 23:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-20 11:27 - 2018-12-14 03:50 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-28 20:47 - 2018-10-28 20:50 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 10:36 - 2018-12-14 10:38 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 10:36 - 2018-12-14 10:38 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-12-14 10:36 - 2018-12-14 10:38 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-14 10:36 - 2018-12-14 10:38 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-14 10:36 - 2018-12-14 10:38 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-14 10:36 - 2018-12-14 10:38 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2015-11-04 11:43 - 2015-11-04 11:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-12-10 07:09 - 2018-12-10 07:09 - 000103560 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-12-12 17:16 - 2018-12-12 02:11 - 005237216 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-12 17:16 - 2018-12-12 02:11 - 000117216 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-11-06 11:37 - 2018-11-06 11:37 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 11:37 - 2018-11-06 11:37 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 11:37 - 2018-11-06 11:37 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-11-14 08:30 - 2018-11-01 03:55 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-11-14 08:30 - 2018-11-01 03:56 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 20:38 - 2018-04-11 20:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 200.115.192.89 - 200.115.192.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B10F7474-D2A7-4122-AD54-2FBBCAA87867}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{6929F54F-AC8D-4F64-A3C5-21882DA2ACF8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation)
FirewallRules: [{3E2675E0-BA81-4E8A-8B86-E67075E807F1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{A396D730-0D98-4709-B0CB-38DD2C7F0879}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2019 09:20:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.471, marca de tiempo: 0x7e614c22
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000024989
Identificador del proceso con errores: 0xbec
Hora de inicio de la aplicación con errores: 0x01d4a294dc0be296
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Identificador del informe: 66febbf0-5abe-4509-b207-6f125e576342
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe-2147024893

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe-2147024893

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.Services.Store.Engagement_8wekyb3d8bbwe-2147024893

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe-2147024893

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.NET.Native.Runtime.2.1_8wekyb3d8bbwe-2147024893

Error: (01/01/2019 11:04:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-GBKBQB4)
Description: Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe-2147024893


System errors:
=============
Error: (01/03/2019 10:26:10 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GBKBQB4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-GBKBQB4\user con SID (S-1-5-21-3372993036-2594060489-3044264507-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:14:37 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GBKBQB4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-GBKBQB4\user con SID (S-1-5-21-3372993036-2594060489-3044264507-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:14:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:14:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:14:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:14:10 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GBKBQB4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-GBKBQB4\user con SID (S-1-5-21-3372993036-2594060489-3044264507-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:14:07 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GBKBQB4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscCloudBackupProvider
 y APPID 
No disponible
 al usuario DESKTOP-GBKBQB4\user con SID (S-1-5-21-3372993036-2594060489-3044264507-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/03/2019 10:13:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Módulos de creación de claves de IPsec para IKE y AuthIP se cerró con el siguiente error: 
El área de datos transferida a una llamada del sistema es demasiado pequeña.


Windows Defender:
===================================
Date: 2018-12-28 23:29:56.360
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {58342E1A-1F9B-43B9-AAE9-18334077C2FF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-16 11:38:41.641
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {2709127D-DC1F-4B21-B1B7-1CC004082414}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-11 17:26:14.179
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {C39C415B-D1ED-4927-B721-553FFC2D9F80}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-07 16:53:25.569
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {C4944B5F-2BF5-4379-83E0-8C6DBFA43B5A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-28 13:49:18.836
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B753CBDC-4D86-4D15-9114-36527B3510C7}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-01-02 09:33:57.341
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.2050.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-01-02 09:23:52.159
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

==================== Memory info =========================== 

Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 42%
Total physical RAM: 7384.45 MB
Available physical RAM: 4255.98 MB
Total Virtual: 8536.45 MB
Available Virtual: 4840.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:77.64 GB) NTFS

\\?\Volume{5414ba55-9078-49a4-84a7-38b934bea719}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.12 GB) NTFS
\\?\Volume{9de27a11-a8d3-4bb9-8fe7-b28141c70986}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#9

Hola

Abrí un nuevo archivo Notepad y copia y pega este contenido:

Start
CreateRestorePoint:
CloseProcesses
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
c:\users\user\appdata\local\chromium
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
2019-01-01 17:29 - 2019-01-01 17:29 - 000000000 ____D C:\Users\user\AppData\Local\chromium
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Saludos


#10

Buenos días Leo creo en mi escritorio una archivo .txt bajo el nombre fixlist.txt. Vuelvo a ejecutar Frst.exe y mi duda, desactivo antivirus?


#11

Hola

No es necesario desactivar ahora :wink:


#12

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.01.2019
Ran by user (04-01-2019 11:12:35) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses
HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
c:\users\user\appdata\local\chromium
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
2019-01-01 17:29 - 2019-01-01 17:29 - 000000000 ____D C:\Users\user\AppData\Local\chromium
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Error: (0) Failed to create a restore point.
CloseProcesses => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
c:\users\user\appdata\local\chromium => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully
HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"C:\Users\user\AppData\Local\chromium" => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

Error al renovar la interfaz Ethernet: no se puede establecer contacto con el
servidor DHCP. La solicitud super¢ el tiempo de espera.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3372993036-2594060489-3044264507-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23224215 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2515916 B
Edge => 3597 B
Chrome => 199919483 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 1844 B
NetworkService => 0 B
user => 5953384 B

RecycleBin => 7359923 B
EmptyTemp: => 237.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:13:38 ====

#13

Hola

Descargá la herramienta Delfix a Tu escritorio.

Ejecutala, Tildá la casilla Remove disinfection tools y presioná Run

Al terminar Se abrirá un reporte llamado DelFix.txt, verifica que se hayan eliminado las herramientas usadas para desinfectar el Pc.

Nos comentas como sigue …

Saludos


#15

Me sigue disparando éste mensaje :frowning:

Igualmente, cuando iniciaba el Chrome, se me iniciaba el incómodo Chromium, eso no lo veo que ocurra con todo el procedimiento ejecutado. Borré con delfix las herramientas. Sólo queda ese mensaje de Malwarebytes.


#16

Hola

Esto último que mencionas NO tiene nada que ver con lo que planteaste en el inicio del tema, que era la aparición de Chromiun.

De Todas maneras, podes restablecer Gooogle Chrome siguiendo este link:

Reestablecer la Configuraciòn de Google Chrome

Nos comentas …


#18

Buenas tardes Leo Sí, es verdad no lo comenté, porque pensé que era todo el mismo problema, ya que ambos surgieron practicamente en el mismo momento. Mi problema inicial era el Chromium (no tenía yo instalado el Malwarebytes) y luego que lo instalé, siguiendo vuestras instrucciones, comenzo lo de la ventanita… haré esa configuración y os informo… Muchas gracias

Fantástico… por lo que puedo observar TODO SOLUCIONADO!!! Agradecer, ahora sí, todo vuestro esfuerzo una vez más para ayudarme. Un abrazo Jorge


#19

Hola

Para cualquier otro problema, no dudes en volver a postear. Ya sabes dónde estamos.

Tema Solucionado

Saludos


#20