¿Cómo elimino un win32/delf.bdv?


#1

Hola, qué tal.

Desde hace un par de semanas (que yo sepa) tengo en mi ordenador el virus siguiente: win32/delf.bdv

Según parece, llegó en un .torrent que descargué y no soy capaz de eliminarlo. Tenía como antivirus residente el McAfee, que he quitado porque evidentemente no me ha servido para evitar que el virus entre y tampoco para eliminarlo. Así que ahora sólo tengo el Defender de Windows con el Sandbox activado desde hace unos días. El caso es que también paso el SuperAntiSpyware de vez en cuando y el MalwareBytes Antimalware, pero ninguno de los dos lo detectaba tampoco. Yo notaba alguna cosilla extraña (como la disminción de velocidad o que se quedase colgada alguna ventana), así que le pasé el ESET free scan y detectó varias cosas. Se supone que desinfectó todo, menos esto:

"Memoria operativa múltiples amenazas,una variante de Win32/Delf.BDV Troyano,una variante de Win32/CoinMiner.DV aplicación potencialmente indeseable no es posible su desinfección"

He probado a pasar el ESET en modo seguro y seguro con funciones de red, pero así ni siquiera lo detecta. También he probado con el Spyhunter5, pero detecta algunas cosas y hay que comprarlo para que las desinfecte, por lo que primero quería saber si hay algo gratuito con lo que desinfectarlo. Disculpad que sea bastante ignorante con el manejo del ordenador. Si necesitáis alguna información, no dudéis en decírmelo.

Muchas gracias por vuestra atención y por vuestro tiempo. Saludos.


#2

Hola

Ejecutá un análisis con Dr. Web Cure It siguiendo Su Manual

Manual de Dr. Web Cure It

Envuelve el informe con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.


Desactiva temporalmente tu antivirus y cualquier programa de seguridad que tengas en funciones.

Descarga Farbar Recovery Scan Tool en el escritorio de Tu PC. Selecciona la versión adecuada para la arquitectura (32 o 64bits) de tu equipo.

Como saber si Mi Windows es de 32 0 64 Bits`

  • Ejecuta FRST.exe
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

En Tu próxima respuesta, debes pegar los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.

Nos comentas como sigue el problema original por el que abriste el tema.

Saludos


#3

Muchas gracias LEo, voy a seguir los pasos que me has indicado y os cuento.

Saludos.


#4
-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

F:\Descargas\spywarefighter (1).exe - quarantined
F:\Descargas\spywarefighter.exe - quarantined

Total 941790636939 bytes in 452917 files scanned (634191 objects)
Total 452934 files (634050 objects) are clean
Total 2 files are infected
Total 2 files are neutralized
Total 135 files (137 objects) are raised error condition
Scan time is 00:36:56.034

=============================================================================
Dr.Web Scanner SE for Windows v9.1.5.08060
(c) Doctor Web, Ltd., 1992-2013
Scan session started 2018/12/19 12:24:15 
Module location : C:\Users\Usuario\AppData\Local\Temp\6CAB4858-18C9B7DC-1DF0D6E8-825747E4\
=============================================================================

OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO

OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO

Time from server is: 2018-12-19 14:24:16
Using language: "Spanish (Español)"
Available instances: 10
Instances used: 10
Platform: Windows 10 Starter x64/WOW (Build 17134)
API Version: 2.2
Scanning Engine version: 11.5.4.8270
Virus Finding Engine version: 7.0.34.11020
Total 191 virus bases are loaded from C:\Users\Usuario\AppData\Local\Temp\6CAB4858-18C9B7DC-1DF0D6E8-825747E4\
05nRS3at 11.0 7fdafd6af0bc45d2c542a8de50a702af9186a85a 2016/08/08 06:16:03 14018 records - OK
0sW3qdHtzXk 11.0 f62ba429a0ba9072b9f4f29984408c8dd71c99f9 2017/10/17 06:17:29 11643 records - OK
0T1EMEBE 11.0 6a9dd18558213b21023e8de1480f8d6396ebe7bb 2017/07/31 06:31:07 5549 records - OK
1ZtzbAWynDI 11.0 9c145e2ab9df8172b0751d1b2726984a578caae3 2016/08/22 06:14:54 18467 records - OK
2DNEbC0C 11.0 6b75c145b2df09daa521cba3ee064910523e3ebd 2017/04/24 06:16:37 9818 records - OK
2o1DEkcjlP9rry 11.0 477ce58d8132ec768a7feb3ff63947dfc260b0bd 2018/02/19 05:13:10 23104 records - OK
2XeOOnfZa6 11.0 f0569f42c6db0e51dc185cff13acbabe2fe0a971 2016/04/01 07:00:00 881516 records - OK
347ygmrqSx75F4 11.0 4ee0163c2d363dcf201d8e085a0b3bbe3a341c10 2018/04/09 06:13:44 13939 records - OK
3zyjAXIB 11.0 34ee57af2a164780109fe22891d0b7fac5171e1d 2017/11/27 05:16:03 24745 records - OK
4BIBEQ1p 11.0 ed0bbe8334b3f2aa4ac6b1c084c5b278bd0d3b4c 2016/04/01 04:05:00 1 record - OK
4jB7hkvE 11.0 c9e0d5d4ea0b2996a8dd04557fb49d0df3e86153 2017/09/18 06:16:45 11238 records - OK
4jVgWwKTqcA 11.0 8bf66c46f641cc48f0a13b8c94764b0f7d4a2585 2018/06/26 08:19:12 3047 records - OK
4Z1pF25vTcosbis 11.0 f60a97fe4c7f81cdb1c72ee5646f481acf58e807 2017/09/25 06:14:15 11554 records - OK
5d7eZIZ5F2COa 11.0 85fad3213e58f6431ff2aaa2e7080a8697370140 2016/09/26 06:31:18 6603 records - OK
5wLOx0OXyxeO6U 11.0 9ba7294a4ee47c2dd956507ae0792648f610aaa6 2018/12/19 09:22:32 767 records - OK
630gPfqGXbklKK 11.0 a135a3fdd69066fc06666ee54f707c3e82ce9eaa 2016/10/24 06:16:47 13443 records - OK
6ThgktsmkdjOIzp 11.0 c2d7f85c037a54c2c9a80ca0279b96cb7c685617 2016/05/30 06:10:16 17055 records - OK
6wTEK2Jyj 11.0 d73b6009e68418ed7d1298e3fe622be4fb490c68 2016/12/27 08:24:13 3582 records - OK
76Mh9M3XLcGw 11.0 ccd86f24081c8f54a836001f64e847b3d72f013d 2018/02/26 05:17:33 8248 records - OK
77BpUK94 11.0 31c9511b2d5c70a696d61eb19bcc1ba621325582 2017/01/30 05:06:17 8625 records - OK
7cMSyJ88 11.0 a5124748402bb2edf78e0ef57c1c74c9b823148e 2016/09/13 08:44:23 3302 records - OK
7hwuBcsqyzX1 11.0 51c2f1df3ed889008d7590c9093ae2afbfbd9f12 2018/02/12 05:19:48 12962 records - OK
7KVG9T6IJkK 11.0 6bcbf9d72faf781d804e244af583d85ad8a794e7 2018/08/21 09:12:30 3685 records - OK
7qYaMz38ez3X 11.0 024be721ca584b6ccebcd4cbfe9738ecb2c3ae65 2017/01/24 08:02:28 2951 records - OK
8bZzYaytjfHA2Q 11.0 f6cc7c319ae8583f79412278b2bfcf861a2c13b2 2018/06/18 06:16:28 23644 records - OK
8G2PtPoLI8Gg8 11.0 cd16a2e068f2a409398368659ff0d3413abaf0b4 2017/07/18 08:03:12 3406 records - OK
8Kn8ECMHfT 11.0 5df64d1a6b304901956be101fe708a69ee2463ce 2016/08/16 08:54:23 3225 records - OK
8ndwhQjdOOvzRw0 11.0 9caeec1e693df451d1b4b9c98cdcfcf8a299b63c 2017/04/10 06:16:02 13918 records - OK
8WGrzBOT 11.0 6b7de778daa49c9055e758e549f9b02492c4ba37 2017/06/19 06:21:18 5433 records - OK
971E3mir 11.0 117bbf503279b67152d005c4ac4bd4b02f510bdf 2017/10/30 05:15:55 8587 records - OK
9dpXuZ56GHTwFnY 11.0 8967ac15a990c660b4e5bb5809aafc6534b803ce 2016/09/12 06:11:41 18436 records - OK
9ebZefkrm1VWLQ 11.0 8c6d12f4f67d13d3421ed9ea9dcb1d30477d8a35 2016/08/29 06:15:28 14818 records - OK
9GxMBbArO 11.0 2099c6638878a0da839fc9c2ae204022a2d4599d 2016/10/17 06:13:16 18340 records - OK
9SyQ10ZlGpHx2Y 11.0 22883ec8f3a4a5294b65a9444f4b6f7fc1ddf8bd 2017/10/10 10:07:32 3148 records - OK
9SZ3T7fKX 11.0 3e13d3c93f2bac8354210ab84660e49d2c544674 2017/07/03 06:16:18 8247 records - OK
A0HjGOCc 11.0 d9fdae541c89a68bcde9e2c8a5f4b7114727b848 2016/12/05 05:12:46 16022 records - OK
Abi16gxo1cP 11.0 03ba934a8bb0798db42735c2fa1ba0a346890d7e 2017/04/17 06:18:32 16735 records - OK
AflETkkMp 11.0 76d2755d4bb5aa17b58b759e3d662cd115b6e5d6 2016/07/18 06:12:56 15754 records - OK
aMUQGOhV 11.0 6cafa11ea126c45e4fad167ffd8ade9df5db05f5 2016/10/11 08:10:34 3111 records - OK
AsB496I3 11.0 d501b0d67f4d504833ea64d690563f6b8b590bad 2016/04/01 04:55:00 3336 records - OK
BBqeIOduke4xFeA 11.0 1f99615689135a9e62bdcac4139dfbac99eeaac1 2016/04/01 04:40:00 1 record - OK
bNnPUUAJ4ml 11.0 b1516206f2a776a9b2f7b1533970bbd87fd384ef 2017/07/24 06:16:35 12138 records - OK
BScUD7Pk504bNj 11.0 3b80c6fca86e2646cff39156c9854fd755a096e6 2018/12/19 09:23:53 1751 records - OK
BX2cK6Dd 11.0 b876a497fa5a68cbe7344eb01c4a54ad34a61fa4 2018/12/19 09:23:22 265 records - OK
bzjHQizT 11.0 49712a635167e685e99bf88c67cbcf5040cf3828 2018/02/05 05:16:28 12534 records - OK
C1uA6tRV 11.0 4de41493a1006ae02d225403fe95b9e4de6d7f93 2016/10/10 06:13:50 17088 records - OK
c6LVy6jYvP 11.0 68108a5c71d55657a0cf50264d4b1ddd003bb286 2017/06/12 06:13:12 8295 records - OK
c9tML0KqI 11.0 55051c1593bb82be6bca1b7d7d935c25e2998e30 2017/03/02 10:05:16 22637 records - OK
CERb5c0LvmbgsH 11.0 1da76a0a9f2b9742c39c45109cf08b1cefe89302 2018/04/02 06:16:40 29551 records - OK
cG4xc8lJ5PcTO5 11.0 e504f0d43c510e5e151760f53ff6192a82a9d57c 2018/10/08 06:19:29 28521 records - OK
CGvDbEq5 11.0 3d74c0cb053a1327174bcbb915a49d5ee0d862aa 2017/12/11 05:11:57 16469 records - OK
cqolK1lv0otc 11.0 465ae2afa8c7cb8586640ef6240ec7a84573e4b5 2016/04/01 04:45:00 1 record - OK
d6sHgIPGgP 11.0 29b292b7b0a4787fdf8437207b1486ae76daf224 2018/01/22 05:14:10 6670 records - OK
D7OACxn9Ow 11.0 e403de551aa0477ff62a26807be5402f3f92fa54 2017/12/04 05:21:45 32080 records - OK
DBJn9oB6x07 11.0 a34e209d9991f7a2061b4b049331eb5c6ef27ec5 2016/10/03 06:15:59 15109 records - OK
dCZCrbWbcFaOgx 11.0 5153032a150a976032db1417799601bc3ec1b9dd 2016/04/01 00:00:00 1 record - OK
DdZbHCAzK 11.0 a75f130a4ce1b2a80c14fd4ab9e06f5cc7ae42d3 2018/11/22 10:42:45 38641 records - OK
DEEBmNm7i 11.0 f64fd28c63366b7a1af6d4131e8a785d45b2de28 2018/09/11 08:53:37 3010 records - OK
dgetYIpw6YbO5m 11.0 2150d0026da9c14be24616dc43daba607c816952 2017/08/07 06:12:25 14174 records - OK
diEu8IGvNWe9q 11.0 da5c5dcd1f8e684b493ca3ddf5bd3256f3a5406f 2016/05/16 06:10:40 21344 records - OK
DJeB0NTy7zUFYF 11.0 178e79e17b305db3814b0fd20ca7e5854d51c523 2018/11/06 08:24:21 3237 records - OK
dKI8RptfEyYVf 11.0 65e205f4702c5e2e2cdd990730bd4131f071bd14 2016/04/01 11:00:00 687856 records - OK
dM97N8KXgkH 11.0 5bdfb62de40036bd521609b5cdb83e10932b8d00 2018/03/05 05:32:19 8716 records - OK
DP9M21na6P 11.0 730bcfed0b154a06a8ec01d1bf9fd9e5e9e990ac 2016/04/01 04:25:00 1 record - OK
duOkSecw7Zy 11.0 5fdfcdda4caa9bca982ff12d2cb5ccadb46a6172 2017/01/23 17:40:32 15927 records - OK
dvIo2ediGx1gC 11.0 b2945a8ff29f5f5db5afaad5215c17e85822e1db 2016/04/01 04:00:00 26380 records - OK
ebFjyiqVPN 11.0 5acf8162afdda53d5d5a9ace3e825d442130527d 2018/01/15 05:12:41 13047 records - OK
eeCEtscri6 11.0 5298e8bf46f28d98fd0e19cf71eb8410a438eab4 2017/05/23 12:29:00 4023 records - OK
EN0swPfIQrno7 11.0 44703f7e372e34433f867e7ecb7ce16f5f7b65e6 2016/06/06 06:14:26 15815 records - OK
EOdWIcJoFYvGN 11.0 990fdc0e9a656af910488f6c37409c9080cb3407 2017/11/14 06:56:30 3146 records - OK
eRxa63Y8B3q3 11.0 386fab8d4ad867246da096574bede7fda9b8ca7b 2018/05/15 08:07:41 3298 records - OK
fdZpkqcklcI6 11.0 1725221e74674e34469eb06ebcf29627c50c10f8 2017/02/21 07:53:29 3763 records - OK
FDzpqUtyWCcI3 11.0 93afc71afa7061359420ca6c0e942bc26b8a1e0b 2018/03/05 05:16:41 17479 records - OK
fEwJ3kwnQxX 11.0 74706813ef880995058b82555ee81d07c4ce1766 2018/03/19 05:19:39 18309 records - OK
flmu9rGY3ExW 11.0 592eca685f9428b7f089b894c6d3b8e557b9006e 2017/01/02 05:17:54 12239 records - OK
fuXxDoS6 11.0 a6dcbf846bdc849aacce7effc1dcd7ca6cf01c7c 2016/08/01 06:13:02 14343 records - OK
fx9mxJ95cvZ 11.0 f707b1bc42497b272f3e3e499a34d546cd95134d 2018/10/22 06:17:53 27948 records - OK
g1QBm2wVIfG 11.0 8eee181e579565d47a5f2d35c4fa526cd6220088 2016/11/01 07:45:00 3082 records - OK
g65Cu3of7 11.0 61b41ab6d5234b280a8ca83ff45ed8735d93f9a9 2017/06/26 06:14:11 6456 records - OK
gBmSKmcvq 11.0 0c05e7bc4cc14369b226d85961383153bfd7da49 2017/11/13 05:16:43 7717 records - OK
gINOzJ9ZQP08 11.0 8fdfc996390c3d3d45bceba1e7056cd9fd412a0e 2018/09/10 06:21:44 26694 records - OK
heMlhkoK3PMB 11.0 86b38cf7bc1791b1f189b15d4c489cfd49e5e7ee 2018/01/08 05:16:57 6176 records - OK
HjR9C0W06Cf 11.0 ba0dda886f29314bf42a7ce5e2a0000bbd8b55e1 2016/04/01 08:00:00 489637 records - OK
i39AtFBB6C4BO 11.0 b928500ae84a56a28496150a8cc4dde46ff104f9 2017/01/16 05:18:08 13503 records - OK
JDecCokSoe 11.0 15066e0b61a68c12c9c841801ddb1111c183c28e 2016/08/15 06:12:00 14849 records - OK
JeAbEMpmU81 11.0 19f811a43c58f8a6b877c05b7d08a31783a171f7 2016/06/15 14:53:28 3315 records - OK
jgThLTFr 11.0 b95ae0842f857368a46901d5bd6c8fd15eb7563c 2017/02/20 05:08:25 14855 records - OK
jl0kVVS21u 11.0 c8bf781154e166e6082a4ec640afb62624b0f983 2016/04/01 04:10:00 1 record - OK
jLJbjNq74 11.0 bf55478b5b7ee7425a4223ded60f0ebc0c2be550 2017/02/06 05:09:26 8440 records - OK
JMQghIyDI5hSGx 11.0 35d3c77be303720e4835c570b2c2a3b27f34b93b 2017/08/21 06:16:03 11762 records - OK
JoiIj1vFSN7aM 11.0 9fd0c87ad77952276a7bd95c5a5a934973c314d2 2017/06/20 09:05:07 3748 records - OK
JR7PhKAJwEA 11.0 e0496f24d38f6043ff1b3d52ac487a3a56f96cd2 2017/03/21 08:33:52 3860 records - OK
jrVRXjqHO43mt 11.0 3896959cf0835cda066acf5487859a53a66bec69 2018/09/24 06:18:40 26434 records - OK
JtniavF4J7YjHl9 11.0 fd30f14ecfd59cb48fc18c225a6ee411c0173d66 2018/07/16 06:17:02 27692 records - OK
JwPo0CMz2 11.0 4d36f217e4f110f3b0c6b16c98f7bc1bfbabec82 2017/12/19 07:55:29 3527 records - OK
K3azk1xAw6dO 11.0 1e95e02f06f1b83a2d76f8dabe1effc3b54264b0 2017/06/05 06:16:13 8095 records - OK
kBKdkyvx 11.0 c208bb115a2e9dbcc8522837fa58f01aa3c6ceed 2016/04/01 06:00:00 775743 records - OK
KinKWeFkSs 11.0 2069cf1d3e853da32b63781a7eca590f76ba7324 2018/03/27 09:02:42 3309 records - OK
KmX2VCEQ 11.0 ba42edaa09aca99a509525b1fbcb7815fd89f5a0 2016/04/26 13:45:00 1 record - OK
KNpsWYyOkeMEB 11.0 77edd51deca7afd058863ca5fe789e7f5be04900 2016/06/20 06:16:59 12501 records - OK
kzScW6oD 11.0 d72daf0fbaf1d415816075f3ce23e0fe203ee0c3 2017/03/20 05:12:56 16658 records - OK
LDRp04vRW3u 11.0 17965041078e137355da10d169e96ab0a0db5b33 2018/04/02 06:32:14 9735 records - OK
lTxjs1NI6jG 11.0 517e4bdf7c878c0ddd971eb66598d50880a5220b 2017/11/20 05:19:24 10019 records - OK
luZuUj7COjPQ 11.0 8dfe836d27088cea3d81fea5dadfa851d23bf8b9 2016/09/26 06:12:20 25320 records - OK
mdudG3wXaB 11.0 f872cd428376b431e0ba313c2ceb836b7c8a077d 2018/07/16 06:35:03 8787 records - OK
MdvixQwWzfv 11.0 5f7a7347173b9573a012511408ae69e8a803825a 2016/12/19 05:13:45 12189 records - OK
mfEQ2dHc 11.0 7501518314c2506f760e58c03b85c1457cacfd62 2017/03/06 05:12:47 7092 records - OK
mGUQaIoE17P 11.0 06b460369638503817c61f6c3656b101100400ab 2017/03/13 05:13:34 14152 records - OK
mID5EM5Ncc7XK 11.0 a3cbb6b826b71c61b6706f6ccfaafe442df9e85f 2017/05/29 06:17:19 27288 records - OK
MxHep2ACCsb6H 11.0 9daed09075a9f115872d9e77cea8732ca35a6fc9 2017/05/01 06:10:35 9479 records - OK
ncMR30bo 11.0 edbb02867f6c1d9d32d0dc3cf68f8f87cba101d1 2018/12/03 05:16:39 11449 records - OK
nNWyZXDOsu 11.0 5c9c09712f3baddf2ce627207cee5cdcc591bbc1 2018/07/30 06:20:05 26304 records - OK
nR8T8znA1xy7Tu3 11.0 0c459b3e2ac8c1bf6b424faea1f755a3fe4db127 2016/06/27 06:15:25 23705 records - OK
nYb5UGuPA3ve 11.0 197cbcebee9e760e1e16675f23058c36a6654020 2017/04/03 06:14:36 28456 records - OK
O3VzsRv2VyP 11.0 11dcb839f4a4c166a8d4a019dff8797a782f4cd2 2018/05/29 08:34:40 3934 records - OK
O9XlPxgJ 11.0 d671fd6efec3d13484451b3a553d3127e345ec7f 2016/04/01 04:20:00 1 record - OK
oaCWUBW42G 11.0 566a2e8cc6cd985bcacf852a4d8007c5f786b8fe 2018/05/07 14:55:54 41256 records - OK
ODChuDa1YeCN13 11.0 af1be123b156bf7c092bc272ee4e4488260f32b1 2018/12/17 05:32:11 8857 records - OK
Og00GBBg5XeCEf 11.0 8b368fbb79539df8b68b202d63bf12dce8c6451a 2017/08/28 06:16:09 14513 records - OK
OKOPqBGv6 11.0 89b2366f783e1ef92ead8c402d00663cc3c1ce81 2017/10/02 06:15:59 12031 records - OK
OlPtXngg3JwlOt 11.0 274f336a2ff1f9d007845ab8967caf075d856454 2016/07/19 08:54:53 3476 records - OK
OsV7GPECw 11.0 d3dbee798be443968e5d6c3b903483b3a77bb2cc 2017/12/18 05:17:34 10509 records - OK
othaLQxyl7g 11.0 0abc27c3a440c9015ac2d4f95a28b1ab3302ca8e 2018/01/01 05:14:18 13689 records - OK
OzrxpIcHXKo 11.0 a3ff2746ea593e025ad8e0660fa7278c1af6a7fa 2016/11/14 05:12:38 14654 records - OK
p7MDtF9exi6j9jR 11.0 0afcb9c53d2ab0125ae8d9acd457a4d87f9c1f45 2017/12/25 05:15:22 17880 records - OK
PEW7Uzg326zKx8 11.0 37791817925e2c6d349d52e48a91287c2f2b028b 2016/04/01 02:00:00 128590 records - OK
PGNa0iNeb 11.0 cbc153944a850be36dd02e4469c7c026e3bd6774 2017/08/08 08:47:22 3273 records - OK
phMAph1Ti71 11.0 7fc27ebf77fd75b50954e6609a50cd98de0e9965 2018/05/21 06:16:55 21065 records - OK
PiJd55Clj 11.0 d7e1bb22f7956cc236c2e1d93b0addfe422070d9 2018/08/13 18:22:27 21427 records - OK
PmpylpVkz 11.0 4b8f588cf874d491bfa45b52eba434e66a6c1fb8 2017/08/14 06:11:39 12620 records - OK
pN4Eo1JC1wP 11.0 84064226efaf78b1dec6e3dd0975ea84f15eda2a 2017/08/29 08:48:52 2826 records - OK
pxy31eRQLLSJ06 11.0 d464c26982d3671bb261d0527c38c5a24fffc539 2016/05/23 06:10:39 20010 records - OK
Q2FjlwjTB66 11.0 6041e1fadec54e87691d09de2ce397d9564f790c 2016/09/05 06:14:39 16931 records - OK
QhitrP0vky 11.0 b326012f4fc9569dac447201254039168883b10f 2016/10/31 05:15:47 12759 records - OK
Qna0Jmbt 11.0 456b265ca97a30161a31d4e5eeb79f73ab44abba 2016/06/27 06:29:38 6324 records - OK
QNOK0VMIlUY 11.0 a3278fd8a5d8917fbf9b9b48bdb41b3dad5ec27c 2016/04/01 03:00:00 48012 records - OK
qsSO03bNo 11.0 92812a8b4389eb7ace8f0bc4f02db7cc20abdc54 2016/04/26 13:55:54 1 record - OK
QzCHFGBg 11.0 8e4c9f05228c0fb7286a47554e4d0c19a9991e5a 2016/12/26 05:16:34 13187 records - OK
R1q917Gz63u9 11.0 fee63f335959aa129fe6995f1b4ee56d94ed28c4 2016/07/04 06:11:23 9341 records - OK
r3tAHEZ8dg 11.0 9259940674d5ad676339e66f8a1af6c88fec8b0e 2016/05/09 10:16:10 21073 records - OK
RePYjMQOMF 11.0 d43e1c2321a93247a3dafa91dd54528876e7b2b2 2017/04/25 08:39:31 3572 records - OK
RJHkdS1Dcya1f 11.0 ca6061e03dca23a9cc20cb7788554445112d48e0 2018/04/24 08:17:49 3649 records - OK
rSSx0N3A 11.0 a0e3e835edeb2271091ecb910df24b9a19656bf5 2018/02/28 19:35:33 2519 records - OK
rW1AHSs6foa 11.0 74df040214e680f09da65d9fe6b2ebb0cb9509df 2018/06/04 06:16:31 20928 records - OK
RwV7RTUuHeG 11.0 72a54e6a5616af8b2129811ca55574ef56c5302b 2016/06/13 06:13:55 13832 records - OK
RZiP7mtMNC2 11.0 b53e4fac3514153da8a8fe33f81b27bcfe448a26 2018/07/24 09:09:44 3230 records - OK
sB7eMnOK 11.0 f9dcd686364df2bcc6a64403555b66c78ad1a9a2 2017/07/31 06:11:05 11479 records - OK
SbEQBcmVBlzRL 11.0 0d8208147e5d9ae2b225ebcd16549879d4a5fbe5 2017/09/04 06:15:06 11572 records - OK
sDlR7l6cmuZF 11.0 4d8502924286bdd82b5c96d57b27b6351238aaf2 2018/01/29 05:18:38 12420 records - OK
sgAOwFqqxNEvYOn 11.0 f92accbfd560e2781e3b4b2d81fc6e7259b50d29 2017/09/11 06:15:20 10024 records - OK
SoreJIccx 11.0 7bb6c6c3f3368966e869d064bd672fedfec548a3 2017/03/27 06:13:29 11541 records - OK
STzlxaD2M9ym 11.0 78d19c70596c46b82b71e9816916f5eaab96fa9b 2016/07/11 06:15:57 13448 records - OK
T6pHJVNiJfb1 11.0 e248596e8733bc623dc8428542cf5f525fb1a1fa 2018/11/27 07:36:28 3543 records - OK
TfbeOipbJc 11.0 447bf193139f9f19e28d280b3078ec56251b6abe 2017/10/23 06:24:13 5085 records - OK
thW1zT0sDp 11.0 04a596e7960304f9484ca82ad2e3b875530bfcf5 2017/05/08 06:15:34 10516 records - OK
Tjjdp4ywbB 11.0 0d707fd124f987ea7674e7529595876a10d3ad25 2016/04/01 09:00:00 336051 records - OK
tk2IdS94cwVn 11.0 d5464277e083e19f6ef78c9127f5a6b2500343f5 2018/08/27 06:24:09 96677 records - OK
tMBlB4m5xzF 11.0 aae51442e200fd4e0a99d8ba8c35a24460e525e5 2017/09/19 10:11:28 3283 records - OK
U8qGAlRM7cel7g 11.0 a7e15f994c8a01f28f04ae62793bee8a2094e9a8 2016/04/01 04:30:00 1 record - OK
UBGKLuBePwXZ 11.0 82845613599273e4532240a9e1e6e31e9903591a 2018/04/16 06:23:18 5748 records - OK
uegVdap2fhY 11.0 8b88051e964b702d19e69e1cc57c174fa05f041f 2018/12/19 09:23:38 4602 records - OK
UGk5huWeu 11.0 59771583df4997c4457ea134a6f4384a9446f2f4 2018/12/18 21:02:31 1405 records - OK
vAS5czsTR3n 11.0 15b3327ee32c5a759eb4fe8044778ba63a13844a 2018/01/30 08:07:28 3724 records - OK
vc10OX9fKWG0RQ0 11.0 db3fce894f0bd5842c43accd781c0c809aa9213c 2016/11/29 08:44:28 3561 records - OK
vEx8R7jyNlRWWZL 11.0 bc731325875b82afb34457a3646f2406f8d14813 2016/11/21 05:14:47 16404 records - OK
Voj71QuV86E 11.0 84791b78d7db9c393fd3facbffa0612fa44e8a21 2016/04/01 10:00:00 939815 records - OK
VrqOjr6leo 11.0 e4f3e7c38007546a8a25d33d540efc15d007ef79 2017/10/09 06:16:08 11130 records - OK
vxdX2Wn0T1VPrb2 11.0 c7f29ab0b70182e318296420d19869340dcc0c7a 2016/12/12 05:16:38 16087 records - OK
W07eauPU 11.0 1298f8ae1ab0f3aa31be05ce65ae4eb549bfa5e9 2017/06/19 06:25:00 4042 records - OK
w1xYNVLaa7cR 11.0 03ea22cc009e6d4f1a084b63f6666121a52eda6a 2016/07/25 06:13:52 12558 records - OK
w6pgSjmjnbXv4 11.0 431c1a86b6200dd2699c6d62f32179fb94f0b1f0 2016/04/01 04:15:00 1 record - OK
wNsF0qlfdRC 11.0 0219a778dec5ebfbedb179df62d19c809197579b 2018/04/23 06:20:06 37331 records - OK
wwy7aUCq3CY2Ml 11.0 028a3a47def5434ef9f0580cbde53e5a27a1d7bb 2016/09/19 06:17:28 12895 records - OK
X2h3vzq37 11.0 91a35da23b35c4add3b9a1a92f1824136348b0fb 2016/04/01 01:00:00 4 records - OK
x6cKiSYc 11.0 f8c957b24066da74292815e4327059a758fc61c0 2016/04/01 04:50:00 1 record - OK
xBv63Tqg9w 11.0 41c56761ada0ef9ca2e32907511ebed3a68815f2 2017/01/09 05:14:28 12971 records - OK
xD4dGf40HZHAtS 11.0 16ebf289126e1eb795b3cec2e368643ee6691ade 2017/07/17 06:14:09 11789 records - OK
XR0H4ytAf 11.0 1edf71beff3267978c7ad1be664129849d4bcdaa 2016/12/26 05:31:12 7314 records - OK
XtPdmzaAt5O 11.0 42cbad8d51e0eed33e1016afa6d9aa73fd90d400 2018/07/02 06:17:26 25886 records - OK
Y3KEVJYpbK 11.0 2cf7c6a0822f90875fc0d8b88b252234397cb547 2016/04/01 05:00:00 955596 records - OK
YliK3zII4EfD 11.0 1d53877ce7038b84f88890f5995473ad584bcd90 2018/10/23 08:26:19 3773 records - OK
yrom4CnNdC2 11.0 77e7b209160f9d1f913e553705e3a67e25416087 2017/11/06 05:19:15 10648 records - OK
YsyRdIqKm 11.0 1058528d073a1d627b4ff8f0b3a1470f1846931d 2016/11/28 05:16:29 21646 records - OK
YuZYesT3By 11.0 1df3aa7622100465f7224e89725435c415e03bed 2018/12/11 07:06:39 2997 records - OK
ywgVQYdvEu1 11.0 9be95bbc2ce04a2e85b8b08a96ea8c9210e37c42 2018/10/02 08:45:52 3820 records - OK
yy1uYwrT 11.0 c1a617e2482d8752c0572b63c2ff0b3a100b4f47 2018/12/17 05:18:07 19812 records - OK
Z9bOjDCY1zwK6 11.0 764df706118895203005b963a9fe4b87f8118c61 2017/07/10 06:13:30 8434 records - OK
zbZlxdf4 11.0 cb0125c66e5cb6e496f8a32a874e9900f598b36d 2018/03/12 05:16:31 17900 records - OK
zRfRn7L2RBJRJ9 11.0 cc0dc8fab429b7243dfeb7fad776436654a14daf 2016/11/07 05:17:41 16290 records - OK
zU5t4IokKWJvN 11.0 bd957603aee7a26dc97346eba58cabd90a639de7 2016/04/01 04:35:00 1 record - OK
ZugyZIcGF 11.0 09537899682e44f928f32012c54903d63af1be5a 2017/02/13 05:13:06 9866 records - OK
Total records count: 7393519

Anti-rootkit module version ( ver: 11.5.201809130, api: 8.08 )

Using 137803332 as Dr.Web (R) Key file

Voy al paso siguiente…


#5

Reporte 1 de FRST: (pongo varios mensajes por el número de caracteres y porque la página me dice que no puedo poner más de dos enlaces por post)


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Usuario (administrator) on DESKTOP-808CCCP (19-12-2018 12:32:52)
Running from F:\Descargas
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Windows 10 Home Version 1803 17134.471 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SUPERAntiSpyware.com) F:\SUPERAntiSpyware\SASCORE64.EXE
(RealNetworks, Inc.) F:\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) F:\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(RealNetworks, Inc.) F:\Update\realsched.exe
() F:\RealDownloader\downloader2.exe
(RealNetworks, Inc.) F:\RealDownloader\realdownloader264.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\asulaunch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-17] (AVAST Software)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HP Software Update] => F:\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4049216 2018-12-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [TkBellExe] => F:\update\realsched.exe [352648 2017-06-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => F:\RealDownloader\downloader2.exe [1297648 2017-06-02] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [SUPERAntiSpyware] => F:\SUPERAntiSpyware\SUPERAntiSpyware.exe [8907696 2018-11-23] (SUPERAntiSpyware)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [uTorrent] => C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe [1738936 2018-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [ea8f030b] => C:\ProgramData\ea8f030b\ea8f030b.exe [937776 2018-12-19] (AutoIt Team)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [ea8f030b2] => C:\ProgramData\BahUMi\ea8f030b.exe [937776 2018-12-19] (AutoIt Team)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-08-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> F:\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-06-17]
ShortcutTarget: RealTimes.lnk -> F:\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{a76ef44e-9bf8-4825-bc49-eb7296071b0a}: [DhcpNameServer] 62.81.16.148 62.81.16.213

...

#6


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{a76ef44e-9bf8-4825-bc49-eb7296071b0a}: [DhcpNameServer] 62.81.16.148 62.81.16.213

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2880194073-616569380-2500398765-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2880194073-616569380-2500398765-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.es/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> F:\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-06-02] (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> F:\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-06-02] (RealDownloader)

FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7yczk5a0.default [2018-12-18]
FF Homepage: Mozilla\Firefox\Profiles\7yczk5a0.default -> hxxps://www.google.es/
FF Extension: (Print Edit WE) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7yczk5a0.default\Extensions\[email protected] [2018-12-17]
FF Extension: (Print Edit) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7yczk5a0.default\Extensions\[email protected] [2018-05-15] [Legacy]
FF Extension: (Adblock Plus (versión de desarrollo)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7yczk5a0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-17]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7yczk5a0.default\searchplugins\bing-lavasoft-ff59.xml [2018-06-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-17] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.8.212 -> F:\Netscape6\nppl3260.dll [2017-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.8.212 -> F:\Netscape6\nprpplugin.dll [2017-06-17] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2018-12-19]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-25]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-25]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-29]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-08]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-05-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-15]
CHR HKU\S-1-5-21-2880194073-616569380-2500398765-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\4583C7D96AAC3F94 <==== ATTENTION (Rootkit!)

R2 !SASCORE; F:\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-13] (SUPERAntiSpyware.com)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-12-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-17] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-12-17] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-23] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-12-13] (Dropbox, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-12] (Google Inc.)
R3 hpqcxs08; F:\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-09-20] (Hewlett-Packard Co.)
R2 hpqddsvc; F:\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 HPSLPSVC; F:\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealPlayerUpdateSvc; F:\UpdateService\RealPlayerUpdateSvc.exe [36640 2017-06-02] (RealNetworks, Inc.)
R2 RealTimes Desktop Service; F:\RPDS\Bin\rpdsvc.exe [988944 2017-06-17] (RealNetworks, Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-12-17] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-12-17] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-12-17] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-12-17] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-12-17] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-12-17] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-12-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-12-17] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-12-17] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-12-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-12-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-12-17] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-12-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-12-17] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-12-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-12-17] (AVAST Software)
R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [53024 2015-07-10] (Broadcom Corporation.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek )
R1 SASDIFSV; F:\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-19 12:33 - 2018-12-19 12:33 - 000000000 ____D C:\ProgramData\Ofprsh
2018-12-19 12:30 - 2018-12-19 12:32 - 000000000 ____D C:\FRST
2018-12-19 11:29 - 2018-12-19 12:21 - 000000000 ____D C:\Users\Usuario\Doctor Web
2018-12-19 11:29 - 2018-12-19 11:29 - 000000000 ____D C:\ProgramData\Doctor Web
2018-12-17 23:45 - 2018-12-17 23:45 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-12-17 23:45 - 2018-12-17 23:45 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-12-17 23:45 - 2018-12-17 23:45 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\AVAST Software
2018-12-17 23:44 - 2018-12-17 23:44 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-12-17 23:44 - 2018-12-17 23:44 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000239840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-12-17 23:44 - 2018-12-17 23:44 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-14 00:46 - 2018-12-14 00:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-12-13 06:12 - 2018-12-13 06:12 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-12-13 06:12 - 2018-12-13 06:12 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-12-13 06:12 - 2018-12-13 06:12 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-12-13 06:12 - 2018-12-13 06:12 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-12-12 21:19 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 21:19 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 21:19 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 21:19 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 21:19 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 21:19 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 21:19 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 21:19 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 21:19 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 21:19 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 21:19 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 21:19 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 21:19 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 21:19 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 21:19 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 21:19 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 21:19 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 21:19 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 21:19 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 21:19 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 21:19 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 21:19 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 21:19 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 21:19 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 21:19 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 21:19 - 2018-12-08 13:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-12 21:19 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 21:19 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 21:19 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 21:19 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 21:19 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 21:19 - 2018-12-08 09:13 - 001040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-12 21:19 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 21:19 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 21:19 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 21:19 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 21:19 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 21:19 - 2018-12-08 09:07 - 001221632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-12 21:19 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 21:19 - 2018-12-08 09:07 - 001030184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-12 21:19 - 2018-12-08 09:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-12 21:19 - 2018-12-08 09:07 - 000076280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-12 21:19 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 21:19 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 21:19 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 21:19 - 2018-12-08 09:06 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-12 21:19 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 21:19 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 21:19 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 21:19 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 21:19 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 21:19 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 21:19 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 21:19 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 21:19 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 21:19 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 21:19 - 2018-12-08 09:04 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-12 21:19 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 21:19 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-12 21:19 - 2018-12-08 09:04 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-12 21:19 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-12 21:19 - 2018-12-08 09:04 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-12 21:19 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 21:19 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 21:19 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 21:19 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 21:19 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 21:19 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 21:19 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 21:19 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 21:19 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 21:19 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 21:19 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 21:19 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 21:19 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 21:19 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 21:19 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 21:19 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 006569040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 21:19 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 21:19 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 21:19 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 21:19 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 21:19 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 21:19 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 21:19 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 21:19 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 21:19 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 21:19 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 21:19 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 21:19 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 21:19 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 21:19 - 2018-12-08 08:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 21:19 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 21:19 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 21:19 - 2018-12-08 08:35 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-12 21:19 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 21:19 - 2018-12-08 08:35 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-12 21:19 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 21:19 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 21:19 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 21:19 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 21:19 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 21:19 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 21:19 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 21:19 - 2018-12-08 08:32 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-12 21:19 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 21:19 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 21:19 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 21:19 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 21:19 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 21:19 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 21:19 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 21:19 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 21:19 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 21:19 - 2018-12-08 08:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-12 21:19 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 21:19 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 21:19 - 2018-12-08 08:28 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-12 21:19 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 21:19 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 21:19 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 21:19 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 21:19 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 21:19 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 21:19 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 21:19 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 21:19 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 21:19 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 21:19 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 21:19 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 21:19 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 21:19 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 21:19 - 2018-12-08 08:25 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-12 21:19 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 21:19 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 21:19 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 21:19 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 21:19 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 21:19 - 2018-12-08 07:16 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-12 21:19 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 21:19 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 21:19 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 21:19 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 21:19 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 21:19 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 21:19 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 21:19 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 21:19 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 21:19 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 21:19 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 21:19 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 21:19 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 21:19 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 21:19 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 21:19 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 21:19 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 21:19 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 21:19 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 21:19 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 21:19 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 21:19 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 21:19 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 21:19 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 21:19 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 21:19 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 21:19 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 21:19 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 21:19 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 21:19 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 21:19 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 21:19 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 21:19 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 21:19 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 21:19 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 21:19 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 21:19 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 21:19 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 21:19 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 21:19 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 21:19 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 21:19 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 21:19 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 21:19 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 21:19 - 2018-11-09 03:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-12 21:19 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 21:19 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 21:19 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 21:19 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 21:19 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 21:19 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 21:19 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 21:19 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 21:19 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 21:19 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 21:19 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 21:19 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 21:19 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 21:19 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 21:19 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 21:19 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 21:19 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 21:19 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 21:19 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 21:19 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 21:19 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 21:19 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 21:19 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 21:19 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 21:19 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 21:19 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 21:19 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 21:19 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 21:19 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 21:19 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 21:19 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 21:19 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 21:19 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 21:19 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 21:19 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 21:19 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 21:19 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 21:19 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 21:19 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 21:19 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 21:19 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 21:19 - 2018-11-09 02:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-12 21:19 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 21:19 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 21:19 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 21:19 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 21:19 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 21:19 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 21:19 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 21:19 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-11 10:17 - 2018-12-11 23:18 - 000789614 _____ C:\WINDOWS\ntbtlog.txt
2018-12-11 10:17 - 2018-12-11 19:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-12-09 18:06 - 2018-12-09 18:06 - 000000956 _____ C:\Users\Usuario\Desktop\ESET2.txt
2018-12-08 22:18 - 2018-12-09 00:36 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-08 14:56 - 2018-12-08 15:27 - 000000000 ____D C:\ProgramData\clp
2018-12-07 11:34 - 2018-12-07 11:34 - 000025582 _____ C:\ProgramData\agent.uninstall.1544178843.bdinstall.bin
2018-12-07 11:33 - 2018-12-07 11:33 - 000043797 _____ C:\ProgramData\hva.uninstall.1544178782.bdinstall.bin
2018-12-07 10:54 - 2018-12-07 10:54 - 000074859 _____ C:\ProgramData\hva.1544176447.bdinstall.bin
2018-12-07 10:53 - 2018-12-07 10:53 - 000042585 _____ C:\ProgramData\agent.1544176436.bdinstall.bin
2018-12-07 00:05 - 2018-12-07 00:05 - 000001836 _____ C:\Users\Usuario\Desktop\ESET.txt
2018-12-06 13:55 - 2018-12-19 12:22 - 090439680 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-12-02 20:59 - 2018-12-02 20:59 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2018-12-02 17:43 - 2018-12-02 17:43 - 000000000 ____D C:\tegkubrtok__
2018-12-02 17:42 - 2018-12-02 17:42 - 000000000 ____D C:\unwgatbiie__
2018-12-01 22:57 - 2018-12-01 22:57 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2018-12-01 22:57 - 2018-12-01 22:57 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2018-12-01 22:56 - 2018-12-01 22:56 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-01 22:56 - 2018-12-01 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-19 12:33 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-19 12:31 - 2018-05-15 01:11 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-19 12:31 - 2018-04-12 17:18 - 000786502 _____ C:\WINDOWS\system32\perfh00A.dat
2018-12-19 12:31 - 2018-04-12 17:18 - 000155134 _____ C:\WINDOWS\system32\perfc00A.dat
2018-12-19 12:31 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-19 12:30 - 2018-08-26 21:05 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\191520e626a3a8d6e3c8c8202e364f16
2018-12-19 12:29 - 2018-10-07 09:02 - 000004516 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan
2018-12-19 12:23 - 2018-05-15 01:05 - 000000000 ____D C:\Users\Usuario
2018-12-19 12:23 - 2018-04-30 17:51 - 000000000 ___RD C:\Users\Usuario\Google Drive
2018-12-19 12:23 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-19 12:23 - 2018-01-02 11:03 - 000000000 ____D C:\Users\Usuario\AppData\Local\AVAST Software
2018-12-19 12:22 - 2018-05-15 01:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-19 12:22 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-19 12:22 - 2016-09-22 07:43 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-19 12:21 - 2018-05-15 01:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-19 11:25 - 2018-06-02 10:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-12-19 11:25 - 2016-11-11 12:05 - 000000000 ____D C:\Users\Usuario\AppData\Local\Battle.net
2018-12-19 10:53 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-18 20:12 - 2016-11-19 18:57 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2018-12-17 23:44 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-12-17 23:44 - 2016-08-17 15:26 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-16 14:12 - 2016-11-11 12:03 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-12-14 00:46 - 2016-09-23 23:17 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-12-14 00:44 - 2017-04-29 11:24 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-14 00:44 - 2017-04-29 11:24 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-13 14:22 - 2016-11-11 12:07 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-12-13 14:20 - 2018-08-09 21:09 - 000000000 ____D C:\Users\Usuario\Desktop\iGP Manager
2018-12-12 23:03 - 2018-05-15 01:04 - 000582320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-12 23:03 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:03 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-12 23:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-12 23:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-12 23:03 - 2017-10-15 11:32 - 000000000 ___RD C:\Users\Usuario\3D Objects
2018-12-12 23:03 - 2016-07-27 13:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-12 21:22 - 2016-08-23 14:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 21:22 - 2016-08-23 14:27 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-12 21:21 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-11 23:18 - 2017-01-18 15:08 - 000001355 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2018-12-11 20:21 - 2017-01-18 14:11 - 000000000 ____D C:\Users\Usuario\AppData\Local\ESET
2018-12-11 13:28 - 2018-03-04 16:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-12-11 13:28 - 2016-08-16 12:26 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-12-11 11:52 - 2018-05-13 11:29 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-09 00:36 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-09 00:36 - 2016-08-15 11:53 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-08 22:36 - 2017-01-26 11:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-08 22:17 - 2018-04-01 10:23 - 000000000 ____D C:\ProgramData\McAfee
2018-12-08 22:17 - 2016-11-05 11:33 - 000000000 ____D C:\Users\Usuario\AppData\Local\FSDART
2018-12-08 21:43 - 2018-05-15 01:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-12-07 11:33 - 2017-06-10 17:20 - 000000000 ____D C:\ProgramData\Bitdefender Home Scanner
2018-12-07 11:33 - 2017-06-10 17:20 - 000000000 ____D C:\Program Files\Npcap
2018-12-07 10:56 - 2016-11-05 11:33 - 000000000 ____D C:\ProgramData\F-Secure
2018-12-07 10:50 - 2018-11-16 10:59 - 000000000 ____D C:\Program Files\rempl
2018-12-06 23:00 - 2018-08-26 21:05 - 000000000 ___HD C:\DESKTOP-808CCCP
2018-12-06 22:15 - 2017-12-01 11:29 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2018-12-06 21:15 - 2016-11-05 13:52 - 001786111 _____ C:\Users\Usuario\AppData\Local\census.cache
2018-12-06 21:15 - 2016-11-05 13:52 - 000116871 _____ C:\Users\Usuario\AppData\Local\ars.cache
2018-12-06 13:55 - 2017-07-22 20:09 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-12-05 21:26 - 2017-10-29 20:37 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-02 20:59 - 2016-09-12 13:42 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2018-12-02 17:42 - 2017-12-25 00:00 - 000000000 ____D C:\ProgramData\ea8f030b
2018-12-01 05:01 - 2018-04-12 00:41 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-04-12 00:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-11-05 13:52 - 2018-12-06 21:15 - 000116871 _____ () C:\Users\Usuario\AppData\Local\ars.cache
2016-11-05 13:52 - 2018-12-06 21:15 - 001786111 _____ () C:\Users\Usuario\AppData\Local\census.cache
2016-11-05 11:50 - 2016-11-05 11:50 - 000000036 _____ () C:\Users\Usuario\AppData\Local\housecall.guid.cache
2016-08-23 17:54 - 2016-08-23 17:54 - 000007602 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-15 01:04

==================== End of FRST.txt ============================

#7

Reporte 2 de FRST:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Usuario (19-12-2018 12:33:47)
Running from F:\Descargas
Windows 10 Home Version 1803 17134.471 (X64) (2018-05-15 00:09:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2880194073-616569380-2500398765-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2880194073-616569380-2500398765-503 - Limited - Disabled)
Invitado (S-1-5-21-2880194073-616569380-2500398765-501 - Limited - Disabled)
Usuario (S-1-5-21-2880194073-616569380-2500398765-1001 - Administrator - Enabled) => C:\Users\Usuario
WDAGUtilityAccount (S-1-5-21-2880194073-616569380-2500398765-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Actualización de NVIDIA 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.5.14.5 - NVIDIA Corporation)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{B5985100-D968-4B0D-B13C-B0362044612D}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{CBB55719-C875-4C5A-A0B6-2473F77DD164}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C3100 (HKLM-x32\...\{E601C028-B828-4CCC-BDC3-9678CEFC6965}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
c3100_Help (HKLM-x32\...\{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{F12B37DA-4B58-48B7-9557-F51E9D62C898}) (Version: 3.6.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
CLIP STUDIO 1.8.0 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.8.0 - CELSYS)
CLIP STUDIO PAINT 1.8.2 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.8.2 - CELSYS)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
Dawn Of War - Winter Assault (HKLM-x32\...\{DD8408E9-9421-484F-979D-DB6361E3E828}) (Version: 1.4 - THQ)
DawnOfWar (HKLM-x32\...\{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ) Hidden
DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 63.4.107 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
FS Water Configurator 3.15 (HKLM\...\FS Water Configurator) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
Geeks3D FurMark 1.14.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E8FF0A82-0696-4347-B4AE-708DE306FFE9}) (Version: 12.10.49.21 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{8039B69D-FD7B-453D-9B63-836D949636FD}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft OneDrive (HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0.3 (x64 es-ES)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.7.0.181 - Symantec Corporation)
NVIDIA Controlador de 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panel de control de NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
PCMark 8 (HKLM\...\{1C105B2F-E38F-4CE4-97F7-D5F9381AC85F}) (Version: 2.7.613.0 - Futuremark) Hidden
PCMark 8 (HKLM-x32\...\{ffbe2963-bbe7-49f1-9c32-6fe7e17e5200}) (Version: 2.7.613.0 - Futuremark)
RealDownloader (HKLM-x32\...\{115CCDDD-8728-4789-983D-D041A8E02316}) (Version: 18.1.8.212 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{30f9b8e2-1723-49b3-a51a-6b1701314fd9}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{4602B6EE-69EC-4548-B271-94D43CAA6C6F}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.8 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (HKLM-x32\...\{CEF8613C-08DD-4092-9445-C3EBE9C81C37}) (Version: 18.1.8 - RealNetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-17] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-17] (AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => F:\RPDS\Bin64\rpcontextmenu.dll [2017-06-17] (RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-12-17] (AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10C82761-B45E-43D1-B160-2E3887F211DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {15162A4E-DA5A-4E0A-9C66-2EFA0F2F05B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2B2D1F4A-B9A6-4FE6-A330-6C4A7201C7CF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-28] (AVAST Software)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7271104B-E80F-44B6-8CB8-8DF671CFFC79} - System32\Tasks\Norton Security Scan => C:\Program Files\Norton Security Scan\Engine32\4.7.0.181\NSS.exe [2017-12-26] (Symantec Corporation)
Task: {BB9CFA40-833E-41DD-A7BE-DE62046B243D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Norton Product Installer.job => C:\Users\Usuario\AppData\Local\Temp\7zSA38B.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=2 C:\Users\Usuario\AppData\Local\Temp\7zSA38B.tmp <==== ATTENTION
Task: C:\WINDOWS\Tasks\Norton Product InstallerIdle.job => C:\Users\Usuario\AppData\Local\Temp\7zSA38B.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=4 C:\Users\Usuario\AppData\Local\Temp\7zSA38B.tmp <==== ATTENTION
Task: C:\WINDOWS\Tasks\PTK-Scheduler-Norton Security Scan.job => C:\Program Files\Norton Security Scan\Engine32\4.7.0.181\NSS.exeÆaction=run fmui C:\Program Files\Norton Security Scan\Branding\Config.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 21:19 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-12 21:19 - 2018-12-08 08:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 20:45 - 2018-10-04 20:46 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 12:55 - 2018-12-14 12:56 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 12:55 - 2018-12-14 12:56 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 00:44 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-14 00:44 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-10-04 19:44 - 2018-10-04 19:44 - 046459080 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-12-19 12:23 - 2018-12-19 12:23 - 000113664 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_ctypes.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000080896 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\bz2.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 001792512 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_hashlib.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000128512 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32api.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000137728 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\pywintypes27.dll
2018-12-19 12:23 - 2018-12-19 12:23 - 000548864 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\pythoncom27.dll
2018-12-19 12:23 - 2018-12-19 12:23 - 000689664 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\unicodedata.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000438784 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32com.shell.shell.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 001489408 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\wx._core_.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 001007104 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\wx._gdi_.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 001039872 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\wx._windows_.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 001325056 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\wx._controls_.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000916992 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\wx._misc_.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 001084416 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\pysqlite2._sqlite.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000149504 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32file.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000136192 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32security.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000007680 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\hashobjs_ext.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000020992 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\thumbnails_ext.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000118784 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\usb_ext.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000047616 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_socket.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 002224640 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_ssl.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000014848 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\common.time34.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000023040 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32event.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000034304 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\windows.conditional.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000020480 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\windows.winwrap.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000110080 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\windows.volumes.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000223232 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32gui.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000173568 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_elementtree.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000169472 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\pyexpat.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000048128 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32inet.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000103424 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\wx._html2.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000046080 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_psutil_windows.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000633272 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\windows._cacheinvalidation.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000011776 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32crypt.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000301568 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\PIL._imaging.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000032256 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_multiprocessing.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 005752320 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\cello.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000026112 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\_yappi.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000044032 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32process.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000027648 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32pipe.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000010752 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\select.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000029696 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32pdh.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000038400 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\windows.connectivity.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000073216 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\windows.device_monitor.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000020480 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32profile.pyd
2018-12-19 12:23 - 2018-12-19 12:23 - 000026624 _____ () C:\Users\Usuario\AppData\Local\Temp\_MEI90122\win32ts.pyd
2017-06-02 15:53 - 2017-06-02 15:53 - 001297648 _____ () F:\RealDownloader\downloader2.exe
2018-12-17 23:45 - 2018-12-17 23:45 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-12-17 23:44 - 2018-12-17 23:44 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Usuario\Desktop\Document:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Usuario\Desktop\EOI:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{2ddc6bd5-62d5-48c1-b2b0-3efc6c8dc94a}.jpg
DNS Servers: 62.81.16.148 - 62.81.16.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Usuario\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Usuario\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18867099-E709-48AA-AC54-02C371184E60}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D7B880B5-52D3-44A6-A89B-79598E6E94A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FA8514B3-3ACA-41C3-8ACF-25974E34DFC2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{1219F122-A74E-4FF6-B2A3-BE843ECFA486}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{BCA6AA61-C18E-447C-8CE5-12EFC5350C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{68A6272E-A03E-4BC0-9B38-7A2C63D07D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{B0AD2A13-D42B-4397-8146-DB3EA6EDB3D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{9C738CA3-06AD-407E-B27D-348CE8F29A48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{5A2969B2-98E3-42ED-B6E0-401CB0513BB6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{42C991A8-9016-459E-98F2-F9D1752F91CE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{5EA25635-D061-44E2-BA4A-6163C429FB89}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{51336A4C-C077-4FC1-A04B-12C98FEC119F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{FF917E3C-8363-49B4-9464-339D679A3356}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90AD545E-CEE2-474D-BF66-B7D04256627C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{766F459B-3CA6-4FD8-B595-16BA68F44A74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{37CDD329-DD04-45F4-82B6-0335BC5C9CB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{068B254D-3D89-4255-8AED-C75985019E3C}] => (Allow) F:\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0ADF399D-1A77-4A6A-AD37-7F09FF307A42}] => (Allow) F:\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3D383FDA-8BD1-468C-9BAB-2B7D1BB3D6A9}] => (Allow) F:\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FA092AB7-11F7-468C-AAD1-A08AFCDC8F5B}] => (Allow) F:\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{AEBD1179-0459-4B1F-9924-E7E8283A5600}] => (Allow) F:\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F6E23496-3625-423A-B9B9-F690A232EDC2}] => (Allow) F:\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6FFB9D26-C529-4C13-B6E1-846EDBDDFB25}] => (Allow) F:\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{5A87127D-8F79-41D9-978F-965DAC6227FE}] => (Allow) F:\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A98C0870-1595-4B45-951C-6E14420AC5FC}] => (Allow) F:\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{55CBAD8E-A59D-493F-B377-E010669C9F2B}] => (Allow) F:\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9536B054-7E3E-42FE-83C9-74F0643037DD}] => (Allow) F:\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{E0CCC91B-29EB-4C93-B6CD-49F46DDC5355}] => (Allow) F:\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F3D30551-469F-42B0-B60B-7E0533C044CF}] => (Allow) F:\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{6D8164C0-4640-4E7D-B2DD-310BA2F8BF51}] => (Allow) F:\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{A52B3AB2-1CE4-4025-B542-17A2C8AE5D0C}] => (Allow) F:\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{559066B4-7F17-486F-BB4E-3958380AC0EB}] => (Allow) F:\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0168F81E-153C-4343-9658-F0CA9FBE43EA}] => (Allow) F:\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{765E33B0-718C-4C8D-9AD1-CAB1AACBDF33}] => (Allow) F:\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E6E20B16-722E-4852-BFF6-62ACA39F29FB}] => (Allow) F:\HP\hp software update\hpwucli.exe
FirewallRules: [{4E426F27-A180-46A5-A3F8-81DF7BC387F2}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{183D5A00-D9A7-4764-9645-B7A8DF8492BB}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{72C69F1A-03E5-49A5-8E33-36AE43A38FCF}] => (Allow) F:\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{76779E7C-329A-47DE-B80A-669887B7EB39}F:\thq\dawn of war - dark crusade\darkcrusade.exe] => (Allow) F:\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [UDP Query User{FFF50167-5C97-40BB-B12E-32885855E6C1}F:\thq\dawn of war - dark crusade\darkcrusade.exe] => (Allow) F:\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [TCP Query User{E2C503EA-C98A-4841-99F6-22F0009D2F7A}F:\thq\dawn of war - dark crusade\darkcrusade.exe] => (Allow) F:\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [UDP Query User{236C520E-F04D-479C-9AD9-F04AA3834DCA}F:\thq\dawn of war - dark crusade\darkcrusade.exe] => (Allow) F:\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [TCP Query User{50FB8228-D84C-4E4D-A3E7-96A31D9C4669}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{F996E2FF-D5E9-4C6D-A15D-14744CCD17D9}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{FF0FDA6A-67B4-423B-986C-D0349C991D4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\WindowsNoEditor\AutomationGame\Binaries\Win64\AutomationGame-Win64-Shipping.exe
FirewallRules: [{F5ADAE92-5AF2-415D-A64D-DAF3DAE520AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\WindowsNoEditor\AutomationGame\Binaries\Win64\AutomationGame-Win64-Shipping.exe
FirewallRules: [{7FA05ED8-8B8C-4994-87B3-7D80B734DB52}] => (Allow) C:\Program Files\Bitdefender Home Scanner\hvasrv.exe
FirewallRules: [{0BC3BA68-C589-4002-A29C-7E6E4BF3F244}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A4ECB192-B343-421E-9173-8CA1B5220C3F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{72E6A93D-10FA-4D3C-94DA-0F0C0CD9B08E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5A0BDD8C-A8C8-41A2-B387-8A3FA289C6EF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{959AF109-4FCD-4AFC-86B9-8495E3FDFDE6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F1844B4A-4BFB-44AC-AC49-02448465938F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

02-12-2018 17:35:36 Instalador de Módulos de Windows
04-12-2018 17:35:33 Instalador de Módulos de Windows
05-12-2018 19:35:33 Instalador de Módulos de Windows
06-12-2018 20:36:41 Instalador de Módulos de Windows
07-12-2018 20:59:21 Instalador de Módulos de Windows
08-12-2018 22:17:22 Instalador de Módulos de Windows
10-12-2018 13:05:40 Instalador de Módulos de Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2018 12:23:42 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (12/19/2018 12:23:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (12/12/2018 11:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: RealPlayerUpdateSvc.exe, versión: 18.1.8.212, marca de tiempo: 0x5932053c
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.471, marca de tiempo: 0xfe852bc4
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00094efd
Identificador del proceso con errores: 0xbc8
Hora de inicio de la aplicación con errores: 0x01d492668aef7e19
Ruta de acceso de la aplicación con errores: F:\UpdateService\RealPlayerUpdateSvc.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: e91d38b2-5e6e-4f7f-8851-cc95657fadf5
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/12/2018 09:43:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: RealPlayerUpdateSvc.exe, versión: 18.1.8.212, marca de tiempo: 0x5932053c
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x4358e406
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00092bbb
Identificador del proceso con errores: 0xc88
Hora de inicio de la aplicación con errores: 0x01d4925725ced92d
Ruta de acceso de la aplicación con errores: F:\UpdateService\RealPlayerUpdateSvc.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: b84d7ba9-caef-4332-b54d-3d93500cea8a
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/11/2018 02:33:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: RealPlayerUpdateSvc.exe, versión: 18.1.8.212, marca de tiempo: 0x5932053c
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x4358e406
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00092bbb
Identificador del proceso con errores: 0xc40
Hora de inicio de la aplicación con errores: 0x01d4914c545daac7
Ruta de acceso de la aplicación con errores: F:\UpdateService\RealPlayerUpdateSvc.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: bd18f078-0b43-457e-946a-c70d1c3c4663
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/09/2018 01:06:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: RealPlayerUpdateSvc.exe, versión: 18.1.8.212, marca de tiempo: 0x5932053c
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x4358e406
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00092bbb
Identificador del proceso con errores: 0xc2c
Hora de inicio de la aplicación con errores: 0x01d48f4ee723372c
Ruta de acceso de la aplicación con errores: F:\UpdateService\RealPlayerUpdateSvc.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 88ef5768-60f5-4e53-8413-ded1ab1d2658
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/08/2018 10:47:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: RealPlayerUpdateSvc.exe, versión: 18.1.8.212, marca de tiempo: 0x5932053c
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x4358e406
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00092bbb
Identificador del proceso con errores: 0xd84
Hora de inicio de la aplicación con errores: 0x01d48f3b62362dce
Ruta de acceso de la aplicación con errores: F:\UpdateService\RealPlayerUpdateSvc.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: ae51f878-3b88-4d44-b6e3-f4171f63b6f9
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/08/2018 02:56:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MsiExec.exe, versión: 5.0.17134.228, marca de tiempo: 0xc71ce737
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.407, marca de tiempo: 0xade8d4fe
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x00111812
Identificador del proceso con errores: 0xe020
Hora de inicio de la aplicación con errores: 0x01d48efdd1f92a5a
Ruta de acceso de la aplicación con errores: C:\Windows\syswow64\MsiExec.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: 0196d221-a5ed-4999-9a43-a0497dd6e042
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (12/19/2018 12:23:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/19/2018 12:23:13 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-808CCCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-808CCCP\Usuario con SID (S-1-5-21-2880194073-616569380-2500398765-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/18/2018 11:52:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/18/2018 12:13:16 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-808CCCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-808CCCP\Usuario con SID (S-1-5-21-2880194073-616569380-2500398765-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/16/2018 07:56:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/16/2018 07:55:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-808CCCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-808CCCP\Usuario con SID (S-1-5-21-2880194073-616569380-2500398765-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/16/2018 05:26:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-808CCCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-808CCCP\Usuario con SID (S-1-5-21-2880194073-616569380-2500398765-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/16/2018 04:57:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2018-12-12 23:14:27.371
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {A9601BEC-16AC-4304-99B6-B0B040280393}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-12 22:13:14.044
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {120F1340-C226-4500-9B6B-00D8B9974681}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-06 16:37:38.972
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Donvibs&threatid=2147717778&enterprise=0
Nombre: Trojan:VBS/Donvibs
Id.: 2147717778
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: containerfile:_F:\Descargas\Warcraft_El_origen_MicroHD_1080p.torrent.zip; containerfile:_F:\Descargas\Warcraft_El_origen_MicroHD_1080p.torrent\Warcraft_El_origen_MicroHD_1080p.torrent.vbe; file:_C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Recent\Warcraft_El_origen_MicroHD_1080p.torrent.zip.lnk; file:_F:\Descargas\Warcraft_El_origen_MicroHD_1080p.torrent.zip->Warcraft_El_origen_MicroHD_1080p.torrent.vbe->(EncScript); file:_F:\Descargas\Warcraft_El_origen_MicroHD_1080p.torrent\Warcraft_El_origen_MicroHD_1080p.torrent.vbe->(EncScript)
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Usuario
Usuario: DESKTOP-808CCCP\Usuario
Nombre de proceso: Unknown
Versión de firma: AV: 1.281.1491.0, AS: 1.281.1491.0, NIS: 1.281.1491.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-12-02 18:05:12.989
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {97AD097A-29F3-4D7D-AC92-BF263657C003}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-01 13:40:21.393
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {D5F8131C-9921-4C51-9435-E5D6A1C0F036}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-11 20:03:54.805
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.351.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2018-12-11 19:53:52.971
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-12-11 12:12:32.666
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.274.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2018-12-11 12:02:30.996
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-12-11 10:27:47.963
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.274.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

CodeIntegrity:
===================================

Date: 2018-12-08 22:17:16.981
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe) attempted to load \Device\HarddiskVolume6\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2018-12-08 22:17:15.975
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-08 22:17:15.972
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2018-12-08 22:17:13.411
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2018-12-08 22:17:12.553
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2018-12-06 18:11:37.076
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-06 18:11:37.063
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-06 18:11:36.225
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16307.14 MB
Available physical RAM: 12535.54 MB
Total Virtual: 18739.14 MB
Available Virtual: 14159.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.33 GB) (Free:63.47 GB) NTFS
Drive f: () (Fixed) (Total:931.39 GB) (Free:225.28 GB) NTFS

\\?\Volume{2b8b9b3e-eea9-4c90-9ee6-6c08b496106e}\ (Recuperación) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{4717b2dd-b333-470a-9082-baf0900153ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#8

Ahora voy a pasar el ESET como lo hacía cuando detectaba el virus ese y os cuento si lo sigue haciendo.


#9

Hola

Desinstala completamente SUPERAntiSpyware

Abrí un nuevo archivo Notepad y copia y pega este contenido:

Start
CreateRestorePoint:
CloseProcesses
() F:\RealDownloader\downloader2.exe
(RealNetworks, Inc.) F:\RealDownloader\realdownloader264.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [ea8f030b] => C:\ProgramData\ea8f030b\ea8f030b.exe [937776 2018-12-19] (AutoIt Team)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [ea8f030b2] => C:\ProgramData\BahUMi\ea8f030b.exe [937776 2018-12-19] (AutoIt Team)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKLM\SYSTEM\CurrentControlSet\Services\4583C7D96AAC3F94 <==== ATTENTION (Rootkit!)
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
U4 npcap_wifi; no ImagePath
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

Reinicia el PC en Modo a Prueba de Fallos

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Luego de reiniciar el PC, utiliza la herramienta Malwarebytes Anti Rootkit

Nos comentas como sigue Tu ordenador.

Saludos


#10

El ESET me ha dicho esto:

|C:\Users\Usuario\AppData\Local\Mozilla\Firefox\Profiles\7yczk5a0.default\cache2\entries\C747C9C7EAEB569ADB20184E384AA5C685933D39|Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|---|---|---|
|F:\Descargas\ccsetup551.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|F:\Descargas\WiperSoft-installer.exe|una variante de Win64/WiperSoft.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|Memoria operativa|múltiples amenazas,una variante de Win32/Delf.BDV Troyano,una variante de Win32/CoinMiner.DV aplicación potencialmente indeseable|no es posible su desinfección|

Ahora voy con los siguientes pasos que me has dicho. Muchas gracias por tus indicaciones y por tu tiempo.


#11

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Usuario (19-12-2018 14:22:48) Run:1
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses
() F:\RealDownloader\downloader2.exe
(RealNetworks, Inc.) F:\RealDownloader\realdownloader264.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [ea8f030b] => C:\ProgramData\ea8f030b\ea8f030b.exe [937776 2018-12-19] (AutoIt Team)
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\...\Run: [ea8f030b2] => C:\ProgramData\BahUMi\ea8f030b.exe [937776 2018-12-19] (AutoIt Team)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKLM\SYSTEM\CurrentControlSet\Services\4583C7D96AAC3F94 <==== ATTENTION (Rootkit!)
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
U4 npcap_wifi; no ImagePath
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Error: Restore point can only be created in normal mode.
CloseProcesses => Error: No automatic fix found for this entry.
F:\RealDownloader\downloader2.exe => No running process found
F:\RealDownloader\realdownloader264.exe => No running process found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ea8f030b" => removed successfully
"HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ea8f030b2" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2880194073-616569380-2500398765-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SYSTEM\CurrentControlSet\Services\4583C7D96AAC3F94 <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\epp => removed successfully
epp => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully
npcap_wifi => service removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2880194073-616569380-2500398765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2880194073-616569380-2500398765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 596088232 B
Java, Flash, Steam htmlcache => 117389806 B
Windows/system/drivers => 2842883 B
Edge => 1119843 B
Chrome => 593289489 B
Firefox => 60163532 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 3124146 B
systemprofile32 => 0 B
LocalService => 41784 B
LocalService => 0 B
NetworkService => 80742 B
NetworkService => 0 B
Usuario => 552323317 B

RecycleBin => 14955 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:23:06 ====

#12

El MalwareBytes Anti Rootkit me ha dicho que no encuentra nada.

P.D. Perdón por poner tantas respuestas. Acabo de leer que podría haber puesto todo en una sola y no se me había ocurrido. Sorry.


#13

Hola

Descargá la herramienta Delfix a Tu escritorio.

Ejecutala, Tildá la casilla Remove disinfection tools y presioná Run

Al terminar Se abrirá un reporte llamado DelFix.txt, verifica que se hayan eliminado las herramientas usadas para desinfectar el Pc.

Nos comentas como sigue …

Saludos


#14

Hola, Leosolari.

Parece que sí se ha eliminado todo. Delfix me dice esto:

# DelFix v1.013 - Logfile created 19/12/2018 at 19:27:12
# Updated 17/04/2016 by Xplode
# Username : Usuario - DESKTOP-808CCCP
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Usuario\Desktop\mbar
Deleted : C:\Users\Usuario\Desktop\Addition.txt
Deleted : C:\Users\Usuario\Desktop\Fixlog.txt
Deleted : C:\Users\Usuario\Desktop\FRST.txt
Deleted : C:\Users\Usuario\Desktop\FRST64.exe

########## - EOF - ##########

Voy a pasar el ESET a ver si detecta algo ¿te parece?


#15

OK

Cuando termines, informanos como sigue el problema que planteaste inicialmente.

Saludos


#16

Ahora no detecta nada el ESET :slight_smile: . ¡Parece que está totalmente limpio! Muchas muchas gracias :slight_smile: , por las indicaciones tan detalladas, por toda la ayuda y por responder tan pronto.

Aunque me quedan algunas dudas ¿este virus habrá afectado a algo del funcionamiento del ordenador? De ser así ¿cómo lo puedo dejar bien? Y visto que el McAfee no ha servido de nada ¿qué antivirus podría poner como residente o qué rutina debería seguir tras visitar alguna página de descargas?

Muchas gracias de nuevo y saludos.


#17

Hola

Al eliminar los malwares, todo queda en orden.

Malwarebytes Antimalwares Premiun

Para cualquier otro problema, no dudes en volver a postear. Ya sabes dónde estamos.

Tema Solucionado

Saludos


cerrado #18

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.