Como puedo repara mi inicio de windows,troyano BitCoin Miner


#1

Hola a todos, malwarebytes me detecto el troyano Risk Ware BitCoin Miner en SoundMixer, lo puse en cuarentena y al iniciar no aparece el escritorio y si el símbolo de sistema, escribo explorer.exe y aparece todo y funcionando correctamente, tampoco en modo seguro consigo que arranque bien. Sé el apartado del registro, donde estaba el troyano y que línea ha borrado Malwarebytes , que no es otra que: Equipo\HKEY_USERS\S-1-5-21-1609916864-2406924031-3616026539-1001\Software\Microsoft\Command Processor, aquí había un autorun con la siguiente clave : @mode 20,5 & tasklist /FI “IMAGENAME eq SoundMixer.exe” 2>NUL | find /I /N “SoundMixer.exe”>NUL && exit & if exist “C:\Users\masno\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe” ( start /MIN “” “C:\Users\masno\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe” & tasklist /FI “IMAGENAME eq explorer.exe” 2>NUL | find /I /N “explorer.exe”>NUL && exit & explorer.exe & exit ) else ( tasklist /FI “IMAGENAME eq explorer.exe” 2>NUL | find /I /N “explorer.exe”>NUL && exit & explorer.exe & exit ), algo debe estar mal en esta clave pués si la restauro en el registro no arranca ni aparece el c:, El programa SoundMixer que es donde dice está el troyano no aparece en AppData, me podéis ayudar. Muchas gracias por vuestra atención y ayuda


#2

Me respondo a mi mismo, el aviso de malwarebytes ha desaparecido por lo que mi sistema debe estar límpio, he conseguido que el arranque de w10 aparezca el escritorio con sus iconos y funcione todo correctamente, pero sigue apareciéndome la pantalla de Windows Powershell en el arranque, en c:\windows\system32, por lo que no sé que programa o comando ejecuta CMD, ahora mismo no creo se trate mi problema de virus o malware si no mas bien de daños al arranque (registro de w10) al eliminar el mismo. Ruego al Administrador que traslade dicho post al lugar mas adecuado si no es este el correcto. Muchas gracias, P.Data.- Sigo intentado reparar mi pc, cualquier ayuda será bienvenida


#3

Hola @masnou y bienvenido a esta nueva etapa de nuestro Foro. :+1:

Esa pantalla que te aparece puedes verla suficiente tiempo y hacer una imagen para que nos la puedas subir y poderla ver.??

Saludos.


#4

Esta es la captura de pantalla, no desaparece se queda fija, tengo que cerrarla manualmente, por lo demás todo , OK. Saludos.


#5

Bien… pues realiza estos pasos :

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:)

:two: Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los dos informes en tu próxima respuesta.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Saludos.


#6

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by masno (11-03-2019 21:24:24)
Running from C:\Users\masno\Downloads
Windows 10 Pro Version 1809 17763.316 (X64) (2018-11-21 20:58:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1609916864-2406924031-3616026539-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1609916864-2406924031-3616026539-503 - Limited - Disabled)
Invitado (S-1-5-21-1609916864-2406924031-3616026539-501 - Limited - Disabled)
masno (S-1-5-21-1609916864-2406924031-3616026539-1001 - Administrator - Enabled) => C:\Users\masno
WDAGUtilityAccount (S-1-5-21-1609916864-2406924031-3616026539-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Acronis True Image (HKLM-x32\...\{62528BBA-21CF-4023-84EC-BB529662D496}) (Version: 23.3.14110 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{62528BBA-21CF-4023-84EC-BB529662D496}Visible) (Version: 23.3.14110 - Acronis)
Actualización de NVIDIA 35.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 35.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Ares (HKLM-x32\...\Ares) (Version: 2.5.0-Build#3076 - AresGalaxy)
Battlefield V (HKLM-x32\...\Battlefield V_is1) (Version:  - )
BootRacer 7.70 (HKLM-x32\...\{50EB4E13-A810-411E-8F1F-C22FE7841DA2}_is1) (Version: 7.70 - Greatis Software)
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{6768BCF7-474C-4428-9FC1-3C46969819D6}) (Version: 1.1.4.4 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{0648F446-BAE9-402F-9BEC-8B333959D8FB}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{A242EB06-0518-48A3-AF7A-5973BE9CAF7B}) (Version: 1.0.7.3 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7041 - CDBurnerXP)
ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
DeviceDetect (HKLM-x32\...\{F805D16D-AB79-4DC7-A60F-436621995275}) (Version: 1.2.1.0 - Brother Industries Ltd.) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden
eMule (HKLM-x32\...\eMule) (Version:  - )
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
K-Lite Codec Pack 14.5.7 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.7 - KLCP)
Malwarebytes versión 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mp3tag v2.85 (HKLM-x32\...\Mp3tag) (Version: 2.85 - Florian Heidenreich)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA Controlador de 3D Vision 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.35 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.35 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.35 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Adafruit Industries LLC (usbser) Ports  (02/25/2016 6.2.2600.0) (HKLM\...\1245A5961AC9D2C18ADF9EEC931D77E059B7F74E) (Version: 02/25/2016 6.2.2600.0 - Adafruit Industries LLC)
Paquete de controladores de Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (11/24/2015 1.2.3.0) (HKLM\...\8B585560B248755A6C5A24D5C0F50FA998310883) (Version: 11/24/2015 1.2.3.0 - Arduino LLC (www.arduino.cc))
Paquete de controladores de Windows - Arduino LLC (www.arduino.cc) Genuino USB Driver (01/07/2016 1.0.3.0) (HKLM\...\EC414D98E2986DCA1628FAED2163CD1C9A4ED7EC) (Version: 01/07/2016 1.0.3.0 - Arduino LLC (www.arduino.cc))
Paquete de controladores de Windows - Arduino Srl (www.arduino.org) Arduino USB Driver (03/19/2015 1.1.1.0) (HKLM\...\69E507459B453D69A453EFC9E461FAE1E073408A) (Version: 03/19/2015 1.1.1.0 - Arduino Srl (www.arduino.org))
Paquete de controladores de Windows - libusb-win32 (libusb0) libusb-win32 devices  (04/21/2015 1.0.0.0) (HKLM\...\28E91B69CA377EB48D6E1B92C37F897036E8A818) (Version: 04/21/2015 1.0.0.0 - libusb-win32)
Paquete de controladores de Windows - Linino (usbser) Ports  (01/13/2014 1.0.0.0) (HKLM\...\A2C084AD4515675961A87E71B10E80E4FDCF7FAA) (Version: 01/13/2014 1.0.0.0 - Linino)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Simplify3D Software (HKLM\...\Simplify3D Software 4.1.0) (Version: 4.1.0 - Simplify3D)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Ultimaker Cura 3.6 (HKLM-x32\...\Ultimaker Cura 3.6) (Version: 3.6.0 - Ultimaker)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1609916864-2406924031-3616026539-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [     AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-09-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-09-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-09-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-09-20] (Acronis International GmbH -> )
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {056CAA65-FD46-492A-BF0D-0F760862549C} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {08C9612F-B407-4301-9F1D-77011A880093} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0EE462DB-96BF-4F42-878B-42CB66D39E9A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0FA8CBB9-120D-41C1-86DF-29024A60B406} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {17A768D4-A1A3-4E96-928C-3BFDEED2F71A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1C686D03-B55C-4742-8D01-3AAE69AB93AB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {22744EFF-B2D7-4AD6-BA31-3C08AF89220D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3DF45D89-1F17-4787-AD89-8B0AC3B1F238} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {45F65B23-94BE-46CA-9D9F-DB9AEA8B6200} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58E00E1E-09B8-4D3F-8D3D-971D46D11B19} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5A62E1B1-1B1E-49DB-BBC9-585DE848F278} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5C148218-16CD-4A03-B1F2-F0B06F6C621E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {67AAC100-00C5-46C9-9908-67B23B8761E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6A0D3DE9-1CFA-4C5F-A681-813B5CDE5ACE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1609916864-2406924031-3616026539-1001 => C:\Users\masno\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6B9B6CC3-BA88-493E-9FA9-8A1CC9C39D5C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B8A4719-40BD-481D-841F-1D7C40B435DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {8D9935D8-F0B2-429C-A635-03A3DC4A9E1A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {939ACEA8-690B-4A51-AC26-A524F2462448} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {96432AF0-DC08-431E-B29F-BBA18DF0F9E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9831A4E8-0271-4D46-A182-3821599CB4EA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BF430CDD-18AB-46A2-9D0D-221420AAA1DA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C9568C39-8F37-42DA-83FB-DA880329EDE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D23CF8FF-6242-4D3E-9D55-C4A415859C91} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D42EEA0A-2B2D-4F5C-A562-215B545FC649} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E724D004-62B4-4508-B2A8-13968E21816B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {E8C24488-D056-4CFF-8D44-B30E823D9D18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {F4C38897-A31A-46AA-A666-5F32759353C5} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9F23275-8984-4096-A8F9-EA33CA87543B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FA3579FC-A020-437A-AD2B-EEA4B2519BFD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-25 09:42 - 2017-10-25 09:42 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2018-09-20 20:09 - 2018-09-24 17:20 - 001477120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2018-11-22 11:23 - 2018-09-24 17:19 - 022984336 _____ (Acronis International GmbH -> ) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2018-09-20 20:07 - 2018-09-20 20:07 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2018-09-20 20:05 - 2018-09-20 20:05 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2018-09-20 20:05 - 2018-09-20 20:05 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
2018-09-20 20:05 - 2018-09-20 20:05 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-12-24 14:02 - 000001416 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1                  license.piriform.com
127.0.0.1                   www.license.piriform.com
127.0.0.1                   speccy.piriform.com
127.0.0.1                   www.speccy.piriform.com
127.0.0.1                   recuva.piriform.com
127.0.0.1                   www.recuva.piriform.com
127.0.0.1                   defraggler.piriform.com
127.0.0.1                   www.defraggler.piriform.com
127.0.0.1                   ccleaner.piriform.com
127.0.0.1                   www.ccleaner.piriform.com
0.0.0.0  telemetry.malwarebytes.com
0.0.0.0  keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\masno\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Nero BackItUp"
HKLM\...\StartupApproved\Run32: => "DriveSpan"
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F74B3E60-6BE0-434F-AF27-492EA2494C0C}] => (Allow) D:\aProgramas software\Actualizador drivers\DriverPack\DriverPack_17.7.101-18104\bin\tools\aria2c.exe () [File not signed]
FirewallRules: [{DB6D0BA7-B5DE-4D91-8E41-25579E29181C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{FE64D356-44A9-47A9-81BF-030B317596B8}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{4CE20274-7A16-4659-83BF-54E637EF7876}] => (Allow) C:\Users\masno\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EF23AD5C-97D5-43A6-82DE-C1C7FFC7CECA}] => (Allow) C:\Users\masno\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C3B1A45E-5E46-470E-BD7D-13515264DA00}] => (Allow) C:\Users\masno\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5074D070-0D2A-47C7-B816-615C50D95E56}] => (Allow) C:\Users\masno\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{937810F1-5576-40D2-B834-BE131289290A}] => (Allow) C:\Users\masno\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{86B77FDF-ED98-4DA9-9C47-974D39A31DDA}] => (Allow) C:\Users\masno\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{479FB38E-3E6B-42B1-8854-DB2BBD1C200F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [UDP Query User{2CF75BFA-77B1-4967-896D-FEB365C1C46F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [TCP Query User{E85BD0E6-D9BA-4AEA-83B7-254C8AE680EF}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [File not signed]
FirewallRules: [UDP Query User{CC5B2D9A-2C17-4DD7-999C-DFB4B788A06D}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [File not signed]
FirewallRules: [{F225FB58-077C-4339-B287-CF5A1DE03F71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7105FE36-5F79-46C8-91E9-D95012B918C9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65DBC805-3AEC-40CE-8254-9637462E5EDD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{898FA844-38DD-4855-B01C-A43DB2680A89}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D6A6DB05-9AC9-48EE-A542-B263443A5A0D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A9C0D3D3-D4E2-44EE-BA41-01F6F79DC4E9}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{80C15C7A-5CA2-4AA4-A3D1-E47B4C343F75}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{08C9CA6E-5C93-437B-911C-0B448EB44D95}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{521DB5CD-B802-4D38-989A-E4FF1C19B6A9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{258B8D88-8385-4B25-84C0-E530FC311DCD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{6B18E78C-9C66-4B83-A615-EDB2D1B1C1A3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{FE36738C-F453-4842-9E62-F830680BB98C}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{8697E9B6-0B04-4CE9-AD52-20EAD8E9F606}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{E4337C7E-309D-4835-B411-5FD1AF4633EC}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{D84A08BB-EC76-4693-95BB-3DA7A5BB7D59}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{D85D7A0A-6AF3-45CA-B89C-CBE1B172618E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{E4AAFCC8-48EB-4313-B462-085F5802CE2F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{C456ABD5-30F3-4327-9802-CEE9722A9E17}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{758DDDC5-801F-472D-9916-1618000C4235}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [TCP Query User{3E201C57-134B-4702-BEDF-A735B863F96E}C:\games\battlefield 1\bf1.exe] => (Allow) C:\games\battlefield 1\bf1.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [UDP Query User{7E54FE98-59FC-47FC-B549-B2568960B3EC}C:\games\battlefield 1\bf1.exe] => (Allow) C:\games\battlefield 1\bf1.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{EAD0C432-D5B1-44B9-B080-9F53A10DB75E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E5026EB4-16F4-4C92-9944-975222C7A0AD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{EE52F005-8689-4AFC-9D8A-1B41C0CF9100}C:\program files\ultimaker cura 3.6\cura.exe] => (Allow) C:\program files\ultimaker cura 3.6\cura.exe () [File not signed]
FirewallRules: [UDP Query User{192F493F-7FFB-4338-AF04-E6B0E513F1BA}C:\program files\ultimaker cura 3.6\cura.exe] => (Allow) C:\program files\ultimaker cura 3.6\cura.exe () [File not signed]
FirewallRules: [{4AA33C77-5759-4C23-9AB3-AF84463A7066}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C020387-D493-493B-BF60-7C65BF731BCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6BE03335-9DC7-4B84-84D4-E1DEF64FD129}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6706093B-ACD0-40FE-8A7B-EC0C7345A8E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{19BF0048-6944-463A-A7F8-24D02D1FC293}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EAE7BF16-1F7F-48DE-99D7-640FA1D64C8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2019 01:24:26 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID '3B390743-13CA-4993-B38D-269BF0FD8D4F' because of error 87 (Scheduler has received a request with an invalid parameter.).

Error: (03/10/2019 10:07:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; descripción = Punto de control programado; error = 0x80070422).

Error: (03/10/2019 08:07:33 PM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID '597C4F77-1786-411D-A93E-E4ED9831AF72' because of error 87 (Scheduler has received a request with an invalid parameter.).

Error: (03/08/2019 02:51:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.17763.1, marca de tiempo: 0x1244354f
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0000000000000203
Identificador del proceso con errores: 0x3afc
Hora de inicio de la aplicación con errores: 0x01d4d5b5d066ab9e
Ruta de acceso de la aplicación con errores: C:\Windows\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: a70d1d34-19cd-4071-b7cb-3c54f5c53528
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (03/08/2019 02:11:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80004005, "file:///C:\[bc231cce-356a-44c5-830a-2c67f61c91d6]\Users\">.

Error: (03/08/2019 02:11:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80004005, "file:///C:\[6cb4b1c0-5562-4bd8-bd35-bad4e3944346]\Users\">.

Error: (03/08/2019 02:11:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80004005, "file:///C:\[bc231cce-356a-44c5-830a-2c67f61c91d6]\ProgramData\Microsoft\Windows\Start Menu\">.

Error: (03/08/2019 02:11:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80004005, "file:///C:\[6cb4b1c0-5562-4bd8-bd35-bad4e3944346]\ProgramData\Microsoft\Windows\Start Menu\">.


System errors:
=============
Error: (03/11/2019 02:02:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/11/2019 02:02:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/11/2019 02:02:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.SecurityAppBroker
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/11/2019 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/11/2019 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/11/2019 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.SecurityAppBroker
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/11/2019 01:30:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IKSEGQV)
Description: El servidor {1EF75F33-893B-4E8F-9655-C3D602BA4897} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 01:30:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IKSEGQV)
Description: El servidor {1EF75F33-893B-4E8F-9655-C3D602BA4897} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-03-10 21:51:03.824
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {9EBEA4CD-D796-44D4-9D55-D5544E777AC1}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-08 23:51:47.254
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {05105F8A-EC74-44DE-951C-F6802DD03EA6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-08 22:28:35.142
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {1D6700C7-27AE-4502-9320-B35C06E6CBB9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-08 14:46:06.000
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {EA6E97EF-F1A0-40A7-BB0D-B5F4EFB0E2C7}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-02 15:12:39.364
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {48547B4E-2763-4B95-8327-B7DAE5078661}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-10 23:33:24.915
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-10 23:24:21.274
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-10 23:21:13.924
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-10 23:01:06.956
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-10 20:48:25.846
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

CodeIntegrity:
===================================

Date: 2019-03-11 21:19:43.704
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 21:19:26.937
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 21:19:21.641
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 21:19:11.642
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 21:19:11.440
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 21:18:23.086
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 14:48:32.955
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-11 14:40:29.688
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 41%
Total physical RAM: 8083.47 MB
Available physical RAM: 4719.46 MB
Total Virtual: 11027.47 MB
Available Virtual: 6825.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.28 GB) (Free:91.99 GB) NTFS
Drive d: (ALMACEN) (Fixed) (Total:2794.39 GB) (Free:1005.93 GB) NTFS
Drive e: (COPIAS  SEGURIDAD) (Fixed) (Total:2794.39 GB) (Free:456.3 GB) NTFS
Drive f: (DISCO APOYO (Disco 4)) (Fixed) (Total:232.88 GB) (Free:73.5 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f2449bc3-eb89-4bef-acc1-b057de33103e}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{f62b923f-c885-4643-bc19-3b1a36cebaa8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9C63E997)

Partition: GPT.

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: D6926387)

Partition: GPT.

========================================================
Disk: 4 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#7

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019
Ran by masno (administrator) on DESKTOP-IKSEGQV (11-03-2019 21:23:41)
Running from C:\Users\masno\Downloads
Loaded Profiles: masno (Available Profiles: masno)
Platform: Windows 10 Pro Version 1809 17763.316 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Greatis Software LLC -> Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2018-11-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [754416 2018-09-20] (Acronis International GmbH -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2018-09-20] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4575880 2018-09-20] (Acronis International GmbH -> )
HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\bootrace.exe [5768600 2019-02-27] (Greatis Software LLC -> Greatis Software)
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3539456 2018-12-18] (AresGalaxy) [File not signed]
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Command Processor: C:\Windows\explorer.exe [4245280 2018-10-30] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{ba3e02fc-2a22-40fe-872d-d63130dc95b1}: [NameServer] 212.231.6.7,8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1609916864-2406924031-3616026539-1001 -> hxxps://www.mundodeportivo.com/

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3956952 2018-09-20] (Acronis International GmbH -> Acronis International GmbH)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-04-11] (BattlEye Innovations e.K. -> )
R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [92056 2019-02-15] (Greatis Software LLC -> Greatis Software, LLC)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2018-09-20] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2018-09-20] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1762456 2018-09-20] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [660456 2018-11-22] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2018-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd. -> Zemana Ltd.)
R0 mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [342760 2016-04-11] (Marvell Semiconductor, Inc. -> Marvell Semiconductor, Inc.)
S3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a8e74171e1b8492\nvlddmkm.sys [20736208 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2018-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2018-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-12-13] (Zemana Ltd. -> Zemana Ltd.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-11 21:21 - 2019-03-11 21:21 - 002434560 _____ (Farbar) C:\Users\masno\Downloads\FRST64 (1).exe
2019-03-11 14:00 - 2019-03-11 14:00 - 000000000 ___HD C:\Users\masno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STARTUP-
2019-03-11 14:00 - 2019-03-11 14:00 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-
2019-03-11 13:26 - 2019-03-11 13:26 - 015052275 _____ C:\Users\masno\Downloads\bootracer_free.zip
2019-03-11 13:26 - 2019-03-11 13:26 - 000000000 ____D C:\Users\masno\Downloads\bootracer_free
2019-03-11 01:57 - 2019-03-11 01:59 - 000000000 ____D C:\DATA
2019-03-11 01:44 - 2019-03-11 02:13 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger
2019-03-11 01:44 - 2019-03-11 01:48 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2019-03-11 01:22 - 2019-03-11 01:22 - 000023740 _____ C:\Users\masno\OneDrive\Documentos\cc_20190311_012230.reg
2019-03-11 01:05 - 2019-03-11 01:42 - 000000000 ____D C:\Program Files (x86)\System Explorer
2019-03-11 01:05 - 2019-03-11 01:05 - 001917528 _____ (Mister Group ) C:\Users\masno\Downloads\SystemExplorerSetup-7.0.0 (1).exe
2019-03-11 01:04 - 2019-03-11 01:04 - 001917528 _____ (Mister Group ) C:\Users\masno\Downloads\SystemExplorerSetup-7.0.0.exe
2019-03-10 23:55 - 2019-03-10 23:55 - 000000080 ___SH C:\bootTel.dat
2019-03-10 23:21 - 2019-03-10 23:33 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-10 23:14 - 2019-03-10 23:14 - 000003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-03-10 21:43 - 2019-03-10 21:43 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\masno\Downloads\rkill.exe
2019-03-08 23:31 - 2019-03-08 23:31 - 000045795 _____ C:\Users\masno\Downloads\Addition.txt
2019-03-08 23:30 - 2019-03-11 21:24 - 000016981 _____ C:\Users\masno\Downloads\FRST.txt
2019-03-08 23:26 - 2019-03-11 21:23 - 000000000 ____D C:\FRST
2019-03-08 23:26 - 2019-03-08 23:26 - 002434560 _____ (Farbar) C:\Users\masno\Downloads\FRST64.exe
2019-03-08 14:56 - 2019-03-08 21:40 - 000000000 ____D C:\Users\masno\AppData\Local\NVIDIA Corporation
2019-03-08 14:56 - 2019-03-08 14:56 - 000000000 ____D C:\Users\masno\AppData\Local\NVIDIA
2019-03-08 14:54 - 2019-03-08 14:54 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-08 14:54 - 2019-03-08 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-03-08 14:54 - 2019-03-01 11:36 - 002741288 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-03-08 14:54 - 2019-03-01 11:36 - 002124328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-03-08 14:54 - 2019-03-01 11:36 - 001323048 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-03-08 14:53 - 2019-03-01 11:36 - 000203576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2019-03-08 14:53 - 2019-03-01 11:36 - 000179512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2019-03-08 14:53 - 2019-03-01 11:36 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-03-08 14:53 - 2019-03-01 11:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-03-08 14:53 - 2019-03-01 08:15 - 005364592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-03-08 14:53 - 2019-03-01 08:15 - 002625008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-03-08 14:53 - 2019-03-01 08:15 - 001767920 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-03-08 14:53 - 2019-03-01 08:15 - 000651248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-03-08 14:53 - 2019-03-01 08:15 - 000450872 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-03-08 14:53 - 2019-03-01 08:15 - 000125424 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-03-08 14:53 - 2019-03-01 08:15 - 000082800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-03-08 14:53 - 2019-03-01 08:14 - 000133432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2019-03-08 14:53 - 2019-02-26 11:36 - 008514902 _____ C:\Windows\system32\nvcoproc.bin
2019-03-08 14:52 - 2019-03-08 14:52 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-03-08 14:50 - 2019-03-02 03:29 - 020106384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 017434264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 010319696 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 008784920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 005042904 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 001471632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 001462232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 001169152 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 001152016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 001145752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 000915304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 000822792 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 000794656 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-03-08 14:50 - 2019-03-02 03:29 - 000638392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-03-08 14:50 - 2019-03-02 03:28 - 004301480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 001006800 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 001006800 _____ C:\Windows\system32\vulkan-1.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 000552328 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 000456904 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-03-08 14:50 - 2019-03-01 23:32 - 000286416 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-03-08 14:50 - 2019-03-01 23:32 - 000286416 _____ C:\Windows\system32\vulkaninfo.exe
2019-03-08 14:50 - 2019-03-01 23:32 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-03-08 14:50 - 2019-03-01 23:32 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-03-08 14:50 - 2019-03-01 23:30 - 005274368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 004625344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 002033032 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 001734344 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441935.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 001535744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 001467832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441935.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 001464520 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 001130184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 000752520 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 000668456 _____ C:\Windows\system32\nvofapi64.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 000631232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 000611720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 000534728 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-03-08 14:50 - 2019-03-01 23:30 - 000521928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-03-08 14:50 - 2019-03-01 23:29 - 040234704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-03-08 14:50 - 2019-03-01 23:29 - 035140488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-03-08 14:50 - 2019-03-01 11:36 - 001682392 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-03-08 14:50 - 2019-03-01 11:36 - 000228768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-03-08 14:50 - 2019-03-01 11:36 - 000070024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2019-03-08 14:50 - 2019-03-01 11:36 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-03-08 14:50 - 2019-03-01 11:36 - 000049834 _____ C:\Windows\system32\nvinfo.pb
2019-03-08 14:50 - 2019-03-01 11:36 - 000047592 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-03-08 14:18 - 2019-03-08 14:18 - 578337888 _____ (NVIDIA Corporation) C:\Users\masno\Downloads\419.35-desktop-win10-64bit-international-whql.exe
2019-03-08 14:11 - 2019-03-08 14:11 - 000000000 ____D C:\Windows\CSC
2019-02-19 20:53 - 2019-02-19 21:03 - 027339965 _____ C:\Users\masno\Downloads\01 - Start Me Up (Remastered).flac
2019-02-17 16:25 - 2019-02-17 16:26 - 579908376 _____ (NVIDIA Corporation) C:\Users\masno\Downloads\418.91-desktop-win10-64bit-international-whql.exe
2019-02-15 23:02 - 2019-02-15 23:02 - 026807296 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 023439360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 020812288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 019023872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 006070272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 004885504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 004688896 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 003922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 002469648 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000421904 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2019-02-15 23:02 - 2019-02-15 23:02 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-02-15 23:02 - 2019-02-15 23:02 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys
2019-02-15 23:01 - 2019-02-15 23:02 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 009683984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-15 23:01 - 2019-02-15 23:01 - 007645600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 006540424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 005086208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 004627456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 003662336 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 002927120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 002721280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 002626592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 002437552 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 002021584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 001969680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 001700864 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 001671864 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 001467560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 001255736 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-02-15 23:01 - 2019-02-15 23:01 - 001050936 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-02-15 23:01 - 2019-02-15 23:01 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000982576 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000982032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000765960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000475152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-02-15 23:01 - 2019-02-15 23:01 - 000463672 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000461824 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000419128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000387384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000047136 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-02-15 23:01 - 2019-02-15 23:01 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-02-15 23:01 - 2019-02-15 23:01 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\npmproxy.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000039304 _____ (Microsoft Corporation) C:\Windows\system32\NtlmShared.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000033056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NtlmShared.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-02-15 23:01 - 2019-02-15 23:01 - 000000072 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin
2019-02-09 14:54 - 2019-02-09 14:54 - 019284480 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 007897088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 007724992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 005440008 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 005112792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 003601920 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 003550384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 002392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 002278448 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 001309184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 001289192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 001282640 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 001259024 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-02-09 14:54 - 2019-02-09 14:54 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000927232 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessmanagersvc.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000829440 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000762272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2019-02-09 14:54 - 2019-02-09 14:54 - 000263360 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 022111856 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 017520640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 015224832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 008875520 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 005584864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 005565952 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 005561856 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 005527552 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 005205464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 004991096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 004702704 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 004526080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 004298752 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 004019200 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 003982848 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 003656192 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 003556352 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 003386368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002992640 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002942464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002776920 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002766136 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002702528 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002689024 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002618880 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002488320 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 002466304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002298880 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002275888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002187264 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002149368 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002085376 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 002072728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001994768 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001975296 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001720936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001715712 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001700880 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001696936 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-09 14:53 - 2019-02-09 14:53 - 001674480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001604096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001533440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001467384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 001462272 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001446400 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001415680 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001341584 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-09 14:53 - 2019-02-09 14:53 - 001331744 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001271608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001258512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 001254912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001224704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001221120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 001209360 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001178344 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 001168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001054200 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 001047552 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\refsutil.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000970256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000954368 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000913920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000901632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000865784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000864056 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000850968 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000822448 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000806560 _____ C:\Windows\SysWOW64\locale.nls
2019-02-09 14:53 - 2019-02-09 14:53 - 000806560 _____ C:\Windows\system32\locale.nls
2019-02-09 14:53 - 2019-02-09 14:53 - 000800256 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000799568 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000794112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000752136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000742912 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000726208 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000700416 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000652320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000651792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000651304 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000649272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000648192 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000629576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000622592 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000612368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000604552 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000588304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000580024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000556544 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000547840 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000535048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000522312 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000506408 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000496872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000494080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000494080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Activities.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000430904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000408800 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000407040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000388096 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000375544 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000365056 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000353488 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.OneCore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000324408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\AcLayers.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000305664 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000298296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000284160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000277536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000276488 _____ (Microsoft Corporation) C:\Windows\system32\MTF.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000262672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000251904 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngOnline.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000203280 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000202552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MTF.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000201216 _____ (Microsoft Corporation) C:\Windows\system32\wincredui.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000198144 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000195896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000193032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSrv.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredui.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000157192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000148480 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000146888 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000137216 _____ (Microsoft Corporation) C:\Windows\system32\SpaceAgent.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000132104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000122368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000121872 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000114856 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000097592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\nlahc.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\PktMon.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000091424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2019-02-09 14:53 - 2019-02-09 14:53 - 000074424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WindowsTrustedRT.sys
2019-02-09 14:53 - 2019-02-09 14:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\umpo-overrides.dll
2019-02-09 14:53 - 2019-02-09 14:53 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\lpkinstall.exe

#8

Resto


==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-11 21:23 - 2018-12-13 02:00 - 000073930 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-03-11 21:20 - 2018-11-21 22:02 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-11 21:18 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-11 14:38 - 2018-11-21 21:55 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-03-11 14:06 - 2018-11-21 22:02 - 001773362 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-11 14:06 - 2018-09-15 17:37 - 000788518 _____ C:\Windows\system32\perfh00A.dat
2019-03-11 14:06 - 2018-09-15 17:37 - 000155808 _____ C:\Windows\system32\perfc00A.dat
2019-03-11 14:06 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2019-03-11 14:00 - 2018-11-21 22:24 - 000000000 ____D C:\Program Files (x86)\BootRacer
2019-03-11 14:00 - 2018-11-21 21:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-11 13:59 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-03-11 13:30 - 2018-11-21 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BootRacer
2019-03-11 02:13 - 2018-11-21 22:24 - 000000000 ____D C:\ProgramData\BootRacer
2019-03-11 01:48 - 2018-12-13 02:00 - 000027844 _____ C:\Windows\ZAM.krnl.trace
2019-03-11 01:47 - 2018-11-24 03:10 - 000000000 ____D C:\Program Files\CCleaner
2019-03-11 01:45 - 2018-11-21 22:00 - 000000000 ____D C:\Users\masno
2019-03-11 01:20 - 2019-01-15 21:43 - 000000000 ____D C:\Users\masno\AppData\Local\CrashDumps
2019-03-11 01:20 - 2018-11-22 01:46 - 000000000 ____D C:\Users\masno\AppData\Roaming\uTorrent
2019-03-11 00:34 - 2018-11-21 22:52 - 000000000 ____D C:\Users\masno\AppData\LocalLow\Temp
2019-03-10 21:10 - 2018-11-22 10:55 - 000000000 ____D C:\Users\masno\OneDrive\Documentos\Archivos de Outlook
2019-03-10 19:42 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-10 19:42 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2019-03-08 14:56 - 2018-11-21 22:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-03-08 14:54 - 2018-11-21 22:01 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-03-08 14:54 - 2018-11-21 22:01 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-03-08 14:53 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\Help
2019-03-08 14:22 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-08 14:21 - 2018-11-22 02:11 - 000000000 ____D C:\Program Files\Microsoft Office
2019-03-02 15:12 - 2018-12-08 22:40 - 000000000 ____D C:\Users\masno\AppData\Local\ElevatedDiagnostics
2019-02-28 20:21 - 2018-11-21 22:03 - 000000000 ____D C:\Users\masno\AppData\Local\Packages
2019-02-26 15:46 - 2018-11-21 22:03 - 000000000 ____D C:\Users\masno\AppData\Local\VirtualStore
2019-02-26 15:43 - 2018-11-22 01:37 - 000007982 _____ C:\Windows\BRRBCOM.INI
2019-02-22 21:53 - 2018-12-12 00:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-22 21:42 - 2018-11-21 21:55 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-02-22 00:59 - 2018-11-23 00:09 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-17 13:00 - 2018-11-21 21:55 - 000438880 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-16 01:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-02-16 01:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\bcastdvr
2019-02-16 01:19 - 2018-12-12 00:31 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-15 23:02 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2019-02-15 23:00 - 2018-11-22 10:22 - 000000000 ____D C:\Windows\system32\MRT
2019-02-15 22:59 - 2018-11-22 10:22 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-09 14:56 - 2018-11-21 22:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-09 14:56 - 2018-11-21 22:03 - 000000000 ___RD C:\Users\masno\3D Objects
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\TextInput
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\oobe
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\oobe
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-02-09 14:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellComponents
2019-02-09 14:55 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Dism

==================== Files in the root of some directories =======

2018-12-10 21:58 - 2018-12-10 21:58 - 000000017 _____ () C:\Users\masno\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#9

Hola de nuevo, decir que siguiendo el informe FRST en el apartado Registry (Whitelisted) y en concreto en la penúltima fila aparece Winlogon: [Shell] %comspec% <==== ATTENTION, que es un comando de llamada a cmd, borrando %comspec% , ya no aparece la ventana de Windows PowerShell. No creo que esta sea la solución correcta, ya que en la última fila de dicho apartado Registry también aparece :\Windows\explorer.exe [4245280 2018-10-30] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION y lo de explorer lo puse yo para que apareciera el escritorio en lugar de la pantalla en negro, si lo quito la pantalla vuelve a estar negra y no aparece el escritorio, quizás lo del explorer.exe debería estar en Winlogon, ya me diréis?. Puedo restaurar a un punto anterior, y ver como está el registro en estos apartados, el último es el que anoté en el primer post donde hace referencia a SoundMixer y en el que aparecia el aviso de Malwarebytes. Uf espero haberme explicado bien. Saludos


#10

Hola.

Veamos… :thinking:

En principio esta linea/instruccion del registro :

No debería existir y lo que debemos hacer es eliminarla, ya te daré yo los pasos necesarios para quitarla.

Y esta otra instrucción, que dices que has puesto TU :

Tampoco debería ser necesario que existiera, para que un equipo aparezca en el escritorio una vez hemos arrancado, NO es necesario añadir nada en el registro. :smirk:

Cuando hiciste la desinfección con Malwarebytes hiciste algún proceso más de limpieza del equipo.??


#11

Hola, ante todo darte las gracias por tus comentarios e interés . Esta instrucción del registro : C:\Windows\explorer.exe [4245280 2018-10-30] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION,quedó eliminada por la acción de limpieza de Malwarebytes, pero entonces aparecía la pantalla en negro junto con Windows PowerShell, yo le añadí explorer.exe y apareció el escritorio. Lo que borró Malwarebytes es esta línea: HKU\S-1-5-21-1609916864-2406924031-3616026539-1001…\Command Processor: AutoRun, @mode 20,5 & tasklist /FI “IMAGENAME eq SoundMixer.exe” 2>NUL | find /I /N “SoundMixer.exe”>NUL && exit & if exist “C:\Users\masno\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe” ( start /MIN “” “C:\Users\masno\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe” & tasklist /FI “IMAGENAME eq explorer.exe” 2>NUL | find /I /N “explorer.exe”>NUL && exit & explorer.exe & exit ) else ( tasklist /FI “IMAGENAME eq explorer.exe” 2>NUL | find /I /N “explorer.exe”>NUL && exit & explorer.exe & exit ). No he añadido nada más, sólo he borrado la instrucción %comspec% de HKU\S-1-5-21-1609916864-2406924031-3616026539-1001…\Winlogon: [Shell] %comspec% <==== ATTENTION, y ya no aparece Windows powershell al iniciar el ordenador. Recuerdo que Malwarebytes me elimino hace días SoundMixer y está última desinfección debió ser de algún resto que quedó. Ahora parece que todo va bien. Como verás uso BootRacer para medir el tiempo de arranque , si detecto cualquier retraso significativo y persistente en el arranque, lo interpreto como una posible intrusión y ejecuto los análisis de detección y optimización, es un método muy sui generis, pero me funciona. Los tiempos de arranque ahora son de 3-4 segundos inferiores y parecidos a los iniciales. Saludos


#12

Bien… :thinking: pues vamos a revisar un poco más tu máquina, para hacerlo sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner y JRT y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos.


#13

Hola de nuevo, todos estos programas que me indicas ya los uso habitualmente, los he ejecutado siguiendo tus indicaciones y te adjunto los informes solicitados.


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/3/19
Hora del análisis: 0:24
Archivo de registro: 0b085dfb-451e-11e9-ae7f-002522bd9788.json
Administrador: Sí

-Información del software-
Versión: 3.5.1.2522
Versión de los componentes: 1.0.365
Versión del paquete de actualización: 1.0.9658
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 17763.348)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-IKSEGQV\masno

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 281325
Amenazas detectadas: 0
(No hay elementos maliciosos detectados)
Amenazas en cuarentena: 0
(No hay elementos maliciosos detectados)
Tiempo transcurrido: 0 min, 31 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
 Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-13-2019
# Duration: 00:00:05
# OS:       Windows 10 Pro
# Scanned:  32224
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.PCFixer            C:\Users\masno\Downloads\WRCFree.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.WiseFolderLock     HKLM\Software\Classes\CLSID\{D4EF86C3-77D7-4F82-BBB8-6DFFAB6E2D32}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1382 octets] - [13/12/2018 20:53:42]
AdwCleaner[C00].txt - [1508 octets] - [13/12/2018 20:54:27]
AdwCleaner[S01].txt - [1371 octets] - [13/12/2018 20:56:11]
AdwCleaner[S02].txt - [2310 octets] - [18/12/2018 00:41:04]
AdwCleaner[C02].txt - [2422 octets] - [18/12/2018 00:41:59]
AdwCleaner[S03].txt - [2460 octets] - [22/12/2018 01:22:03]
AdwCleaner[C03].txt - [2552 octets] - [22/12/2018 01:22:45]
AdwCleaner[S04].txt - [2562 octets] - [22/12/2018 11:13:27]
AdwCleaner[C04].txt - [2674 octets] - [22/12/2018 11:14:03]
AdwCleaner[S05].txt - [1877 octets] - [16/01/2019 21:39:01]
AdwCleaner[C05].txt - [2043 octets] - [16/01/2019 21:40:19]
AdwCleaner[S06].txt - [1920 octets] - [16/01/2019 21:53:50]
AdwCleaner[S07].txt - [3306 octets] - [08/03/2019 23:05:52]
AdwCleaner[C07].txt - [3382 octets] - [08/03/2019 23:06:33]
AdwCleaner[S08].txt - [2103 octets] - [08/03/2019 23:09:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by masno (Administrator) on 13/03/2019 at  0.32.13,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\Windows\wininit.ini (File) 



Registry: 0 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/03/2019 at  0.33.02,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aquí va lo solicitado. Muy agradecido. Saludos


#14

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Command Processor: C:\Windows\explorer.exe [4245280 2018-10-30] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#18
Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by masno (13-03-2019 13:12:50) Run:1
Running from C:\Users\masno\OneDrive\Escritorio
Loaded Profiles: masno (Available Profiles: masno)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\...\Command Processor: C:\Windows\explorer.exe [4245280 2018-10-30] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
ZAM => service not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1609916864-2406924031-3616026539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 147797811 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 48032 B
Edge => 365422086 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1768 B
LocalService => 0 B
NetworkService => 6474 B
NetworkService => 0 B
masno => 1467101 B

RecycleBin => 0 B
EmptyTemp: => 499.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:12:58 ====

Adjunto Fixlog , ya me comentareis como ha quedado, saludos

El ordenador tarda en arrancar entre 7 y 8 segundos menos, lo cual quiere decir que está muy optimizado y no hay anomalías que demoren su funcionamiento. Muchísimas gracias por vuestra inestimable ayuda. Muy agradecido.

Sólo detecto una pequeña anomalía : Que el ordenador no se reinicia a través del sistema, se apaga no del todo,pero no inicia, tengo que darle al botón reset. Miraré el código que aparece en bios que es OP, haber que sucede. Saludos

Perdón, el error es d0, lo había leído al revés, significa error iniciación CPU, si lo reinicio con el botón Reset funciona correctamente.

Saludos

Como tengo owerclok en mi placa, he reseteado la bios y he vuelto a cargar el owerclok y parece que se ha solucionado, aunque falla 1 de cada 4 reinicios. La cpu ya tiene años es un IE2500k 3,3 @ a 4,6, que me ha dado un resultado expectacular, ahora esperado los 7nn de AMD para cambiar el equipo. Seguiré haciendo pruebas, cambiar de slot las memos, etc. Saludos


#19

Hola.

Bien… vayamos por partes…los problemas que tenias en relación a tu problema inicialmente planteado…entiendo que YA están resueltos…??

Nos confirmas por favor. :thinking:


#20

Si, Muchas gracias por vuestra ayuda.


#21

Perfecto -_- :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Para cualquier otro problema o incidencia y para NO mezclarlo con este tema lo mejor es que inicies otro tema en el subforo adecuado.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


cerrado #22