Detecciones recurrentes

#1

Buenas foro! En realidad antes había participado en el foro pero perdí mi cuenta anterior (era Dandyborder).

Les comento que tengo detecciones recurrentes luego de pasar adwcleaner y malwarebytes. Les paso la última de Malwarebytes, a ver si me pueden ayudar. Mil gracias!!!

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/4/19
Hora del análisis: 9:11
Archivo de registro: 68d21ef6-59f7-11e9-bed2-54e1ada7c644.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10048
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.648)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 302638
Amenazas detectadas: 9
Amenazas en cuarentena: 9
Tiempo transcurrido: 4 min, 10 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 9
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [253], [455237],1.0.10048
PUP.Optional.SweetPage, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [386], [455284],1.0.10048
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [237], [454790],1.0.10048
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [237], [454790],1.0.10048
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [237], [454790],1.0.10048
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [253], [455237],1.0.10048
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [253], [455237],1.0.10048
PUP.Optional.Spigot, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [165], [454814],1.0.10048
PUP.Optional.Spigot, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [165], [454814],1.0.10048

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
0 me gusta

#2

Hola @Sebastian_Pereira bienvenido al nuevo foro

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

0 me gusta

#3

Mil gracias Daniela! En principio, como otras veces que pasé ADW cleaner y malwarebytes parece limpio, pero veremos. La verdad es que los síntomas son que se me frena el cursor cada tango (como un lag) y como que se desactiva la parte de la pantalla que ocupa Chrome desde la barra de favoritos hasta el borde superior. Te digo si vuelve a pasar. Bueno, paso los reportes:

1
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/4/19
Hora del análisis: 16:03
Archivo de registro: f9209490-5a30-11e9-8229-54e1ada7c644.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10052
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.648)
CPU: x64
Sistema de archivos: NTFS
Usuario: SEBAS-NB\sebas

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 303201
Amenazas detectadas: 9
Amenazas en cuarentena: 9
Tiempo transcurrido: 1 min, 23 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 9
PUP.Optional.SweetPage, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [386], [455284],1.0.10052
PUP.Optional.Spigot, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [165], [454814],1.0.10052
PUP.Optional.Spigot, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [165], [454814],1.0.10052
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [237], [454790],1.0.10052
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [253], [455237],1.0.10052
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [253], [455237],1.0.10052
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [253], [455237],1.0.10052
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [237], [454790],1.0.10052
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [237], [454790],1.0.10052

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

2
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-08-2019
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       http://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2544 octets] - [10/05/2018 10:31:10]
AdwCleaner[C00].txt - [2483 octets] - [10/05/2018 11:37:26]
AdwCleaner[S01].txt - [2233 octets] - [12/03/2019 11:38:49]
AdwCleaner[C01].txt - [2217 octets] - [12/03/2019 11:39:48]
AdwCleaner[S02].txt - [1592 octets] - [04/04/2019 12:14:22]
AdwCleaner[C02].txt - [1758 octets] - [04/04/2019 12:14:40]
AdwCleaner[S03].txt - [1714 octets] - [05/04/2019 14:00:10]
AdwCleaner[S04].txt - [1775 octets] - [08/04/2019 16:11:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
0 me gusta

#4

Acabo de ver que otra cosa que me apareció hace unos días volvió, de hecho, al costado de donde estoy escribiendo ahora. Tengo la siguiente imagen: Google DOC con imagen

0 me gusta

#5

Hola

Malwarebytes sigue detectando lo mismo que cuando lo pasaste la vez anterior.

No se ve la imagen, súbela en el tema como se indica aquí:

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

0 me gusta

#6

Muchas gracias Daniela! Te paso los resultados:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by sebas (administrator) on SEBAS-NB (09-04-2019 09:32:50)
Running from C:\Users\sebas\Desktop
Loaded Profiles: sebas (Available Profiles: defaultuser0 & sebas)
Platform: Windows 10 Pro Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxCUIService.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\IntelCpHDCPSvc.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Conexant Systems, Inc.) [File not signed] C:\Windows\System32\SyUIUExtSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\IntelCpHeciSvc.exe
(Intel(R) Online Connect -> Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\tphkload.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\tposd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\shtctky.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Intel(R) Client Connectivity Division SW -> Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Intel(R) Client Connectivity Division SW -> Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\Thunderbolt.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxext.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\30.1.36.2348\crashpad_handler.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Certisur S.A. -> Oracle Corporation) C:\Users\sebas\AppData\Local\CertiSur\Alison-Desktop\jre\bin\javaw.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [18106648 2017-11-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [ 2018-08-03] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [ [ 2018-08-03] (Microsoft Windows -> Microsoft Corporation) 2018-08-03] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe [35780392 2019-03-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [AlisonDesktop] => C:\Users\sebas\AppData\Local\CertiSur\Alison-Desktop\Alison-Desktop.exe [410168 2018-06-07] (Certisur S.A. -> )
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [Prolific_OneButton] => C:\Program Files (x86)\Prolific Technology Inc.\Prolific Backup\OneBtn.exe [139264 2011-05-10] (Prolific Technology Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.20 8.8.8.8
Tcpip\..\Interfaces\{7a51fa6d-d6a8-4128-9202-566f9c08ba7c}: [DhcpNameServer] 192.168.0.20 8.8.8.8
Tcpip\..\Interfaces\{98813476-a7c9-4627-828e-11b751157017}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{9d4becd5-5d96-4c22-80c7-3156c5659ec5}: [DhcpNameServer] 150.150.150.217
Tcpip\..\Interfaces\{f805b96d-d573-44b5-b852-976c5d54e0d2}: [DhcpNameServer] 192.168.0.20 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
SearchScopes: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001 -> DefaultScope {F6F45BD4-848C-4E9B-B33B-FD91866C31B1} URL = 
SearchScopes: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001 -> {F6F45BD4-848C-4E9B-B33B-FD91866C31B1} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll [2017-06-22] (QlikTech International AB -> QlikTech AB)
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll [2017-06-22] (QlikTech International AB -> QlikTech AB)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\sebas\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-03-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://feed.snapdo.com/?publisher=muvicGOblidoo&dpid=muvicGOblidoo&co=AR&userid=4e63e467-df9b-8d57-993d-bdc75ebeeb1e&searchtype=hp&installDate=18/10/2013","hxxps://www.google.com/","hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB","hxxp://ar.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_35&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dar%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyDyDtAzy0CyCtB0CyBtBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtDyBtC0EyDtAtCtGzyzyzz0BtGyEyBtB0EtGzyyE0B0BtG0FzytAtAtDzzyD0A0E0DyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FyEtC0FyEzytCtG0F0B0E0EtGyEtByD0DtG0AyC0ByBtGtCtD0DyEzy0D0C0FtByE0Czz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D1642410767%26a%3Dwncy_ir_15_35%26os%3DWindows%2B10%2BPro","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://qss/resources/img/core/logo/logo-60x60.png
CHR Profile: C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default [2019-04-09]
CHR Extension: (Google Drive) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-26]
CHR Extension: (Consultoría | Hojas - Qlik Sense nov) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjhhddcjfjjlkpgphhelkbjenhmjool [2018-08-26]
CHR Extension: (YouTube) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-26]
CHR Extension: (Web for Instagram) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkhjjcoidmkfegigfdedmafpfemccpk [2019-04-08]
CHR Extension: (Find Big Mail) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlhfndmknegaiibciljinpmkhiakhhmp [2019-01-12]
CHR Extension: (Gmail sin conexión) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2019-01-12]
CHR Extension: (Google Play Música) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2019-01-07]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Trazador de planos) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2019-01-12]
CHR Extension: (Roomstyler 3D planner) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2019-01-12]
CHR Extension: (Cisco Webex Extension) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-03-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-02-18]
CHR Extension: (Google Maps) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-01-12]
CHR Extension: (Servistate HTTP Editor & REST API Client) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdjghedkfbdhbjhmefbbgjaihmmhkeg [2018-08-26]
CHR Extension: (Google Play Books) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2019-01-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-26]
CHR Extension: (Cacoo - Diagramación & Colaboración en tiempo real) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2019-01-12]
CHR Extension: (Gmail) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27]
CHR Profile: C:\Users\sebas\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-08]
CHR HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-12-19] (Intel(R) Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [181584 2019-01-25] (Conexant Systems LLC -> Conexant Systems, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [291608 2017-09-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [145296 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71336 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [575216 2018-02-23] (Intel(R) Online Connect -> Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [306928 2018-02-23] (Intel(R) Online Connect -> Intel Corporation)
R3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [395000 2018-03-01] (Intel(R) Online Connect Access -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2351504 2018-11-06] (Lenovo -> Lenovo Group Limited)
S2 LENOVO.DPRSVC; C:\Program Files (x86)\Lenovo\DPR\LENOVO.DPRSVC.EXE [1109608 2016-12-28] (Lenovo -> Lenovo, Japan, Ltd.)
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892760 2018-12-25] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416576 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737560 2019-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268328 2018-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SyUIUExtSvc; C:\WINDOWS\system32\SyUIUExtSvc.exe [60928 2019-03-06] (Conexant Systems, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH)
R3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2308800 2018-09-06] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\TPHKLOAD.exe [425360 2019-02-27] (Lenovo -> Lenovo Group Limited)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [5697304 2017-11-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [76520 2017-10-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [110488 2014-12-02] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [27544 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [47000 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [159008 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiShield; C:\WINDOWS\System32\drivers\FortiShield.sys [83232 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [122144 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [66600 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2018-07-23] (Fortinet Technologies -> Fortinet Inc)
R1 googledrivefs2622; C:\WINDOWS\System32\DRIVERS\googledrivefs2622.sys [122920 2019-01-17] (Google LLC -> Google, Inc.)
S3 HPFXBULKLEDM; C:\WINDOWS\system32\drivers\hppdbulkio.sys [30752 2016-01-06] (Hewlett-Packard Company -> Hewlett Packard)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-08] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-09] (Malwarebytes Corporation -> Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [51256 2018-03-01] (Intel(R) Online Connect Access -> Intel Corporation)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8822392 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [40144 2016-09-28] (NXP Semiconductors India Pvt Ltd. -> Nfc GPIO Driver)
R3 nhi; C:\WINDOWS\System32\drivers\tbt100x.sys [138336 2018-10-08] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [44160 2018-12-25] (Lenovo -> Lenovo.)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2019-01-08] (PAIPTAC  Driver -> )
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [957880 2019-01-30] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [532816 2018-07-19] (Realtek Semiconductor Corp. -> Realtek Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45096 2018-07-09] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [46120 2018-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [206104 2014-12-02] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SynaMetSMI; C:\WINDOWS\System32\drivers\SynaSmi.sys [39184 2018-07-24] (Synaptics Inc. -> Windows (R) Win 7 DDK provider)
S3 t_mouse.sys; C:\WINDOWS\System32\drivers\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 usbaud; C:\WINDOWS\system32\DRIVERS\usbaud64.sys [92528 2019-03-06] (Conexant Systems LLC -> Synaptics Inc.)
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare Technology Co.,Ltd -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-09 09:32 - 2019-04-09 09:33 - 000032687 _____ C:\Users\sebas\Desktop\FRST.txt
2019-04-09 09:32 - 2019-04-09 09:32 - 002434048 _____ (Farbar) C:\Users\sebas\Desktop\FRST64.exe
2019-04-09 09:32 - 2019-04-09 09:32 - 000000000 ____D C:\FRST
2019-04-09 09:28 - 2019-04-09 09:28 - 001388432 _____ C:\Users\Public\VOIP.dat
2019-04-09 09:28 - 2019-04-09 09:28 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-08 16:17 - 2019-04-08 16:17 - 000000282 _____ C:\Users\sebas\Documents\cc_20190408_161713.reg
2019-04-08 16:16 - 2019-04-08 16:16 - 000157838 _____ C:\Users\sebas\Documents\cc_20190408_161623.reg
2019-04-08 16:16 - 2019-04-08 16:16 - 000009810 _____ C:\Users\sebas\Documents\cc_20190408_161650.reg
2019-04-08 16:05 - 2019-04-09 09:27 - 000006546 _____ C:\Users\sebas\Documents\Virus 8_4_19.txt
2019-04-08 16:02 - 2019-04-08 16:02 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-08 16:02 - 2019-04-08 16:02 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-08 16:02 - 2019-04-08 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-08 16:02 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-08 16:02 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-08 16:00 - 2019-04-08 16:00 - 062632672 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe
2019-04-08 16:00 - 2019-04-08 16:00 - 021205512 _____ (Piriform Software Ltd) C:\Users\sebas\Desktop\ccsetup555.exe
2019-04-08 16:00 - 2019-04-08 16:00 - 007025360 _____ (Malwarebytes) C:\Users\sebas\Desktop\adwcleaner_7.3 (1).exe
2019-04-08 12:40 - 2019-04-08 12:40 - 000646932 _____ C:\Users\sebas\Downloads\tcmenu-1.4.0_214-trial.zip
2019-04-05 15:50 - 2019-04-05 15:50 - 000043008 _____ C:\Users\sebas\Downloads\Plan de Compra CSL 2019-04-01.xlsx
2019-04-05 14:47 - 2019-04-05 14:47 - 000695550 _____ C:\Users\sebas\Downloads\Qlik - Requerimientos.pptx
2019-04-05 09:44 - 2019-04-05 09:44 - 000000000 ____D C:\Users\sebas\AppData\Local\mbam
2019-04-05 09:43 - 2019-04-08 16:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Users\sebas\AppData\Local\mbamtray
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-05 09:42 - 2019-04-05 09:43 - 000002440 _____ C:\Users\sebas\Desktop\Rkill.txt
2019-04-05 09:41 - 2019-04-05 09:42 - 062618552 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
2019-04-05 09:41 - 2019-04-05 09:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\sebas\Downloads\iExplore.exe
2019-04-04 12:14 - 2019-04-04 12:14 - 007025360 _____ (Malwarebytes) C:\Users\sebas\Downloads\adwcleaner_7.3.exe
2019-04-04 11:38 - 2019-04-04 11:38 - 000073499 _____ C:\Users\sebas\Downloads\QlikGeoAnalyticsServerRequirements.pdf
2019-04-04 11:00 - 2019-04-04 11:00 - 000002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-04-03 16:00 - 2019-04-03 02:26 - 000382857 _____ C:\Users\sebas\Desktop\B_D_Presupuesto.qvd
2019-04-03 12:07 - 2019-04-03 12:07 - 000072565 _____ C:\Users\sebas\Downloads\Comprobante de transferencia (1).pdf
2019-04-01 14:44 - 2019-04-01 14:44 - 000070763 _____ C:\Users\sebas\Downloads\Comprobante de transferencia.pdf
2019-03-27 15:17 - 2019-03-27 15:17 - 000083060 _____ C:\Users\sebas\Documents\Schedule(Recuperado automáticamente).xlsx
2019-03-26 12:20 - 2019-03-26 11:31 - 022735360 _____ C:\Users\sebas\Desktop\Comercial.qvw
2019-03-26 12:20 - 2019-03-26 11:31 - 000147712 _____ C:\Users\sebas\Desktop\QVI.qvw
2019-03-26 11:30 - 2019-03-26 11:30 - 024177370 _____ C:\Users\sebas\Downloads\recomparativoqlikviewvs_qliksense.zip
2019-03-26 09:37 - 2016-12-06 15:55 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2019-03-26 09:37 - 2016-12-06 15:55 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\SASrv.exe
2019-03-26 09:37 - 2016-10-27 15:54 - 000004664 _____ C:\WINDOWS\system32\Drivers\CxSfPt.dat
2019-03-26 09:36 - 2019-03-26 09:36 - 000000000 ____D C:\ProgramData\Dolby
2019-03-26 09:36 - 2015-09-16 16:10 - 000225624 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2019-03-26 09:33 - 2018-09-18 06:01 - 004944208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A217.DLL
2019-03-22 11:06 - 2019-03-22 11:12 - 000000000 ____D C:\Users\sebas\AppData\Roaming\webex
2019-03-22 11:01 - 2019-03-22 11:04 - 000000000 ____D C:\Users\sebas\AppData\Local\WebEx
2019-03-22 11:01 - 2019-03-22 11:01 - 001685192 _____ (Cisco Webex LLC) C:\Users\sebas\Downloads\Cisco_WebEx_Add-On.exe
2019-03-22 11:01 - 2019-03-22 11:01 - 000000000 ____D C:\Users\sebas\AppData\Roaming\Mozilla
2019-03-22 10:11 - 2019-03-22 10:12 - 055159887 _____ C:\Users\sebas\Downloads\WhatsApp Video 2019-03-21 at 17.59.10.mp4
2019-03-19 17:58 - 2019-03-19 17:58 - 000018238 _____ C:\Users\sebas\Downloads\33a2b155-529c-4c8f-9511-6df6478b461f.xlsx
2019-03-19 17:57 - 2019-03-19 17:57 - 000005732 _____ C:\Users\sebas\Downloads\f6c261c7-41e7-4a51-8608-d3ff6c4e387d.xlsx
2019-03-19 12:53 - 2019-03-19 12:53 - 000000183 _____ C:\Users\sebas\Documents\new 2.txt
2019-03-19 09:30 - 2019-03-19 09:30 - 000014848 _____ C:\Users\sebas\Downloads\Migracion_de_facturas_proveedores_093000_45210dbb91ff2ea1.xls
2019-03-19 09:16 - 2019-03-19 09:16 - 000028879 _____ C:\Users\sebas\Documents\migracion-facturas-compra.xlsx
2019-03-19 09:05 - 2019-03-19 09:05 - 000050176 _____ C:\Users\sebas\Downloads\migracion-facturas-compra (1).xls
2019-03-19 09:05 - 2019-03-19 09:05 - 000012550 _____ C:\Users\sebas\Downloads\Listado_Facturas_a_20190319090512AM.xls
2019-03-19 08:44 - 2019-03-19 08:44 - 000003194 _____ C:\Users\sebas\Downloads\DetalleMovimiento19032019.xls
2019-03-19 08:34 - 2019-03-19 08:34 - 000224768 _____ C:\Users\sebas\Downloads\Reporte_diario_general_083454_45210dbb91ff2ea1.xls
2019-03-19 08:22 - 2019-03-19 08:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-03-19 08:21 - 2019-03-19 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Thunderbolt™
2019-03-18 12:44 - 2019-03-18 12:44 - 000041435 _____ C:\Users\sebas\Downloads\Listado proveedores 180319.xlsx
2019-03-18 12:43 - 2019-03-18 12:43 - 000024897 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.xlsx
2019-03-18 12:42 - 2019-03-18 12:42 - 000748981 _____ C:\Users\sebas\Downloads\Listado proveedores 170319.rar
2019-03-18 12:42 - 2019-03-18 12:42 - 000688690 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.rar
2019-03-18 12:38 - 2019-03-18 12:38 - 000867661 _____ C:\Users\sebas\Downloads\Listado proveedores 170319.numbers
2019-03-18 12:38 - 2019-03-18 12:38 - 000811628 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.numbers
2019-03-18 11:27 - 2019-03-18 11:27 - 000225302 _____ C:\Users\sebas\Downloads\DS-Advanced-Analytics-Integration-Data-Sheet-EN.pdf
2019-03-18 09:52 - 2019-03-18 09:52 - 000069096 _____ C:\Users\sebas\Downloads\Comprobante de transferencia programada (1).pdf
2019-03-18 09:51 - 2019-03-18 09:51 - 000069041 _____ C:\Users\sebas\Downloads\f93921db-9b0d-44bd-93a8-02c25af73564.pdf
2019-03-18 09:51 - 2019-03-18 09:51 - 000069041 _____ C:\Users\sebas\Downloads\Comprobante de transferencia programada.pdf
2019-03-18 09:47 - 2019-03-18 09:47 - 000071322 _____ C:\Users\sebas\Downloads\19f12b0b-65f1-473b-8f26-c44ece56643b.pdf
2019-03-15 15:45 - 2019-03-15 15:45 - 000558263 _____ C:\Users\sebas\Downloads\Comprobante_Modificacion_Limite_Debito_15499040.pdf
2019-03-14 15:49 - 2019-03-13 15:52 - 248744960 _____ C:\Users\sebas\Desktop\Sales mas transfer.qvw
2019-03-14 13:09 - 2019-03-15 12:14 - 000268288 _____ C:\Users\sebas\Downloads\sh_ipc_02_19.xls
2019-03-14 13:08 - 2019-03-14 13:08 - 001316040 _____ C:\Users\sebas\Downloads\ipc_02_19.pdf
2019-03-14 12:18 - 2019-03-14 12:18 - 000017920 _____ C:\Users\sebas\Downloads\FlujoDeCaja.xls
2019-03-14 12:14 - 2019-03-14 12:14 - 000019077 _____ C:\Users\sebas\Downloads\Detalle de Estados de Resultado creado por Colppy_20190314121453PM.xls
2019-03-14 11:32 - 2019-03-14 11:32 - 000001241 _____ C:\Users\sebas\Downloads\Comprobante_Prestamo_0431039100051894_190318.txt
2019-03-13 10:50 - 2019-03-06 12:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-13 10:50 - 2019-03-06 12:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-13 10:50 - 2019-03-06 12:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-13 10:50 - 2019-03-06 12:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 10:50 - 2019-03-06 12:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-13 10:50 - 2019-03-06 12:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-13 10:50 - 2019-03-06 12:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 10:50 - 2019-03-06 12:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-13 10:50 - 2019-03-06 12:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-13 10:50 - 2019-03-06 12:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-13 10:50 - 2019-03-06 12:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-13 10:50 - 2019-03-06 12:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-13 10:50 - 2019-03-06 12:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-13 10:50 - 2019-03-06 12:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 10:50 - 2019-03-06 12:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 10:50 - 2019-03-06 12:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-13 10:50 - 2019-03-06 09:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-13 10:50 - 2019-03-06 09:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-13 10:50 - 2019-03-06 09:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-13 10:50 - 2019-03-06 09:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-13 10:50 - 2019-03-06 09:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-13 10:50 - 2019-03-06 09:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-13 10:50 - 2019-03-06 09:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-13 10:50 - 2019-03-06 09:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-13 10:50 - 2019-03-06 09:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-13 10:50 - 2019-03-06 08:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 10:50 - 2019-03-06 06:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 10:50 - 2019-03-06 06:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-13 10:50 - 2019-03-06 06:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-13 10:50 - 2019-03-06 06:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 10:50 - 2019-03-06 06:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-13 10:50 - 2019-03-06 06:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-13 10:50 - 2019-03-06 06:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-13 10:50 - 2019-03-06 06:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-13 10:50 - 2019-03-06 06:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-13 10:50 - 2019-03-06 06:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-13 10:50 - 2019-03-06 06:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-13 10:50 - 2019-03-06 06:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-13 10:50 - 2019-03-06 06:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-13 10:50 - 2019-03-06 06:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-13 10:50 - 2019-03-06 06:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-13 10:50 - 2019-03-06 06:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-13 10:50 - 2019-03-06 06:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-13 10:50 - 2019-03-06 06:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-13 10:50 - 2019-03-06 06:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 10:50 - 2019-03-06 06:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-13 10:50 - 2019-03-06 06:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-13 10:50 - 2019-03-06 06:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-13 10:50 - 2019-03-06 06:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 10:50 - 2019-03-06 06:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-13 10:50 - 2019-03-06 06:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-13 10:50 - 2019-03-06 06:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-13 10:50 - 2019-03-06 06:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-13 10:50 - 2019-03-06 06:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-13 10:50 - 2019-03-06 06:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-13 10:50 - 2019-03-06 06:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-13 10:50 - 2019-03-06 06:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-13 10:50 - 2019-03-06 06:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-13 10:50 - 2019-03-06 06:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-13 10:50 - 2019-03-06 06:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-13 10:50 - 2019-03-06 05:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-13 10:50 - 2019-03-06 05:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-13 10:50 - 2019-03-06 05:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-13 10:50 - 2019-03-06 05:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-13 10:50 - 2019-03-06 05:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-13 10:50 - 2019-03-06 05:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-13 10:50 - 2019-03-06 05:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-13 10:50 - 2019-03-06 05:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-13 10:50 - 2019-03-06 05:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-13 10:50 - 2019-03-06 05:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-13 10:50 - 2019-03-06 05:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-13 10:50 - 2019-03-06 05:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-13 10:50 - 2019-03-06 05:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-13 10:50 - 2019-03-06 05:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-13 10:50 - 2019-03-06 05:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-13 10:50 - 2019-03-06 05:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-13 10:50 - 2019-03-06 05:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-13 10:50 - 2019-03-06 05:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-13 10:50 - 2019-03-06 05:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-13 10:50 - 2019-03-06 05:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-13 10:50 - 2019-03-06 05:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-13 10:50 - 2019-03-06 05:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-13 10:50 - 2019-03-06 05:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-13 10:50 - 2019-03-06 05:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-13 10:50 - 2019-03-06 04:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-13 10:50 - 2019-03-06 03:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-13 10:50 - 2019-03-06 03:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-13 10:50 - 2019-03-06 03:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-13 10:50 - 2019-03-06 03:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-13 10:50 - 2019-03-06 03:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 10:50 - 2019-03-06 03:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-13 10:50 - 2019-03-06 03:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-13 10:50 - 2019-03-06 03:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-13 10:50 - 2019-03-06 03:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-13 10:50 - 2019-03-06 03:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-13 10:50 - 2019-03-06 03:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-13 10:50 - 2019-03-06 02:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-13 10:50 - 2019-03-06 02:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-13 10:50 - 2019-03-06 02:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-13 10:50 - 2019-03-06 02:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-13 10:50 - 2019-03-06 02:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-13 10:50 - 2019-03-06 02:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-13 10:50 - 2019-03-06 02:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-13 10:50 - 2019-03-06 02:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-13 10:50 - 2019-03-06 02:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-13 10:50 - 2019-03-06 02:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-13 10:50 - 2019-03-06 02:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-13 10:50 - 2019-03-06 02:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-13 10:50 - 2019-03-06 02:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-13 10:50 - 2019-03-06 02:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-13 10:50 - 2019-03-06 02:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-13 10:50 - 2019-03-06 02:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-13 10:50 - 2019-03-06 02:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-13 10:50 - 2019-02-21 00:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-13 10:50 - 2019-02-16 10:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 10:50 - 2019-02-16 10:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 001786672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 001627448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000954168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000180528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000172856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-03-13 10:50 - 2019-02-16 09:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-13 10:50 - 2019-02-16 09:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-13 10:50 - 2019-02-16 09:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-13 10:50 - 2019-02-16 09:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-13 10:50 - 2019-02-16 09:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 10:50 - 2019-02-16 09:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 10:50 - 2019-02-16 09:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-13 10:50 - 2019-02-16 09:33 - 002194432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-13 10:50 - 2019-02-16 09:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-13 10:50 - 2019-02-16 09:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-13 10:50 - 2019-02-16 09:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 10:50 - 2019-02-16 09:32 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-03-13 10:50 - 2019-02-16 09:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-13 10:50 - 2019-02-16 09:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 10:50 - 2019-02-16 09:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 10:50 - 2019-02-16 09:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 10:50 - 2019-02-16 09:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 10:50 - 2019-02-16 09:25 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-03-13 10:50 - 2019-02-16 09:25 - 000148784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2019-03-13 10:50 - 2019-02-16 09:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-13 10:50 - 2019-02-16 09:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-13 10:50 - 2019-02-16 09:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-13 10:50 - 2019-02-16 09:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-13 10:50 - 2019-02-16 09:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-13 10:50 - 2019-02-16 09:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-13 10:50 - 2019-02-16 09:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-13 10:50 - 2019-02-16 09:02 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-03-13 10:50 - 2019-02-16 08:55 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-03-13 10:50 - 2019-02-16 07:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 10:50 - 2019-02-16 07:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 10:50 - 2019-02-16 05:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-13 10:50 - 2019-02-16 05:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-13 10:50 - 2019-02-16 05:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
0 me gusta

#7
2019-03-13 10:50 - 2019-02-16 05:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-13 10:50 - 2019-02-16 05:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-13 10:50 - 2019-02-16 05:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 10:50 - 2019-02-16 05:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-13 10:50 - 2019-02-16 05:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-13 10:50 - 2019-02-16 05:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-13 10:50 - 2019-02-16 05:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-13 10:50 - 2019-02-16 05:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-13 10:50 - 2019-02-16 05:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-13 10:50 - 2019-02-16 05:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 10:50 - 2019-02-16 04:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-13 10:50 - 2019-02-16 04:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-13 10:50 - 2019-02-16 04:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-13 10:50 - 2019-02-16 04:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-13 10:50 - 2019-02-16 04:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-13 10:50 - 2019-02-16 04:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-13 10:50 - 2019-02-16 04:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-13 10:50 - 2019-02-16 04:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-13 10:50 - 2019-02-16 04:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-13 10:50 - 2019-02-16 04:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-13 10:50 - 2019-02-16 04:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-13 10:50 - 2019-02-16 04:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-13 10:50 - 2019-02-16 04:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-13 10:50 - 2019-02-16 04:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-13 10:50 - 2019-02-16 04:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-13 10:50 - 2019-02-16 04:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-13 10:50 - 2019-02-16 04:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-13 10:50 - 2019-02-16 04:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-13 10:50 - 2019-02-16 04:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-13 10:50 - 2019-02-16 04:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-13 10:50 - 2019-02-16 04:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-13 10:50 - 2019-02-16 04:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-12 10:12 - 2019-03-12 10:12 - 007316688 _____ (Malwarebytes) C:\Users\sebas\Downloads\adwcleaner_7.2.7.0.exe
2019-03-11 17:01 - 2019-02-18 03:30 - 001014584 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-03-11 17:01 - 2019-02-18 03:30 - 001014584 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-03-11 17:01 - 2019-02-18 03:30 - 000878392 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-03-11 17:01 - 2019-02-18 03:30 - 000878392 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-03-11 17:01 - 2019-02-18 03:30 - 000254944 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-03-11 17:01 - 2019-02-18 03:30 - 000254944 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-03-11 17:01 - 2019-02-18 03:30 - 000229344 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-03-11 17:01 - 2019-02-18 03:30 - 000229344 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-03-11 17:01 - 2019-02-18 03:30 - 000208832 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2019-03-11 17:01 - 2019-02-18 03:30 - 000180512 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2019-03-11 17:01 - 2018-12-25 23:34 - 000892760 _____ (Lenovo.) C:\WINDOWS\system32\LPlatSvc.exe
2019-03-11 17:01 - 2018-12-25 23:34 - 000851800 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
2019-03-11 17:01 - 2018-12-25 23:34 - 000104280 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmctl.exe
2019-03-11 17:01 - 2018-12-25 23:34 - 000087680 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ibmpmdrv.sys
2019-03-11 17:01 - 2018-12-25 23:34 - 000044160 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\pmdrvs.sys
2019-03-11 13:28 - 2019-03-11 13:28 - 000122358 _____ C:\Users\sebas\Downloads\WhatsApp Image 2019-03-11 at 13.26.25.jpeg
2019-03-11 10:21 - 2019-03-11 10:21 - 000736223 _____ C:\Users\sebas\Downloads\americas_form.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-09 09:28 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-09 09:28 - 2018-08-26 11:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-09 09:27 - 2018-12-04 10:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-09 09:27 - 2018-08-26 15:39 - 000003700 _____ C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task
2019-04-09 09:27 - 2018-08-26 15:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-09 09:27 - 2018-08-26 15:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2019-04-09 09:27 - 2018-08-26 11:02 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-09 09:27 - 2017-07-22 00:24 - 000000000 __SHD C:\Users\sebas\IntelGraphicsProfiles
2019-04-09 09:17 - 2018-09-04 07:54 - 000004206 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{80C6BEB5-FFE7-4DD9-BC20-2B4A4D0EFBAD}
2019-04-09 09:17 - 2018-08-26 11:05 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-09 09:14 - 2018-08-26 15:25 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-08 16:29 - 2018-08-26 15:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-08 16:21 - 2018-08-26 15:27 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-08 16:21 - 2018-08-26 11:08 - 000782460 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-08 16:21 - 2018-08-26 11:08 - 000152236 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-08 16:21 - 2018-08-26 11:04 - 000000000 ____D C:\WINDOWS\INF
2019-04-08 16:15 - 2019-03-02 10:44 - 000000000 ____D C:\Users\sebas\AppData\Local\CrashDumps
2019-04-08 16:15 - 2018-12-04 10:07 - 000000000 ____D C:\Users\sebas\AppData\Roaming\TeamViewer
2019-04-08 16:15 - 2018-08-26 11:13 - 000000000 ____D C:\WINDOWS\Panther
2019-04-08 16:15 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-08 16:14 - 2019-02-18 09:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-08 16:14 - 2018-08-26 11:05 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-08 15:52 - 2018-08-26 15:21 - 000000000 ____D C:\Users\sebas\AppData\Local\Packages
2019-04-08 15:48 - 2018-08-26 15:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-08 09:33 - 2018-08-26 16:25 - 000000000 ____D C:\Users\sebas\AppData\Roaming\FortiClient
2019-04-08 09:25 - 2019-02-04 09:41 - 000002252 ____H C:\Users\sebas\Documents\Default.rdp
2019-04-05 11:18 - 2018-11-16 08:45 - 000000000 ____D C:\Program Files\rempl
2019-04-05 09:17 - 2018-08-26 15:49 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2019-04-04 10:59 - 2017-05-05 07:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-01 09:59 - 2018-08-26 15:25 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1391593998-1406418587-2262156805-1001
2019-04-01 09:59 - 2018-08-26 15:19 - 000002374 _____ C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-01 09:59 - 2017-07-22 08:57 - 000000000 ___RD C:\Users\sebas\OneDrive
2019-03-28 20:23 - 2017-08-01 16:40 - 000000000 ____D C:\Users\sebas\Documents\Plantillas personalizadas de Office
2019-03-28 16:36 - 2018-08-26 15:24 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 16:36 - 2018-08-26 15:24 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-26 11:20 - 2017-07-26 17:41 - 000000000 ____D C:\Users\sebas\Documents\Clientes
2019-03-26 09:36 - 2018-08-26 15:15 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2019-03-26 09:33 - 2018-08-26 15:15 - 000000000 ____D C:\ProgramData\UIU
2019-03-26 09:33 - 2018-08-26 15:15 - 000000000 ____D C:\ProgramData\Conexant
2019-03-22 11:12 - 2018-05-30 14:40 - 000000000 ____D C:\Users\sebas\AppData\LocalLow\WebEx
2019-03-22 11:06 - 2018-05-30 14:41 - 000000000 __SHD C:\Users\sebas\Documents\cache
2019-03-19 09:22 - 2017-07-29 13:56 - 000000000 ____D C:\Users\sebas\Documents\ERA
2019-03-19 08:22 - 2018-08-26 15:33 - 000005826 _____ C:\WINDOWS\system32\tbt_log.txt
2019-03-19 08:21 - 2017-05-05 07:33 - 000000000 ____D C:\Program Files (x86)\Intel
2019-03-14 11:02 - 2018-08-26 15:14 - 000410904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 10:52 - 2018-08-26 11:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-13 10:50 - 2018-08-26 22:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 10:48 - 2018-08-26 22:50 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-12 12:18 - 2018-10-17 09:13 - 000017758 _____ C:\WINDOWS\system32\results.xml

==================== Files in the root of some directories =======

2019-04-09 09:28 - 2019-04-09 09:28 - 001388432 _____ () C:\Users\Public\VOIP.dat
2018-12-20 11:10 - 2018-12-20 11:10 - 000003519 _____ () C:\Users\sebas\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 15:14

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by sebas (09-04-2019 09:33:54)
Running from C:\Users\sebas\Desktop
Windows 10 Pro Version 1803 17134.648 (X64) (2018-08-26 18:21:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1391593998-1406418587-2262156805-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1391593998-1406418587-2262156805-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1391593998-1406418587-2262156805-1000 - Limited - Enabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-1391593998-1406418587-2262156805-501 - Limited - Disabled)
sebas (S-1-5-21-1391593998-1406418587-2262156805-1001 - Administrator - Enabled) => C:\Users\sebas
WDAGUtilityAccount (S-1-5-21-1391593998-1406418587-2262156805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alison-Desktop (HKLM-x32\...\{953D8225-3101-4007-B970-9AC9340C4EFA}) (Version: 1.1.7 - CertiSur)
Check Point VPN (HKLM-x32\...\{B3E35728-8603-484C-AE19-F73A47D733BE}) (Version: 98.60.3013 - Check Point Software Technologies Ltd.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EasyQlik QViewer 3.3.2 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\{ABD2573A-5004-4876-BFD5-32D41F489ACC}_is1) (Version: 3.3.2 - EasyQlik)
FortiClient (HKLM\...\{E1E1D751-6C0B-4697-88A4-052CABC12DD8}) (Version: 6.0.1.0099 - Fortinet Technologies Inc)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
Generic Conexant USB Audio driver for Docks and Adapters (HKLM-x32\...\usbaudiocd01ww_is1) (Version: 1.000.0 - Lenovo Group Limited)
GIMP 2.10.2 (HKLM\...\GIMP-2_is1) (Version: 2.10.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 30.1.36.2348 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{15998D77-1F78-43EE-96D4-1067ECAA2412}) (Version: 3.5.2247 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6576 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Online Connect (HKLM-x32\...\{6b556278-d555-4d14-ac99-8ad600578a95}) (Version: 1.3.13.0 - Intel Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Hidden
Lenovo Dynamic Power Reduction Utility (HKLM-x32\...\{AE8B5056-56D3-4F92-B31B-BCE3430678EA}) (Version: 1.0.0.26 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.19 - Lenovo) Hidden
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 2.00.000 - Lenovo) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 10.4.137.0 - Microsoft Corporation)
Microsoft Office Hogar y Estudiantes 2016 - es-es (HKLM\...\HomeStudentRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6965.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Prolific Backup (HKLM-x32\...\{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}) (Version: 3.9.2.00 - Prolific Technology Inc.)
Qlik Sense DemoApps (HKLM\...\{AFCEFE4E-2B4E-4F1B-BB2C-8FC7C3FD9763}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop (HKLM\...\{FB8999A7-A3C5-482B-B444-93F030008ABC}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop Connectors (HKLM\...\{1376C93C-0A5A-4BC9-906A-E41370D1A3AA}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop February 2019 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\{aaa3d233-8841-4ace-95e0-19fc2da9cea1}) (Version: 13.9.1 - QlikTech International AB)
Qlik Sense Extension Bundles (HKLM\...\{4D9F073B-CC60-4E5D-B117-D7ED7D20DBDF}) (Version: 13.9.1 - QlikTech International AB)
Qlik_WowMakerSetup (HKLM-x32\...\{8D8050E0-6193-4E7B-AE26-8C48213A7AD1}) (Version: 1.0.0 - Default Company Name)
QlikView x64 (HKLM\...\{BAB4187A-F349-497E-A151-79D1B274B936}) (Version: 11.20.13607.0 - QlikTech International AB)
QsDocumentAnalyzer version 1.5.0 (HKLM-x32\...\{75330F9E-2072-4618-950B-F5E108517A85}_is1) (Version: 1.5.0 - Panalytics, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17763.21311 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software Thunderbolt™ (HKLM-x32\...\{FBAB4EAA-497D-4B48-8484-D96CAE92C71A}) (Version: 17.4.78.500 - Intel Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
ThinkPad Thunderbolt 3 Dock USB Audio (HKLM\...\VID_17EF&PID_306A&MI_00) (Version: 1.31.38.31 - Conexant Systems)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.25.704.2018 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\WinDirStat) (Version:  - )
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxDTCM.dll [2019-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03855990-26CB-47E1-B000-DF83C5A111F4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe (Microsoft Corporation -> Microsoft)
Task: {03D51C3D-0570-492C-A48C-23C8118B2B4C} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {07A6E045-DE21-4D50-87FF-C2E9A2A72E76} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {085ECFF8-5907-4A04-AE8E-5C4C32D98E16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0A0555DA-A415-4D2E-8F80-64104F31961E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {0D97D7E6-BC8A-4E68-BC74-8686231E61BC} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {17E7CEF5-BDA3-411F-9223-5A07B4436A72} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1A8CA60E-E84B-4E37-B4D1-0D95C8DE6C4D} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {21C2411B-6A2B-4913-974C-FFC80915DFE7} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {28D19E93-8A14-401F-AFB1-4E9A22FE56CE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {291DEDD0-914F-47A8-A6AC-7397BF203FFD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {298CFF3F-5BC9-4B5C-B2ED-8AFA905889B8} - System32\Tasks\Lenovo\Lenovo Platform Task => C:\WINDOWS\System32\LPlatSvc.exe (Lenovo -> Lenovo.)
Task: {33854499-F187-4284-A075-9CD0C632F198} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {3EAC4787-BEE1-460F-9D46-8FF256B1380D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4B90B0B9-9E80-48FE-9C4B-DF076E4C3F21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4D78C33C-FB11-4ED8-8572-C1CDC455FA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4E4F68FB-2986-4D80-A277-5D25FC617FC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {53AE491A-0FFA-4298-9D45-4E0F98BCF39B} - System32\Tasks\Intel-IMSS => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
Task: {5A746FB9-EA8D-47E8-A9F0-73239BD9151F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {62207FCD-1E3C-4F43-9B9E-FD78A3EA9FDD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {62BD9554-D831-49D8-852C-D81F9268F723} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E005D67-E121-4A62-8258-B3E2C6C4C79D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eaf627b0-b9e0-4dcb-a92c-1b6b584b7a4f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo Group Ltd.)
Task: {7B5C3D7E-E8F1-4359-A64D-FCE1E2E8AE7A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (Microsoft Corporation -> Microsoft)
Task: {8EC2DC19-EDA8-4704-B589-147E4F45FB24} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9097755D-C925-46E1-843C-68DDD8CA2920} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A0E45552-C0A0-44A4-BE5B-485C8577F9A2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {A3839B7A-7FAB-4BBD-B351-1A2EA6E2D3E8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AA734323-4DE6-43EE-BACB-1943404586AA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe (Lenovo -> Lenovo Group Ltd.)
Task: {AAF61769-6991-46FB-BD40-80B180100028} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe (Conexant Systems, Inc.) [File not signed]
Task: {AF67099D-2730-4643-B1A3-0D0D00D82B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B47D793C-03C6-4FA9-9F51-D9D3685F7A70} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe (Lenovo -> )
Task: {B67C9D04-3A70-4665-BEB8-B9ECB8C4034E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {C0495035-BC6D-4110-8424-1FCA04179F46} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C198A03A-590F-4266-931A-52B575E97957} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {C4DCE1D1-AB8F-4ADF-8AC7-4C8BD7277AD3} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {C9EB7FC4-A6E9-4963-8933-24FB9E7D870C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CA586188-1EDF-46F4-9F7B-5423900D9699} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF97F0B-630E-4055-9AA6-9CE46B972257} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\76c1a2bd-22aa-4c85-aebf-0432e7f0cc24 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo Group Ltd.)
Task: {D83CFCAC-D4ED-428C-9CEC-F58DFD2283A2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F401CFD8-50A4-4600-81B0-E72B4E2E4848} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\WINDOWS\System32\ibmpmsvc.exe (Lenovo -> Lenovo.)
Task: {FA389E48-A4F9-40A6-848A-9695F13F2C2D} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (Lenovo -> Lenovo)
Task: {FC2A6D64-BC33-43C6-BF89-21D5E51471EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Play Música.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2018-07-23 11:23 - 2018-07-23 11:23 - 001055250 _____ (Fortinet Inc.) [File not signed] C:\Program Files\Fortinet\FortiClient\utilsdll.dll
2018-07-23 10:56 - 2018-07-23 10:56 - 001672704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Fortinet\FortiClient\LIBEAY32.dll
2019-03-06 08:57 - 2019-03-06 08:57 - 000060928 _____ (Conexant Systems, Inc.) [File not signed] C:\WINDOWS\system32\SyUIUExtSvc.exe
2018-07-23 10:56 - 2018-07-23 10:56 - 000355328 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Fortinet\FortiClient\SSLEAY32.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2018-06-07 16:59 - 2018-06-07 16:59 - 000501760 _____ () [File not signed] C:\Users\sebas\AppData\Local\CertiSur\Alison-Desktop\native\mtoken\win-x32\cryptoide_pkcs11.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 000207360 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\sebas\AppData\Local\Temp\jna-109311106\jna6715677673585375867.dll
2019-01-07 07:39 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-01-07 07:39 - 2016-10-08 17:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-01-07 07:39 - 2016-10-08 17:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
2019-03-26 09:37 - 2019-03-26 09:37 - 002364928 _____ (Conexant Systems, Inc) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SmartAudio\770ade3c82d8cf41c7c469469c0ea88e\SmartAudio.ni.exe
2019-03-26 09:37 - 2019-03-26 09:37 - 000366080 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\490346cd38189ba6cb019b38f1f12f6a\Interop.CxHDAudioAPILib.ni.dll
2019-03-26 09:37 - 2019-03-26 09:37 - 000019968 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\2898f5451236221e54d674c96f7ea83d\Interop.CxUtilSvcLib.ni.dll
2019-03-15 11:56 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 08:47 - 2016-07-16 08:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.20 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Check Point VPN"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0B71C01-EA4D-4627-8299-82BB5E4F3A78}] => (Allow) C:\Program Files\Fortinet\FortiClient\ipsec.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{E4DF4ABB-3517-4D3C-8F0F-6EFC3B684C98}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortiesnac.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{F05DAED5-3D9C-43F9-A669-77AC71EA5E17}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortifws.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{32DCE1A8-CA84-43B4-856F-07C5EF9CB8DB}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{31D23E8E-8997-458A-B545-A265DA79FC8B}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [TCP Query User{8799CECB-451C-4B91-8012-EBB8B93968B6}C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{264FE776-B72C-4E8C-B4FB-2A8FE801E070}C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{01CF4960-B6D7-42B8-A18A-5CDDCD0895F7}] => (Block) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{F67CCABB-623A-441F-9145-964F9686E664}] => (Block) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{6B4266F2-8D62-4060-BCF5-D31E23748B0A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{C14C9EA7-3C28-4A97-B3BE-A2FCBB91E14A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB14ECD-5572-445C-AF65-90FFA1F52540}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{50F62FEF-D781-4CF7-8C5D-AF88DDE11531}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13EE5BC-555A-41D1-8E56-8B202B9EE306}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2C02DC56-4DDA-4D86-A5E9-D8308F66DA4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1A2BB79F-B40A-48A9-A2EF-603FBBD90003}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{115CD4F3-A7D5-40A3-AC16-2D6C7B5A1457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3F18EA04-091E-4B1C-9395-456DCA553B89}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AA4C6F5-1030-4F98-8907-F6561CD930C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16188B3D-9805-4D17-91BA-E0DCD455C763}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{D0E0D985-43D9-4E13-95BE-5F1306F9AC94}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{E6B1DFF4-0097-4A96-B5CD-7F9FA663C9D4}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File

==================== Restore Points =========================

19-03-2019 08:22:05 Windows Update
26-03-2019 10:42:59 Punto de control programado
03-04-2019 10:31:03 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2019 09:28:46 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (04/09/2019 09:28:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (04/08/2019 04:02:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (04/08/2019 09:10:57 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (04/08/2019 09:10:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (04/05/2019 02:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: GoogleDriveFS.exe, versión: 29.1.85.2056, marca de tiempo: 0x5c5b5096
Nombre del módulo con errores: GoogleDriveFS.exe, versión: 29.1.85.2056, marca de tiempo: 0x5c5b5096
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000063580f
Identificador del proceso con errores: 0x3554
Hora de inicio de la aplicación con errores: 0x01d4eaf94bc8966d
Ruta de acceso de la aplicación con errores: C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
Ruta de acceso del módulo con errores: C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
Identificador del informe: d3a5dd0c-3f23-4576-82d4-e13e63e4c647
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/04/2019 12:39:59 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300

Error: (04/04/2019 12:39:58 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300


System errors:
=============
Error: (04/09/2019 09:30:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:30:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:28:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:28:22 AM) (Source: DCOM) (EventID: 10016) (User: SEBAS-NB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario SEBAS-NB\sebas con SID (S-1-5-21-1391593998-1406418587-2262156805-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:28:21 AM) (Source: DCOM) (EventID: 10016) (User: SEBAS-NB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario SEBAS-NB\sebas con SID (S-1-5-21-1391593998-1406418587-2262156805-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:28:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:28:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/09/2019 09:20:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
0 me gusta

#8
Windows Defender:
===================================
Date: 2019-04-04 11:15:37.531
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {3E17523D-DDA4-4EF0-9519-BF0264D594F4}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-03 09:10:22.647
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {145B1F07-31EE-47A3-8A5C-F2D4C48BAB9A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-01 09:31:35.441
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F1E87CB9-E497-4EA2-9B67-4A4F177C115D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-26 10:01:21.746
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {BC20FE02-0430-4854-93C2-EC484D23CB9E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-25 09:31:33.169
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {EB222B43-51B7-4DDD-934E-B373CFC47A4B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-01 09:41:48.239
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.690.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2019-02-19 10:29:37.295
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.233.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-02-18 16:56:59.156
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.233.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7600U CPU @ 2.80GHz
Percentage of memory in use: 64%
Total physical RAM: 8026.55 MB
Available physical RAM: 2876.55 MB
Total Virtual: 12122.55 MB
Available Virtual: 6765.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:107.46 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:15 GB) (Free:1.03 GB) FAT32

\\?\Volume{0f07c70c-910c-430c-91a8-07e27f63403c}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{7ac682b8-a7cd-4152-8698-bf29682f9cf8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: E664590B)

Partition: GPT.

==================== End of Addition.txt ============================
0 me gusta

#9

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [18106648 2017-11-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe [35780392 2019-03-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [AlisonDesktop] => C:\Users\sebas\AppData\Local\CertiSur\Alison-Desktop\Alison-Desktop.exe [410168 2018-06-07] (Certisur S.A. -> )
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [Prolific_OneButton] => C:\Program Files (x86)\Prolific Technology Inc.\Prolific Backup\OneBtn.exe [139264 2011-05-10] (Prolific Technology Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Tcpip\..\Interfaces\{98813476-a7c9-4627-828e-11b751157017}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{9d4becd5-5d96-4c22-80c7-3156c5659ec5}: [DhcpNameServer] 150.150.150.217
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
SearchScopes: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001 -> DefaultScope {F6F45BD4-848C-4E9B-B33B-FD91866C31B1} URL = 
SearchScopes: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001 -> {F6F45BD4-848C-4E9B-B33B-FD91866C31B1} URL = 
CHR StartupUrls: Default -> "hxxp://feed.snapdo.com/?publisher=muvicGOblidoo&dpid=muvicGOblidoo&co=AR&userid=4e63e467-df9b-8d57-993d-bdc75ebeeb1e&searchtype=hp&installDate=18/10/2013","hxxps://www.google.com/","hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB","hxxp://ar.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_35&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dar%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyDyDtAzy0CyCtB0CyBtBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtDyBtC0EyDtAtCtGzyzyzz0BtGyEyBtB0EtGzyyE0B0BtG0FzytAtAtDzzyD0A0E0DyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FyEtC0FyEzytCtG0F0B0E0EtGyEtByD0DtG0AyC0ByBtGtCtD0DyEzy0D0C0FtByE0Czz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D1642410767%26a%3Dwncy_ir_15_35%26os%3DWindows%2B10%2BPro","hxxps://www.google.com/"
CHR Extension: (Consultoría | Hojas - Qlik Sense nov) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjhhddcjfjjlkpgphhelkbjenhmjool [2018-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {291DEDD0-914F-47A8-A6AC-7397BF203FFD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {AAF61769-6991-46FB-BD40-80B180100028} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe (Conexant Systems, Inc.) [File not signed]
FirewallRules: [{D0E0D985-43D9-4E13-95BE-5F1306F9AC94}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{E6B1DFF4-0097-4A96-B5CD-7F9FA663C9D4}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

0 me gusta

#10

Bueno, segui los pasos. Pego el LOG:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by sebas (09-04-2019 11:57:04) Run:1
Running from C:\Users\sebas\Desktop
Loaded Profiles: sebas (Available Profiles: defaultuser0 & sebas)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [18106648 2017-11-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe [35780392 2019-03-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [AlisonDesktop] => C:\Users\sebas\AppData\Local\CertiSur\Alison-Desktop\Alison-Desktop.exe [410168 2018-06-07] (Certisur S.A. -> )
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [Prolific_OneButton] => C:\Program Files (x86)\Prolific Technology Inc.\Prolific Backup\OneBtn.exe [139264 2011-05-10] (Prolific Technology Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Tcpip\..\Interfaces\{98813476-a7c9-4627-828e-11b751157017}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{9d4becd5-5d96-4c22-80c7-3156c5659ec5}: [DhcpNameServer] 150.150.150.217
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
SearchScopes: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001 -> DefaultScope {F6F45BD4-848C-4E9B-B33B-FD91866C31B1} URL = 
SearchScopes: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001 -> {F6F45BD4-848C-4E9B-B33B-FD91866C31B1} URL = 
CHR StartupUrls: Default -> "hxxp://feed.snapdo.com/?publisher=muvicGOblidoo&dpid=muvicGOblidoo&co=AR&userid=4e63e467-df9b-8d57-993d-bdc75ebeeb1e&searchtype=hp&installDate=18/10/2013","hxxps://www.google.com/","hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB","hxxp://ar.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_35&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dar%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyDyDtAzy0CyCtB0CyBtBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtDyBtC0EyDtAtCtGzyzyzz0BtGyEyBtB0EtGzyyE0B0BtG0FzytAtAtDzzyD0A0E0DyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FyEtC0FyEzytCtG0F0B0E0EtGyEtByD0DtG0AyC0ByBtGtCtD0DyEzy0D0C0FtByE0Czz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D1642410767%26a%3Dwncy_ir_15_35%26os%3DWindows%2B10%2BPro","hxxps://www.google.com/"
CHR Extension: (Consultoría | Hojas - Qlik Sense nov) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjhhddcjfjjlkpgphhelkbjenhmjool [2018-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {291DEDD0-914F-47A8-A6AC-7397BF203FFD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {AAF61769-6991-46FB-BD40-80B180100028} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe (Conexant Systems, Inc.) [File not signed]
FirewallRules: [{D0E0D985-43D9-4E13-95BE-5F1306F9AC94}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{E6B1DFF4-0097-4A96-B5CD-7F9FA663C9D4}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MouseDriver" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Check Point VPN" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Aimersoft Helper Compact.exe" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveFS" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AlisonDesktop" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Prolific_OneButton" => removed successfully
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98813476-a7c9-4627-828e-11b751157017}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d4becd5-5d96-4c22-80c7-3156c5659ec5}\\DhcpNameServer" => removed successfully
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F6F45BD4-848C-4E9B-B33B-FD91866C31B1} => removed successfully
HKLM\Software\Classes\CLSID\{F6F45BD4-848C-4E9B-B33B-FD91866C31B1} => not found
"Chrome StartupUrls" => removed successfully
CHR Extension: (Consultoría | Hojas - Qlik Sense nov) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjhhddcjfjjlkpgphhelkbjenhmjool [2018-08-26] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27] => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{291DEDD0-914F-47A8-A6AC-7397BF203FFD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{291DEDD0-914F-47A8-A6AC-7397BF203FFD}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAF61769-6991-46FB-BD40-80B180100028}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAF61769-6991-46FB-BD40-80B180100028}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Conexant\AFA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Conexant\AFA" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0E0D985-43D9-4E13-95BE-5F1306F9AC94}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6B1DFF4-0097-4A96-B5CD-7F9FA663C9D4}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8167424 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10671831 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3096282 B
Edge => 3597 B
Chrome => 377288532 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2776 B
LocalService => 0 B
NetworkService => 5492 B
NetworkService => 0 B
defaultuser0 => 0 B
sebas => 64757646 B

RecycleBin => 1793116 B
EmptyTemp: => 444.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:57:18 ====

Al iniciar, pasé el adwcleaner y no detectó nada. Abrí chrome, abrí gmail, entré a esta página, pasé adwcleaner y encontró esto:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-08.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-09-2019
# Duration: 00:00:12
# OS:       Windows 10 Pro
# Scanned:  27259
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.SweetPage.ShrtCln  http://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2544 octets] - [10/05/2018 10:31:10]
AdwCleaner[C00].txt - [2483 octets] - [10/05/2018 11:37:26]
AdwCleaner[S01].txt - [2233 octets] - [12/03/2019 11:38:49]
AdwCleaner[C01].txt - [2217 octets] - [12/03/2019 11:39:48]
AdwCleaner[S02].txt - [1592 octets] - [04/04/2019 12:14:22]
AdwCleaner[C02].txt - [1758 octets] - [04/04/2019 12:14:40]
AdwCleaner[S03].txt - [1714 octets] - [05/04/2019 14:00:10]
AdwCleaner[S04].txt - [1775 octets] - [08/04/2019 16:11:31]
AdwCleaner[C04].txt - [1941 octets] - [08/04/2019 16:11:48]
AdwCleaner[S05].txt - [1798 octets] - [09/04/2019 11:59:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########
0 me gusta

#11

Hola

Realiza un análisis con EsetOnline como indica el manual.

Trae el reporte y comenta como sigue.

Un saludo

0 me gusta

#12

Hola! Te paso el resultado del ESET:

10/4/2019 14:42:34
Archivos analizados: 436091
Archivos infectados: 3
Amenazas desinfectadas: 3
Tiempo total de análisis 04:23:56
Estado del análisis: Finalizado
C:\Users\sebas\Desktop\ccsetup555.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\sebas\Documents\hirens-bootcd-15-2-es-en-win\Hiren's.BootCD.15.2.iso	múltiples amenazas,Win32/PSWTool.KonBoot.A aplicación potencialmente peligrosa,una variante de Win32/Adware.SpeedingUpMyPC.AM aplicación	eliminado
C:\Users\sebas\Downloads\Instaladores\Drivers\Realtek-matchver-FORCED-10x64-USB_10.25.0717.2018-drp_1702738750.1533581072.exe	Win32/DriverPack.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado

Cuando reinicié me apareció una actualización de Windows, Actualicé y reinicié.Pasé el adwcleaner y te paso también el resultado:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-10-2019
# Duration: 00:00:11
# OS:       Windows 10 Pro
# Scanned:  27276
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.SweetPage.ShrtCln  http://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2544 octets] - [10/05/2018 10:31:10]
AdwCleaner[C00].txt - [2483 octets] - [10/05/2018 11:37:26]
AdwCleaner[S01].txt - [2233 octets] - [12/03/2019 11:38:49]
AdwCleaner[C01].txt - [2217 octets] - [12/03/2019 11:39:48]
AdwCleaner[S02].txt - [1592 octets] - [04/04/2019 12:14:22]
AdwCleaner[C02].txt - [1758 octets] - [04/04/2019 12:14:40]
AdwCleaner[S03].txt - [1714 octets] - [05/04/2019 14:00:10]
AdwCleaner[S04].txt - [1775 octets] - [08/04/2019 16:11:31]
AdwCleaner[C04].txt - [1941 octets] - [08/04/2019 16:11:48]
AdwCleaner[S05].txt - [1798 octets] - [09/04/2019 11:59:25]
AdwCleaner[S06].txt - [1958 octets] - [09/04/2019 12:03:50]
AdwCleaner[S07].txt - [2019 octets] - [09/04/2019 12:34:03]
AdwCleaner[C07].txt - [2185 octets] - [09/04/2019 12:34:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S08].txt ##########
0 me gusta

#13

Hola

Realiza los siguientes pasos pero en modo seguro sin cambiar el orden:

1.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

2.- Ejecuta de nuevo AdwCleaner.

3.- Descarga Junkware Removal Tool. en tu escritorio.

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardará en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

4.- Vas a utilizar de nuevo Ccleaner.

  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador

  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad

  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Después de reiniciar comprueba si AdwCleaner sigue detectando, si lo sigue haciendo vuelve a ejecutar FRST coo te indiqué la primera vez y traes los reportes.

Un saludo

0 me gusta

#14

Hola! Si, detectó, te paso todo: JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by sebas (Administrator) on jue. 11/04/2019 at  8:36:18,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\WINDOWS\system32\Tasks\Lenovo Power Management Driver PnP Task (Task)



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on jue. 11/04/2019 at  8:37:58,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by sebas (administrator) on SEBAS-NB (11-04-2019 09:00:58)
Running from C:\Users\sebas\Desktop
Loaded Profiles: sebas (Available Profiles: defaultuser0 & sebas)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxCUIService.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\IntelCpHDCPSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Conexant Systems, Inc.) [File not signed] C:\Windows\System32\SyUIUExtSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\IntelCpHeciSvc.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\tphkload.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\tposd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\shtctky.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Online Connect -> Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\30.1.36.2348\crashpad_handler.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Notepad++ -> Don HO [email protected]) C:\Program Files (x86)\Notepad++\notepad++.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [ 2019-03-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [ [ 2019-03-14] (Microsoft Windows -> Microsoft Corporation) 2019-03-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe [35780392 2019-03-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.130.47 200.42.4.198 200.42.4.198
Tcpip\..\Interfaces\{7a51fa6d-d6a8-4128-9202-566f9c08ba7c}: [DhcpNameServer] 192.168.0.20 8.8.8.8
Tcpip\..\Interfaces\{f805b96d-d573-44b5-b852-976c5d54e0d2}: [DhcpNameServer] 200.49.130.47 200.42.4.198 200.42.4.198

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll [2017-06-22] (QlikTech International AB -> QlikTech AB)
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll [2017-06-22] (QlikTech International AB -> QlikTech AB)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\sebas\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-03-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://feed.snapdo.com/?publisher=muvicGOblidoo&dpid=muvicGOblidoo&co=AR&userid=4e63e467-df9b-8d57-993d-bdc75ebeeb1e&searchtype=hp&installDate=18/10/2013","hxxps://www.google.com/","hxxp://www.google.com/","hxxps://www.google.com/","hxxp://ar.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_35&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dar%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyDyDtAzy0CyCtB0CyBtBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtDyBtC0EyDtAtCtGzyzyzz0BtGyEyBtB0EtGzyyE0B0BtG0FzytAtAtDzzyD0A0E0DyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FyEtC0FyEzytCtG0F0B0E0EtGyEtByD0DtG0AyC0ByBtGtCtD0DyEzy0D0C0FtByE0Czz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D1642410767%26a%3Dwncy_ir_15_35%26os%3DWindows%2B10%2BPro","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://qss/resources/img/core/logo/logo-60x60.png
CHR Profile: C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default [2019-04-11]
CHR Extension: (Google Drive) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-26]
CHR Extension: (Consultoría | Hojas - Qlik Sense nov) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjhhddcjfjjlkpgphhelkbjenhmjool [2018-08-26]
CHR Extension: (YouTube) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-26]
CHR Extension: (Web for Instagram) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkhjjcoidmkfegigfdedmafpfemccpk [2019-04-09]
CHR Extension: (Find Big Mail) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlhfndmknegaiibciljinpmkhiakhhmp [2019-01-12]
CHR Extension: (Gmail sin conexión) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2019-01-12]
CHR Extension: (Google Play Música) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2019-01-07]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Trazador de planos) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2019-01-12]
CHR Extension: (Roomstyler 3D planner) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2019-01-12]
CHR Extension: (Cisco Webex Extension) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-03-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-02-18]
CHR Extension: (Google Maps) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-01-12]
CHR Extension: (Servistate HTTP Editor & REST API Client) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdjghedkfbdhbjhmefbbgjaihmmhkeg [2018-08-26]
CHR Extension: (Google Play Books) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2019-01-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-26]
CHR Extension: (Cacoo - Diagramación & Colaboración en tiempo real) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2019-01-12]
CHR Extension: (Gmail) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\sebas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27]
CHR Profile: C:\Users\sebas\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-09]
CHR HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-12-19] (Intel(R) Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [181584 2019-01-25] (Conexant Systems LLC -> Conexant Systems, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [291608 2017-09-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [145296 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71336 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [575216 2018-02-23] (Intel(R) Online Connect -> Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [306928 2018-02-23] (Intel(R) Online Connect -> Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [395000 2018-03-01] (Intel(R) Online Connect Access -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2351504 2018-11-06] (Lenovo -> Lenovo Group Limited)
S2 LENOVO.DPRSVC; C:\Program Files (x86)\Lenovo\DPR\LENOVO.DPRSVC.EXE [1109608 2016-12-28] (Lenovo -> Lenovo, Japan, Ltd.)
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892760 2018-12-25] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416576 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268328 2018-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SyUIUExtSvc; C:\WINDOWS\system32\SyUIUExtSvc.exe [60928 2019-03-06] (Conexant Systems, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2308800 2018-09-06] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\TPHKLOAD.exe [425360 2019-02-27] (Lenovo -> Lenovo Group Limited)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [5697304 2017-11-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [76520 2017-10-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [110488 2014-12-02] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [27544 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [47000 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [159008 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiShield; C:\WINDOWS\System32\drivers\FortiShield.sys [83232 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [122144 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [66600 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2018-07-23] (Fortinet Technologies -> Fortinet Inc)
R1 googledrivefs2622; C:\WINDOWS\System32\DRIVERS\googledrivefs2622.sys [122920 2019-01-17] (Google LLC -> Google, Inc.)
S3 HPFXBULKLEDM; C:\WINDOWS\system32\drivers\hppdbulkio.sys [30752 2016-01-06] (Hewlett-Packard Company -> Hewlett Packard)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-09] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-11] (Malwarebytes Corporation -> Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [51256 2018-03-01] (Intel(R) Online Connect Access -> Intel Corporation)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8822392 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [40144 2016-09-28] (NXP Semiconductors India Pvt Ltd. -> Nfc GPIO Driver)
S3 nhi; C:\WINDOWS\System32\drivers\tbt100x.sys [138336 2018-10-08] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [44160 2018-12-25] (Lenovo -> Lenovo.)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2019-01-08] (PAIPTAC  Driver -> )
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [957880 2019-01-30] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [532816 2018-07-19] (Realtek Semiconductor Corp. -> Realtek Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45096 2018-07-09] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [46120 2018-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [206104 2014-12-02] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SynaMetSMI; C:\WINDOWS\System32\drivers\SynaSmi.sys [39184 2018-07-24] (Synaptics Inc. -> Windows (R) Win 7 DDK provider)
S3 t_mouse.sys; C:\WINDOWS\System32\drivers\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 usbaud; C:\WINDOWS\system32\DRIVERS\usbaud64.sys [92528 2019-03-06] (Conexant Systems LLC -> Synaptics Inc.)
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare Technology Co.,Ltd -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 08:58 - 2019-04-11 08:58 - 001388432 _____ C:\Users\Public\VOIP.dat
2019-04-11 08:53 - 2019-04-11 08:53 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-11 08:49 - 2019-04-11 08:53 - 000003700 _____ C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task
2019-04-11 08:48 - 2019-04-11 08:48 - 000006242 _____ C:\Users\sebas\Documents\cc_20190411_084800.reg
2019-04-11 08:45 - 2019-04-11 08:45 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-11 08:45 - 2019-04-11 08:45 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-11 08:45 - 2019-04-11 08:45 - 000000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-11 08:45 - 2019-04-11 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-11 08:45 - 2019-04-11 08:45 - 000000000 ____D C:\Program Files\CCleaner
2019-04-11 08:44 - 2019-04-11 08:44 - 021205512 _____ (Piriform Software Ltd) C:\Users\sebas\Desktop\ccsetup555.exe
2019-04-11 08:37 - 2019-04-11 08:37 - 000000659 _____ C:\Users\sebas\Desktop\JRT.txt
2019-04-11 08:31 - 2019-04-11 08:31 - 001790024 _____ (Malwarebytes) C:\Users\sebas\Desktop\JRT.exe
2019-04-10 14:42 - 2019-04-10 14:42 - 000001560 _____ C:\Users\sebas\Documents\ESET 10_4_19.txt
2019-04-10 12:19 - 2019-04-02 09:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 12:19 - 2019-04-02 09:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 12:19 - 2019-04-02 09:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 12:19 - 2019-04-02 09:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 12:19 - 2019-04-02 09:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 12:19 - 2019-04-02 09:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 12:19 - 2019-04-02 09:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 12:19 - 2019-04-02 09:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 12:19 - 2019-04-02 09:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 12:19 - 2019-04-02 09:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 12:19 - 2019-04-02 09:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 12:19 - 2019-04-02 09:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 12:19 - 2019-04-02 09:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 12:19 - 2019-04-02 09:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 12:19 - 2019-04-02 09:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 12:19 - 2019-04-02 09:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 12:19 - 2019-04-02 06:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 12:19 - 2019-04-02 06:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 12:19 - 2019-04-02 06:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 12:19 - 2019-04-02 06:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 12:19 - 2019-04-02 06:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 12:19 - 2019-04-02 06:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 12:19 - 2019-04-02 06:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 12:19 - 2019-04-02 06:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 12:19 - 2019-04-02 06:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 12:19 - 2019-04-02 05:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 12:19 - 2019-04-02 05:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 12:19 - 2019-04-02 05:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 12:19 - 2019-04-02 05:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 12:19 - 2019-04-02 05:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 12:19 - 2019-04-02 05:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 12:19 - 2019-04-02 05:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 12:19 - 2019-04-02 05:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 12:19 - 2019-04-02 05:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 12:19 - 2019-04-02 05:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 12:19 - 2019-04-02 05:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 12:19 - 2019-04-02 05:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 12:19 - 2019-04-02 05:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 12:19 - 2019-04-02 05:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 12:19 - 2019-04-02 05:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 12:19 - 2019-04-02 05:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 12:19 - 2019-04-02 05:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 12:19 - 2019-04-02 04:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 12:19 - 2019-04-02 04:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 12:19 - 2019-04-02 04:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 12:19 - 2019-04-02 04:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 12:19 - 2019-04-02 04:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 12:19 - 2019-04-02 04:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 12:19 - 2019-04-02 04:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 12:19 - 2019-04-02 04:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 12:19 - 2019-04-02 04:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 12:19 - 2019-04-02 04:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 12:19 - 2019-04-02 04:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 12:19 - 2019-04-02 04:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 12:19 - 2019-04-02 04:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 12:19 - 2019-04-02 04:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 12:19 - 2019-04-02 04:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 12:19 - 2019-04-02 04:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 12:19 - 2019-04-02 04:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 12:19 - 2019-04-02 04:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 12:19 - 2019-04-02 03:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 12:19 - 2019-04-02 02:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 12:19 - 2019-04-02 01:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 12:19 - 2019-04-02 01:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 12:19 - 2019-04-02 01:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 12:19 - 2019-04-02 01:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 12:19 - 2019-04-02 01:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 12:19 - 2019-04-02 01:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 12:19 - 2019-04-02 01:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 12:19 - 2019-04-02 01:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 12:19 - 2019-04-02 01:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 12:19 - 2019-04-02 01:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 12:19 - 2019-04-02 01:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 12:19 - 2019-03-16 09:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 12:19 - 2019-03-16 06:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 12:19 - 2019-03-14 11:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 12:19 - 2019-03-14 11:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 12:19 - 2019-03-14 11:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 12:19 - 2019-03-14 11:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 12:19 - 2019-03-14 11:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 12:19 - 2019-03-14 11:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 12:19 - 2019-03-14 11:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 12:19 - 2019-03-14 11:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 12:19 - 2019-03-14 11:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 12:19 - 2019-03-14 11:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 12:19 - 2019-03-14 11:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 12:19 - 2019-03-14 11:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 12:19 - 2019-03-14 11:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 12:19 - 2019-03-14 11:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 12:19 - 2019-03-14 11:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 12:19 - 2019-03-14 11:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 12:19 - 2019-03-14 10:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 12:19 - 2019-03-14 10:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 12:19 - 2019-03-14 10:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 12:19 - 2019-03-14 10:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 12:19 - 2019-03-14 10:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 12:19 - 2019-03-14 10:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 12:19 - 2019-03-14 05:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 12:19 - 2019-03-14 05:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 12:19 - 2019-03-14 05:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 12:19 - 2019-03-14 05:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 12:19 - 2019-03-14 05:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 12:19 - 2019-03-14 05:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 12:19 - 2019-03-14 05:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 12:19 - 2019-03-14 05:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 12:19 - 2019-03-14 05:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 12:19 - 2019-03-14 05:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 12:19 - 2019-03-14 05:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 12:19 - 2019-03-14 05:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 12:19 - 2019-03-14 05:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 12:19 - 2019-03-14 05:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 12:19 - 2019-03-14 05:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 12:19 - 2019-03-14 05:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 12:19 - 2019-03-14 05:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 12:19 - 2019-03-14 05:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 12:19 - 2019-03-14 05:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 12:19 - 2019-03-14 05:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 12:19 - 2019-03-14 05:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 12:19 - 2019-03-14 05:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 12:19 - 2019-03-14 05:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 12:19 - 2019-03-14 05:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 12:19 - 2019-03-14 05:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 12:19 - 2019-03-14 05:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 12:19 - 2019-03-14 05:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 12:19 - 2019-03-14 04:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 12:19 - 2019-03-14 04:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 12:19 - 2019-03-14 04:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 12:19 - 2019-03-14 04:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 12:19 - 2019-03-14 04:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 12:19 - 2019-03-14 04:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 12:19 - 2019-03-14 04:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 12:19 - 2019-03-14 04:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 12:19 - 2019-03-14 04:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 12:19 - 2019-03-14 04:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 12:19 - 2019-03-14 04:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 12:19 - 2019-03-14 04:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 12:19 - 2019-03-14 04:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 12:19 - 2019-03-14 04:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 12:19 - 2019-03-14 04:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 12:19 - 2019-03-14 04:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 12:19 - 2019-03-14 04:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-10 09:36 - 2019-04-10 09:36 - 000000000 ____D C:\Users\sebas\AppData\Local\ESET
2019-04-10 09:34 - 2019-04-10 09:35 - 007665272 _____ (ESET spol. s r.o.) C:\Users\sebas\Desktop\esetonlinescanner_esn.exe
2019-04-09 15:45 - 2019-04-09 15:45 - 002675746 _____ C:\Users\sebas\Downloads\Qlik Specialization Program Step-by-step instructions.pdf
2019-04-09 15:45 - 2019-04-09 15:45 - 000348853 _____ C:\Users\sebas\Downloads\Qlik Specialization Program Guide.pdf
2019-04-09 12:17 - 2019-04-09 12:17 - 000074874 _____ C:\Users\sebas\Downloads\Rentab_12.pdf
2019-04-09 12:06 - 2019-04-09 12:06 - 000020535 _____ C:\Users\sebas\Downloads\Rentab_7.pdf
2019-04-09 11:57 - 2019-04-09 11:57 - 000012290 _____ C:\Users\sebas\Desktop\Fixlog.txt
2019-04-09 11:56 - 2019-04-09 11:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-09 11:54 - 2019-03-06 09:17 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-04-09 11:54 - 2019-03-06 09:17 - 000130216 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-04-09 11:54 - 2019-03-06 09:17 - 000097960 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-04-09 11:54 - 2019-03-06 09:17 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-04-09 11:46 - 2019-04-09 11:46 - 000000246 _____ C:\DelFix.txt
2019-04-09 11:46 - 2019-04-09 11:46 - 000000000 ____D C:\WINDOWS\ERUNT
2019-04-09 11:45 - 2019-04-09 11:45 - 000797760 _____ C:\Users\sebas\Desktop\delfix.exe
2019-04-09 09:48 - 2019-04-09 09:48 - 000035056 _____ C:\Users\sebas\Downloads\Libro1.xlsx
2019-04-09 09:33 - 2019-04-09 09:34 - 000047971 _____ C:\Users\sebas\Desktop\Addition.txt
2019-04-09 09:32 - 2019-04-11 09:01 - 000028535 _____ C:\Users\sebas\Desktop\FRST.txt
2019-04-09 09:32 - 2019-04-11 09:00 - 000000000 ____D C:\FRST
2019-04-09 09:32 - 2019-04-09 09:32 - 002434048 _____ (Farbar) C:\Users\sebas\Desktop\FRST64.exe
2019-04-08 16:17 - 2019-04-08 16:17 - 000000282 _____ C:\Users\sebas\Documents\cc_20190408_161713.reg
2019-04-08 16:16 - 2019-04-08 16:16 - 000157838 _____ C:\Users\sebas\Documents\cc_20190408_161623.reg
2019-04-08 16:16 - 2019-04-08 16:16 - 000009810 _____ C:\Users\sebas\Documents\cc_20190408_161650.reg
2019-04-08 16:05 - 2019-04-09 09:27 - 000006546 _____ C:\Users\sebas\Documents\Virus 8_4_19.txt
2019-04-08 16:02 - 2019-04-09 11:56 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-08 16:02 - 2019-04-08 16:02 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-08 16:02 - 2019-04-08 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-08 16:02 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-08 16:02 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-08 16:00 - 2019-04-08 16:00 - 062632672 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe
2019-04-08 16:00 - 2019-04-08 16:00 - 007025360 _____ (Malwarebytes) C:\Users\sebas\Desktop\adwcleaner_7.3 (1).exe
2019-04-08 12:40 - 2019-04-08 12:40 - 000646932 _____ C:\Users\sebas\Downloads\tcmenu-1.4.0_214-trial.zip
2019-04-05 15:50 - 2019-04-05 15:50 - 000043008 _____ C:\Users\sebas\Downloads\Plan de Compra CSL 2019-04-01.xlsx
2019-04-05 14:47 - 2019-04-05 14:47 - 000695550 _____ C:\Users\sebas\Downloads\Qlik - Requerimientos.pptx
2019-04-05 09:44 - 2019-04-05 09:44 - 000000000 ____D C:\Users\sebas\AppData\Local\mbam
2019-04-05 09:43 - 2019-04-08 16:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Users\sebas\AppData\Local\mbamtray
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-05 09:42 - 2019-04-05 09:43 - 000002440 _____ C:\Users\sebas\Desktop\Rkill.txt
2019-04-05 09:41 - 2019-04-05 09:42 - 062618552 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
2019-04-05 09:41 - 2019-04-05 09:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\sebas\Downloads\iExplore.exe
2019-04-04 12:14 - 2019-04-04 12:14 - 007025360 _____ (Malwarebytes) C:\Users\sebas\Downloads\adwcleaner_7.3.exe
2019-04-04 11:38 - 2019-04-04 11:38 - 000073499 _____ C:\Users\sebas\Downloads\QlikGeoAnalyticsServerRequirements.pdf
2019-04-04 11:00 - 2019-04-04 11:00 - 000002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-04-04 11:00 - 2019-04-04 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-04-03 16:00 - 2019-04-03 02:26 - 000382857 _____ C:\Users\sebas\Desktop\B_D_Presupuesto.qvd
2019-04-03 12:07 - 2019-04-03 12:07 - 000072565 _____ C:\Users\sebas\Downloads\Comprobante de transferencia (1).pdf
2019-04-01 14:44 - 2019-04-01 14:44 - 000070763 _____ C:\Users\sebas\Downloads\Comprobante de transferencia.pdf
2019-03-27 15:17 - 2019-03-27 15:17 - 000083060 _____ C:\Users\sebas\Documents\Schedule(Recuperado automáticamente).xlsx
2019-03-26 12:20 - 2019-03-26 11:31 - 022735360 _____ C:\Users\sebas\Desktop\Comercial.qvw
2019-03-26 12:20 - 2019-03-26 11:31 - 000147712 _____ C:\Users\sebas\Desktop\QVI.qvw
2019-03-26 11:30 - 2019-03-26 11:30 - 024177370 _____ C:\Users\sebas\Downloads\recomparativoqlikviewvs_qliksense.zip
2019-03-26 09:37 - 2016-12-06 15:55 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2019-03-26 09:37 - 2016-12-06 15:55 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\SASrv.exe
2019-03-26 09:37 - 2016-10-27 15:54 - 000004664 _____ C:\WINDOWS\system32\Drivers\CxSfPt.dat
2019-03-26 09:36 - 2019-03-26 09:36 - 000000000 ____D C:\ProgramData\Dolby
2019-03-26 09:36 - 2015-09-16 16:10 - 000225624 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2019-03-26 09:33 - 2018-09-18 06:01 - 004944208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A217.DLL
2019-03-22 11:06 - 2019-03-22 11:12 - 000000000 ____D C:\Users\sebas\AppData\Roaming\webex
2019-03-22 11:01 - 2019-03-22 11:04 - 000000000 ____D C:\Users\sebas\AppData\Local\WebEx
0 me gusta

#15

FRST2


2019-03-22 11:01 - 2019-03-22 11:01 - 001685192 _____ (Cisco Webex LLC) C:\Users\sebas\Downloads\Cisco_WebEx_Add-On.exe
2019-03-22 11:01 - 2019-03-22 11:01 - 000000000 ____D C:\Users\sebas\AppData\Roaming\Mozilla
2019-03-22 10:11 - 2019-03-22 10:12 - 055159887 _____ C:\Users\sebas\Downloads\WhatsApp Video 2019-03-21 at 17.59.10.mp4
2019-03-19 17:58 - 2019-03-19 17:58 - 000018238 _____ C:\Users\sebas\Downloads\33a2b155-529c-4c8f-9511-6df6478b461f.xlsx
2019-03-19 17:57 - 2019-03-19 17:57 - 000005732 _____ C:\Users\sebas\Downloads\f6c261c7-41e7-4a51-8608-d3ff6c4e387d.xlsx
2019-03-19 12:53 - 2019-03-19 12:53 - 000000183 _____ C:\Users\sebas\Documents\new 2.txt
2019-03-19 09:30 - 2019-03-19 09:30 - 000014848 _____ C:\Users\sebas\Downloads\Migracion_de_facturas_proveedores_093000_45210dbb91ff2ea1.xls
2019-03-19 09:16 - 2019-03-19 09:16 - 000028879 _____ C:\Users\sebas\Documents\migracion-facturas-compra.xlsx
2019-03-19 09:05 - 2019-03-19 09:05 - 000050176 _____ C:\Users\sebas\Downloads\migracion-facturas-compra (1).xls
2019-03-19 09:05 - 2019-03-19 09:05 - 000012550 _____ C:\Users\sebas\Downloads\Listado_Facturas_a_20190319090512AM.xls
2019-03-19 08:44 - 2019-03-19 08:44 - 000003194 _____ C:\Users\sebas\Downloads\DetalleMovimiento19032019.xls
2019-03-19 08:34 - 2019-03-19 08:34 - 000224768 _____ C:\Users\sebas\Downloads\Reporte_diario_general_083454_45210dbb91ff2ea1.xls
2019-03-19 08:22 - 2019-03-19 08:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-03-19 08:21 - 2019-03-19 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Thunderbolt™
2019-03-18 12:44 - 2019-03-18 12:44 - 000041435 _____ C:\Users\sebas\Downloads\Listado proveedores 180319.xlsx
2019-03-18 12:43 - 2019-03-18 12:43 - 000024897 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.xlsx
2019-03-18 12:42 - 2019-03-18 12:42 - 000748981 _____ C:\Users\sebas\Downloads\Listado proveedores 170319.rar
2019-03-18 12:42 - 2019-03-18 12:42 - 000688690 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.rar
2019-03-18 12:38 - 2019-03-18 12:38 - 000867661 _____ C:\Users\sebas\Downloads\Listado proveedores 170319.numbers
2019-03-18 12:38 - 2019-03-18 12:38 - 000811628 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.numbers
2019-03-18 11:27 - 2019-03-18 11:27 - 000225302 _____ C:\Users\sebas\Downloads\DS-Advanced-Analytics-Integration-Data-Sheet-EN.pdf
2019-03-18 09:52 - 2019-03-18 09:52 - 000069096 _____ C:\Users\sebas\Downloads\Comprobante de transferencia programada (1).pdf
2019-03-18 09:51 - 2019-03-18 09:51 - 000069041 _____ C:\Users\sebas\Downloads\f93921db-9b0d-44bd-93a8-02c25af73564.pdf
2019-03-18 09:51 - 2019-03-18 09:51 - 000069041 _____ C:\Users\sebas\Downloads\Comprobante de transferencia programada.pdf
2019-03-18 09:47 - 2019-03-18 09:47 - 000071322 _____ C:\Users\sebas\Downloads\19f12b0b-65f1-473b-8f26-c44ece56643b.pdf
2019-03-15 15:45 - 2019-03-15 15:45 - 000558263 _____ C:\Users\sebas\Downloads\Comprobante_Modificacion_Limite_Debito_15499040.pdf
2019-03-14 15:49 - 2019-03-13 15:52 - 248744960 _____ C:\Users\sebas\Desktop\Sales mas transfer.qvw
2019-03-14 13:09 - 2019-03-15 12:14 - 000268288 _____ C:\Users\sebas\Downloads\sh_ipc_02_19.xls
2019-03-14 13:08 - 2019-03-14 13:08 - 001316040 _____ C:\Users\sebas\Downloads\ipc_02_19.pdf
2019-03-14 12:18 - 2019-03-14 12:18 - 000017920 _____ C:\Users\sebas\Downloads\FlujoDeCaja.xls
2019-03-14 12:14 - 2019-03-14 12:14 - 000019077 _____ C:\Users\sebas\Downloads\Detalle de Estados de Resultado creado por Colppy_20190314121453PM.xls
2019-03-14 11:32 - 2019-03-14 11:32 - 000001241 _____ C:\Users\sebas\Downloads\Comprobante_Prestamo_0431039100051894_190318.txt
2019-03-13 10:50 - 2019-03-06 12:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-13 10:50 - 2019-03-06 12:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-13 10:50 - 2019-03-06 12:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 10:50 - 2019-03-06 12:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-13 10:50 - 2019-03-06 12:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-13 10:50 - 2019-03-06 12:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-13 10:50 - 2019-03-06 12:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-13 10:50 - 2019-03-06 12:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-13 10:50 - 2019-03-06 09:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-13 10:50 - 2019-03-06 09:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-13 10:50 - 2019-03-06 09:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-13 10:50 - 2019-03-06 06:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 10:50 - 2019-03-06 06:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-13 10:50 - 2019-03-06 06:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-13 10:50 - 2019-03-06 06:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-13 10:50 - 2019-03-06 06:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-13 10:50 - 2019-03-06 06:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-13 10:50 - 2019-03-06 06:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-13 10:50 - 2019-03-06 06:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-13 10:50 - 2019-03-06 06:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 10:50 - 2019-03-06 06:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-13 10:50 - 2019-03-06 06:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-13 10:50 - 2019-03-06 06:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-13 10:50 - 2019-03-06 06:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-13 10:50 - 2019-03-06 06:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-13 10:50 - 2019-03-06 05:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-13 10:50 - 2019-03-06 05:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-13 10:50 - 2019-03-06 05:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 10:50 - 2019-03-06 05:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-13 10:50 - 2019-03-06 05:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-13 10:50 - 2019-03-06 05:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-13 10:50 - 2019-03-06 05:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-13 10:50 - 2019-03-06 05:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-13 10:50 - 2019-03-06 05:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-13 10:50 - 2019-03-06 05:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-13 10:50 - 2019-03-06 05:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-13 10:50 - 2019-03-06 05:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-13 10:50 - 2019-03-06 03:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-13 10:50 - 2019-03-06 03:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-13 10:50 - 2019-03-06 03:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-13 10:50 - 2019-03-06 03:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-13 10:50 - 2019-03-06 03:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-13 10:50 - 2019-03-06 03:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-13 10:50 - 2019-03-06 02:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-13 10:50 - 2019-03-06 02:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-13 10:50 - 2019-03-06 02:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-13 10:50 - 2019-03-06 02:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-13 10:50 - 2019-02-21 00:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-13 10:50 - 2019-02-16 10:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-13 10:50 - 2019-02-16 10:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 10:50 - 2019-02-16 10:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-03-13 10:50 - 2019-02-16 09:57 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000180528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000172856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-03-13 10:50 - 2019-02-16 09:57 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-03-13 10:50 - 2019-02-16 09:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-13 10:50 - 2019-02-16 09:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-13 10:50 - 2019-02-16 09:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-13 10:50 - 2019-02-16 09:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 10:50 - 2019-02-16 09:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 10:50 - 2019-02-16 09:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-13 10:50 - 2019-02-16 09:33 - 002194432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-13 10:50 - 2019-02-16 09:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-13 10:50 - 2019-02-16 09:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 10:50 - 2019-02-16 09:32 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-03-13 10:50 - 2019-02-16 09:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-13 10:50 - 2019-02-16 09:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-13 10:50 - 2019-02-16 09:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 10:50 - 2019-02-16 09:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 10:50 - 2019-02-16 09:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 10:50 - 2019-02-16 09:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 10:50 - 2019-02-16 09:25 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-03-13 10:50 - 2019-02-16 09:25 - 000148784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2019-03-13 10:50 - 2019-02-16 09:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-13 10:50 - 2019-02-16 09:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-13 10:50 - 2019-02-16 09:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-13 10:50 - 2019-02-16 09:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-13 10:50 - 2019-02-16 09:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-13 10:50 - 2019-02-16 09:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-13 10:50 - 2019-02-16 09:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-13 10:50 - 2019-02-16 09:02 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-03-13 10:50 - 2019-02-16 08:55 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-03-13 10:50 - 2019-02-16 07:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 10:50 - 2019-02-16 07:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 10:50 - 2019-02-16 05:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-13 10:50 - 2019-02-16 05:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-13 10:50 - 2019-02-16 05:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-13 10:50 - 2019-02-16 05:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-13 10:50 - 2019-02-16 05:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-13 10:50 - 2019-02-16 05:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 10:50 - 2019-02-16 05:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-13 10:50 - 2019-02-16 05:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-13 10:50 - 2019-02-16 05:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-13 10:50 - 2019-02-16 05:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-13 10:50 - 2019-02-16 05:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-13 10:50 - 2019-02-16 05:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-13 10:50 - 2019-02-16 05:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-13 10:50 - 2019-02-16 05:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-13 10:50 - 2019-02-16 05:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 10:50 - 2019-02-16 04:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-13 10:50 - 2019-02-16 04:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-13 10:50 - 2019-02-16 04:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-13 10:50 - 2019-02-16 04:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-13 10:50 - 2019-02-16 04:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-13 10:50 - 2019-02-16 04:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-13 10:50 - 2019-02-16 04:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-13 10:50 - 2019-02-16 04:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-13 10:50 - 2019-02-16 04:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 10:50 - 2019-02-16 04:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-13 10:50 - 2019-02-16 04:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-13 10:50 - 2019-02-16 04:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-13 10:50 - 2019-02-16 04:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-13 10:50 - 2019-02-16 04:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-13 10:50 - 2019-02-16 04:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-13 10:50 - 2019-02-16 04:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-13 10:50 - 2019-02-16 04:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-13 10:50 - 2019-02-16 04:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-13 10:50 - 2019-02-16 04:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-13 10:50 - 2019-02-16 04:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-13 10:50 - 2019-02-16 04:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-13 10:50 - 2019-02-16 04:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-12 10:12 - 2019-03-12 10:12 - 007316688 _____ (Malwarebytes) C:\Users\sebas\Downloads\adwcleaner_7.2.7.0.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 08:57 - 2018-08-26 15:27 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-11 08:57 - 2018-08-26 11:08 - 000782460 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-11 08:57 - 2018-08-26 11:08 - 000152236 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-11 08:57 - 2018-08-26 11:04 - 000000000 ____D C:\WINDOWS\INF
2019-04-11 08:53 - 2018-12-04 10:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-11 08:53 - 2018-08-26 15:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-11 08:53 - 2018-08-26 15:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2019-04-11 08:53 - 2018-08-26 11:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-11 08:53 - 2018-08-26 11:02 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-11 08:53 - 2017-07-22 00:24 - 000000000 __SHD C:\Users\sebas\IntelGraphicsProfiles
2019-04-11 08:46 - 2019-03-02 10:44 - 000000000 ____D C:\Users\sebas\AppData\Local\CrashDumps
2019-04-11 08:37 - 2018-09-04 07:54 - 000004206 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{80C6BEB5-FFE7-4DD9-BC20-2B4A4D0EFBAD}
2019-04-11 08:36 - 2018-08-26 16:25 - 000000000 ____D C:\Users\sebas\AppData\Roaming\FortiClient
2019-04-10 16:34 - 2018-08-26 15:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-10 15:35 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-10 14:46 - 2018-08-26 15:14 - 000410904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-10 12:38 - 2018-08-26 11:05 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-10 12:21 - 2018-08-26 11:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-10 12:18 - 2018-08-26 22:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 12:17 - 2018-08-26 22:50 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-10 11:07 - 2019-02-04 09:41 - 000002252 ____H C:\Users\sebas\Documents\Default.rdp
2019-04-10 10:30 - 2019-02-11 13:48 - 000000000 ____D C:\Users\sebas\Documents\hirens-bootcd-15-2-es-en-win
2019-04-09 15:08 - 2018-08-30 14:56 - 000000504 __RSH C:\ProgramData\ntuser.pol
2019-04-09 15:06 - 2018-08-26 11:05 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-04-09 11:57 - 2019-02-18 09:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-09 11:57 - 2017-10-31 18:07 - 000000000 ____D C:\Users\sebas\AppData\LocalLow\Temp
2019-04-09 10:31 - 2018-08-26 15:21 - 000000000 ____D C:\Users\sebas\AppData\Local\Packages
2019-04-09 09:14 - 2018-08-26 15:25 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-08 16:29 - 2018-08-26 15:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-08 16:15 - 2018-12-04 10:07 - 000000000 ____D C:\Users\sebas\AppData\Roaming\TeamViewer
2019-04-08 16:15 - 2018-08-26 11:13 - 000000000 ____D C:\WINDOWS\Panther
2019-04-08 16:15 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-08 16:14 - 2019-02-18 09:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-08 16:14 - 2018-08-26 11:05 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-05 11:18 - 2018-11-16 08:45 - 000000000 ____D C:\Program Files\rempl
2019-04-05 09:17 - 2018-08-26 15:49 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2019-04-04 10:59 - 2017-05-05 07:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-01 14:51 - 2018-08-26 11:07 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 14:51 - 2018-08-26 11:07 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-01 09:59 - 2018-08-26 15:25 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1391593998-1406418587-2262156805-1001
2019-04-01 09:59 - 2018-08-26 15:19 - 000002374 _____ C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-01 09:59 - 2017-07-22 08:57 - 000000000 ___RD C:\Users\sebas\OneDrive
2019-03-28 20:23 - 2017-08-01 16:40 - 000000000 ____D C:\Users\sebas\Documents\Plantillas personalizadas de Office
2019-03-28 16:36 - 2018-08-26 15:24 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 16:36 - 2018-08-26 15:24 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-26 11:20 - 2017-07-26 17:41 - 000000000 ____D C:\Users\sebas\Documents\Clientes
2019-03-26 09:36 - 2018-08-26 15:15 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2019-03-26 09:33 - 2018-08-26 15:15 - 000000000 ____D C:\ProgramData\UIU
2019-03-26 09:33 - 2018-08-26 15:15 - 000000000 ____D C:\ProgramData\Conexant
2019-03-22 11:12 - 2018-05-30 14:40 - 000000000 ____D C:\Users\sebas\AppData\LocalLow\WebEx
2019-03-22 11:06 - 2018-05-30 14:41 - 000000000 __SHD C:\Users\sebas\Documents\cache
2019-03-19 09:22 - 2017-07-29 13:56 - 000000000 ____D C:\Users\sebas\Documents\ERA
2019-03-19 08:22 - 2018-08-26 15:33 - 000005826 _____ C:\WINDOWS\system32\tbt_log.txt
2019-03-19 08:21 - 2017-05-05 07:33 - 000000000 ____D C:\Program Files (x86)\Intel
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-14 11:02 - 2018-08-26 11:05 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-12 12:18 - 2018-10-17 09:13 - 000017758 _____ C:\WINDOWS\system32\results.xml

==================== Files in the root of some directories =======

2019-04-11 08:58 - 2019-04-11 08:58 - 001388432 _____ () C:\Users\Public\VOIP.dat
2018-12-20 11:10 - 2018-12-20 11:10 - 000003519 _____ () C:\Users\sebas\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 15:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by sebas (11-04-2019 09:01:47)
Running from C:\Users\sebas\Desktop
Windows 10 Pro Version 1803 17134.706 (X64) (2018-08-26 18:21:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1391593998-1406418587-2262156805-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1391593998-1406418587-2262156805-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1391593998-1406418587-2262156805-1000 - Limited - Enabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-1391593998-1406418587-2262156805-501 - Limited - Disabled)
sebas (S-1-5-21-1391593998-1406418587-2262156805-1001 - Administrator - Enabled) => C:\Users\sebas
WDAGUtilityAccount (S-1-5-21-1391593998-1406418587-2262156805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alison-Desktop (HKLM-x32\...\{953D8225-3101-4007-B970-9AC9340C4EFA}) (Version: 1.1.7 - CertiSur)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Check Point VPN (HKLM-x32\...\{B3E35728-8603-484C-AE19-F73A47D733BE}) (Version: 98.60.3013 - Check Point Software Technologies Ltd.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EasyQlik QViewer 3.3.2 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\{ABD2573A-5004-4876-BFD5-32D41F489ACC}_is1) (Version: 3.3.2 - EasyQlik)
FortiClient (HKLM\...\{E1E1D751-6C0B-4697-88A4-052CABC12DD8}) (Version: 6.0.1.0099 - Fortinet Technologies Inc)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
Generic Conexant USB Audio driver for Docks and Adapters (HKLM-x32\...\usbaudiocd01ww_is1) (Version: 1.000.0 - Lenovo Group Limited)
GIMP 2.10.2 (HKLM\...\GIMP-2_is1) (Version: 2.10.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 30.1.36.2348 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{15998D77-1F78-43EE-96D4-1067ECAA2412}) (Version: 3.5.2247 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6576 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Online Connect (HKLM-x32\...\{6b556278-d555-4d14-ac99-8ad600578a95}) (Version: 1.3.13.0 - Intel Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Hidden
Lenovo Dynamic Power Reduction Utility (HKLM-x32\...\{AE8B5056-56D3-4F92-B31B-BCE3430678EA}) (Version: 1.0.0.26 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.19 - Lenovo) Hidden
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 2.00.000 - Lenovo) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 10.4.137.0 - Microsoft Corporation)
Microsoft Office Hogar y Estudiantes 2016 - es-es (HKLM\...\HomeStudentRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6965.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Prolific Backup (HKLM-x32\...\{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}) (Version: 3.9.2.00 - Prolific Technology Inc.)
Qlik Sense DemoApps (HKLM\...\{AFCEFE4E-2B4E-4F1B-BB2C-8FC7C3FD9763}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop (HKLM\...\{FB8999A7-A3C5-482B-B444-93F030008ABC}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop Connectors (HKLM\...\{1376C93C-0A5A-4BC9-906A-E41370D1A3AA}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop February 2019 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\{aaa3d233-8841-4ace-95e0-19fc2da9cea1}) (Version: 13.9.1 - QlikTech International AB)
Qlik Sense Extension Bundles (HKLM\...\{4D9F073B-CC60-4E5D-B117-D7ED7D20DBDF}) (Version: 13.9.1 - QlikTech International AB)
Qlik_WowMakerSetup (HKLM-x32\...\{8D8050E0-6193-4E7B-AE26-8C48213A7AD1}) (Version: 1.0.0 - Default Company Name)
QlikView x64 (HKLM\...\{BAB4187A-F349-497E-A151-79D1B274B936}) (Version: 11.20.13607.0 - QlikTech International AB)
QsDocumentAnalyzer version 1.5.0 (HKLM-x32\...\{75330F9E-2072-4618-950B-F5E108517A85}_is1) (Version: 1.5.0 - Panalytics, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17763.21311 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software Thunderbolt™ (HKLM-x32\...\{FBAB4EAA-497D-4B48-8484-D96CAE92C71A}) (Version: 17.4.78.500 - Intel Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
ThinkPad Thunderbolt 3 Dock USB Audio (HKLM\...\VID_17EF&PID_306A&MI_00) (Version: 1.31.38.31 - Conexant Systems)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.25.704.2018 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\WinDirStat) (Version:  - )
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxDTCM.dll [2019-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03855990-26CB-47E1-B000-DF83C5A111F4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe (Microsoft Corporation -> Microsoft)
Task: {03D51C3D-0570-492C-A48C-23C8118B2B4C} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {07A6E045-DE21-4D50-87FF-C2E9A2A72E76} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {085ECFF8-5907-4A04-AE8E-5C4C32D98E16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0A0555DA-A415-4D2E-8F80-64104F31961E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {0D97D7E6-BC8A-4E68-BC74-8686231E61BC} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {150DF8AB-C59E-4804-9690-EC9E70D5E40F} - System32\Tasks\Lenovo\Lenovo Platform Task => C:\WINDOWS\System32\LPlatSvc.exe (Lenovo -> Lenovo.)
Task: {17E7CEF5-BDA3-411F-9223-5A07B4436A72} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1A8CA60E-E84B-4E37-B4D1-0D95C8DE6C4D} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {21C2411B-6A2B-4913-974C-FFC80915DFE7} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {2853F98E-62BD-4D06-8A45-9B6B19CE535E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {28D19E93-8A14-401F-AFB1-4E9A22FE56CE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {33854499-F187-4284-A075-9CD0C632F198} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {3EAC4787-BEE1-460F-9D46-8FF256B1380D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {44A0A9FA-19ED-4FDC-893F-C49A3333F248} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\WINDOWS\System32\ibmpmsvc.exe (Lenovo -> Lenovo.)
Task: {4B90B0B9-9E80-48FE-9C4B-DF076E4C3F21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4D78C33C-FB11-4ED8-8572-C1CDC455FA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4E4F68FB-2986-4D80-A277-5D25FC617FC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {53AE491A-0FFA-4298-9D45-4E0F98BCF39B} - System32\Tasks\Intel-IMSS => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
Task: {5A746FB9-EA8D-47E8-A9F0-73239BD9151F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {62207FCD-1E3C-4F43-9B9E-FD78A3EA9FDD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {62BD9554-D831-49D8-852C-D81F9268F723} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E005D67-E121-4A62-8258-B3E2C6C4C79D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eaf627b0-b9e0-4dcb-a92c-1b6b584b7a4f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo Group Ltd.)
Task: {7B5C3D7E-E8F1-4359-A64D-FCE1E2E8AE7A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (Microsoft Corporation -> Microsoft)
Task: {8EC2DC19-EDA8-4704-B589-147E4F45FB24} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9097755D-C925-46E1-843C-68DDD8CA2920} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A0E45552-C0A0-44A4-BE5B-485C8577F9A2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {A3839B7A-7FAB-4BBD-B351-1A2EA6E2D3E8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AA734323-4DE6-43EE-BACB-1943404586AA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe (Lenovo -> Lenovo Group Ltd.)
Task: {AF67099D-2730-4643-B1A3-0D0D00D82B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B47D793C-03C6-4FA9-9F51-D9D3685F7A70} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe (Lenovo -> )
Task: {B67C9D04-3A70-4665-BEB8-B9ECB8C4034E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {C0495035-BC6D-4110-8424-1FCA04179F46} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C198A03A-590F-4266-931A-52B575E97957} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {C2CDD96B-C09C-41EC-9DBD-99DCAEDE3827} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C4DCE1D1-AB8F-4ADF-8AC7-4C8BD7277AD3} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {C9EB7FC4-A6E9-4963-8933-24FB9E7D870C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CA586188-1EDF-46F4-9F7B-5423900D9699} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF97F0B-630E-4055-9AA6-9CE46B972257} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\76c1a2bd-22aa-4c85-aebf-0432e7f0cc24 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo Group Ltd.)
Task: {D83CFCAC-D4ED-428C-9CEC-F58DFD2283A2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FA389E48-A4F9-40A6-848A-9695F13F2C2D} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (Lenovo -> Lenovo)
Task: {FC2A6D64-BC33-43C6-BF89-21D5E51471EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Play Música.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2018-07-23 11:23 - 2018-07-23 11:23 - 001055250 _____ (Fortinet Inc.) [File not signed] C:\Program Files\Fortinet\FortiClient\utilsdll.dll
2018-07-23 10:56 - 2018-07-23 10:56 - 001672704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Fortinet\FortiClient\LIBEAY32.dll
2019-03-06 08:57 - 2019-03-06 08:57 - 000060928 _____ (Conexant Systems, Inc.) [File not signed] C:\WINDOWS\system32\SyUIUExtSvc.exe
2018-07-23 10:56 - 2018-07-23 10:56 - 000355328 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Fortinet\FortiClient\SSLEAY32.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-05 09:43 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-08 16:02 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2019-03-15 11:56 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 08:47 - 2019-04-09 11:57 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 200.49.130.47 - 200.42.4.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
0 me gusta

#16

FRST 3

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Check Point VPN"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0B71C01-EA4D-4627-8299-82BB5E4F3A78}] => (Allow) C:\Program Files\Fortinet\FortiClient\ipsec.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{E4DF4ABB-3517-4D3C-8F0F-6EFC3B684C98}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortiesnac.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{F05DAED5-3D9C-43F9-A669-77AC71EA5E17}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortifws.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{32DCE1A8-CA84-43B4-856F-07C5EF9CB8DB}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{31D23E8E-8997-458A-B545-A265DA79FC8B}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [TCP Query User{8799CECB-451C-4B91-8012-EBB8B93968B6}C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{264FE776-B72C-4E8C-B4FB-2A8FE801E070}C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{01CF4960-B6D7-42B8-A18A-5CDDCD0895F7}] => (Block) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{F67CCABB-623A-441F-9145-964F9686E664}] => (Block) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{6B4266F2-8D62-4060-BCF5-D31E23748B0A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{C14C9EA7-3C28-4A97-B3BE-A2FCBB91E14A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB14ECD-5572-445C-AF65-90FFA1F52540}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{50F62FEF-D781-4CF7-8C5D-AF88DDE11531}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13EE5BC-555A-41D1-8E56-8B202B9EE306}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2C02DC56-4DDA-4D86-A5E9-D8308F66DA4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1A2BB79F-B40A-48A9-A2EF-603FBBD90003}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{115CD4F3-A7D5-40A3-AC16-2D6C7B5A1457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3F18EA04-091E-4B1C-9395-456DCA553B89}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AA4C6F5-1030-4F98-8907-F6561CD930C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16188B3D-9805-4D17-91BA-E0DCD455C763}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{2265A079-0276-47EE-9B95-586B4F726E86}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{27BFCF43-EEC6-45D2-A886-5EAA7323E5A9}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File

==================== Restore Points =========================

26-03-2019 10:42:59 Punto de control programado
03-04-2019 10:31:03 Punto de control programado
10-04-2019 12:17:00 Windows Update
11-04-2019 08:36:19 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Fortinet SSL VPN Virtual Ethernet Adapter
Description: Fortinet SSL VPN Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Fortinet Inc.
Service: ftsvnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2019 08:46:21 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (12700,G,0) Al intentar abrir el archivo "C:\Users\sebas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/11/2019 08:33:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IntelTechnologyAccessService.exe, versión: 1.9.31.0, marca de tiempo: 0x5a97c61d
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xb9f4a0f1
Código de excepción: 0x40000015
Desplazamiento de errores: 0x000000000003a388
Identificador del proceso con errores: 0x1dc0
Hora de inicio de la aplicación con errores: 0x01d4f05a5bfe9814
Ruta de acceso de la aplicación con errores: C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: e71064de-6570-4bec-8360-f938a853ca9c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/09/2019 12:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: QlikSenseBrowser.exe, versión: 2.2.0.0, marca de tiempo: 0x5afab36a
Nombre del módulo con errores: MSVCR120.dll, versión: 12.0.21005.1, marca de tiempo: 0x524f83ff
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000003c3f9
Identificador del proceso con errores: 0x2fb0
Hora de inicio de la aplicación con errores: 0x01d4eeea699f8ce9
Ruta de acceso de la aplicación con errores: C:\Users\sebas\AppData\Local\Programs\Qlik\Sense\QlikSenseBrowser\QlikSenseBrowser.exe
Ruta de acceso del módulo con errores: C:\Users\sebas\AppData\Local\Programs\Qlik\Sense\QlikSenseBrowser\MSVCR120.dll
Identificador del informe: f16b8b34-c2ec-4f69-9045-f500017d0199
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/09/2019 12:39:25 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300

Error: (04/09/2019 12:39:24 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300

Error: (04/09/2019 12:06:13 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300

Error: (04/09/2019 12:06:12 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300

Error: (04/09/2019 12:00:52 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.


System errors:
=============
Error: (04/11/2019 08:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/11/2019 08:53:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/11/2019 08:53:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/11/2019 08:53:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/11/2019 08:53:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/11/2019 08:53:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (04/11/2019 08:53:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (04/11/2019 08:53:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\WINDOWS\system32\IntelWifiIhv06.dll


Windows Defender:
===================================
Date: 2019-04-10 12:14:56.279
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {CC94FF4A-8F59-48C5-A3C6-1B298F9E5FF1}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-04 11:15:37.531
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {3E17523D-DDA4-4EF0-9519-BF0264D594F4}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-03 09:10:22.647
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {145B1F07-31EE-47A3-8A5C-F2D4C48BAB9A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-01 09:31:35.441
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F1E87CB9-E497-4EA2-9B67-4A4F177C115D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-26 10:01:21.746
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {BC20FE02-0430-4854-93C2-EC484D23CB9E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-09 11:56:10.449
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-04-01 09:41:48.239
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.690.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2019-02-19 10:29:37.295
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.233.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-02-18 16:56:59.156
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.233.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7600U CPU @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 8026.55 MB
Available physical RAM: 4848.45 MB
Total Virtual: 12122.55 MB
Available Virtual: 9052.64 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:98.71 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:15 GB) (Free:1.01 GB) FAT32

\\?\Volume{0f07c70c-910c-430c-91a8-07e27f63403c}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{7ac682b8-a7cd-4152-8698-bf29682f9cf8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: E664590B)

Partition: GPT.

==================== End of Addition.txt ============================
0 me gusta

#17

Hola

Realiza los siguientes pasos sin cambiar el orden.

1.- Restablece la configuración de Chrome siguiendo los pasos que se indican aquí.

2.- Realiza un análisis personalizado con Malwarebytes.

3.- Analiza de nuevo con AdwCleaner.

Trae los reportes y comenta como sigue.

Un saludo

0 me gusta

#18

Hola Daniela… gracias por la paiencia!

Hice lo que me pediste, Malwarebytes no encontró nada. Al reiniciar (no me lo pidió, pero lo hice), antes de abrir chrome pase AdwCleaner y encontró lo mismo:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-12-2019
# Duration: 00:00:03
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       http://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2544 octets] - [10/05/2018 10:31:10]
AdwCleaner[C00].txt - [2483 octets] - [10/05/2018 11:37:26]
AdwCleaner[S01].txt - [2233 octets] - [12/03/2019 11:38:49]
AdwCleaner[C01].txt - [2217 octets] - [12/03/2019 11:39:48]
AdwCleaner[S02].txt - [1592 octets] - [04/04/2019 12:14:22]
AdwCleaner[C02].txt - [1758 octets] - [04/04/2019 12:14:40]
AdwCleaner[S03].txt - [1714 octets] - [05/04/2019 14:00:10]
AdwCleaner[S04].txt - [1775 octets] - [08/04/2019 16:11:31]
AdwCleaner[C04].txt - [1941 octets] - [08/04/2019 16:11:48]
AdwCleaner[S05].txt - [1798 octets] - [09/04/2019 11:59:25]
AdwCleaner[S06].txt - [1958 octets] - [09/04/2019 12:03:50]
AdwCleaner[S07].txt - [2019 octets] - [09/04/2019 12:34:03]
AdwCleaner[C07].txt - [2185 octets] - [09/04/2019 12:34:18]
AdwCleaner[S08].txt - [2141 octets] - [10/04/2019 15:38:52]
AdwCleaner[S09].txt - [2202 octets] - [11/04/2019 08:33:06]
AdwCleaner[C09].txt - [2368 octets] - [11/04/2019 08:33:19]
AdwCleaner[S10].txt - [2324 octets] - [11/04/2019 08:50:43]
AdwCleaner[C10].txt - [2490 octets] - [11/04/2019 08:53:01]
AdwCleaner[S11].txt - [2446 octets] - [12/04/2019 11:30:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C11].txt ##########

Limpié. Reinicié. Pasé de nuevo y no encontró nada. Abrí Chrome para redactar esta respuesta, lo pasé de nuevo y encontró esto:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-12-2019
# Duration: 00:00:07
# OS:       Windows 10 Pro
# Scanned:  27276
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.SweetPage.ShrtCln  http://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2544 octets] - [10/05/2018 10:31:10]
AdwCleaner[C00].txt - [2483 octets] - [10/05/2018 11:37:26]
AdwCleaner[S01].txt - [2233 octets] - [12/03/2019 11:38:49]
AdwCleaner[C01].txt - [2217 octets] - [12/03/2019 11:39:48]
AdwCleaner[S02].txt - [1592 octets] - [04/04/2019 12:14:22]
AdwCleaner[C02].txt - [1758 octets] - [04/04/2019 12:14:40]
AdwCleaner[S03].txt - [1714 octets] - [05/04/2019 14:00:10]
AdwCleaner[S04].txt - [1775 octets] - [08/04/2019 16:11:31]
AdwCleaner[C04].txt - [1941 octets] - [08/04/2019 16:11:48]
AdwCleaner[S05].txt - [1798 octets] - [09/04/2019 11:59:25]
AdwCleaner[S06].txt - [1958 octets] - [09/04/2019 12:03:50]
AdwCleaner[S07].txt - [2019 octets] - [09/04/2019 12:34:03]
AdwCleaner[C07].txt - [2185 octets] - [09/04/2019 12:34:18]
AdwCleaner[S08].txt - [2141 octets] - [10/04/2019 15:38:52]
AdwCleaner[S09].txt - [2202 octets] - [11/04/2019 08:33:06]
AdwCleaner[C09].txt - [2368 octets] - [11/04/2019 08:33:19]
AdwCleaner[S10].txt - [2324 octets] - [11/04/2019 08:50:43]
AdwCleaner[C10].txt - [2490 octets] - [11/04/2019 08:53:01]
AdwCleaner[S11].txt - [2446 octets] - [12/04/2019 11:30:21]
AdwCleaner[C11].txt - [2612 octets] - [12/04/2019 11:30:36]
AdwCleaner[S12].txt - [2469 octets] - [12/04/2019 11:32:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S13].txt ##########
0 me gusta

#19

Hola

Está duro de roer, pero no va a dar con nosotros :sunglasses:

Descarga, instala y ejecuta Revo Uninstaller

  • Desinstala Chrome. Elige el modo avanzado de desinstalación.

Si te indica en algún momento reiniciar, di que NO hasta que no haya terminado.

Después de reiniciar vuelve a ejecutar AdwCleaner.

No instales Chrome hasta que no te lo indique.

Nos comentas.

Un saludo

0 me gusta

#20

Perdón Dani, desde tu mensaje anterior instalé “Chromium”, un navegador con el mismo motor de Chrome que, ahora va muy fluído (quizás no se “infectó” todavía)… Desinstalo los dos?

0 me gusta