Detecciones recurrentes

#19

Hola

Está duro de roer, pero no va a dar con nosotros :sunglasses:

Descarga, instala y ejecuta Revo Uninstaller

  • Desinstala Chrome. Elige el modo avanzado de desinstalación.

Si te indica en algún momento reiniciar, di que NO hasta que no haya terminado.

Después de reiniciar vuelve a ejecutar AdwCleaner.

No instales Chrome hasta que no te lo indique.

Nos comentas.

Un saludo

#20

Perdón Dani, desde tu mensaje anterior instalé “Chromium”, un navegador con el mismo motor de Chrome que, ahora va muy fluído (quizás no se “infectó” todavía)… Desinstalo los dos?

#21

Hola

Después de instalar Chromium has realizado análisis con AdwCleaner?

Lo que pretendemos es que AdwCleaner limpie y no vuelva a detectarlo más.

Un saludo

#22

Buenas! Perdón que no pude responderte rápido. Te paso el orden de lo que hice/pasó después de tu mensaje:

1- Pasé adwcleaner y no encontró nada (pero creo que antes lo había pasado y había encontrado y limpié), pero al ratito me salió la pantalla de MBAM (el instalado, me puse el trial) diciendo que encontró un monton de cosas, te paso:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/4/19
Hora del análisis: 10:31
Archivo de registro: a0e3a71c-5eb9-11e9-9d00-54e1ada7c644.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10156
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.706)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 301676
Amenazas detectadas: 8
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 min, 41 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 8
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, [253], [455237],1.0.10156
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, [237], [454790],1.0.10156
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sin acciones por parte del usuario, [237], [454790],1.0.10156
PUP.Optional.WinYahoo, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [237], [454790],1.0.10156
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sin acciones por parte del usuario, [253], [455237],1.0.10156
PUP.Optional.Linkury, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [253], [455237],1.0.10156
PUP.Optional.Spigot, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sin acciones por parte del usuario, [165], [454814],1.0.10156
PUP.Optional.Spigot, C:\USERS\SEBAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sin acciones por parte del usuario, [165], [454814],1.0.10156

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

2- Instalo y abro REVO. Quito Chrome, puse análisis profundo, quito del registro y carpetas. Reinicio. 3- Busco Chromium y no lo encuentro. El programa está, pero REVO no lo encuentra, tampoco en el menú inicio. Entro al acceso directo y veo que apunta a “C:\Users\sebas\Downloads\chromium\chrome-win\chrome.exe --profile-directory=Default”, así que quizás sea una especie de “portable”, no sé… 4- Reinicio, abro Edge para escribir esta respuesta, paso adwcleaner y no encuentra nada. 5- Por las dudas abro la pc de mi casa (recientemente formateada desde cero, con poco uso frecuente y muy “limpia” en cuanto a instalaciones) donde también tenía Chrome asociado a los mismos emails, paso el adwcleaner y encuentra PUP.Optional.SweetPage.ShrtCln Te lo comento por que quizás te sirva, puede ser que tenga algo en el perfil de mi cuenta de Google?

Cómo sigo? Gracias!!!

#23

Hola

No te preocupes por la tardanza, no hay problema :+1:

No tenías ya instalado Malwarebytes anteriormente? Lo desinstalaste y has vuelto a descargarlo? :roll_eyes:

En el reporte pone que no se tomaron acciones, tienes que mandar todo a cuarentena.

Desvincula y elimina el usuario del otro equipo, reinicias el navegador y realiza un análisis con AdwCleaner. No lo vuelvas a vincular/sincronizar de momento.

Realiza los siguientes pasos sin cambiar el orden:

1.- Desinstala Malwarebytes como se indica en este manual

2.- Abre DelFix y realiza lo siguiente:

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marca todas las casillas, y pulsas en Run

3.- Vuelve a analizar con FRST como te indiqué aquí, tendrás que volver a descargar Frst ya que se va a eliminar cuando utilices DelFix.

4.- No instales nada, navegadores ni los programas que hemos desinstalado hasta que no te lo indique.

Trae los reportes de FRST y comenta si sigue detectando AdwCleaner en el otro equipo después de eliminar el usuario.

Un saludo

#24

No, ya lo tenía instalado e hizo el análisis rutinario, guardé el informe cuando se generó y ese es el que te mandé, después sí puse a todos en cuarentena.

Te paso los reportes

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by sebas (administrator) on SEBAS-NB (14-04-2019 12:44:13)
Running from C:\Users\sebas\Desktop
Loaded Profiles: sebas (Available Profiles: defaultuser0 & sebas)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: Español (España, internacional)
Default browser not detected!
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxCUIService.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\IntelCpHDCPSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Conexant Systems, Inc.) [File not signed] C:\Windows\System32\SyUIUExtSvc.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxEM.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\IntelCpHeciSvc.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(Intel(R) Online Connect -> Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\tphkload.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\tposd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\shtctky.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\30.1.36.2348\crashpad_handler.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Notepad++ -> Don HO [email protected]) C:\Program Files (x86)\Notepad++\notepad++.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Intel(R) Software Asset Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [ 2019-03-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [ [ 2019-03-14] (Microsoft Windows -> Microsoft Corporation) 2019-03-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe [35780392 2019-03-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.42.4.210 200.49.130.40
Tcpip\..\Interfaces\{7a51fa6d-d6a8-4128-9202-566f9c08ba7c}: [DhcpNameServer] 192.168.0.20 8.8.8.8
Tcpip\..\Interfaces\{f805b96d-d573-44b5-b852-976c5d54e0d2}: [DhcpNameServer] 200.42.4.210 200.49.130.40

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll [2017-06-22] (QlikTech International AB -> QlikTech AB)
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll [2017-06-22] (QlikTech International AB -> QlikTech AB)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\sebas\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-03-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-12-19] (Intel(R) Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-04-02] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [181584 2019-01-25] (Conexant Systems LLC -> Conexant Systems, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [291608 2017-09-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [145296 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71336 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [575216 2018-02-23] (Intel(R) Online Connect -> Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [306928 2018-02-23] (Intel(R) Online Connect -> Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [395000 2018-03-01] (Intel(R) Online Connect Access -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2351504 2018-11-06] (Lenovo -> Lenovo Group Limited)
S2 LENOVO.DPRSVC; C:\Program Files (x86)\Lenovo\DPR\LENOVO.DPRSVC.EXE [1109608 2016-12-28] (Lenovo -> Lenovo, Japan, Ltd.)
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892760 2018-12-25] (Lenovo -> Lenovo.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416576 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268328 2018-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SyUIUExtSvc; C:\WINDOWS\system32\SyUIUExtSvc.exe [60928 2019-03-06] (Conexant Systems, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2308800 2018-09-06] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_c7fd03342aa4d253\driver\TPHKLOAD.exe [425360 2019-02-27] (Lenovo -> Lenovo Group Limited)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [5697304 2017-11-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [76520 2017-10-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [110488 2014-12-02] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [27544 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [47000 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [159008 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiShield; C:\WINDOWS\System32\drivers\FortiShield.sys [83232 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [122144 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [66600 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2018-07-23] (Fortinet Technologies -> Fortinet Inc)
R1 googledrivefs2622; C:\WINDOWS\System32\DRIVERS\googledrivefs2622.sys [122920 2019-01-17] (Google LLC -> Google, Inc.)
S3 HPFXBULKLEDM; C:\WINDOWS\system32\drivers\hppdbulkio.sys [30752 2016-01-06] (Hewlett-Packard Company -> Hewlett Packard)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [51256 2018-03-01] (Intel(R) Online Connect Access -> Intel Corporation)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8822392 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [40144 2016-09-28] (NXP Semiconductors India Pvt Ltd. -> Nfc GPIO Driver)
S3 nhi; C:\WINDOWS\System32\drivers\tbt100x.sys [138336 2018-10-08] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [44160 2018-12-25] (Lenovo -> Lenovo.)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2019-01-08] (PAIPTAC  Driver -> )
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [957880 2019-01-30] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [532816 2018-07-19] (Realtek Semiconductor Corp. -> Realtek Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45096 2018-07-09] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [46120 2018-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [206104 2014-12-02] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SynaMetSMI; C:\WINDOWS\System32\drivers\SynaSmi.sys [39184 2018-07-24] (Synaptics Inc. -> Windows (R) Win 7 DDK provider)
S3 t_mouse.sys; C:\WINDOWS\System32\drivers\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 usbaud; C:\WINDOWS\system32\DRIVERS\usbaud64.sys [92528 2019-03-06] (Conexant Systems LLC -> Synaptics Inc.)
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare Technology Co.,Ltd -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-14 12:44 - 2019-04-14 12:45 - 000024811 _____ C:\Users\sebas\Desktop\FRST.txt
2019-04-14 12:44 - 2019-04-14 12:44 - 001388432 _____ C:\Users\Public\VOIP.dat
2019-04-14 12:44 - 2019-04-14 12:44 - 000000000 ____D C:\FRST
2019-04-14 12:42 - 2019-04-14 12:42 - 002434048 _____ (Farbar) C:\Users\sebas\Desktop\FRST64.exe
2019-04-14 12:40 - 2019-04-14 12:40 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-04-14 12:38 - 2019-04-14 12:38 - 000001910 _____ C:\Users\sebas\Desktop\mb-clean-results.txt
2019-04-14 12:36 - 2019-04-14 12:36 - 000858912 _____ (Malwarebytes) C:\Users\sebas\Desktop\mb-clean-3.1.0.1035.exe
2019-04-14 10:43 - 2019-04-14 10:43 - 000002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-04-14 10:43 - 2019-04-14 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-04-14 10:37 - 2019-04-14 10:37 - 000002830 _____ C:\Users\sebas\Desktop\MBAM 14_4_19 antes de desinstalar chrome.txt
2019-04-14 10:35 - 2019-04-14 10:35 - 000001046 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-04-14 10:35 - 2019-04-14 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-04-14 10:35 - 2019-04-14 10:35 - 000000000 ____D C:\Program Files\VS Revo Group
2019-04-14 10:34 - 2019-04-14 10:34 - 007127416 _____ (VS Revo Group ) C:\Users\sebas\Desktop\revosetup.exe
2019-04-12 12:08 - 2019-04-12 12:08 - 000402069 _____ C:\Users\sebas\Documents\bookmarks_12_4_19.html
2019-04-12 12:06 - 2019-04-12 12:06 - 000000000 ____D C:\Users\sebas\Downloads\chromium
2019-04-12 12:06 - 2019-04-12 12:06 - 000000000 ____D C:\Users\sebas\AppData\Local\Chromium
2019-04-12 12:05 - 2019-04-12 12:05 - 151769746 _____ C:\Users\sebas\Downloads\chromium.zip
2019-04-11 08:49 - 2019-04-14 12:38 - 000003700 _____ C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task
2019-04-11 08:48 - 2019-04-11 08:48 - 000006242 _____ C:\Users\sebas\Documents\cc_20190411_084800.reg
2019-04-11 08:45 - 2019-04-11 08:45 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-11 08:45 - 2019-04-11 08:45 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-11 08:45 - 2019-04-11 08:45 - 000000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-11 08:45 - 2019-04-11 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-11 08:45 - 2019-04-11 08:45 - 000000000 ____D C:\Program Files\CCleaner
2019-04-11 08:44 - 2019-04-11 08:44 - 021205512 _____ (Piriform Software Ltd) C:\Users\sebas\Desktop\ccsetup555.exe
2019-04-10 14:42 - 2019-04-10 14:42 - 000001560 _____ C:\Users\sebas\Documents\ESET 10_4_19.txt
2019-04-10 12:19 - 2019-04-02 09:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 12:19 - 2019-04-02 09:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 12:19 - 2019-04-02 09:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 12:19 - 2019-04-02 09:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 12:19 - 2019-04-02 09:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 12:19 - 2019-04-02 09:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 12:19 - 2019-04-02 09:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 12:19 - 2019-04-02 09:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 12:19 - 2019-04-02 09:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 12:19 - 2019-04-02 09:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 12:19 - 2019-04-02 09:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 12:19 - 2019-04-02 09:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 12:19 - 2019-04-02 09:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 12:19 - 2019-04-02 09:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 12:19 - 2019-04-02 09:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 12:19 - 2019-04-02 09:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 12:19 - 2019-04-02 06:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 12:19 - 2019-04-02 06:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 12:19 - 2019-04-02 06:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 12:19 - 2019-04-02 06:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 12:19 - 2019-04-02 06:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 12:19 - 2019-04-02 06:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 12:19 - 2019-04-02 06:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 12:19 - 2019-04-02 06:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 12:19 - 2019-04-02 06:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 12:19 - 2019-04-02 05:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 12:19 - 2019-04-02 05:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 12:19 - 2019-04-02 05:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 12:19 - 2019-04-02 05:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 12:19 - 2019-04-02 05:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 12:19 - 2019-04-02 05:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 12:19 - 2019-04-02 05:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 12:19 - 2019-04-02 05:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 12:19 - 2019-04-02 05:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 12:19 - 2019-04-02 05:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 12:19 - 2019-04-02 05:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 12:19 - 2019-04-02 05:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 12:19 - 2019-04-02 05:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 12:19 - 2019-04-02 05:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 12:19 - 2019-04-02 05:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 12:19 - 2019-04-02 05:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 12:19 - 2019-04-02 05:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 12:19 - 2019-04-02 04:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 12:19 - 2019-04-02 04:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 12:19 - 2019-04-02 04:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 12:19 - 2019-04-02 04:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 12:19 - 2019-04-02 04:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 12:19 - 2019-04-02 04:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 12:19 - 2019-04-02 04:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 12:19 - 2019-04-02 04:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 12:19 - 2019-04-02 04:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 12:19 - 2019-04-02 04:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 12:19 - 2019-04-02 04:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 12:19 - 2019-04-02 04:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 12:19 - 2019-04-02 04:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 12:19 - 2019-04-02 04:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 12:19 - 2019-04-02 04:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 12:19 - 2019-04-02 04:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 12:19 - 2019-04-02 04:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 12:19 - 2019-04-02 04:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 12:19 - 2019-04-02 03:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 12:19 - 2019-04-02 02:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 12:19 - 2019-04-02 02:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 12:19 - 2019-04-02 01:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 12:19 - 2019-04-02 01:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 12:19 - 2019-04-02 01:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 12:19 - 2019-04-02 01:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 12:19 - 2019-04-02 01:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 12:19 - 2019-04-02 01:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 12:19 - 2019-04-02 01:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 12:19 - 2019-04-02 01:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 12:19 - 2019-04-02 01:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 12:19 - 2019-04-02 01:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 12:19 - 2019-04-02 01:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 12:19 - 2019-03-16 09:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 12:19 - 2019-03-16 06:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 12:19 - 2019-03-14 11:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 12:19 - 2019-03-14 11:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 12:19 - 2019-03-14 11:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 12:19 - 2019-03-14 11:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 12:19 - 2019-03-14 11:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 12:19 - 2019-03-14 11:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 12:19 - 2019-03-14 11:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 12:19 - 2019-03-14 11:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 12:19 - 2019-03-14 11:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 12:19 - 2019-03-14 11:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 12:19 - 2019-03-14 11:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 12:19 - 2019-03-14 11:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 12:19 - 2019-03-14 11:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 12:19 - 2019-03-14 11:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 12:19 - 2019-03-14 11:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 12:19 - 2019-03-14 11:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 12:19 - 2019-03-14 11:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 12:19 - 2019-03-14 11:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 12:19 - 2019-03-14 10:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 12:19 - 2019-03-14 10:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 12:19 - 2019-03-14 10:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 12:19 - 2019-03-14 10:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 12:19 - 2019-03-14 10:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 12:19 - 2019-03-14 10:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 12:19 - 2019-03-14 05:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 12:19 - 2019-03-14 05:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 12:19 - 2019-03-14 05:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 12:19 - 2019-03-14 05:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 12:19 - 2019-03-14 05:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 12:19 - 2019-03-14 05:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 12:19 - 2019-03-14 05:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 12:19 - 2019-03-14 05:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 12:19 - 2019-03-14 05:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 12:19 - 2019-03-14 05:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 12:19 - 2019-03-14 05:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 12:19 - 2019-03-14 05:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 12:19 - 2019-03-14 05:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 12:19 - 2019-03-14 05:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 12:19 - 2019-03-14 05:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 12:19 - 2019-03-14 05:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 12:19 - 2019-03-14 05:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 12:19 - 2019-03-14 05:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 12:19 - 2019-03-14 05:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 12:19 - 2019-03-14 05:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 12:19 - 2019-03-14 05:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 12:19 - 2019-03-14 05:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 12:19 - 2019-03-14 05:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 12:19 - 2019-03-14 05:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 12:19 - 2019-03-14 05:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 12:19 - 2019-03-14 05:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 12:19 - 2019-03-14 05:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 12:19 - 2019-03-14 05:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 12:19 - 2019-03-14 05:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 12:19 - 2019-03-14 05:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 12:19 - 2019-03-14 05:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 12:19 - 2019-03-14 05:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 12:19 - 2019-03-14 04:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 12:19 - 2019-03-14 04:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 12:19 - 2019-03-14 04:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 12:19 - 2019-03-14 04:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 12:19 - 2019-03-14 04:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 12:19 - 2019-03-14 04:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 12:19 - 2019-03-14 04:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 12:19 - 2019-03-14 04:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 12:19 - 2019-03-14 04:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 12:19 - 2019-03-14 04:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 12:19 - 2019-03-14 04:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 12:19 - 2019-03-14 04:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 12:19 - 2019-03-14 04:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 12:19 - 2019-03-14 04:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 12:19 - 2019-03-14 04:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 12:19 - 2019-03-14 04:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 12:19 - 2019-03-14 04:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 12:19 - 2019-03-14 04:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 12:19 - 2019-03-14 04:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 12:19 - 2019-03-14 04:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 12:19 - 2019-03-14 04:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 12:19 - 2019-03-14 04:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 12:19 - 2019-03-13 22:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-10 09:36 - 2019-04-10 09:36 - 000000000 ____D C:\Users\sebas\AppData\Local\ESET
2019-04-10 09:34 - 2019-04-10 09:35 - 007665272 _____ (ESET spol. s r.o.) C:\Users\sebas\Desktop\esetonlinescanner_esn.exe
2019-04-09 15:45 - 2019-04-09 15:45 - 002675746 _____ C:\Users\sebas\Downloads\Qlik Specialization Program Step-by-step instructions.pdf
2019-04-09 15:45 - 2019-04-09 15:45 - 000348853 _____ C:\Users\sebas\Downloads\Qlik Specialization Program Guide.pdf
2019-04-09 12:17 - 2019-04-09 12:17 - 000074874 _____ C:\Users\sebas\Downloads\Rentab_12.pdf
2019-04-09 12:06 - 2019-04-09 12:06 - 000020535 _____ C:\Users\sebas\Downloads\Rentab_7.pdf
2019-04-09 11:54 - 2019-03-06 09:17 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-04-09 11:54 - 2019-03-06 09:17 - 000130216 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-04-09 11:54 - 2019-03-06 09:17 - 000097960 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-04-09 11:54 - 2019-03-06 09:17 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-04-09 11:46 - 2019-04-14 12:40 - 000001294 _____ C:\DelFix.txt
2019-04-09 11:46 - 2019-04-09 11:46 - 000000000 ____D C:\WINDOWS\ERUNT
2019-04-09 09:48 - 2019-04-09 09:48 - 000035056 _____ C:\Users\sebas\Downloads\Libro1.xlsx
2019-04-08 16:17 - 2019-04-08 16:17 - 000000282 _____ C:\Users\sebas\Documents\cc_20190408_161713.reg
2019-04-08 16:16 - 2019-04-08 16:16 - 000157838 _____ C:\Users\sebas\Documents\cc_20190408_161623.reg
2019-04-08 16:16 - 2019-04-08 16:16 - 000009810 _____ C:\Users\sebas\Documents\cc_20190408_161650.reg
2019-04-08 16:05 - 2019-04-09 09:27 - 000006546 _____ C:\Users\sebas\Documents\Virus 8_4_19.txt
2019-04-08 16:00 - 2019-04-08 16:00 - 062632672 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe
2019-04-08 12:40 - 2019-04-08 12:40 - 000646932 _____ C:\Users\sebas\Downloads\tcmenu-1.4.0_214-trial.zip
2019-04-05 15:50 - 2019-04-05 15:50 - 000043008 _____ C:\Users\sebas\Downloads\Plan de Compra CSL 2019-04-01.xlsx
2019-04-05 14:47 - 2019-04-05 14:47 - 000695550 _____ C:\Users\sebas\Downloads\Qlik - Requerimientos.pptx
2019-04-05 09:44 - 2019-04-05 09:44 - 000000000 ____D C:\Users\sebas\AppData\Local\mbam
2019-04-05 09:43 - 2019-04-14 12:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Users\sebas\AppData\Local\mbamtray
2019-04-05 09:41 - 2019-04-05 09:42 - 062618552 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
2019-04-05 09:41 - 2019-04-05 09:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\sebas\Downloads\iExplore.exe
2019-04-04 11:38 - 2019-04-04 11:38 - 000073499 _____ C:\Users\sebas\Downloads\QlikGeoAnalyticsServerRequirements.pdf
2019-04-03 16:00 - 2019-04-03 02:26 - 000382857 _____ C:\Users\sebas\Desktop\B_D_Presupuesto.qvd
2019-04-03 12:07 - 2019-04-03 12:07 - 000072565 _____ C:\Users\sebas\Downloads\Comprobante de transferencia (1).pdf
2019-04-01 14:44 - 2019-04-01 14:44 - 000070763 _____ C:\Users\sebas\Downloads\Comprobante de transferencia.pdf
2019-03-27 15:17 - 2019-03-27 15:17 - 000083060 _____ C:\Users\sebas\Documents\Schedule(Recuperado automáticamente).xlsx
2019-03-26 12:20 - 2019-03-26 11:31 - 022735360 _____ C:\Users\sebas\Desktop\Comercial.qvw
2019-03-26 12:20 - 2019-03-26 11:31 - 000147712 _____ C:\Users\sebas\Desktop\QVI.qvw
2019-03-26 11:30 - 2019-03-26 11:30 - 024177370 _____ C:\Users\sebas\Downloads\recomparativoqlikviewvs_qliksense.zip
2019-03-26 09:37 - 2016-12-06 15:55 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2019-03-26 09:37 - 2016-12-06 15:55 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\SASrv.exe
2019-03-26 09:37 - 2016-10-27 15:54 - 000004664 _____ C:\WINDOWS\system32\Drivers\CxSfPt.dat
2019-03-26 09:36 - 2019-03-26 09:36 - 000000000 ____D C:\ProgramData\Dolby
2019-03-26 09:36 - 2015-09-16 16:10 - 000225624 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2019-03-26 09:33 - 2018-09-18 06:01 - 004944208 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A217.DLL
2019-03-22 11:06 - 2019-03-22 11:12 - 000000000 ____D C:\Users\sebas\AppData\Roaming\webex
2019-03-22 11:01 - 2019-03-22 11:04 - 000000000 ____D C:\Users\sebas\AppData\Local\WebEx
2019-03-22 11:01 - 2019-03-22 11:01 - 001685192 _____ (Cisco Webex LLC) C:\Users\sebas\Downloads\Cisco_WebEx_Add-On.exe
2019-03-22 11:01 - 2019-03-22 11:01 - 000000000 ____D C:\Users\sebas\AppData\Roaming\Mozilla
2019-03-22 10:11 - 2019-03-22 10:12 - 055159887 _____ C:\Users\sebas\Downloads\WhatsApp Video 2019-03-21 at 17.59.10.mp4
2019-03-19 17:58 - 2019-03-19 17:58 - 000018238 _____ C:\Users\sebas\Downloads\33a2b155-529c-4c8f-9511-6df6478b461f.xlsx
2019-03-19 17:57 - 2019-03-19 17:57 - 000005732 _____ C:\Users\sebas\Downloads\f6c261c7-41e7-4a51-8608-d3ff6c4e387d.xlsx
2019-03-19 12:53 - 2019-03-19 12:53 - 000000183 _____ C:\Users\sebas\Documents\new 2.txt
2019-03-19 09:30 - 2019-03-19 09:30 - 000014848 _____ C:\Users\sebas\Downloads\Migracion_de_facturas_proveedores_093000_45210dbb91ff2ea1.xls
2019-03-19 09:16 - 2019-03-19 09:16 - 000028879 _____ C:\Users\sebas\Documents\migracion-facturas-compra.xlsx
2019-03-19 09:05 - 2019-03-19 09:05 - 000050176 _____ C:\Users\sebas\Downloads\migracion-facturas-compra (1).xls
2019-03-19 09:05 - 2019-03-19 09:05 - 000012550 _____ C:\Users\sebas\Downloads\Listado_Facturas_a_20190319090512AM.xls
2019-03-19 08:44 - 2019-03-19 08:44 - 000003194 _____ C:\Users\sebas\Downloads\DetalleMovimiento19032019.xls
2019-03-19 08:34 - 2019-03-19 08:34 - 000224768 _____ C:\Users\sebas\Downloads\Reporte_diario_general_083454_45210dbb91ff2ea1.xls
2019-03-19 08:22 - 2019-03-19 08:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-03-19 08:21 - 2019-03-19 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Thunderbolt™
2019-03-18 12:44 - 2019-03-18 12:44 - 000041435 _____ C:\Users\sebas\Downloads\Listado proveedores 180319.xlsx
2019-03-18 12:43 - 2019-03-18 12:43 - 000024897 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.xlsx
2019-03-18 12:42 - 2019-03-18 12:42 - 000748981 _____ C:\Users\sebas\Downloads\Listado proveedores 170319.rar
2019-03-18 12:42 - 2019-03-18 12:42 - 000688690 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.rar
2019-03-18 12:38 - 2019-03-18 12:38 - 000867661 _____ C:\Users\sebas\Downloads\Listado proveedores 170319.numbers
2019-03-18 12:38 - 2019-03-18 12:38 - 000811628 _____ C:\Users\sebas\Downloads\PRACTICAS 180319.numbers
2019-03-18 11:27 - 2019-03-18 11:27 - 000225302 _____ C:\Users\sebas\Downloads\DS-Advanced-Analytics-Integration-Data-Sheet-EN.pdf
2019-03-18 09:52 - 2019-03-18 09:52 - 000069096 _____ C:\Users\sebas\Downloads\Comprobante de transferencia programada (1).pdf
2019-03-18 09:51 - 2019-03-18 09:51 - 000069041 _____ C:\Users\sebas\Downloads\f93921db-9b0d-44bd-93a8-02c25af73564.pdf
2019-03-18 09:51 - 2019-03-18 09:51 - 000069041 _____ C:\Users\sebas\Downloads\Comprobante de transferencia programada.pdf
2019-03-18 09:47 - 2019-03-18 09:47 - 000071322 _____ C:\Users\sebas\Downloads\19f12b0b-65f1-473b-8f26-c44ece56643b.pdf
2019-03-15 15:45 - 2019-03-15 15:45 - 000558263 _____ C:\Users\sebas\Downloads\Comprobante_Modificacion_Limite_Debito_15499040.pdf

==================== One month (modified) ========
#25
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-14 12:43 - 2018-08-26 15:27 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-14 12:43 - 2018-08-26 11:08 - 000782460 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-14 12:43 - 2018-08-26 11:08 - 000152236 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-14 12:43 - 2018-08-26 11:04 - 000000000 ____D C:\WINDOWS\INF
2019-04-14 12:39 - 2018-12-04 10:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-14 12:39 - 2017-07-22 00:24 - 000000000 __SHD C:\Users\sebas\IntelGraphicsProfiles
2019-04-14 12:38 - 2018-08-26 15:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-14 12:38 - 2018-08-26 15:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2019-04-14 12:38 - 2018-08-26 11:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-14 12:38 - 2018-08-26 11:02 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-14 12:37 - 2018-08-26 16:25 - 000000000 ____D C:\Users\sebas\AppData\Roaming\FortiClient
2019-04-14 12:36 - 2018-08-26 11:05 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-14 12:33 - 2018-08-26 15:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-14 10:41 - 2017-05-05 07:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-14 10:38 - 2018-08-26 15:24 - 000000000 ____D C:\Users\sebas\AppData\Local\Google
2019-04-14 10:38 - 2018-08-26 15:24 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-14 10:33 - 2018-09-04 07:54 - 000004206 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{80C6BEB5-FFE7-4DD9-BC20-2B4A4D0EFBAD}
2019-04-12 15:00 - 2019-02-04 09:41 - 000002248 ____H C:\Users\sebas\Documents\Default.rdp
2019-04-12 11:29 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-12 08:41 - 2018-08-26 11:05 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-11 08:46 - 2019-03-02 10:44 - 000000000 ____D C:\Users\sebas\AppData\Local\CrashDumps
2019-04-10 14:46 - 2018-08-26 15:14 - 000410904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 14:45 - 2018-08-26 11:05 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-10 12:21 - 2018-08-26 11:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-10 12:18 - 2018-08-26 22:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 12:17 - 2018-08-26 22:50 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-10 10:30 - 2019-02-11 13:48 - 000000000 ____D C:\Users\sebas\Documents\hirens-bootcd-15-2-es-en-win
2019-04-09 15:08 - 2018-08-30 14:56 - 000000504 __RSH C:\ProgramData\ntuser.pol
2019-04-09 15:06 - 2018-08-26 11:05 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-04-09 11:57 - 2019-02-18 09:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-09 11:57 - 2017-10-31 18:07 - 000000000 ____D C:\Users\sebas\AppData\LocalLow\Temp
2019-04-09 10:31 - 2018-08-26 15:21 - 000000000 ____D C:\Users\sebas\AppData\Local\Packages
2019-04-08 16:29 - 2018-08-26 15:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-08 16:15 - 2018-12-04 10:07 - 000000000 ____D C:\Users\sebas\AppData\Roaming\TeamViewer
2019-04-08 16:15 - 2018-08-26 11:13 - 000000000 ____D C:\WINDOWS\Panther
2019-04-08 16:15 - 2018-08-26 11:05 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-08 16:14 - 2019-02-18 09:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-05 11:18 - 2018-11-16 08:45 - 000000000 ____D C:\Program Files\rempl
2019-04-05 09:17 - 2018-08-26 15:49 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2019-04-01 14:51 - 2018-08-26 11:07 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 14:51 - 2018-08-26 11:07 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-01 09:59 - 2018-08-26 15:25 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1391593998-1406418587-2262156805-1001
2019-04-01 09:59 - 2018-08-26 15:19 - 000002374 _____ C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-01 09:59 - 2017-07-22 08:57 - 000000000 ___RD C:\Users\sebas\OneDrive
2019-03-28 20:23 - 2017-08-01 16:40 - 000000000 ____D C:\Users\sebas\Documents\Plantillas personalizadas de Office
2019-03-28 16:36 - 2018-08-26 15:24 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 16:36 - 2018-08-26 15:24 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-26 11:20 - 2017-07-26 17:41 - 000000000 ____D C:\Users\sebas\Documents\Clientes
2019-03-26 09:36 - 2018-08-26 15:15 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2019-03-26 09:33 - 2018-08-26 15:15 - 000000000 ____D C:\ProgramData\UIU
2019-03-26 09:33 - 2018-08-26 15:15 - 000000000 ____D C:\ProgramData\Conexant
2019-03-22 11:12 - 2018-05-30 14:40 - 000000000 ____D C:\Users\sebas\AppData\LocalLow\WebEx
2019-03-22 11:06 - 2018-05-30 14:41 - 000000000 __SHD C:\Users\sebas\Documents\cache
2019-03-19 09:22 - 2017-07-29 13:56 - 000000000 ____D C:\Users\sebas\Documents\ERA
2019-03-19 08:22 - 2018-08-26 15:33 - 000005826 _____ C:\WINDOWS\system32\tbt_log.txt
2019-03-19 08:21 - 2017-05-05 07:33 - 000000000 ____D C:\Program Files (x86)\Intel
2019-03-15 12:14 - 2019-03-14 13:09 - 000268288 _____ C:\Users\sebas\Downloads\sh_ipc_02_19.xls

==================== Files in the root of some directories =======

2019-04-14 12:44 - 2019-04-14 12:44 - 001388432 _____ () C:\Users\Public\VOIP.dat
2018-12-20 11:10 - 2018-12-20 11:10 - 000003519 _____ () C:\Users\sebas\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 15:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by sebas (14-04-2019 12:46:06)
Running from C:\Users\sebas\Desktop
Windows 10 Pro Version 1803 17134.706 (X64) (2018-08-26 18:21:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1391593998-1406418587-2262156805-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1391593998-1406418587-2262156805-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1391593998-1406418587-2262156805-1000 - Limited - Enabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-1391593998-1406418587-2262156805-501 - Limited - Disabled)
sebas (S-1-5-21-1391593998-1406418587-2262156805-1001 - Administrator - Enabled) => C:\Users\sebas
WDAGUtilityAccount (S-1-5-21-1391593998-1406418587-2262156805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alison-Desktop (HKLM-x32\...\{953D8225-3101-4007-B970-9AC9340C4EFA}) (Version: 1.1.7 - CertiSur)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Check Point VPN (HKLM-x32\...\{B3E35728-8603-484C-AE19-F73A47D733BE}) (Version: 98.60.3013 - Check Point Software Technologies Ltd.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EasyQlik QViewer 3.3.2 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\{ABD2573A-5004-4876-BFD5-32D41F489ACC}_is1) (Version: 3.3.2 - EasyQlik)
FortiClient (HKLM\...\{E1E1D751-6C0B-4697-88A4-052CABC12DD8}) (Version: 6.0.1.0099 - Fortinet Technologies Inc)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
Generic Conexant USB Audio driver for Docks and Adapters (HKLM-x32\...\usbaudiocd01ww_is1) (Version: 1.000.0 - Lenovo Group Limited)
GIMP 2.10.2 (HKLM\...\GIMP-2_is1) (Version: 2.10.2 - The GIMP Team)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 30.1.36.2348 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{15998D77-1F78-43EE-96D4-1067ECAA2412}) (Version: 3.5.2247 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6576 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Online Connect (HKLM-x32\...\{6b556278-d555-4d14-ac99-8ad600578a95}) (Version: 1.3.13.0 - Intel Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Hidden
Lenovo Dynamic Power Reduction Utility (HKLM-x32\...\{AE8B5056-56D3-4F92-B31B-BCE3430678EA}) (Version: 1.0.0.26 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.19 - Lenovo) Hidden
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 2.00.000 - Lenovo) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 10.4.137.0 - Microsoft Corporation)
Microsoft Office Hogar y Estudiantes 2016 - es-es (HKLM\...\HomeStudentRetail - es-es) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6965.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Prolific Backup (HKLM-x32\...\{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}) (Version: 3.9.2.00 - Prolific Technology Inc.)
Qlik Sense DemoApps (HKLM\...\{AFCEFE4E-2B4E-4F1B-BB2C-8FC7C3FD9763}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop (HKLM\...\{FB8999A7-A3C5-482B-B444-93F030008ABC}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop Connectors (HKLM\...\{1376C93C-0A5A-4BC9-906A-E41370D1A3AA}) (Version: 13.9.1 - QlikTech International AB) Hidden
Qlik Sense Desktop February 2019 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\{aaa3d233-8841-4ace-95e0-19fc2da9cea1}) (Version: 13.9.1 - QlikTech International AB)
Qlik Sense Extension Bundles (HKLM\...\{4D9F073B-CC60-4E5D-B117-D7ED7D20DBDF}) (Version: 13.9.1 - QlikTech International AB)
Qlik_WowMakerSetup (HKLM-x32\...\{8D8050E0-6193-4E7B-AE26-8C48213A7AD1}) (Version: 1.0.0 - Default Company Name)
QlikView x64 (HKLM\...\{BAB4187A-F349-497E-A151-79D1B274B936}) (Version: 11.20.13607.0 - QlikTech International AB)
QsDocumentAnalyzer version 1.5.0 (HKLM-x32\...\{75330F9E-2072-4618-950B-F5E108517A85}_is1) (Version: 1.5.0 - Panalytics, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17763.21311 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software Thunderbolt™ (HKLM-x32\...\{FBAB4EAA-497D-4B48-8484-D96CAE92C71A}) (Version: 17.4.78.500 - Intel Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
ThinkPad Thunderbolt 3 Dock USB Audio (HKLM\...\VID_17EF&PID_306A&MI_00) (Version: 1.31.38.31 - Conexant Systems)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.25.704.2018 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\...\WinDirStat) (Version:  - )
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1391593998-1406418587-2262156805-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131074.inf_amd64_6371bf46cc74b27d\igfxDTCM.dll [2019-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2018-07-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03855990-26CB-47E1-B000-DF83C5A111F4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe (Microsoft Corporation -> Microsoft)
Task: {03D51C3D-0570-492C-A48C-23C8118B2B4C} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {07A6E045-DE21-4D50-87FF-C2E9A2A72E76} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {085ECFF8-5907-4A04-AE8E-5C4C32D98E16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0A0555DA-A415-4D2E-8F80-64104F31961E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {0D97D7E6-BC8A-4E68-BC74-8686231E61BC} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {1A8CA60E-E84B-4E37-B4D1-0D95C8DE6C4D} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {21C2411B-6A2B-4913-974C-FFC80915DFE7} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {2853F98E-62BD-4D06-8A45-9B6B19CE535E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {28D19E93-8A14-401F-AFB1-4E9A22FE56CE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {33854499-F187-4284-A075-9CD0C632F198} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {39CF2905-EA58-4E6F-A5A3-590BC6948A39} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3EAC4787-BEE1-460F-9D46-8FF256B1380D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4E4F68FB-2986-4D80-A277-5D25FC617FC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {50CB119A-0557-4BDE-9CC8-E3AFF2487B23} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {53AE491A-0FFA-4298-9D45-4E0F98BCF39B} - System32\Tasks\Intel-IMSS => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
Task: {574B4EB7-5353-488D-A21C-3F5E5A69BF83} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\WINDOWS\System32\ibmpmsvc.exe (Lenovo -> Lenovo.)
Task: {57ECB303-6ABF-4585-81A4-FA64E2D09E8A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5A746FB9-EA8D-47E8-A9F0-73239BD9151F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {5B4E6365-797F-468F-A937-8B98B308B00D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {62BD9554-D831-49D8-852C-D81F9268F723} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {656932E6-EC72-4222-A453-0E479FC7749C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E005D67-E121-4A62-8258-B3E2C6C4C79D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eaf627b0-b9e0-4dcb-a92c-1b6b584b7a4f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo Group Ltd.)
Task: {6E49B566-100C-4B69-ACF3-83BC515CABAA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {783B6F9B-5103-4168-B031-BCF1FFDF138F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7B5C3D7E-E8F1-4359-A64D-FCE1E2E8AE7A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (Microsoft Corporation -> Microsoft)
Task: {8BE97563-C777-4332-9B07-BDB64F06DDC5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8EC2DC19-EDA8-4704-B589-147E4F45FB24} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A0E45552-C0A0-44A4-BE5B-485C8577F9A2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {A3839B7A-7FAB-4BBD-B351-1A2EA6E2D3E8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AA734323-4DE6-43EE-BACB-1943404586AA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe (Lenovo -> Lenovo Group Ltd.)
Task: {AF67099D-2730-4643-B1A3-0D0D00D82B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B47D793C-03C6-4FA9-9F51-D9D3685F7A70} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe (Lenovo -> )
Task: {B67C9D04-3A70-4665-BEB8-B9ECB8C4034E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {BA78C568-DEAD-4EC6-9889-2EB42DF43BB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C198A03A-590F-4266-931A-52B575E97957} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {C2CDD96B-C09C-41EC-9DBD-99DCAEDE3827} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C4DCE1D1-AB8F-4ADF-8AC7-4C8BD7277AD3} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {CA586188-1EDF-46F4-9F7B-5423900D9699} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF97F0B-630E-4055-9AA6-9CE46B972257} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\76c1a2bd-22aa-4c85-aebf-0432e7f0cc24 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo Group Ltd.)
Task: {D06415D5-72CE-468D-9495-91CE5C52006F} - System32\Tasks\Lenovo\Lenovo Platform Task => C:\WINDOWS\System32\LPlatSvc.exe (Lenovo -> Lenovo.)
Task: {D83CFCAC-D4ED-428C-9CEC-F58DFD2283A2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FA389E48-A4F9-40A6-848A-9695F13F2C2D} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (Lenovo -> Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\sebas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8530dce348f2dffa\Chromium.lnk -> C:\Users\sebas\Downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2018-07-23 11:23 - 2018-07-23 11:23 - 001055250 _____ (Fortinet Inc.) [File not signed] C:\Program Files\Fortinet\FortiClient\utilsdll.dll
2018-07-23 10:56 - 2018-07-23 10:56 - 001672704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Fortinet\FortiClient\LIBEAY32.dll
2019-03-06 08:57 - 2019-03-06 08:57 - 000060928 _____ (Conexant Systems, Inc.) [File not signed] C:\WINDOWS\system32\SyUIUExtSvc.exe
2018-07-23 10:56 - 2018-07-23 10:56 - 000355328 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Fortinet\FortiClient\SSLEAY32.dll
2019-04-11 12:55 - 2019-04-11 12:55 - 002364928 _____ (Conexant Systems, Inc) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SmartAudio\cd1b18e96e40ca9a18b4e51775b0d707\SmartAudio.ni.exe
2019-04-11 12:56 - 2019-04-11 12:56 - 000366080 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\45d29330ef355a508c4d00295182c79b\Interop.CxHDAudioAPILib.ni.dll
2019-04-11 12:56 - 2019-04-11 12:56 - 000019968 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\b609e48e03a2bf4b17f0a5802d7aafa6\Interop.CxUtilSvcLib.ni.dll
2019-03-15 11:56 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 08:47 - 2019-04-09 11:57 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sebas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 200.42.4.210 - 200.49.130.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Check Point VPN"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0B71C01-EA4D-4627-8299-82BB5E4F3A78}] => (Allow) C:\Program Files\Fortinet\FortiClient\ipsec.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{E4DF4ABB-3517-4D3C-8F0F-6EFC3B684C98}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortiesnac.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{F05DAED5-3D9C-43F9-A669-77AC71EA5E17}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortifws.exe (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
FirewallRules: [{32DCE1A8-CA84-43B4-856F-07C5EF9CB8DB}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{31D23E8E-8997-458A-B545-A265DA79FC8B}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [TCP Query User{8799CECB-451C-4B91-8012-EBB8B93968B6}C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{264FE776-B72C-4E8C-B4FB-2A8FE801E070}C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{01CF4960-B6D7-42B8-A18A-5CDDCD0895F7}] => (Block) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{F67CCABB-623A-441F-9145-964F9686E664}] => (Block) C:\users\sebas\appdata\local\programs\qlik\sense\node\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{6B4266F2-8D62-4060-BCF5-D31E23748B0A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{C14C9EA7-3C28-4A97-B3BE-A2FCBB91E14A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB14ECD-5572-445C-AF65-90FFA1F52540}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{50F62FEF-D781-4CF7-8C5D-AF88DDE11531}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13EE5BC-555A-41D1-8E56-8B202B9EE306}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2C02DC56-4DDA-4D86-A5E9-D8308F66DA4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1A2BB79F-B40A-48A9-A2EF-603FBBD90003}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{115CD4F3-A7D5-40A3-AC16-2D6C7B5A1457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3F18EA04-091E-4B1C-9395-456DCA553B89}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AA4C6F5-1030-4F98-8907-F6561CD930C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2265A079-0276-47EE-9B95-586B4F726E86}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{27BFCF43-EEC6-45D2-A886-5EAA7323E5A9}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File
FirewallRules: [TCP Query User{4A0B07DD-E747-4DCB-B565-4B234C17EEFE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe] => (Block) C:\users\sebas\downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{A7C691E0-9858-44E1-8BD0-77538D857BBE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe] => (Block) C:\users\sebas\downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) [File not signed]

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Fortinet SSL VPN Virtual Ethernet Adapter
Description: Fortinet SSL VPN Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Fortinet Inc.
Service: ftsvnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2019 12:41:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (04/14/2019 10:37:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {6a07d9c0-b13b-4e3f-a72a-160dab441912}

Error: (04/11/2019 03:53:01 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}

Error: (04/11/2019 03:53:01 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {95CABCC9-BC57-4C12-B8DF-BA193232AA01}

Error: (04/11/2019 08:46:21 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (12700,G,0) Al intentar abrir el archivo "C:\Users\sebas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/11/2019 08:33:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IntelTechnologyAccessService.exe, versión: 1.9.31.0, marca de tiempo: 0x5a97c61d
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xb9f4a0f1
Código de excepción: 0x40000015
Desplazamiento de errores: 0x000000000003a388
Identificador del proceso con errores: 0x1dc0
Hora de inicio de la aplicación con errores: 0x01d4f05a5bfe9814
Ruta de acceso de la aplicación con errores: C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: e71064de-6570-4bec-8360-f938a853ca9c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/09/2019 12:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: QlikSenseBrowser.exe, versión: 2.2.0.0, marca de tiempo: 0x5afab36a
Nombre del módulo con errores: MSVCR120.dll, versión: 12.0.21005.1, marca de tiempo: 0x524f83ff
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000003c3f9
Identificador del proceso con errores: 0x2fb0
Hora de inicio de la aplicación con errores: 0x01d4eeea699f8ce9
Ruta de acceso de la aplicación con errores: C:\Users\sebas\AppData\Local\Programs\Qlik\Sense\QlikSenseBrowser\QlikSenseBrowser.exe
Ruta de acceso del módulo con errores: C:\Users\sebas\AppData\Local\Programs\Qlik\Sense\QlikSenseBrowser\MSVCR120.dll
Identificador del informe: f16b8b34-c2ec-4f69-9045-f500017d0199
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/09/2019 12:39:25 PM) (Source: Engine) (EventID: 300) (User: )
Description: Event-ID 300


System errors:
=============
Error: (04/14/2019 12:39:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:39:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:39:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:39:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:37:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:37:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:37:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/14/2019 12:37:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-04-14 11:08:56.242
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E009A793-2825-480F-AF90-596A77458227}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-14 10:30:45.381
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F0CC330D-1A2A-43D8-AC39-EA9038CCDE7E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-10 12:14:56.279
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {CC94FF4A-8F59-48C5-A3C6-1B298F9E5FF1}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-04 11:15:37.531
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {3E17523D-DDA4-4EF0-9519-BF0264D594F4}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-03 09:10:22.647
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {145B1F07-31EE-47A3-8A5C-F2D4C48BAB9A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-09 11:56:10.449
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-04-01 09:41:48.239
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.690.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2019-02-19 10:29:37.295
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.233.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-02-18 16:56:59.156
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.233.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7600U CPU @ 2.80GHz
Percentage of memory in use: 51%
Total physical RAM: 8026.55 MB
Available physical RAM: 3930.38 MB
Total Virtual: 11994.55 MB
Available Virtual: 8003.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:107.02 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:15 GB) (Free:1.01 GB) FAT32

\\?\Volume{0f07c70c-910c-430c-91a8-07e27f63403c}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{7ac682b8-a7cd-4152-8698-bf29682f9cf8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: E664590B)

Partition: GPT.

==================== End of Addition.txt ============================

#26

Perdón, olvidé comentar que ahora no estoy junto a la otra PC, cuando llegue hago esa prueba

#27

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
GroupPolicy: Restriction ? <==== ATTENTION
2019-04-12 12:06 - 2019-04-12 12:06 - 000000000 ____D C:\Users\sebas\Downloads\chromium
2019-04-12 12:06 - 2019-04-12 12:06 - 000000000 ____D C:\Users\sebas\AppData\Local\Chromium
2019-04-12 12:05 - 2019-04-12 12:05 - 151769746 _____ C:\Users\sebas\Downloads\chromium.zip
2019-04-08 16:00 - 2019-04-08 16:00 - 062632672 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe
2019-04-08 12:40 - 2019-04-08 12:40 - 000646932 _____ C:\Users\sebas\Downloads\tcmenu-1.4.0_214-trial.zip
2019-04-05 09:44 - 2019-04-05 09:44 - 000000000 ____D C:\Users\sebas\AppData\Local\mbam
2019-04-05 09:43 - 2019-04-14 12:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Users\sebas\AppData\Local\mbamtray
2019-04-05 09:41 - 2019-04-05 09:42 - 062618552 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ShortcutWithArgument: C:\Users\sebas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8530dce348f2dffa\Chromium.lnk -> C:\Users\sebas\Downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) -> --profile-directory=Default
FirewallRules: [{2265A079-0276-47EE-9B95-586B4F726E86}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{27BFCF43-EEC6-45D2-A886-5EAA7323E5A9}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File
FirewallRules: [TCP Query User{4A0B07DD-E747-4DCB-B565-4B234C17EEFE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe] => (Block) C:\users\sebas\downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{A7C691E0-9858-44E1-8BD0-77538D857BBE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe] => (Block) C:\users\sebas\downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Después de reiniciar, descarga e instala Chrome.

Luego descarga en el escritorio y analiza con AdwCleaner.

Realiza las descargas desde los enlaces que te he puesto.

Comenta como sigue el problema.

Un saludo

#28

Gracias!!! Bueno, hice lo que me pediste. Reporte FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by sebas (14-04-2019 15:16:33) Run:1
Running from C:\Users\sebas\Desktop
Loaded Profiles: sebas (Available Profiles: defaultuser0 & sebas)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
GroupPolicy: Restriction ? <==== ATTENTION
2019-04-12 12:06 - 2019-04-12 12:06 - 000000000 ____D C:\Users\sebas\Downloads\chromium
2019-04-12 12:06 - 2019-04-12 12:06 - 000000000 ____D C:\Users\sebas\AppData\Local\Chromium
2019-04-12 12:05 - 2019-04-12 12:05 - 151769746 _____ C:\Users\sebas\Downloads\chromium.zip
2019-04-08 16:00 - 2019-04-08 16:00 - 062632672 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe
2019-04-08 12:40 - 2019-04-08 12:40 - 000646932 _____ C:\Users\sebas\Downloads\tcmenu-1.4.0_214-trial.zip
2019-04-05 09:44 - 2019-04-05 09:44 - 000000000 ____D C:\Users\sebas\AppData\Local\mbam
2019-04-05 09:43 - 2019-04-14 12:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-05 09:43 - 2019-04-05 09:43 - 000000000 ____D C:\Users\sebas\AppData\Local\mbamtray
2019-04-05 09:41 - 2019-04-05 09:42 - 062618552 _____ (Malwarebytes ) C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ShortcutWithArgument: C:\Users\sebas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8530dce348f2dffa\Chromium.lnk -> C:\Users\sebas\Downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) -> --profile-directory=Default
FirewallRules: [{2265A079-0276-47EE-9B95-586B4F726E86}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe No File
FirewallRules: [{27BFCF43-EEC6-45D2-A886-5EAA7323E5A9}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe No File
FirewallRules: [TCP Query User{4A0B07DD-E747-4DCB-B565-4B234C17EEFE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe] => (Block) C:\users\sebas\downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{A7C691E0-9858-44E1-8BD0-77538D857BBE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe] => (Block) C:\users\sebas\downloads\chromium\chrome-win\chrome.exe (The Chromium Authors) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\sebas\Downloads\chromium => moved successfully
C:\Users\sebas\AppData\Local\Chromium => moved successfully
C:\Users\sebas\Downloads\chromium.zip => moved successfully
C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10037.exe => moved successfully
C:\Users\sebas\Downloads\tcmenu-1.4.0_214-trial.zip => moved successfully
C:\Users\sebas\AppData\Local\mbam => moved successfully
C:\Program Files\Malwarebytes => moved successfully
C:\Users\sebas\AppData\Local\mbamtray => moved successfully
C:\Users\sebas\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => could not remove. Access Denied.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => could not remove. Access Denied.
C:\Users\sebas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8530dce348f2dffa\Chromium.lnk => Shortcut argument removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2265A079-0276-47EE-9B95-586B4F726E86}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27BFCF43-EEC6-45D2-A886-5EAA7323E5A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A0B07DD-E747-4DCB-B565-4B234C17EEFE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A7C691E0-9858-44E1-8BD0-77538D857BBE}C:\users\sebas\downloads\chromium\chrome-win\chrome.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1391593998-1406418587-2262156805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8167424 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12685805 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2214558 B
Edge => 43445668 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 13118 B
NetworkService => 0 B
defaultuser0 => 0 B
sebas => 34829255 B

RecycleBin => 104 B
EmptyTemp: => 96.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-04-2019 15:17:32)


Result of scheduled keys to remove after reboot:

"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => removed successfully

==== End of Fixlog 15:17:35 ====

Instalé Chrome, sin asociar a ninguna cuenta, y AdwCleaner no encontró nada. Lo raro es que ahora, tipeando esto en Edge, la respuesta a mis pulsaciones es extremadamente lenta. Probé hacer lo mismo abriendo otra solapa con www.google.com y tipear en la barra de búsqueda, no es tan lento como acá, pero la verdad es que me llama la atención que no es “instantánea” como siempre fue…

#29

Hola

Es normal que después de una limpieza pueda ir el equipo algo más lento, luego irá recuperando.

Ahora vas a probar a asociar Chrome a tu cuenta y realizas otro análisis con AdwCleaner, a ver si ahora hemos dado con ello :crossed_fingers:

Un saludo

#30

(emoji con la mano sobre la cara)

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-14-2019
# Duration: 00:00:03
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       http://www.sweet-page.com/?type=hp&ts=1410803237&from=cor&uid=ST500DM002-1BD142_Z2AF1VPBXXXXZ2AF1VPB

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1249 octets] - [14/04/2019 15:21:46]
AdwCleaner[S01].txt - [1409 octets] - [14/04/2019 23:25:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
#31

Perdón, mi mensaje anterior era porque volvió a detectar…

#32

Hola

Vas a realizar los siguientes pasos, pero hazlo cuando tengas todos los dispositivos a mano, tienes que hacerlo en todos a la vez:

1.- Todos los dispositivos que tengas sincronizados ( PC, tablet, móvil) los desincronizas.

2.- En navegador de cada dispositivo escribe:

chrome://settings/resetProfileSettings?origin=userclick

Acepta pulsando el botón azul “Restablecer configuración”

3.- Analiza con AdwCleaner.

4.- Si sale ya limpio y está todo bien, vuelve a sincronizar todos los dispositivos pero no instales ninguna extensión ni nada de momento y vuelves a utilizar AdwCleaner a ver si ya no detecta nada.

Comentas como ha ido todo.

Un saludo

#33

Gracias!!! Pregunta, del móvil, desincronizo chrome o quito la cuenta del teléfono? ahí es donde me trabo y te pregunto antes de hacer macana

#34

Hola

Desincroniza Chrome y luego restablece la configuración en el navegador del móvil como te indiqué.

Un saludo

#35

Gracias por tu esfuerzo Dani! te cuento:

  • Dessincronicé todo. Aclaro que en la de escritorio no había sincronizado de la última vez (una semana, calculo), y la estuve usando, digamos, día por medio.
  • En el teléfono sólo pude borrar los datos de navegación, no funcionó el texto que me pasaste. Si en la Notebook y en la de Escritorio.
  • Pasé adwCleaner. En la de escritorio no detectó nada, en la nb sí (lo mismo de siempre), limpié y reinicié. Pasé adwCleaner en la nb y ahora sí no encontró nada.
  • Inicié sesión en las dos. Pasé adw y no encontró nada. Importó marcadores en las dos, pasé adw y encontró lo mismo en las dos… evidentemente por ahí viene la mano…
#36

Hola

Perdona por el retraso, no vi tu respuesta :woman_facepalming:

De donde importaste los marcadores y a donde los exportaste?

Por importar los marcadores no debería volver a infectarse, otra cosa muy diferente sería por alguna extensión problemática.

Un saludo

#37

Hola Dani! no te preocupes por la demora, ya estoy muy agradecido por todo lo que hiciste y seguís haciendo!

Al sincronizar (en el paso 4) los importó, no importé nada externamente ni ninguna extensión. Te hago una aclaración de algo que noté recientemente. En la laptop tengo la cuenta vinculada al chrome y, luego de la última limpieza con adwcleaner, desactivé la sincronización (sin quitar la cuenta). Ahora le paso adwcleaner y no encuentra nada, pero el lag del cursor sigue pasando.

#38

Hola

Me temo que si, en algún momento lo vuelves a sincronizar, el problema pueda seguir ahí.

Vas a realizar los siguientes pasos pero como te lo indico, a ver si logramos resolverlo.

1.- Haz una exportación de marcadores y los guardas como fichero independiente

2.- Desincroniza TODO y elimina TODAS las extensiones que puedas tener en cualquier dispositivo.

3.- Reinicia los navegadores en TODOS los dispositivos.

4.- Revisa de nuevo con AdwCleaner y MBAM en TODOS los dispositivos que puedas usarlos.

5.- Importa el fichero de marcadores que has guardado y vuelve a sincronizar TODOS los dispositivos.

Nos comentas como sigue todo.

Un saludo