Eliminar malware .adobe ramsonware


#1

Buenas tardes a todos,

espero puedan ayudarme, recien descubri en la red del negocio donde trabajo que le entro el ramsonware @adobe… Ya perdi muchos archivos y no sé que hacer para recuperarlos ( en todos lados he leido que no se puede) pero igual si alguien conoce alguna manera se los agradeceria mucho, es mucho archivo de diseño y es casi imposible volver a crearlo.

Alguna sgerencia? gracias por todo.


#2

Hola @Pkas

Lo primero que debes hacer es identificar el tipo de variante que te ha infectado, para hacerlo revisa este tema y compruébalo :

ID-Ransomware: ¿Cómo identificar el ransomware que lo ha infectado?

Dependiendo que esta infección/variante fuera de las que tienen método/herramienta de recuperación de ficheros(te indicara cual es), quizás puedas lograrlo, pero desgraciadamente en su gran mayoría NO es posible. :frown:

Ya nos comentas lo que te ha indicado y los resultados.

Saludos.


#3

Hola Javier muchas gracias por responder, ya intenté subir el archivo a la página pero cada vez que lo hago me marca error y me abre en mi caso, la pagina de error de opera.

Recien le instalé Kaspersky a las computadores y en todas me eliminó el mismo archivo, asi que supongo ese puede ser el virus, mi mayor preocupación es que no llegue al servidor pero no puedo tenerlo apagdo todo el tiempo porque tenemos que trabajar, ya vinieron personas de sistemas y no me sirvió porque segun ellos no tenian nada las computadoras… estoy realmente desesperada, no se si haya otra manera de identificar el encriptador.

graicas, saludos.


#4

Has probado a subir de nuevo un archivo desde ese navegador o desde cualquier otro y verificar si logras identificarlo.??

Kaspersky te elimino en TODOS los equipos el mismo archivo,… cual.??

No tienes ningún otro equipo que NO haya sido afectado por la infección, aparte del servidor.??


#5

todas las maquinas detectaron el hacktool.win32.kms

Hay dos equipos donde el kaspersky no encontró nada. Tambien eh seguido monitoreando los equpos y no encuentró mas archivos desencriptados desde que les pase el mismo Kaspersky.

En cuanto al id ramsonware ya se porque no me funcinona, solo subo un archivo cifrado pero no la carta de rescate porque no la encuentro. Ya revisé en muchas carpetas y no logro ubicarlo. Habrá alguna manera de encontrarlo?

gracias en verdad por tu interes en ayudarme!!


#6

Cuando se produjo la infección NO os salio algún mensaje de aviso dando indicaciones y haciendo referencia al archivo que NO encuentras. :thinking:

Sin aportar los archivos oportunos el ID-Ransomware no sera capaz de poder evaluar la infección en caso de que pudiera saber cual es y poder decirte asimismo si existe herramienta desarrollada para desencriptar tus ficheros. :roll_eyes:


#7

hola buen día Javier, cambie de buscador y ya pude identificar el virus, me salen dos opcionesn el Dharma y el Paradaise. El problema es que tengo 9 equipos y a la hora que cayó el virus nadie lo reportó si es que a alguien le apareció el aviso de rescate… Segun lo que lei (porque sobra decir que no soy de sistemas pero intento defenderme jajajaja) es que aun no hay herramienta para desencriptar así que lo que estoy haciendo es revisar diario con el Kaspersky para asegurarme que no quede el malware y luego respaldar cada archivo con la esperanza que algún día creen un programa para recuperarlos.


#8

Hola.

Si tu infección realmente fuera la variante Dharma incial :roll_eyes: quizá pudieras tener aquí una solución :arrow_right: https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/

Existen otras variantes de Dharma, entre las que figura la de extensión adobe, que NO tienen de momento ninguna solución.

Y de la versión de Paradaise por aquí tienes información, pero solo información, que se conozca NO existe herramienta tampoco :smirk: :arrow_right: https://www.bleepingcomputer.com/news/security/paradise-ransomware-uses-rsa-encryption-to-encrypt-your-files/

Si quieres que te demos pasos adicionales para verificar las infecciones de tu equipo dínoslo y te ayudamos.

Saludos.


#9

hola buen día,

ya vi la solución de Kaspersky pero me dice que no es compatible el archivo que le doy a escanear.

en vista de eso, recupere algunos archivos que habia respaldado pero la gran mayoria no :frowning: Sigo dandole una scaneada con el antivirus diario a cada máquina, supongo que ya eliminé la infección porque no he visto mas archivos dañados pero si te agradeceria que me dijeras que puedo hacer para estar segura que ya es todo.

gracias saludos.


#10

Hola… entendido. :+1:

Ahora para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos.


#11

holam veamos, aqui va!!


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.01.2019
Ran by CCTV (08-01-2019 10:22:36)
Running from C:\Users\CCTV\Desktop
Windows 8.1 (Update) (X64) (2014-01-23 00:11:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3402127397-1666700131-1220667733-500 - Administrator - Disabled)
CCTV (S-1-5-21-3402127397-1666700131-1220667733-1001 - Administrator - Enabled) => C:\Users\CCTV
Guest (S-1-5-21-3402127397-1666700131-1220667733-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-c1a06d62-66b2-4e44-811e-b672cb1b9cf9) (Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Adobe Connect App) (Version: 11.9.982.478 - Adobe Systems Inc.)
Airport Mania (HKLM-x32\...\WTA-0fdf1bef-7101-4e37-bf1f-2e3966719b91) (Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 3.6.2 - philandro Software GmbH)
Apple Application Support (32 bits) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aspel-SAE 7.0 (HKLM-x32\...\{7677638B-F4E6-4C76-83B0-236C6952FCC9}) (Version: 7.00.24 - Aspel)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-fb2bbc6e-ae0d-468f-900b-2ee9d7d7d93c) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-6b00b6c0-e7fb-492c-a936-5b09b11c52b4) (Version: 2.2.0.98 - WildTangent) Hidden
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-28a9e651-414c-4eea-b9e8-bfff7cf2a1d5) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-57ced6ac-faaa-44ab-94da-1b33582e70df) (Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{9464C064-AAC7-4416-BFE4-4C3C0232FC71}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (HKLM-x32\...\{168EC2AB-9458-40F7-9C2B-424EFE565CE3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.0 - Corel Corporation) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-9c9a096e-afd2-460c-9fdb-873fb7dfd7cf) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-2ed0bad8-5701-413e-8855-05c7678fb4f2) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-a6ad6b5f-7828-47b8-a4e8-adbb218175e9) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Recovery Pro (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 2.2.0.0 - ParetoLogic, Inc.)
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-86bc4192-9cf3-4d1f-9940-e44fbd97155a) (Version: 3.0.2.32 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 63.4.107 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Epson Stylus Pro 4900 Printer Uninstall (HKLM\...\Epson Stylus Pro 4900) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.6.0 - Seiko Epson Corporation)
Estudio para la mejora del producto HP LaserJet M101-M106 (HKLM\...\{BD08B381-F8E1-4136-B331-66837D93D9C9}) (Version: 40.7.1095.16330 - HP Inc.)
Evolis Dualys3 version 10.13.6.1 (HKLM\...\Evolis Dualys3_is1) (Version: 10.13.6.1 - Evolis Card Printer)
Farm Frenzy (HKLM-x32\...\WTA-b6a25c6b-58c6-4d78-900c-aa477ca335ab) (Version: 2.2.0.98 - WildTangent) Hidden
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version:  - Firebird Project)
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-caa4e340-c7c3-49ca-a3bc-0f54c6840519) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-82f7bfa8-f77f-4de8-82f1-4841cc5612fb) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-e26a09f6-bae0-42a9-a100-86eb973ea446) (Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{7BEBB31E-58C4-4FA5-9AD1-ACBE32BF0D12}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{63BD9C12-5CE9-4294-B1C3-A09F971FAFB5}) (Version: 36.0.41.58587 - HP)
HP LaserJet M101-M106 Software básico del dispositivo (HKLM\...\{F2D8C354-2229-44AF-86D0-A54B3566A53E}) (Version: 40.7.1095.16330 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{390AD982-A331-4D4F-AFD1-64005BC7C99D}) (Version: 7.3.35.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.51 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
iTunes (HKLM\...\{1486D446-ED3A-4E80-9749-4492B0C2E747}) (Version: 12.9.1.4 - Apple Inc.)
iVMS-4200 PCNVR(v1.02) (HKLM-x32\...\{09C3E469-6864-4E45-BCD8-31C711CE3285}) (Version: 1.02.00.09 - HangZhou Hikvision System Technology Co., Ltd.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-b854364d-882b-40a1-951b-8e5c6fc4a098) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-0d542aa5-8885-46d4-b10b-b63dead1bda6) (Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-7a48241f-b57e-42c9-ac11-514a5fe0c3df) (Version: 3.0.2.48 - WildTangent) Hidden
LM101 (HKLM-x32\...\{C1D550A6-7C72-4286-970D-5CBF7C828A38}) (Version: 0.00.0005 - HP)
Luxor Evolved (HKLM-x32\...\WTA-019ebed4-5843-46ea-86f5-648415f672bd) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-4d4fd654-fdcc-46d4-8d32-4b01c61c19f1) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{3D3F1CCD-2C87-4DDD-9B8C-CC0EB429E04D}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2017 (HKLM-x32\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Policies  (HKLM-x32\...\{256EDCB9-A64D-433C-A1DC-C76F02475915}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{9FD78ADD-3EE6-45F0-A224-E9C2C0445299}) (Version: 14.0.17277.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.8.1 (HKLM-x32\...\{a55a8887-03cf-4153-b5a7-be4f03dc80e5}) (Version: 14.0.17277.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{DEB263CA-0386-4648-8382-FB78DBFA2C5F}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{9D78F5D4-79D2-4FC6-AC56-F364A0ABC54F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 64.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 64.0 (x64 es-ES)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-951e46cf-182d-4b62-b056-1acea02c7cfc) (Version: 2.2.0.98 - WildTangent) Hidden
Opera Stable 57.0.3098.106 (HKLM-x32\...\Opera 57.0.3098.106) (Version: 57.0.3098.106 - Opera Software)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Architect 5 (HKLM-x32\...\PDF Architect 5) (Version: 5.0.22.32360 - pdfforge GmbH)
PDF Architect 5 Create Module (HKLM\...\{0E25DE98-E56E-4259-B554-F1360BB2DC22}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{EE01D8D7-2DD0-4C43-BF42-D9C8FC8DAE99}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{4DC94B75-B036-474D-8AC8-E2D055C95FBD}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.1 - pdfforge GmbH)
Peggle Nights (HKLM-x32\...\WTA-d589c0fa-fccb-4795-a837-702b80430503) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-86abb911-e243-4f4d-8078-a6b44022aaee) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-2d927da8-a5c4-40c2-b9f5-7326cd3d9b5d) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-4b809e4f-527b-475f-9ccf-fe299f12c30f) (Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30175 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-b0cd33ae-1882-4e1e-aa3d-3a224cf6ae44) (Version: 2.2.0.98 - WildTangent) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
Skype versión 8.36 (HKLM-x32\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
SQL Server 2012 Client Tools (HKLM\...\{6B3840D6-4B8F-4E74-9202-9CE36DA94E99}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (HKLM\...\{7842C220-6E9A-4D5A-AE70-0E138271F883}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{C8511A82-E9FD-4B6D-B1B2-378589D2B48A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{D45C3EC4-282E-4798-98C7-E7BF2362F04E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{6CE9A8AA-C478-4706-BD28-95993D52B5A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{D17B5D3D-3BC7-4AFA-AD90-600B5453826E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{6BD8D100-B16C-409E-B0EA-BF508D7874EC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{91C5EE43-29D1-4720-AB65-5E2E0FE25990}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{6551F688-1EDC-4A05-B216-1F3A8E26384F}) (Version: 14.0.3026.27 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{F094B947-8B4D-4094-B9A0-2A5281DD33B9}) (Version: 14.0.3026.27 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{945B6BB0-4D19-4E0F-AE57-B2D94DA32313}) (Version: 14.0.17277.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{C81F2AD3-1D19-4834-8C35-CC18DAF20E56}) (Version: 14.0.17277.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{8B75A4C6-F5E2-4B98-996A-F8C0148D8E5E}) (Version: 14.0.17277.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{587AB2AA-46C1-4C51-8B3B-7CBEC70F1585}) (Version: 14.0.17277.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{7CEAAD5A-BF37-420B-88DC-ED12C739FD0E}) (Version: 14.0.17277.0 - Microsoft Corporation) Hidden
Stellar Data Recovery Professional (HKLM-x32\...\Stellar Data Recovery Professional_is1) (Version: 8.0.0.0 - Stellar Information Technology Pvt Ltd.)
Tales of Lagoona (HKLM-x32\...\WTA-0b07c096-4fdc-4784-abb8-2a82abaf6d08) (Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.93231 - TeamViewer)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-7c9b6c63-ade3-4dd4-abc6-0db385af8cd3) (Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Web Companion (HKLM-x32\...\{fd2e0f34-c7cc-44dd-83d0-46e20b9b70b6}) (Version: 4.4.1950.3825 - Lavasoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Youda Jewel Shop (HKLM-x32\...\WTA-67a32d87-0999-49c5-874b-704e9bb7b294) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-1b2f3374-c6ca-4702-877d-2ccbe0228a6b) (Version: 2.2.0.98 - WildTangent) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================


#12

es es el adw


# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-08-2019
# Duration: 00:00:11
# OS:       Windows 8.1
# Cleaned:  34
# Failed:   1


***** [ Services ] *****

Deleted       WCAssistantService

***** [ Folders ] *****

Deleted       C:\ProgramData\PARETOLOGIC
Deleted       C:\Program Files (x86)\PARETOLOGIC
Deleted       C:\Program Files (x86)\Common Files\PARETOLOGIC
Deleted       C:\Users\CCTV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

Deleted       C:\Users\CCTV\AppData\Roaming\Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021\searchplugins\securesearch.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\paretologic registration3.job
Deleted       C:\Windows\System32\Tasks\paretologic registration3
Deleted       C:\Windows\Tasks\paretologic update version3.job
Deleted       C:\Windows\System32\Tasks\paretologic update version3
Deleted       C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
Deleted       C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKCU\Software\ParetoLogic
Deleted       HKLM\Software\Wow6432Node\ParetoLogic
Deleted       HKLM\Software\Classes\uus3url-pl
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F8A3FB-D747-4F20-B331-9697906AB8E9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F8A3FB-D747-4F20-B331-9697906AB8E9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic registration3
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52B0C89D-4E74-46FC-B929-0AC681EB2D17}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B0C89D-4E74-46FC-B929-0AC681EB2D17}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic update version3
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B85D03A-187F-4900-ACBD-96BD643ED0B9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 Startup Task
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Not Deleted   api.bing.com


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4564 octets] - [08/01/2019 10:10:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


#13

adw


# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-08-2019
# Duration: 00:00:11
# OS:       Windows 8.1
# Cleaned:  34
# Failed:   1


***** [ Services ] *****

Deleted       WCAssistantService

***** [ Folders ] *****

Deleted       C:\ProgramData\PARETOLOGIC
Deleted       C:\Program Files (x86)\PARETOLOGIC
Deleted       C:\Program Files (x86)\Common Files\PARETOLOGIC
Deleted       C:\Users\CCTV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

Deleted       C:\Users\CCTV\AppData\Roaming\Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021\searchplugins\securesearch.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\paretologic registration3.job
Deleted       C:\Windows\System32\Tasks\paretologic registration3
Deleted       C:\Windows\Tasks\paretologic update version3.job
Deleted       C:\Windows\System32\Tasks\paretologic update version3
Deleted       C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
Deleted       C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKCU\Software\ParetoLogic
Deleted       HKLM\Software\Wow6432Node\ParetoLogic
Deleted       HKLM\Software\Classes\uus3url-pl
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F8A3FB-D747-4F20-B331-9697906AB8E9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F8A3FB-D747-4F20-B331-9697906AB8E9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic registration3
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52B0C89D-4E74-46FC-B929-0AC681EB2D17}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B0C89D-4E74-46FC-B929-0AC681EB2D17}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic update version3
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B85D03A-187F-4900-ACBD-96BD643ED0B9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 Startup Task
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Not Deleted   api.bing.com


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4564 octets] - [08/01/2019 10:10:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


#14

JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64 
Ran by CCTV (Administrator) on 08/01/2019 at 10:15:38.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder) 
Successfully deleted: C:\ProgramData\pdfforge (Folder) 
Successfully deleted: C:\Users\CCTV\AppData\Roaming\lavasoft\web companion (Folder) 
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder) 

Deleted the following from C:\Users\CCTV\AppData\Roaming\Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021\prefs.js
user_pref(browser.search.defaultenginename, Ad-Aware SecureSearch);
user_pref(browser.search.selectedEngine, Ad-Aware SecureSearch);



Registry: 8 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A470857E-8C91-4429-AAB2-6BAEEE0A38EB} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{A470857E-8C91-4429-AAB2-6BAEEE0A38EB} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{84F23192-A475-4038-B5C0-8584777F2DF4} (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{C500C267-63BF-451F-8797-4D720C9A2ED9} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/01/2019 at 10:19:27.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#15

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019
Ran by CCTV (administrator) on MONITOREO (08-01-2019 10:21:01)
Running from C:\Users\CCTV\Desktop
Loaded Profiles: CCTV & MSSQL$ADUANASOFT & MSSQL$SQLEXPRESS (Available Profiles: CCTV & MSSQL$ADUANASOFT & MSSQL$SQLEXPRESS)
Platform: Windows 8.1 (Update) (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Dropbox, Inc.) C:\windows\System32\DbxSvc.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ADUANASOFT\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 5\creator-ws.exe
(© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Aspel de México, S.A. de C.V.) C:\Program Files (x86)\VPNAspel\VPNServicio.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\windows\System32\SrTasks.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Microsoft Corporation) C:\windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [456808 2018-08-16] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [Ivms4200-PCNVR] => C:\Program Files\iVMS-4200 Station\iVMS-4200 PCNVR\iVMS-4200 PCNVR.exe [12405152 2013-04-08] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4049216 2018-12-12] (Dropbox, Inc.)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [Epson Stylus Pro 4900] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIG1E.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [54788456 2018-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [Spotify] => C:\Users\CCTV\AppData\Roaming\Spotify\Spotify.exe [25972968 2018-12-18] (Spotify Ltd)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-05] (Softex Inc..)
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-05] (Softex Inc..)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-10-19]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3A43296F-398F-484C-8CAB-97D3239C97B1}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3402127397-1666700131-1220667733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
URLSearchHook: [S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {A470857E-8C91-4429-AAB2-6BAEEE0A38EB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3402127397-1666700131-1220667733-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888 -> {A470857E-8C91-4429-AAB2-6BAEEE0A38EB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-80-2071893185-1259553690-2876245657-3315290641-2775677888 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {A470857E-8C91-4429-AAB2-6BAEEE0A38EB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-13] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-13] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-23] (Hewlett-Packard)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-31] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-23] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2018-12-31] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: jlpm3qqu.default-1531942714021
FF ProfilePath: C:\Users\CCTV\AppData\Roaming\Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021 [2019-01-08]
FF Session Restore: Mozilla\Firefox\Profiles\jlpm3qqu.default-1531942714021 -> is enabled.
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-13] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-07-05] (pdfforge GmbH)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-02] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default [2019-01-08]
CHR Extension: (Presentaciones) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Kaspersky Protection) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-01-02]
CHR Extension: (Documentos) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-29]
CHR Extension: (YouTube) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-29]
CHR Extension: (Hojas de cálculo) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\CCTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls:  "hxxps://onedrive.live.com/edit.aspx?cid=4c4853d017460cc7&page=view&resid=4C4853D017460CC7!2698&parId=4C4853D017460CC7!107&app=Excel", "hxxp://www.dof.gob.mx/indicadores.php" 

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1816776 2017-10-19] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-31] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2018-12-12] (Dropbox, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10072880 2018-12-31] (EnigmaSoft Limited)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [328296 2018-08-16] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2018-12-31] (AO Kaspersky Lab)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2017-07-04] () [File not signed]
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MSSQL$ADUANASOFT; C:\Program Files\Microsoft SQL Server\MSSQL11.ADUANASOFT\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH)
R2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537904 2018-12-31] (EnigmaSoft Limited)
S2 SQLAgent$ADUANASOFT; C:\Program Files\Microsoft SQL Server\MSSQL11.ADUANASOFT\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-26] (TeamViewer GmbH)
R2 VPNServicio; C:\Program Files (x86)\VPNAspel\VPNServicio.exe [1252880 2016-03-15] (Aspel de México, S.A. de C.V.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 edrsensor; C:\windows\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 EnigmaFileMonDriver; C:\windows\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-01-08] (EnigmaSoft Limited)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-12] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [123152 2018-12-12] (AO Kaspersky Lab)
R1 kldisk; C:\windows\system32\DRIVERS\kldisk.sys [89168 2018-12-12] (AO Kaspersky Lab)
S0 klelam; C:\windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\windows\system32\DRIVERS\klflt.sys [219744 2018-12-31] (AO Kaspersky Lab)
R1 KLHK; C:\windows\System32\drivers\klhk.sys [1214752 2018-12-31] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1113696 2018-12-31] (AO Kaspersky Lab)
R1 klim6; C:\windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\windows\system32\DRIVERS\klpnpflt.sys [45768 2018-12-12] (AO Kaspersky Lab)
R3 kltap; C:\windows\system32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
S4 klwfp; C:\windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\windows\system32\DRIVERS\klwtp.sys [176976 2018-12-12] (AO Kaspersky Lab)
R1 kneps; C:\windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-08] (Malwarebytes)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R2 NPF; C:\windows\SysWOW64\drivers\npf64.sys [36600 2014-10-13] (Riverbed Technology, Inc.)
S4 RsFx0201; C:\windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
S4 RsFx0300; C:\windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U5 TMUSB; C:\windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-24] (Seiko Epson Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U1 avgbdisk; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-08 10:21 - 2019-01-08 10:22 - 000028908 _____ C:\Users\CCTV\Desktop\FRST.txt
2019-01-08 10:20 - 2019-01-08 10:21 - 000000000 ____D C:\FRST
2019-01-08 10:19 - 2019-01-08 10:19 - 000002293 _____ C:\Users\CCTV\Desktop\JRT.txt
2019-01-08 10:16 - 2019-01-08 10:16 - 000004106 _____ C:\Users\CCTV\Desktop\AdwCleaner[C00].txt
2019-01-08 10:09 - 2019-01-08 10:11 - 000000000 ____D C:\AdwCleaner
2019-01-08 09:41 - 2019-01-08 09:41 - 002424832 _____ (Farbar) C:\Users\CCTV\Desktop\FRST64.exe
2019-01-08 09:38 - 2019-01-08 09:38 - 001790024 _____ (Malwarebytes) C:\Users\CCTV\Desktop\JRT.exe
2019-01-08 09:37 - 2019-01-08 09:37 - 007320272 _____ (Malwarebytes) C:\Users\CCTV\Desktop\adwcleaner_7.2.6.0.exe
2019-01-08 08:54 - 2019-01-08 08:54 - 000041129 _____ C:\Users\CCTV\Desktop\Copy of F-PRDN-001 Bitacora de clasificacion (2).pdf
2019-01-07 17:34 - 2019-01-07 17:34 - 000205560 ____T C:\Users\CCTV\Desktop\IMG_3339-07-01-19-05-36.jpeg
2019-01-07 17:25 - 2019-01-07 17:26 - 009096372 _____ C:\Users\CCTV\Downloads\Protocolizacion de Acta IEM 2017-compressed.pdf
2019-01-07 10:17 - 2019-01-07 10:17 - 000001638 _____ C:\Users\CCTV\Downloads\gads590724tb9.cer.id-ACC234ED.[[email protected]].adobe
2019-01-07 08:07 - 2019-01-07 08:09 - 000002794 _____ C:\RakhniDecryptor.1.21.26.1_07.01.2019_08.07.52_log.txt
2019-01-07 08:06 - 2019-01-07 08:07 - 000002658 _____ C:\RakhniDecryptor.1.21.26.1_07.01.2019_08.06.42_log.txt
2019-01-05 12:48 - 2019-01-05 12:48 - 000011521 _____ C:\Users\CCTV\Documents\calendario respaldos 2019.xlsx
2019-01-05 12:44 - 2019-01-05 12:45 - 000000793 _____ C:\Users\CCTV\Desktop\scaii.ini.lnk
2019-01-05 12:32 - 2019-01-05 12:33 - 000001216 _____ C:\Users\CCTV\Desktop\Anexo31.exe.lnk
2019-01-05 12:30 - 2019-01-05 12:31 - 000001227 _____ C:\Users\CCTV\Desktop\ScaiiSQL.exe.lnk
2019-01-05 12:29 - 2019-01-05 12:29 - 000000000 ____D C:\Aduanasoft
2019-01-04 17:53 - 2019-01-04 17:53 - 000000000 ____D C:\Program Files (x86)\Aduanasoft
2019-01-04 17:21 - 2019-01-04 17:21 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\www.shadowexplorer.com
2019-01-04 15:43 - 2019-01-04 17:56 - 004830582 _____ C:\Users\CCTV\Desktop\Copia_de_seguridad_de_joel perez nva.cdr
2019-01-04 15:43 - 2018-11-20 20:47 - 004830988 _____ C:\Users\CCTV\Desktop\Copia_de_seguridad_de_Copia_de_seguridad_de_joel perez nva.cdr
2019-01-04 03:09 - 2019-01-08 10:14 - 000261032 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-01-03 17:18 - 2019-01-03 17:18 - 000614980 _____ C:\Users\CCTV\Desktop\CBP Form 434 2019.pdf
2019-01-03 09:44 - 2019-01-03 09:44 - 000454669 _____ C:\Users\CCTV\Desktop\piasa pedido aceite 2019.pdf
2019-01-03 09:43 - 2019-01-03 09:43 - 000472311 _____ C:\Users\CCTV\Desktop\piasa pedido aceite 2019.cdr
2019-01-02 15:32 - 2019-01-02 15:33 - 000000000 _RSHD C:\ProgramData\Key-Base
2019-01-02 15:32 - 2019-01-02 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery Professional
2019-01-02 15:32 - 2019-01-02 15:32 - 000000000 ____D C:\ProgramData\{B88A1C51-1A9E-B0ED-662C-6E173CC866DE}
2019-01-02 15:32 - 2019-01-02 15:32 - 000000000 ____D C:\Program Files (x86)\Stellar Data Recovery Professional
2019-01-02 15:30 - 2019-01-02 15:30 - 015370584 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\CCTV\Desktop\StellarPhoenixWindowsDataRecovery-Professional.exe
2019-01-02 15:25 - 2019-01-02 15:25 - 000002680 _____ C:\RakhniDecryptor.1.21.26.1_02.01.2019_15.25.00_log.txt
2019-01-02 14:53 - 2019-01-02 14:54 - 000003498 _____ C:\RakhniDecryptor.1.21.26.1_02.01.2019_14.53.12_log.txt
2019-01-02 14:52 - 2019-01-02 15:24 - 000000000 ____D C:\Users\CCTV\Downloads\RakhniDecryptor
2019-01-02 14:50 - 2019-01-02 14:51 - 005341830 _____ C:\Users\CCTV\Downloads\RakhniDecryptor.zip
2019-01-02 12:17 - 2019-01-02 12:17 - 000241547 _____ C:\Users\CCTV\Desktop\OP ENERO.pdf
2019-01-02 10:23 - 2019-01-02 10:23 - 000086878 _____ C:\Users\CCTV\Downloads\4413354193.zip
2018-12-31 15:42 - 2018-12-31 15:42 - 000000000 ____D C:\Users\CCTV\Documents\PDF Architect
2018-12-31 13:27 - 2018-12-31 13:27 - 000003032 _____ C:\windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-12-31 13:27 - 2018-12-31 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-12-31 13:27 - 2018-12-31 13:27 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-31 13:26 - 2018-12-31 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-12-31 13:26 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2018-12-31 13:25 - 2019-01-08 10:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-31 13:25 - 2018-12-31 13:27 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-12-31 13:25 - 2018-12-31 13:25 - 001214752 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2018-12-31 13:25 - 2018-12-31 13:25 - 001113696 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2018-12-31 13:25 - 2018-12-31 13:25 - 000219744 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2018-12-31 13:25 - 2018-12-31 13:25 - 000152960 _____ (AO Kaspersky Lab) C:\windows\system32\klhkum.dll
2018-12-31 13:20 - 2018-12-31 13:20 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-31 13:19 - 2018-12-31 13:19 - 000025886 _____ C:\ProgramData\agent.uninstall.1546287575.bdinstall.bin
2018-12-31 13:17 - 2018-12-31 13:17 - 000034597 _____ C:\ProgramData\agent.update.1546287412.bdinstall.bin
2018-12-31 12:54 - 2018-12-31 12:54 - 000000000 ____D C:\ProgramData\Bitdefender
2018-12-31 12:54 - 2018-10-09 14:07 - 000294000 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\edrsensor.sys
2018-12-31 12:53 - 2018-10-04 22:40 - 000359584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\Gemma.sys
2018-12-31 12:53 - 2018-08-22 11:43 - 000357768 _____ (Bitdefender) C:\windows\system32\Drivers\bddci.sys
2018-12-31 12:53 - 2018-06-05 03:32 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\windows\system32\Drivers\atc.sys
2018-12-31 12:50 - 2018-12-31 12:50 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\QuickScan
2018-12-31 12:28 - 2018-12-31 12:28 - 000104148 _____ C:\ProgramData\agent.1546284511.bdinstall.v2.bin
2018-12-31 12:28 - 2018-12-31 12:28 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-12-31 11:33 - 2019-01-08 10:14 - 000069432 _____ (EnigmaSoft Limited) C:\windows\system32\Drivers\EnigmaFileMonDriver.sys
2018-12-31 11:33 - 2019-01-02 15:24 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-12-31 11:33 - 2018-12-31 11:33 - 000000000 ____D C:\sh5ldr
2018-12-31 11:33 - 2018-12-31 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-12-31 11:32 - 2018-12-31 11:32 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-12-31 09:58 - 2018-12-31 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-12-31 09:56 - 2018-12-31 09:56 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Dropbox
2018-12-31 09:55 - 2019-01-08 10:14 - 000000962 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-12-31 09:55 - 2019-01-08 10:00 - 000000966 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-12-31 09:55 - 2018-12-31 09:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-12-31 09:55 - 2018-12-31 09:55 - 000003938 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-12-31 09:55 - 2018-12-31 09:55 - 000003702 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-12-31 09:55 - 2018-12-31 09:55 - 000000000 ____D C:\ProgramData\Dropbox
2018-12-31 08:31 - 2018-12-31 09:08 - 000000000 ____D C:\Users\CCTV\Downloads\Vector-2019-Calendar-Design
2018-12-31 08:30 - 2018-12-31 08:30 - 002144500 _____ C:\Users\CCTV\Downloads\Vector-2019-Calendar-Design.zip
2018-12-28 15:36 - 2019-01-04 03:08 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-12-28 15:36 - 2018-12-28 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-28 15:36 - 2018-12-28 15:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-28 13:20 - 2018-12-28 13:20 - 000000000 ____D C:\Users\CCTV\AppData\Local\mbamtray
2018-12-28 13:20 - 2018-12-28 13:20 - 000000000 ____D C:\Users\CCTV\AppData\Local\mbam
2018-12-28 13:20 - 2018-12-28 13:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-28 13:08 - 2018-12-31 13:20 - 000000000 ____D C:\Program Files (x86)\AVG
2018-12-28 13:04 - 2018-12-31 13:20 - 000000000 ____D C:\Users\CCTV\AppData\Local\Avg
2018-12-28 13:03 - 2018-12-28 13:03 - 000000000 ____D C:\windows\System32\Tasks\AVG
2018-12-28 13:01 - 2018-12-28 13:01 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-12-28 12:59 - 2018-12-31 13:20 - 000000000 ____D C:\ProgramData\AVG
2018-12-28 11:55 - 2018-12-28 11:55 - 000074384 _____ C:\Users\CCTV\Documents\ventas
2018-12-27 10:39 - 2019-01-08 09:47 - 000000000 ____D C:\Users\CCTV\87315462BUxsrtdQavkH
2018-12-27 10:39 - 2018-12-27 10:39 - 000003350 _____ C:\windows\System32\Tasks\BtxlqHcPWiu
2018-12-27 10:36 - 2018-12-27 10:39 - 000000000 ____D C:\Users\CCTV\86172zIsJoFWlc
2018-12-27 10:35 - 2018-12-27 10:36 - 014675346 _____ C:\Users\CCTV\Downloads\AntiRansom (1).zip
2018-12-26 16:45 - 2017-08-31 11:43 - 000070480 _____ C:\windows\system32\Drivers\gpt_loader.sys
2018-12-26 16:45 - 2017-08-31 11:43 - 000057488 _____ (Paragon Software Group) C:\windows\system32\Drivers\mounthlp.sys
2018-12-26 16:45 - 2017-08-31 11:43 - 000037200 _____ (Paragon Software Group) C:\windows\system32\Drivers\csvol.sys
2018-12-26 10:58 - 2018-12-26 10:58 - 028896382 _____ C:\Users\CCTV\Downloads\Spyware.Doctor.v6.1.0.448.Multilenguaje.Incl.Serial.rar
2018-12-21 16:23 - 2018-12-22 12:41 - 000028920 _____ C:\Users\CCTV\Downloads\calendario-2019-una-pagina (1).xlsx
2018-12-21 16:22 - 2018-12-21 16:22 - 000023403 _____ C:\Users\CCTV\Downloads\calendario-2019-una-pagina.xlsx
2018-12-21 15:58 - 2018-12-21 15:58 - 000054484 _____ C:\Users\CCTV\Downloads\Joost-Bold.ttf
2018-12-21 15:58 - 2018-12-21 15:58 - 000049584 _____ C:\Users\CCTV\Downloads\Joost-Medium.otf
2018-12-21 15:58 - 2018-12-21 15:58 - 000048420 _____ C:\Users\CCTV\Downloads\Joost-Bold.otf
2018-12-21 15:54 - 2018-12-21 15:54 - 000000000 ____D C:\Users\CCTV\Downloads\bold_testament
2018-12-21 15:53 - 2018-12-21 15:53 - 000007828 _____ C:\Users\CCTV\Downloads\bold_testament.zip
2018-12-20 13:53 - 2019-01-08 10:05 - 000000000 ____D C:\Users\CCTV\51397QwqgmfoZdFyz
2018-12-20 13:53 - 2018-12-20 13:53 - 000003370 _____ C:\windows\System32\Tasks\mKyRYNBvEgnzCsLoh
2018-12-20 13:48 - 2018-12-20 13:53 - 000000000 ____D C:\Users\CCTV\942810657wfFGQPVSkrs
2018-12-20 13:45 - 2019-01-08 10:04 - 000000000 ____D C:\Users\CCTV\098751zMxKHBngusLdFqTcPO
2018-12-20 13:45 - 2018-12-20 13:45 - 000003362 _____ C:\windows\System32\Tasks\QwVITnEy
2018-12-20 13:41 - 2018-12-20 13:45 - 000000000 ____D C:\Users\CCTV\78509YhNcZgmKdQCJO
2018-12-20 13:41 - 2018-12-20 13:41 - 000000000 ____D C:\Users\CCTV\Downloads\AntiRansom
2018-12-20 13:40 - 2018-12-20 13:40 - 014675346 _____ C:\Users\CCTV\Downloads\AntiRansom.zip
2018-12-18 11:07 - 2018-12-18 11:07 - 000036776 _____ C:\Users\CCTV\Downloads\7915370-18122018-1208-201811-222-2015.zip
2018-12-18 10:31 - 2018-12-18 10:31 - 000052544 _____ C:\Users\CCTV\Downloads\emim_cuest_7915370_201810.zip
2018-12-17 09:14 - 2018-12-17 09:14 - 007312411 _____ C:\Users\CCTV\Downloads\TRW.rar
2018-12-17 09:13 - 2018-12-17 09:13 - 001143497 _____ C:\Users\CCTV\Downloads\140810.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 001097206 _____ C:\Users\CCTV\Downloads\140724.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 001004995 _____ C:\Users\CCTV\Downloads\140962.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000741460 _____ C:\Users\CCTV\Downloads\140918.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000607929 _____ C:\Users\CCTV\Downloads\141159.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000520241 _____ C:\Users\CCTV\Downloads\140354.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000467877 _____ C:\Users\CCTV\Downloads\141212.pdf
2018-12-17 09:12 - 2018-12-17 09:12 - 000267945 _____ C:\Users\CCTV\Downloads\141073.pdf
2018-12-17 09:11 - 2018-12-17 09:11 - 000534387 _____ C:\Users\CCTV\Downloads\139893.pdf
2018-12-17 09:04 - 2018-12-17 09:04 - 000928543 _____ C:\Users\CCTV\Downloads\140039.pdf
2018-12-17 09:02 - 2018-12-17 09:02 - 000742824 _____ C:\Users\CCTV\Downloads\139788.pdf
2018-12-13 16:27 - 2018-12-21 17:40 - 000037437 _____ C:\Users\CCTV\Desktop\Copia de INFORMACION FACTURAS MARLENE.xlsx
2018-12-12 22:12 - 2018-12-12 22:12 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2018-12-12 22:12 - 2018-12-12 22:12 - 000047800 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2018-12-12 22:12 - 2018-12-12 22:12 - 000047800 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2018-12-12 22:12 - 2018-12-12 22:12 - 000047800 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2018-12-12 16:24 - 2018-12-12 16:24 - 000618075 _____ C:\Users\CCTV\Documents\LICENCIA.pdf
2018-12-12 01:43 - 2018-12-12 01:43 - 000176976 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klwtp.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000123152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klbackupflt.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000089168 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000073416 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klbackupdisk.sys
2018-12-12 01:43 - 2018-12-12 01:43 - 000045768 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klpnpflt.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-08 10:22 - 2018-09-06 07:07 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
2019-01-08 10:20 - 2017-07-06 12:46 - 000965310 _____ C:\windows\system32\perfh00A.dat
2019-01-08 10:20 - 2017-07-06 12:46 - 000247310 _____ C:\windows\system32\perfc00A.dat
2019-01-08 10:20 - 2013-08-24 14:38 - 002376760 _____ C:\windows\system32\PerfStringBackup.INI
2019-01-08 10:20 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf
2019-01-08 10:19 - 2014-01-22 17:17 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3402127397-1666700131-1220667733-1001
2019-01-08 10:17 - 2017-07-06 16:49 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Lavasoft
2019-01-08 10:17 - 2017-07-06 16:49 - 000000000 ____D C:\ProgramData\Lavasoft
2019-01-08 10:17 - 2017-07-06 16:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-01-08 10:16 - 2017-07-10 08:18 - 000000000 ___RD C:\Users\CCTV\Dropbox
2019-01-08 10:13 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-01-08 10:11 - 2017-07-06 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-01-08 10:11 - 2016-07-07 11:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-08 09:53 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\BBI
2019-01-08 09:52 - 2014-01-22 17:11 - 000000000 ____D C:\Users\CCTV
2019-01-08 09:43 - 2014-02-11 05:01 - 000000000 ____D C:\windows\Minidump
2019-01-08 09:42 - 2018-08-09 07:43 - 000000000 ____D C:\Users\CCTV\AppData\Local\Spotify
2019-01-08 09:41 - 2017-07-07 06:57 - 000000000 ____D C:\Users\CCTV\Documents\Archivos de outlook
2019-01-08 09:13 - 2018-08-09 07:42 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Spotify
2019-01-08 08:14 - 2018-01-29 14:44 - 000000000 ____D C:\Users\CCTV\AppData\LocalLow\Mozilla
2019-01-08 07:42 - 2014-01-28 11:58 - 000003782 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DCDAAB11-70C3-411B-B9A3-E68C0B4EF32E}
2019-01-07 17:57 - 2017-07-07 08:23 - 000000000 ____D C:\Users\CCTV\Desktop\CITLALI
2019-01-07 13:52 - 2018-04-14 09:14 - 000003160 _____ C:\windows\System32\Tasks\HPCeeScheduleForCCTV
2019-01-07 13:52 - 2018-04-14 09:14 - 000000348 _____ C:\windows\Tasks\HPCeeScheduleForCCTV.job
2019-01-07 08:02 - 2018-09-13 08:23 - 000000000 ___RD C:\Users\CCTV\Desktop\SALVAVIDAS
2019-01-07 07:51 - 2018-07-17 09:45 - 000000000 ____D C:\Users\CCTV\AppData\Local\CrashDumps
2019-01-05 09:18 - 2018-01-22 11:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 17:22 - 2017-07-06 08:34 - 000000000 ____D C:\Users\CCTV\Desktop\Aduanasoft
2019-01-04 10:09 - 2018-08-28 08:22 - 000000000 ____D C:\Users\CCTV\Desktop\CP EMPAQUES
2019-01-03 17:57 - 2018-02-27 08:42 - 000000000 ___RD C:\Users\CCTV\Desktop\BONOS
2019-01-03 17:47 - 2017-07-10 09:24 - 003125638 _____ C:\Users\CCTV\Desktop\Caratulas paqueteria.cdr
2019-01-03 17:02 - 2017-07-07 09:45 - 000000000 ____D C:\Users\CCTV\Desktop\IMMEX
2019-01-03 11:47 - 2018-08-01 11:47 - 000000000 ____D C:\Users\CCTV\Desktop\Honeywell
2019-01-02 12:01 - 2017-07-07 11:17 - 000000000 ____D C:\Users\CCTV\Desktop\IEM
2019-01-02 11:54 - 2018-01-29 10:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-31 13:26 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-12-31 13:25 - 2013-08-22 08:36 - 000000000 ___HD C:\windows\ELAMBKUP
2018-12-31 12:43 - 2018-06-13 09:39 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-12-31 10:14 - 2017-07-10 08:15 - 000000000 ____D C:\Users\CCTV\AppData\Local\Dropbox
2018-12-31 09:58 - 2018-10-11 12:03 - 000000000 ____D C:\Users\CCTV\Desktop\PECAS
2018-12-31 08:08 - 2018-03-26 07:44 - 000000000 ____D C:\Users\CCTV\AppData\Local\AVAST Software
2018-12-28 17:46 - 2014-01-22 17:11 - 000000000 ____D C:\Users\CCTV\AppData\Local\Packages
2018-12-28 17:46 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-28 17:46 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness
2018-12-28 17:30 - 2017-07-19 12:25 - 000000000 ____D C:\Program Files\Opera
2018-12-28 15:28 - 2017-08-31 11:43 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-28 13:48 - 2017-04-27 11:50 - 000000000 ____D C:\Util
2018-12-28 12:07 - 2017-07-07 08:41 - 000000000 ____D C:\Users\CCTV\Desktop\Clientes
2018-12-27 13:13 - 2018-11-03 12:33 - 000000000 ____D C:\ProgramData\VPNAspel
2018-12-27 13:13 - 2018-01-29 10:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-27 13:13 - 2017-08-04 10:00 - 000000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2018-12-27 13:13 - 2017-07-04 15:51 - 000000000 ____D C:\ProgramData\Protexis
2018-12-27 13:13 - 2017-07-01 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-27 13:13 - 2014-12-04 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-12-27 13:13 - 2013-12-06 03:19 - 000000000 ____D C:\Program Files (x86)\HPConnectedMusic
2018-12-27 13:13 - 2013-12-06 03:16 - 000000000 ____D C:\Program Files\IDT
2018-12-27 13:12 - 2018-11-13 09:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-12-27 13:12 - 2018-11-13 09:34 - 000000000 ____D C:\Program Files\iPod
2018-12-27 13:12 - 2018-11-13 09:33 - 000000000 ____D C:\Program Files\iTunes
2018-12-27 13:12 - 2018-07-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-12-27 13:12 - 2018-04-26 06:55 - 000000000 ___RD C:\Users\CCTV\iCloudDrive
2018-12-27 13:12 - 2018-01-29 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-27 13:12 - 2017-07-19 14:25 - 000000000 ____D C:\Program Files\CCleaner
2018-12-27 13:12 - 2017-07-04 15:03 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-27 13:12 - 2017-07-04 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-27 13:12 - 2017-07-01 10:54 - 000000000 ____D C:\Program Files\WinRAR
2018-12-27 13:12 - 2014-12-16 15:55 - 000000000 ____D C:\windows\system32\appraiser
2018-12-27 13:12 - 2013-08-22 08:36 - 000000000 __RSD C:\windows\Media
2018-12-27 13:12 - 2013-08-22 08:36 - 000000000 ____D C:\windows\PolicyDefinitions
2018-12-27 13:12 - 2013-08-22 08:36 - 000000000 ____D C:\windows\ADFS
2018-12-27 13:11 - 2013-08-22 08:36 - 000000000 ___RD C:\windows\ToastData
2018-12-27 13:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-12-27 13:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Macromed
2018-12-27 13:11 - 2013-08-22 06:36 - 000000000 ____D C:\windows\system32\Sysprep
2018-12-27 13:03 - 2013-08-22 08:36 - 000000000 ____D C:\windows\registration
2018-12-27 11:38 - 2017-06-29 16:29 - 000000000 ____D C:\Users\CCTV\AppData\Local\Deployment
2018-12-27 11:36 - 2013-12-06 03:18 - 000000000 ____D C:\ProgramData\Temp
2018-12-26 17:45 - 2018-04-11 07:40 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\Apple Computer
2018-12-26 17:45 - 2018-04-11 07:30 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-12-26 16:46 - 2014-02-24 18:07 - 000211322 ____H C:\Users\CCTV\AppData\Local\IconCache.db.backup
2018-12-26 13:41 - 2017-07-19 12:25 - 000003840 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1500492328
2018-12-26 13:41 - 2017-07-19 12:25 - 000001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2018-12-26 11:25 - 2016-07-07 11:59 - 000000000 ____D C:\Users\CCTV\AppData\Roaming\TeamViewer
2018-12-21 21:27 - 2013-08-22 07:44 - 005277264 _____ C:\windows\system32\FNTCACHE.DAT
2018-12-20 08:13 - 2013-08-22 08:20 - 000000000 ____D C:\windows\CbsTemp
2018-12-19 07:55 - 2017-06-29 16:29 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-19 07:55 - 2017-06-29 16:29 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-17 17:56 - 2017-06-29 16:30 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 15:11 - 2018-10-05 11:02 - 000000000 ____D C:\Users\CCTV\Desktop\DANHIL
2018-12-15 12:31 - 2018-01-29 10:21 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories =======

2017-09-02 11:07 - 2017-09-02 11:07 - 000000132 _____ () C:\Users\CCTV\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-09-27 07:02 - 2018-09-27 07:02 - 000000000 _____ () C:\Users\CCTV\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-18 21:44

==================== End of FRST.txt ============================


#16

Hola.

Has puesto repetido el informe de AdwCleaner y te falta poner el de Malwarebytes.

Ademas revisa el informe de Addition que NO esta entero, comprueba si te has comido una parte o NO salio realmente completo. :thinking:


#17

Hola @Pkas, como ya bien te comento el compañero @JavierHF, el ransomware que infecto el equipo de tu empresa es una nueva variante de la familia Dharma (extensión. adobe).

Lamentablemente este no es desdescifrable sin las claves privadas RSA y la única opción por el momento es el restaurar tus archivos y dejar de exponer RDP a la Web.

También si es un PC que esta en una empresa, tendrías que mejorar la seguridad de los productos antivirus y no utilizar los gratuitos que son para usuarios finales y no para empresas.

Salu2